Dynamic concurrent learning method to neutralize cyber attacks and faults for industrial asset monitoring nodes

Mestha, Lalit Keshav; Anubi, Olugbenga; Achanta, Hema Kumari

Title: Dynamic concurrent learning method to neutralize cyber attacks and faults for industrial asset monitoring nodes

Abstract

Input signals may be received from monitoring nodes of the industrial asset, each input signal comprising time series data representing current operation. A neutralization engine may transform the input signals into feature vectors in feature space, each feature vector being associated with one of a plurality of overlapping batches of received input signals. A dynamic decision boundary may be generated based on the set of feature vectors, and an abnormal state of the asset may be detected based on the set of feature vectors and a predetermined static decision boundary. An estimated neutralized value for each abnormal feature value may be calculated based on the dynamic decision boundary and the static decision boundary such that a future set of feature vectors will be moved with respect to the static decision boundary. An inverse transform of each estimated neutralized value may be performed to generate neutralized signals comprising time series data that are output.

Inventors:: Mestha, Lalit Keshav; Anubi, Olugbenga; Achanta, Hema Kumari

Issue Date:: 2020-07-28

Research Org.:: General Electric Co., Schenectady, NY (United States)

Sponsoring Org.:: USDOE

OSTI Identifier:: 1735093

Patent Number(s):: 10728282

Application Number:: 15/986,996

Assignee:: General Electric Company (Schenectady, NY)

Patent Classifications (CPCs):: G - PHYSICS G06 - COMPUTING G06N - COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS

Y - NEW / CROSS SECTIONAL TECHNOLOGIES Y04 - INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS Y04S - SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS

Show more

G - PHYSICS G06 - COMPUTING G06N - COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
G06N20/00 - Machine learning

Y - NEW / CROSS SECTIONAL TECHNOLOGIES Y04 - INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS Y04S - SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
Y04S40/20 - Information technology specific aspects

G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING
G06F21/50 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems

H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
H04L63/1416 - {Event detection, e.g. attack signature detection}

G - PHYSICS G05 - CONTROLLING G05B - CONTROL OR REGULATING SYSTEMS IN GENERAL
G05B23/0297 - {Reconfiguration of monitoring system, e.g. use of virtual sensors

H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
H04L63/14 - {for detecting or protecting against malicious traffic}
H04L63/1466 - {Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks}

Show less

DOE Contract Number:: OE0000833

Resource Type:: Patent

Resource Relation:: Patent File Date: 05/23/2018

Country of Publication:: United States

Language:: English

Citation Formats


                    Mestha, Lalit Keshav, Anubi, Olugbenga, and Achanta, Hema Kumari. Dynamic concurrent learning method to neutralize cyber attacks and faults for industrial asset monitoring nodes.  United States: N. p., 2020. 
        Web.

Copy to clipboard


                    Mestha, Lalit Keshav, Anubi, Olugbenga, & Achanta, Hema Kumari. Dynamic concurrent learning method to neutralize cyber attacks and faults for industrial asset monitoring nodes.  United States.

Copy to clipboard


                    Mestha, Lalit Keshav, Anubi, Olugbenga, and Achanta, Hema Kumari. Tue .  
        "Dynamic concurrent learning method to neutralize cyber attacks and faults for industrial asset monitoring nodes".  United States.  https://www.osti.gov/servlets/purl/1735093.

Copy to clipboard


                    
@article{osti_1735093,

  title        = {Dynamic concurrent learning method to neutralize cyber attacks and faults for industrial asset monitoring nodes},

  author       = {Mestha, Lalit Keshav and Anubi, Olugbenga and Achanta, Hema Kumari},

  abstractNote = {Input signals may be received from monitoring nodes of the industrial asset, each input signal comprising time series data representing current operation. A neutralization engine may transform the input signals into feature vectors in feature space, each feature vector being associated with one of a plurality of overlapping batches of received input signals. A dynamic decision boundary may be generated based on the set of feature vectors, and an abnormal state of the asset may be detected based on the set of feature vectors and a predetermined static decision boundary. An estimated neutralized value for each abnormal feature value may be calculated based on the dynamic decision boundary and the static decision boundary such that a future set of feature vectors will be moved with respect to the static decision boundary. An inverse transform of each estimated neutralized value may be performed to generate neutralized signals comprising time series data that are output.},

  doi          = {},

  journal      = {},
number       = ,

  volume       = ,

  place        = {United States},

  year         = {2020},

  month        = {7}

}

Copy to clipboard

Patent:

View Patent

Save / Share:

Export Metadata

Save to My Library

Works referenced in this record:

Cybersecurity for Control Systems: A Process-Aware Perspective
journal, October 2016

Khorrami, Farshad; Krishnamurthy, Prashanth; Karri, Ramesh
IEEE Design & Test, Vol. 33, Issue 5
https://doi.org/10.1109/MDAT.2016.2594178

Cyber-attack detection and accommodation algorithm for energy delivery systems
conference, August 2017

Mestha, Lalit K.; Anubi, Olugbenga M.; Abbaszadeh, Masoud
2017 IEEE Conference on Control Technology and Applications (CCTA)
https://doi.org/10.1109/CCTA.2017.8062642

Detection Mitigation and Remediation of Cyberattacks Employing an Advanced Cyber-decision Platform
patent-application, May 2017

Crabtree, Jason; Sellers, Andrew
US Patent Application 15/237625; 20170126712
URL: http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220170126712%22.PGNR.&OS=DN/20170126712&RS=DN/20170126712

Threat Detection and Localizatino for Monitoring Nodes of an Industrial Asset Control System
patent-application, December 2017

Bushey, Cody Joe; Mestha, Lalit Keshav; Holzhauer, Daniel Francis
US Patent Application 15/179034; 20170359366
URL: http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220170359366%22.PGNR.&OS=DN/20170359366&RS=DN/20170359366

System and Method for Forensic Cyber Adversary Profiling, Attribution and Attack Identification
patent-application, November 2013

Parker, Thomas W.
US Patent Application 13/893247; 20130312092
URL: http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220130312092%22.PGNR.&OS=DN/20130312092&RS=DN/20130312092

A machine learning approach for real-time reachability analysis
conference, September 2014

Allen, Ross E.; Clark, Ashley A.; Starek, Joseph A.
2014 IEEE/RSJ International Conference on Intelligent Robots and Systems (IROS 2014)
https://doi.org/10.1109/IROS.2014.6942859

Similar Records in DOE Patents and OSTI.GOV collections:

Using virtual sensors to accommodate industrial asset control systems during cyber attacks

Patent Mestha, Lalit Keshav; Achanta, Hema Kumari; John, Justin Varkey; ...

In some embodiments, an industrial asset may be associated with a plurality of monitoring nodes, each monitoring node generating a series of monitoring node values over time that represent operation of the industrial asset. A threat detection computer may determine that an attacked monitoring node is currently being attacked. Responsive to this determination, a virtual sensor coupled to the plurality of monitoring nodes may estimate a series of virtual node values for the attacked monitoring node(s) based on information received from monitoring nodes that are not currently being attacked. The virtual sensor may then replace the series of monitoring nodemore »« less
Full Text Available
Using virtual sensors to accommodate industrial asset control systems during cyber attacks

Patent Mestha, Lalit Keshav; Achanta, Hema Kumari; John, Justin Varkey; ...

In some embodiments, an industrial asset may be associated with a plurality of monitoring nodes, each monitoring node generating a series of monitoring node values over time that represent operation of the industrial asset. A threat detection computer may determine that an attacked monitoring node is currently being attacked. Responsive to this determination, a virtual sensor coupled to the plurality of monitoring nodes may estimate a series of virtual node values for the attacked monitoring node(s) based on information received from monitoring nodes that are not currently being attacked. The virtual sensor may then replace the series of monitoring nodemore »« less
Full Text Available
Multi-class decision system for categorizing industrial asset attack and fault types

Patent Abbaszadeh, Masoud; Mestha, Lalit Keshav; Yan, Weizhong

According to some embodiments, a plurality of monitoring nodes may each generate a series of current monitoring node values over time that represent a current operation of the industrial asset. A node classifier computer, coupled to the plurality of monitoring nodes, may receive the series of current monitoring node values and generate a set of current feature vectors. The node classifier computer may also access at least one multi-class classifier model having at least one decision boundary. The at least one multi-class classifier model may be executed and the system may transmit a classification result based on the set ofmore »« less
Full Text Available
Autonomous reconfigurable virtual sensing system for cyber-attack neutralization

Patent Abbaszadeh, Masoud; Mestha, Lalit Keshav

An industrial asset may be associated with a plurality of monitoring nodes, each monitoring node generating a series of monitoring node values over time representing current operation of the industrial asset. An abnormality detection computer may determine that at least one abnormal monitoring node is currently being attacked or experiencing a fault. A virtual sensing estimator may continuously execute an adaptive learning process to create or update virtual sensor models for the monitoring nodes. Responsive to an indication that a monitoring node is currently being attacked or experiencing a fault, the virtual sensing estimator may be dynamically reconfigured to estimatemore »« less
Full Text Available
Cyber-attack detection, localization, and neutralization for unmanned aerial vehicles

Patent Mestha, Lalit Keshav; Anubi, Olugbenga; John, Justin Varkey

In some embodiments, an Unmanned Aerial Vehicle (“UAV”) system may be associated with a plurality of monitoring nodes, each monitoring node generating a series of monitoring node values over time that represent operation of the UAV system. An attack detection computer platform may receive the series of current monitoring node values and generate a set of current feature vectors. The attack detection computer platform may access an attack detection model having at least one decision boundary (e.g., created using a set of normal feature vectors a set of attacked feature vectors). The attack detection model may then be executed andmore »« less
Full Text Available

Similar Records

Title: Dynamic concurrent learning method to neutralize cyber attacks and faults for industrial asset monitoring nodes

Abstract

Citation Formats

Cybersecurity for Control Systems: A Process-Aware Perspective journal, October 2016

Cyber-attack detection and accommodation algorithm for energy delivery systems conference, August 2017

Detection Mitigation and Remediation of Cyberattacks Employing an Advanced Cyber-decision Platform patent-application, May 2017

Threat Detection and Localizatino for Monitoring Nodes of an Industrial Asset Control System patent-application, December 2017

System and Method for Forensic Cyber Adversary Profiling, Attribution and Attack Identification patent-application, November 2013

A machine learning approach for real-time reachability analysis conference, September 2014

Cybersecurity for Control Systems: A Process-Aware Perspective
journal, October 2016

Cyber-attack detection and accommodation algorithm for energy delivery systems
conference, August 2017

Detection Mitigation and Remediation of Cyberattacks Employing an Advanced Cyber-decision Platform
patent-application, May 2017

Threat Detection and Localizatino for Monitoring Nodes of an Industrial Asset Control System
patent-application, December 2017

System and Method for Forensic Cyber Adversary Profiling, Attribution and Attack Identification
patent-application, November 2013

A machine learning approach for real-time reachability analysis
conference, September 2014