Cyber-attack detection and neutralization

Mestha, Lalit Keshav; Anubi, Olugbenga; Abbaszadeh, Masoud

Title: Cyber-attack detection and neutralization

Abstract

The example embodiments are directed to a system and method for neutralizing abnormal signals in a cyber-physical system. In one example, the method includes receiving input signals comprising time series data associated with an asset and transforming the input signals into feature values in a feature space, detecting one or more abnormal feature values in the feature space based on a predetermined normalcy boundary associated with the asset, and determining an estimated true value for each abnormal feature value, and performing an inverse transform of each estimated true value to generate neutralized signals comprising time series data and outputting the neutralized signals.

Inventors:: Mestha, Lalit Keshav; Anubi, Olugbenga; Abbaszadeh, Masoud

Issue Date:: 2020-09-08

Research Org.:: General Electric Co., Schenectady, NY (United States)

Sponsoring Org.:: USDOE

OSTI Identifier:: 1735249

Patent Number(s):: 10771495

Application Number:: 15/454,144

Assignee:: General Electric Company (Schenectady, NY)

Patent Classifications (CPCs):: H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION

Show more

H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
H04L63/1441 - {Countermeasures against malicious traffic
H04L63/1416 - {Event detection, e.g. attack signature detection}

Show less

DOE Contract Number:: OE0000833

Resource Type:: Patent

Resource Relation:: Patent File Date: 03/09/2017

Country of Publication:: United States

Language:: English

Citation Formats


                    Mestha, Lalit Keshav, Anubi, Olugbenga, and Abbaszadeh, Masoud. Cyber-attack detection and neutralization.  United States: N. p., 2020. 
        Web.

Copy to clipboard


                    Mestha, Lalit Keshav, Anubi, Olugbenga, & Abbaszadeh, Masoud. Cyber-attack detection and neutralization.  United States.

Copy to clipboard


                    Mestha, Lalit Keshav, Anubi, Olugbenga, and Abbaszadeh, Masoud. Tue .  
        "Cyber-attack detection and neutralization".  United States.  https://www.osti.gov/servlets/purl/1735249.

Copy to clipboard


                    
@article{osti_1735249,

  title        = {Cyber-attack detection and neutralization},

  author       = {Mestha, Lalit Keshav and Anubi, Olugbenga and Abbaszadeh, Masoud},

  abstractNote = {The example embodiments are directed to a system and method for neutralizing abnormal signals in a cyber-physical system. In one example, the method includes receiving input signals comprising time series data associated with an asset and transforming the input signals into feature values in a feature space, detecting one or more abnormal feature values in the feature space based on a predetermined normalcy boundary associated with the asset, and determining an estimated true value for each abnormal feature value, and performing an inverse transform of each estimated true value to generate neutralized signals comprising time series data and outputting the neutralized signals.},

  doi          = {},

  journal      = {},
number       = ,

  volume       = ,

  place        = {United States},

  year         = {2020},

  month        = {9}

}

Copy to clipboard

Patent:

View Patent

Save / Share:

Export Metadata

Save to My Library

Works referenced in this record:

Methods of unsupervised anomaly detection using a geometric framework
patent, September 2013

Eskin, Eleazar; Arnold, Andrew Oliver; Prerau, Michael
US Patent Document 8,544,087
URL: http://patft.uspto.gov/netacgi/nph-Parser?patentnumber=8544087

Real-time localization of mobile targets using abnormal wireless signals
conference, June 2017

Luo, Chengming; Fan, Xinnan; Xin, Gaifang
2017 IEEE International Conference on Consumer Electronics - Taiwan (ICCE-TW)
https://doi.org/10.1109/ICCE-China.2017.7991116

Application-Level Autonomic Hardware to Predict and Preempt Software Attacks on Industrial Control Systems
conference, June 2014

Lerner, Lee W.; Franklin, Zane R.; Baumann, William T.
2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
https://doi.org/10.1109/DSN.2014.26

Against transient-steady effect attack using time check blocks
conference, June 2017

Zhang, Jinbao; Wu, Ning; Ge, Fen
2017 12th IEEE Conference on Industrial Electronics and Applications (ICIEA)
https://doi.org/10.1109/ICIEA.2017.8282884

Secure state estimation: Optimal guarantees against sensor attacks in the presence of noise
conference, June 2015

Mishra, Shaunak; Shoukry, Yasser; Karamchandani, Nikhil
2015 IEEE International Symposium on Information Theory (ISIT)
https://doi.org/10.1109/ISIT.2015.7282993

Safety envelope for security
conference, April 2014

Tiwari, Ashish; Dutertre, Bruno; Jovanović, Dejan
HiCoNS '14: 3rd International Conference on High Confidence Networked Systems, Proceedings of the 3rd international conference on High confidence networked systems
https://doi.org/10.1145/2566468.2566483

Similar Records in DOE Patents and OSTI.GOV collections:

Cyber-attack detection, localization, and neutralization for unmanned aerial vehicles

Patent Mestha, Lalit Keshav; Anubi, Olugbenga; John, Justin Varkey

In some embodiments, an Unmanned Aerial Vehicle (“UAV”) system may be associated with a plurality of monitoring nodes, each monitoring node generating a series of monitoring node values over time that represent operation of the UAV system. An attack detection computer platform may receive the series of current monitoring node values and generate a set of current feature vectors. The attack detection computer platform may access an attack detection model having at least one decision boundary (e.g., created using a set of normal feature vectors a set of attacked feature vectors). The attack detection model may then be executed andmore »« less
Full Text Available
Dynamic concurrent learning method to neutralize cyber attacks and faults for industrial asset monitoring nodes

Patent Mestha, Lalit Keshav; Anubi, Olugbenga; Achanta, Hema Kumari

Input signals may be received from monitoring nodes of the industrial asset, each input signal comprising time series data representing current operation. A neutralization engine may transform the input signals into feature vectors in feature space, each feature vector being associated with one of a plurality of overlapping batches of received input signals. A dynamic decision boundary may be generated based on the set of feature vectors, and an abnormal state of the asset may be detected based on the set of feature vectors and a predetermined static decision boundary. An estimated neutralized value for each abnormal feature value maymore »« less
Full Text Available
Autonomous reconfigurable virtual sensing system for cyber-attack neutralization

Patent Abbaszadeh, Masoud; Mestha, Lalit Keshav

An industrial asset may be associated with a plurality of monitoring nodes, each monitoring node generating a series of monitoring node values over time representing current operation of the industrial asset. An abnormality detection computer may determine that at least one abnormal monitoring node is currently being attacked or experiencing a fault. A virtual sensing estimator may continuously execute an adaptive learning process to create or update virtual sensor models for the monitoring nodes. Responsive to an indication that a monitoring node is currently being attacked or experiencing a fault, the virtual sensing estimator may be dynamically reconfigured to estimatemore »« less
Full Text Available
Method and apparatus for detecting cyber attacks on an alternating current power grid

Patent McEachern, Alexander; Hofmann, Ronald

A method and apparatus for detecting cyber attacks on remotely-operable elements of an alternating current distribution grid. Two state estimates of the distribution grid are prepared, one of which uses micro-synchrophasors. A difference between the two state estimates indicates a possible cyber attack.
Full Text Available
Method for detecting sophisticated cyber attacks

Patent Potok, Thomas E [Oak Ridge, TN]

A method of analyzing computer intrusion detection information that looks beyond known attacks and abnormal access patterns to the critical information that an intruder may want to access. Unique target identifiers and type of work performed by the networked targets is added to audit log records. Analysis using vector space modeling, dissimilarity matrix comparison, and clustering of the event records is then performed.
Full Text Available

Similar Records

Title: Cyber-attack detection and neutralization

Abstract

Citation Formats

Methods of unsupervised anomaly detection using a geometric framework patent, September 2013

Real-time localization of mobile targets using abnormal wireless signals conference, June 2017

Application-Level Autonomic Hardware to Predict and Preempt Software Attacks on Industrial Control Systems conference, June 2014

Against transient-steady effect attack using time check blocks conference, June 2017

Secure state estimation: Optimal guarantees against sensor attacks in the presence of noise conference, June 2015

Safety envelope for security conference, April 2014

Methods of unsupervised anomaly detection using a geometric framework
patent, September 2013

Real-time localization of mobile targets using abnormal wireless signals
conference, June 2017

Application-Level Autonomic Hardware to Predict and Preempt Software Attacks on Industrial Control Systems
conference, June 2014

Against transient-steady effect attack using time check blocks
conference, June 2017

Secure state estimation: Optimal guarantees against sensor attacks in the presence of noise
conference, June 2015

Safety envelope for security
conference, April 2014