Systems and methods for global cyber-attack or fault detection model

    公开(公告)号:US11740618B2

    公开(公告)日:2023-08-29

    申请号:US17239054

    申请日:2021-04-23

    IPC分类号: G05B23/02 G06N3/08 G06N3/045

    摘要: An industrial asset may have monitoring nodes that generate current monitoring node values representing a current operation of the industrial asset. An abnormality detection computer may detect when a monitoring node is currently being attacked or experiencing a fault based on a current feature vector, calculated in accordance with current monitoring node values, and a detection model that includes a decision boundary. A model updater (e.g., a continuous learning model updater) may determine an update time-frame (e.g., short-term, mid-term, long-term, etc.) associated with the system based on trigger occurrence detection (e.g., associated with a time-based trigger, a performance-based trigger, an event-based trigger, etc.). The model updater may then update the detection model in accordance with the determined update time-frame (and, in some embodiments, continuous learning).

    Computer-implemented methods and systems for determining fleet conditions and operational management thereof
    4.
    发明授权
    Computer-implemented methods and systems for determining fleet conditions and operational management thereof 有权
    用于确定船队状况和运行管理的计算机实现的方法和系统

    公开(公告)号:US09552567B2

    公开(公告)日:2017-01-24

    申请号:US13728378

    申请日:2012-12-27

    IPC分类号: G06N99/00 G06Q10/08 G06Q10/06

    摘要: A method for determining fleet conditions and operational management thereof, performed by a central system includes receiving fleet data from at least one distributed data repository. The fleet data is substantially representative of information associated with a fleet of physical assets. The method also includes processing the received fleet data for the fleet using at least one process of a plurality of processes. The plurality of processes assess the received fleet data into processed fleet data. The method additionally includes determining a fleet condition status using the processed fleet data and the at least one process of the plurality of processes. The method further includes generating a fleet response. The fleet response is substantially representative of a next operational step for the fleet of physical assets. The method also includes transmitting the fleet response to at least one of a plurality of fleet response recipients.

    摘要翻译: 由中央系统执行的用于确定车队状况和其操作管理的方法包括从至少一个分布式数据存储库接收车队数据。 船队数据实质上代表与实体资产船队相关联的信息。 该方法还包括使用多个过程的至少一个过程处理车队接收的车队数据。 多个过程将接收到的车队数据评估为处理后的车队数据。 该方法另外包括使用处理的车队数据和多个过程中的至少一个过程来确定车队状况状态。 该方法还包括产生车队响应。 舰队反应实质上代表了有形资产队伍的下一个操作步骤。 该方法还包括将车队响应发送到多个车队响应接收者中的至少一个。

    Systems and methods for remote monitoring, security, diagnostics, and prognostics
    5.
    发明授权
    Systems and methods for remote monitoring, security, diagnostics, and prognostics 有权
    用于远程监控,安全,诊断和预测的系统和方法

    公开(公告)号:US09245116B2

    公开(公告)日:2016-01-26

    申请号:US13848354

    申请日:2013-03-21

    IPC分类号: G06F21/55

    CPC分类号: G06F21/55

    摘要: A system includes a physical analysis module, a cyber analysis module, and a determination module. The physical analysis module is configured to obtain physical diagnostic information, and to determine physical analysis information using the physical diagnostic information. The cyber analysis module is configured to obtain cyber security data of the functional system, and to determine cyber analysis information using the cyber security data. The determination module is configured to obtain the physical analysis information and the cyber analysis information, and to determine a state of the functional system using the physical analysis information and the cyber analysis information. The state determined corresponds to at least one of physical condition or cyber security threat. The determination module is also configured to identify if the state corresponds to one or more of a non-malicious condition or a malicious condition.

    摘要翻译: 系统包括物理分析模块,网络分析模块和确定模块。 物理分析模块被配置为获得物理诊断信息,并且使用物理诊断信息来确定物理分析信息。 网络分析模块被配置为获取功能系统的网络安全数据,并使用网络安全数据来确定网络分析信息。 确定模块被配置为获得物理分析信息和网络分析信息,并且使用物理分析信息和网络分析信息来确定功能系统的状态。 所确定的状态对应于身体状况或网络安全威胁中的至少一种。 确定模块还被配置为识别该状态是否对应于非恶意条件或恶意条件中的一个或多个。

    RESILIENT ESTIMATION FOR GRID SITUATIONAL AWARENESS

    公开(公告)号:US20230385186A1

    公开(公告)日:2023-11-30

    申请号:US18321545

    申请日:2023-05-22

    摘要: According to some embodiments, a system, method and non-transitory computer-readable medium are provided to protect a cyber-physical system having a plurality of monitoring nodes comprising: a normal space data source storing, for each of the plurality of monitoring nodes, a series of normal monitoring node values over time that represent normal operation of the cyber-physical system; a situational awareness module including an abnormal data generation platform, wherein the abnormal data generation platform is operative to generate abnormal data to represent abnormal operation of the cyber-physical system using values in the normal space data source and a generative model; a memory for storing program instructions; and a situational awareness processor, coupled to the memory, and in communication with the situational awareness module and operative to execute the program instructions to: receive a data signal, wherein the received data signal is an aggregation of data signals received from one or more of the plurality of monitoring nodes, wherein the data signal includes at least one real-time stream of data source signal values that represent a current operation of the cyber-physical system; determine, via a trained classifier, whether the received data signal is a normal signal or an abnormal signal, wherein the trained classifier is trained with the generated abnormal data and normal data; localize an origin of an anomaly when it is determined the received data signal is the abnormal signal; receive the determination and localization at a resilient estimator module; execute the resilient estimator module to generate a state estimation for the cyber-physical system. Numerous other aspects are provided.

    SIGNATURE IDENTIFICATION FOR POWER SYSTEM EVENTS

    公开(公告)号:US20210088563A1

    公开(公告)日:2021-03-25

    申请号:US16580525

    申请日:2019-09-24

    IPC分类号: G01R19/25 G01R31/08 G06N3/08

    摘要: Briefly, embodiments are directed to a system, method, and article for identifying power system event signatures. Input measurement data may be received from one or more data sources relating to a power grid system. The input measurement data may comprise normal system operation measurement data and power system event measurement data. A processor may perform operations during an online application phase. During the online application phase, a feature matrix may be generated for the power system event measurement data and the at least one trained auto-associative model. The feature matrix for the power system event measurement data may be processed to determine power system event residuals. Also during the online application phase, the power system event signatures may be identified based on residual statistics for normal system operation measurement data residuals and on the power system event residuals.

    Framework for determining resilient manifolds

    公开(公告)号:US10956578B2

    公开(公告)日:2021-03-23

    申请号:US16152546

    申请日:2018-10-05

    IPC分类号: G06F21/57 G05B19/048

    摘要: According to some embodiments, a system, method and non-transitory computer-readable medium are provided to protect a decision manifold of a control system for an industrial asset, comprising: a detection and neutralization module including: a decision manifold having a receiver configured to receive a training dataset comprising data, wherein the decision manifold is operative to generate a first decision manifold with the received training dataset; and a detection model; a memory for storing program instructions; and a detection and neutralization processor, coupled to the memory, and in communication with the detection and neutralization module and operative to execute program instructions to: receive the first decision manifold, wherein the first decision manifold separates a normal operating space from an abnormal operating space; determine whether there are one or more inadequacies with the detection model; generate a corrected decision manifold based on the determined one or more inadequacies with the detection model; receive a projected adversary strategy; generate a resilient decision manifold based on the corrected decision manifold and received projected adversary strategy; and an output configured to output a neutralized signal to operate the industrial asset via the control system. Numerous other aspects are provided.

    Multi-class decision system for categorizing industrial asset attack and fault types

    公开(公告)号:US10686806B2

    公开(公告)日:2020-06-16

    申请号:US15681827

    申请日:2017-08-21

    IPC分类号: H04L29/06

    摘要: According to some embodiments, a plurality of monitoring nodes may each generate a series of current monitoring node values over time that represent a current operation of the industrial asset. A node classifier computer, coupled to the plurality of monitoring nodes, may receive the series of current monitoring node values and generate a set of current feature vectors. The node classifier computer may also access at least one multi-class classifier model having at least one decision boundary. The at least one multi-class classifier model may be executed and the system may transmit a classification result based on the set of current feature vectors and the at least one decision boundary. The classification result may indicate, for example, whether a monitoring node status is normal, attacked, or faulty.

    ANOMALY DETECTION SYSTEM AND METHOD FOR INDUSTRIAL ASSET
    10.
    发明申请
    ANOMALY DETECTION SYSTEM AND METHOD FOR INDUSTRIAL ASSET 审中-公开
    工业资产异常检测系统及方法

    公开(公告)号:US20170024649A1

    公开(公告)日:2017-01-26

    申请号:US14808402

    申请日:2015-07-24

    发明人: Weizhong Yan Lijie YU

    IPC分类号: G06N5/04 G06N99/00

    摘要: Some embodiments are associated with a receipt, at a feature learning platform, of sensor data associated with normal operation of an industrial asset, the sensor data including values for a plurality of sensors over a period of time. The feature learning platform may extract a plurality of features via hierarchically deep learning, which may capture characteristics of normal operation of the industrial asset and provide the learned features to a classification modeling platform. The classification modeling platform may then create classification models utilizing the learned features, and the classification models may be executed to automatically identify a potential anomaly for an operating industrial asset.

    摘要翻译: 一些实施例与在特征学习平台处的与工业资产的正常操作相关联的传感器数据的收据相关联,所述传感器数据包括一段时间内的多个传感器的值。 特征学习平台可以通过分级深度学习提取多个特征,其可以捕获工业资产的正常操作的特征并将学习的特征提供给分类建模平台。 然后,分类建模平台可以使用学习的特征来创建分类模型,并且可以执行分类模型以自动识别经营的工业资产的潜在异常。