Reliable cyber-threat detection in rapidly changing environments

Abbaszadeh, Masoud; Mestha, Lalit Keshav

Advanced Search OptionsAdvanced Search queries use a traditional Term Search. For more info, see our FAQ.

All Fields:

Patent Title:

Abstract:

Assignee:

Inventor(s):

Patent Number:

Patent Classification (CPC):

All Classifications
A - human necessities
A01 - agriculture
A21 - baking
A22 - butchering
A23 - foods or foodstuffs
A24 - tobacco
A41 - wearing apparel
A42 - headwear
A43 - footwear
A44 - haberdashery
A45 - hand or travelling articles
A46 - brushware
A47 - furniture
A61 - medical or veterinary science
A62 - life-saving
A63 - sports
A99 - subject matter not otherwise provided for in this section
B - performing operations
B01 - physical or chemical processes or apparatus in general
B02 - crushing, pulverising, or disintegrating
B03 - separation of solid materials using liquids or using pneumatic tables or jigs
B04 - centrifugal apparatus or machines for carrying-out physical or chemical processes
B05 - spraying or atomising in general
B06 - generating or transmitting mechanical vibrations in general
B07 - separating solids from solids
B08 - cleaning
B09 - disposal of solid waste
B21 - mechanical metal-working without essentially removing material
B22 - casting
B23 - machine tools
B24 - grinding
B25 - hand tools
B26 - hand cutting tools
B27 - working or preserving wood or similar material
B28 - working cement, clay, or stone
B29 - working of plastics
B30 - presses
B31 - making articles of paper, cardboard or material worked in a manner analogous to paper
B32 - layered products
B33 - additive manufacturing technology
B41 - printing
B42 - bookbinding
B43 - writing or drawing implements
B44 - decorative arts
B60 - vehicles in general
B61 - railways
B62 - land vehicles for travelling otherwise than on rails
B63 - ships or other waterborne vessels
B64 - aircraft
B65 - conveying
B66 - hoisting
B67 - opening, closing {or cleaning} bottles, jars or similar containers
B68 - saddlery
B81 - microstructural technology
B82 - nanotechnology
B99 - subject matter not otherwise provided for in this section
C - chemistry
C01 - inorganic chemistry
C02 - treatment of water, waste water, sewage, or sludge
C03 - glass
C04 - cements
C05 - fertilisers
C06 - explosives
C07 - organic chemistry
C08 - organic macromolecular compounds
C09 - dyes
C10 - petroleum, gas or coke industries
C11 - animal or vegetable oils, fats, fatty substances or waxes
C12 - biochemistry
C13 - sugar industry
C14 - skins
C21 - metallurgy of iron
C22 - metallurgy
C23 - coating metallic material
C25 - electrolytic or electrophoretic processes
C30 - crystal growth
C40 - combinatorial technology
C99 - subject matter not otherwise provided for in this section
D - textiles
D01 - natural or man-made threads or fibres
D02 - yarns
D03 - weaving
D04 - braiding
D05 - sewing
D06 - treatment of textiles or the like
D07 - ropes
D10 - indexing scheme associated with sublasses of section d, relating to textiles
D21 - paper-making
D99 - subject matter not otherwise provided for in this section
E - fixed constructions
E01 - construction of roads, railways, or bridges
E02 - hydraulic engineering
E03 - water supply
E04 - building
E05 - locks
E06 - doors, windows, shutters, or roller blinds in general
E21 - earth drilling
E99 - subject matter not otherwise provided for in this section
F - mechanical engineering
F01 - machines or engines in general
F02 - combustion engines
F03 - machines or engines for liquids
F04 - positive - displacement machines for liquids
F05 - indexing schemes relating to engines or pumps in various subclasses of classes f01-f04
F15 - fluid-pressure actuators
F16 - engineering elements and units
F17 - storing or distributing gases or liquids
F21 - lighting
F22 - steam generation
F23 - combustion apparatus
F24 - heating
F25 - refrigeration or cooling
F26 - drying
F27 - furnaces
F28 - heat exchange in general
F41 - weapons
F42 - ammunition
F99 - subject matter not otherwise provided for in this section
G - physics
G01 - measuring
G02 - optics
G03 - photography
G04 - horology
G05 - controlling
G06 - computing
G07 - checking-devices
G08 - signalling
G09 - education
G10 - musical instruments
G11 - information storage
G12 - instrument details
G16 - information and communication technology [ict] specially adapted for specific application fields
G21 - nuclear physics
G99 - subject matter not otherwise provided for in this section
H - electricity
H01 - basic electric elements
H02 - generation
H03 - basic electronic circuitry
H04 - electric communication technique
H05 - electric techniques not otherwise provided for
H99 - subject matter not otherwise provided for in this section
Y - new / cross sectional technologies
Y02 - technologies or applications for mitigation or adaptation against climate change
Y04 - information or communication technologies having an impact on other technology areas
Y10 - technical subjects covered by former uspc

More Options ...

Title: Reliable cyber-threat detection in rapidly changing environments

Abstract

In some embodiments, a plurality of monitoring nodes each generate a series of current monitoring node values over time that represent a current operation of the industrial asset. An attack detection computer platform may receive the series of current monitoring node values and generate a set of current feature vectors including a current feature for capturing transients (e.g., local transients and/or global transients). The attack detection computer platform may also access an attack detection model having at least one decision boundary that was created using at least one of a set of normal feature vectors and/or a set of attacked feature vectors. The attack detection model may then be executed such that an attack alert signal is transmitted by the attack detection computer platform, when appropriate, based on the set of current feature vectors (including the current feature to capture transients) and the at least one decision boundary.

Inventors:: Abbaszadeh, Masoud; Mestha, Lalit Keshav

Issue Date:: 2020-10-27

Research Org.:: General Electric Co., Schenectady, NY (United States)

Sponsoring Org.:: USDOE

OSTI Identifier:: 1771571

Patent Number(s):: 10819725

Application Number:: 15/964,644

Assignee:: General Electric Company (Schenectady, NY)

Patent Classifications (CPCs):: G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING

H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION

Show more

G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING
G06F21/55 - Detecting local intrusion or implementing counter-measures
G06F21/552 - {involving long-term monitoring or reporting}
G06F21/554 - {involving event detection and direct action}

H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
H04L63/1425 - {Traffic logging, e.g. anomaly detection}

Y - NEW / CROSS SECTIONAL TECHNOLOGIES Y04 - INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS Y04S - SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
Y04S40/20 - Information technology specific aspects

Show less

DOE Contract Number:: OE0000833

Resource Type:: Patent

Resource Relation:: Patent File Date: 04/27/2018

Country of Publication:: United States

Language:: English

Citation Formats


                    Abbaszadeh, Masoud, and Mestha, Lalit Keshav. Reliable cyber-threat detection in rapidly changing environments.  United States: N. p., 2020. 
        Web.

Copy to clipboard


                    Abbaszadeh, Masoud, & Mestha, Lalit Keshav. Reliable cyber-threat detection in rapidly changing environments.  United States.

Copy to clipboard


                    Abbaszadeh, Masoud, and Mestha, Lalit Keshav. Tue .  
        "Reliable cyber-threat detection in rapidly changing environments".  United States.  https://www.osti.gov/servlets/purl/1771571.

Copy to clipboard


                    
@article{osti_1771571,

  title        = {Reliable cyber-threat detection in rapidly changing environments},

  author       = {Abbaszadeh, Masoud and Mestha, Lalit Keshav},

  abstractNote = {In some embodiments, a plurality of monitoring nodes each generate a series of current monitoring node values over time that represent a current operation of the industrial asset. An attack detection computer platform may receive the series of current monitoring node values and generate a set of current feature vectors including a current feature for capturing transients (e.g., local transients and/or global transients). The attack detection computer platform may also access an attack detection model having at least one decision boundary that was created using at least one of a set of normal feature vectors and/or a set of attacked feature vectors. The attack detection model may then be executed such that an attack alert signal is transmitted by the attack detection computer platform, when appropriate, based on the set of current feature vectors (including the current feature to capture transients) and the at least one decision boundary.},

  doi          = {},

  journal      = {},
number       = ,

  volume       = ,

  place        = {United States},

  year         = {2020},

  month        = {10}

}

Copy to clipboard

Patent:

Save / Share:

Export Metadata

Save to My Library

Works referenced in this record:

Cyber Security
patent-application, August 2017

Stockdale, Jack; Markham, Alex
US Patent Application 15/501135; 20170220801
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20170220801

Detecting Software Attacks By Monitoring Electric Power Consumption Patterns
patent-application, November 2008

Jacoby, Grant A.; Davis, Nathaniel J.; Marchany, Randolph C.
US Patent Application 11/574619; 20080276111
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20080276111

Cyber threat trees for large system threat cataloging and analysis
conference, April 2010

Ongsakorn, P.; Turney, K.; Thornton, M.
2010 4th Annual IEEE Systems Conference, 2010 IEEE International Systems Conference
https://doi.org/10.1109/SYSTEMS.2010.5482351

System and Method
patent-application, December 2010

Hoffberg, Steven M.
US Patent Application 12/837504; 20100317420
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20100317420

Threat Detection and Localizatino for Monitoring Nodes of an Industrial Asset Control System
patent-application, December 2017

Bushey, Cody Joe; Mestha, Lalit Keshav; Holzhauer, Daniel Francis
US Patent Application 15/179034; 20170359366
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20170359366

Domain Level Threat Detection for Industrial Asset Control System
patent-application, October 2017

Mestha, Lalit Keshav; Thatcher, Jonathan Carl; Holhauer, Daniel Francis
US Patent Application 15/137311; 20170310690
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20170310690

Resilient Control Design or Disturbed Cyber-Physical Systems
patent-application, December 2015

Ji, Kun
US Patent Application 14/317321; 20150378339
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20150378339

A safety/security risk analysis approach of Industrial Control Systems: A cyber bowtie – combining new version of attack tree with bowtie analysis
journal, January 2018

Abdo, H.; Kaouk, M.; Flaus, J. -M.
Computers & Security, Vol. 72
https://doi.org/10.1016/j.cose.2017.09.004

Robust Anomaly Detection and Regularized Domain Adaptation of Classifiers with Application to Internet Packet-Flows
patent-application, November 2012

Miller, David J.; Kesidis, George; Raghuram, Jayaram
US Patent Application 13/465741; 20120284791
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20120284791

Profiling Cyber Threats Detected in a Target Environment and Automatically Generating One or More Rule Bases for an Expert System Usable to Profile Cyber Threats Detected in a Target Environment
patent-application, March 2017

Laidlaw, Stuart; Harold, St. John; Hillick, Mark
US Patent Application 15/337120; 20170085588
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20170085588

System and Methods for Tracking, Predicting, and Mitigating Advanced Persistent Threats in Networks
patent-application, October 2016

Subhedar, Sachin; Elbaz, Roger Michael; Htay, Aung
US Patent Application 14/684507; 20160300227
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20160300227

Cyber signal isolator
patent, February 2019

Park, Daniel D.; Baggett, John Mark; Suhler, Edward C.
US Patent Document 10,205,733
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/10205733

Method and apparatus for analysis and assessment of measurement data of a measurement system
patent-application, August 2009

Fritz, Sven C.; Guntschnig, Thomas; Stettner, MArtin
US Patent Application 12/320013; 20090198474
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20090198474

Systems and Methods of Detecting Utility Grid Intrusions
patent-application, December 2016

Bell, David Gordon
US Patent Application 15/018596; 20160366170
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20160366170

Similar Records in DOE Patents and OSTI.GOV collections:

System and method of detecting and analyzing a threat in a confined environment

Patent Skorpik, James R.; Hughes, Michael S.; Gonzalez, Eric G.

A system and method of detecting and analyzing a threat in a confined environment is disclosed. An audio board detects and analyzes audio signals which are then transmitted and analyzed to determine the location of a gunshot in a confined location and the type of firearm being shot.
Full Text Available
System and method of detecting and analyzing a threat in a confined environment

Patent Skorpik, James R.; Hughes, Michael S.; Gonzalez, Eric G.

A system and method of detecting and analyzing a threat in a confined environment is disclosed. An audio board detects and analyzes audio signals. A RF board transmits the signals for emergency response. A battery provides power to the audio board and the RF board. The audio board includes a microcontroller with at least one band-pass filter for distinguishing between a threat and a non-threat event and for measuring or counting pulses if the event is a threat.
Full Text Available
System and method of detecting and analyzing a threat in a confined environment

Patent Skorpik, James R.; Hughes, Michael S.; Gonzalez, Eric G.

A system and method of detecting and analyzing a threat in a confined environment is disclosed. An audio board detects and analyzes audio signals which are then transmitted and analyzed to determine the location of a gunshot in a confined location and the type of firearm being shot.
Full Text Available
System and method associated with expedient detection and reconstruction of cyber events in a compact scenario representation using provenance tags and customizable policy

Patent

A system associated with detecting a cyber-attack and reconstructing events associated with a cyber-attack campaign, is disclosed. The system performs various operations that include receiving an audit data stream associated with cyber events. The system identifies trustworthiness values in a portion of data associated with the cyber events and assigns provenance tags to the portion of the data based on the identified trustworthiness values. An initial visual representation is generated based on the assigned provenance tags to the portion of the data. The initial visual representation is condensed based on a backward traversal of the initial visual representation in identifyingmore » « less
Full Text Available
Cyber-attack detection and neutralization

Patent Mestha, Lalit Keshav; Anubi, Olugbenga; Abbaszadeh, Masoud

The example embodiments are directed to a system and method for neutralizing abnormal signals in a cyber-physical system. In one example, the method includes receiving input signals comprising time series data associated with an asset and transforming the input signals into feature values in a feature space, detecting one or more abnormal feature values in the feature space based on a predetermined normalcy boundary associated with the asset, and determining an estimated true value for each abnormal feature value, and performing an inverse transform of each estimated true value to generate neutralized signals comprising time series data and outputting themore » neutralized signals. « less
Full Text Available

Similar Records

Title: Reliable cyber-threat detection in rapidly changing environments

Abstract

Citation Formats

Cyber Security patent-application, August 2017

Detecting Software Attacks By Monitoring Electric Power Consumption Patterns patent-application, November 2008

Cyber threat trees for large system threat cataloging and analysis conference, April 2010

System and Method patent-application, December 2010

Threat Detection and Localizatino for Monitoring Nodes of an Industrial Asset Control System patent-application, December 2017

Domain Level Threat Detection for Industrial Asset Control System patent-application, October 2017

Resilient Control Design or Disturbed Cyber-Physical Systems patent-application, December 2015

A safety/security risk analysis approach of Industrial Control Systems: A cyber bowtie – combining new version of attack tree with bowtie analysis journal, January 2018

Robust Anomaly Detection and Regularized Domain Adaptation of Classifiers with Application to Internet Packet-Flows patent-application, November 2012

Profiling Cyber Threats Detected in a Target Environment and Automatically Generating One or More Rule Bases for an Expert System Usable to Profile Cyber Threats Detected in a Target Environment patent-application, March 2017

System and Methods for Tracking, Predicting, and Mitigating Advanced Persistent Threats in Networks patent-application, October 2016

Cyber signal isolator patent, February 2019

Method and apparatus for analysis and assessment of measurement data of a measurement system patent-application, August 2009

Systems and Methods of Detecting Utility Grid Intrusions patent-application, December 2016

Cyber Security
patent-application, August 2017

Detecting Software Attacks By Monitoring Electric Power Consumption Patterns
patent-application, November 2008

Cyber threat trees for large system threat cataloging and analysis
conference, April 2010

System and Method
patent-application, December 2010

Threat Detection and Localizatino for Monitoring Nodes of an Industrial Asset Control System
patent-application, December 2017

Domain Level Threat Detection for Industrial Asset Control System
patent-application, October 2017

Resilient Control Design or Disturbed Cyber-Physical Systems
patent-application, December 2015

A safety/security risk analysis approach of Industrial Control Systems: A cyber bowtie – combining new version of attack tree with bowtie analysis
journal, January 2018

Robust Anomaly Detection and Regularized Domain Adaptation of Classifiers with Application to Internet Packet-Flows
patent-application, November 2012

Profiling Cyber Threats Detected in a Target Environment and Automatically Generating One or More Rule Bases for an Expert System Usable to Profile Cyber Threats Detected in a Target Environment
patent-application, March 2017

System and Methods for Tracking, Predicting, and Mitigating Advanced Persistent Threats in Networks
patent-application, October 2016

Cyber signal isolator
patent, February 2019

Method and apparatus for analysis and assessment of measurement data of a measurement system
patent-application, August 2009

Systems and Methods of Detecting Utility Grid Intrusions
patent-application, December 2016