Reliable cyber-threat detection in rapidly changing environments
In some embodiments, a plurality of monitoring nodes each generate a series of current monitoring node values over time that represent a current operation of the industrial asset. An attack detection computer platform may receive the series of current monitoring node values and generate a set of current feature vectors including a current feature for capturing transients (e.g., local transients and/or global transients). The attack detection computer platform may also access an attack detection model having at least one decision boundary that was created using at least one of a set of normal feature vectors and/or a set of attacked feature vectors. The attack detection model may then be executed such that an attack alert signal is transmitted by the attack detection computer platform, when appropriate, based on the set of current feature vectors (including the current feature to capture transients) and the at least one decision boundary.
- Research Organization:
- General Electric Co., Schenectady, NY (United States)
- Sponsoring Organization:
- USDOE
- DOE Contract Number:
- OE0000833
- Assignee:
- General Electric Company (Schenectady, NY)
- Patent Number(s):
- 10,819,725
- Application Number:
- 15/964,644
- OSTI ID:
- 1771571
- Resource Relation:
- Patent File Date: 04/27/2018
- Country of Publication:
- United States
- Language:
- English
Similar Records
Multi-class decision system for categorizing industrial asset attack and fault types
Dynamic concurrent learning method to neutralize cyber attacks and faults for industrial asset monitoring nodes