Reliable cyber-threat detection in rapidly changing environments

Abbaszadeh, Masoud; Mestha, Lalit Keshav

Title: Reliable cyber-threat detection in rapidly changing environments

Abstract

In some embodiments, a plurality of monitoring nodes each generate a series of current monitoring node values over time that represent a current operation of the industrial asset. An attack detection computer platform may receive the series of current monitoring node values and generate a set of current feature vectors including a current feature for capturing transients (e.g., local transients and/or global transients). The attack detection computer platform may also access an attack detection model having at least one decision boundary that was created using at least one of a set of normal feature vectors and/or a set of attacked feature vectors. The attack detection model may then be executed such that an attack alert signal is transmitted by the attack detection computer platform, when appropriate, based on the set of current feature vectors (including the current feature to capture transients) and the at least one decision boundary.

Inventors:: Abbaszadeh, Masoud; Mestha, Lalit Keshav

Issue Date:: 2020-10-27

Research Org.:: General Electric Co., Schenectady, NY (United States)

Sponsoring Org.:: USDOE

OSTI Identifier:: 1771571

Patent Number(s):: 10819725

Application Number:: 15/964,644

Assignee:: General Electric Company (Schenectady, NY)

Patent Classifications (CPCs):: G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING

H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION

Show more

G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING
G06F21/554 - {involving event detection and direct action}
G06F21/55 - Detecting local intrusion or implementing counter-measures
G06F21/552 - {involving long-term monitoring or reporting}

H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
H04L63/1425 - {Traffic logging, e.g. anomaly detection}

Show less

DOE Contract Number:: OE0000833

Resource Type:: Patent

Resource Relation:: Patent File Date: 04/27/2018

Country of Publication:: United States

Language:: English

Citation Formats


                    Abbaszadeh, Masoud, and Mestha, Lalit Keshav. Reliable cyber-threat detection in rapidly changing environments.  United States: N. p., 2020. 
        Web.

Copy to clipboard


                    Abbaszadeh, Masoud, & Mestha, Lalit Keshav. Reliable cyber-threat detection in rapidly changing environments.  United States.

Copy to clipboard


                    Abbaszadeh, Masoud, and Mestha, Lalit Keshav. Tue .  
        "Reliable cyber-threat detection in rapidly changing environments".  United States.  https://www.osti.gov/servlets/purl/1771571.

Copy to clipboard


                    
@article{osti_1771571,

  title        = {Reliable cyber-threat detection in rapidly changing environments},

  author       = {Abbaszadeh, Masoud and Mestha, Lalit Keshav},

  abstractNote = {In some embodiments, a plurality of monitoring nodes each generate a series of current monitoring node values over time that represent a current operation of the industrial asset. An attack detection computer platform may receive the series of current monitoring node values and generate a set of current feature vectors including a current feature for capturing transients (e.g., local transients and/or global transients). The attack detection computer platform may also access an attack detection model having at least one decision boundary that was created using at least one of a set of normal feature vectors and/or a set of attacked feature vectors. The attack detection model may then be executed such that an attack alert signal is transmitted by the attack detection computer platform, when appropriate, based on the set of current feature vectors (including the current feature to capture transients) and the at least one decision boundary.},

  doi          = {},

  journal      = {},
number       = ,

  volume       = ,

  place        = {United States},

  year         = {2020},

  month        = {10}

}

Copy to clipboard

Patent:

View Patent

Save / Share:

Export Metadata

Save to My Library

Works referenced in this record:

Detecting Software Attacks By Monitoring Electric Power Consumption Patterns
patent-application, November 2008

Jacoby, Grant A.; Davis, Nathaniel J.; Marchany, Randolph C.
US Patent Application 11/574619; 20080276111
URL: http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220080276111%22.PGNR.&OS=DN/20080276111&RS=DN/20080276111

Cyber threat trees for large system threat cataloging and analysis
conference, April 2010

Ongsakorn, P.; Turney, K.; Thornton, M.
2010 4th Annual IEEE Systems Conference, 2010 IEEE International Systems Conference
https://doi.org/10.1109/SYSTEMS.2010.5482351

Threat Detection and Localizatino for Monitoring Nodes of an Industrial Asset Control System
patent-application, December 2017

Bushey, Cody Joe; Mestha, Lalit Keshav; Holzhauer, Daniel Francis
US Patent Application 15/179034; 20170359366
URL: http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220170359366%22.PGNR.&OS=DN/20170359366&RS=DN/20170359366

Resilient Control Design or Disturbed Cyber-Physical Systems
patent-application, December 2015

Ji, Kun
US Patent Application 14/317321; 20150378339
URL: http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220150378339%22.PGNR.&OS=DN/20150378339&RS=DN/20150378339

A safety/security risk analysis approach of Industrial Control Systems: A cyber bowtie – combining new version of attack tree with bowtie analysis
journal, January 2018

Abdo, H.; Kaouk, M.; Flaus, J. -M.
Computers & Security, Vol. 72
https://doi.org/10.1016/j.cose.2017.09.004

Cyber signal isolator
patent, February 2019

Park, Daniel D.; Baggett, John Mark; Suhler, Edward C.
US Patent Document 10,205,733
URL: http://patft.uspto.gov/netacgi/nph-Parser?patentnumber=10205733

Similar Records in DOE Patents and OSTI.GOV collections:

System and method of detecting and analyzing a threat in a confined environment

Patent Skorpik, James R.; Hughes, Michael S.; Gonzalez, Eric G.

A system and method of detecting and analyzing a threat in a confined environment is disclosed. An audio board detects and analyzes audio signals. A RF board transmits the signals for emergency response. A battery provides power to the audio board and the RF board. The audio board includes a microcontroller with at least one band-pass filter for distinguishing between a threat and a non-threat event and for measuring or counting pulses if the event is a threat.
Full Text Available
System and method of detecting and analyzing a threat in a confined environment

Patent Skorpik, James R.; Hughes, Michael S.; Gonzalez, Eric G.

A system and method of detecting and analyzing a threat in a confined environment is disclosed. An audio board detects and analyzes audio signals which are then transmitted and analyzed to determine the location of a gunshot in a confined location and the type of firearm being shot.
Full Text Available
System and method of detecting and analyzing a threat in a confined environment

Patent Skorpik, James R.; Hughes, Michael S.; Gonzalez, Eric G.

A system and method of detecting and analyzing a threat in a confined environment is disclosed. An audio board detects and analyzes audio signals which are then transmitted and analyzed to determine the location of a gunshot in a confined location and the type of firearm being shot.
Full Text Available
Method and apparatus for detecting cyber attacks on an alternating current power grid

Patent McEachern, Alexander; Hofmann, Ronald

A method and apparatus for detecting cyber attacks on remotely-operable elements of an alternating current distribution grid. Two state estimates of the distribution grid are prepared, one of which uses micro-synchrophasors. A difference between the two state estimates indicates a possible cyber attack.
Full Text Available
Local and global decision fusion for cyber-physical system abnormality detection

Patent Abbaszadeh, Masoud; Yund, Walter; Yan, Weizhong

Monitoring nodes may generate a series of current monitoring node values over time representing current operation of a cyber-physical system. A decision fusion computer platform may receive, from a local status determination module, an indication of whether each node has an initial local status of “normal”/“abnormal” and a local certainty score (with higher values of the local certainty score representing greater likelihood of abnormality). The computer platform may also receive, from a global status determination module, an indication of whether the system has an initial global status of “normal”/“abnormal” and a global certainty score. The computer platform may output, formore »« less
Full Text Available

Similar Records

Title: Reliable cyber-threat detection in rapidly changing environments

Abstract

Citation Formats

Detecting Software Attacks By Monitoring Electric Power Consumption Patterns patent-application, November 2008

Cyber threat trees for large system threat cataloging and analysis conference, April 2010

Threat Detection and Localizatino for Monitoring Nodes of an Industrial Asset Control System patent-application, December 2017

Resilient Control Design or Disturbed Cyber-Physical Systems patent-application, December 2015

A safety/security risk analysis approach of Industrial Control Systems: A cyber bowtie – combining new version of attack tree with bowtie analysis journal, January 2018

Cyber signal isolator patent, February 2019

Detecting Software Attacks By Monitoring Electric Power Consumption Patterns
patent-application, November 2008

Cyber threat trees for large system threat cataloging and analysis
conference, April 2010

Threat Detection and Localizatino for Monitoring Nodes of an Industrial Asset Control System
patent-application, December 2017

Resilient Control Design or Disturbed Cyber-Physical Systems
patent-application, December 2015

A safety/security risk analysis approach of Industrial Control Systems: A cyber bowtie – combining new version of attack tree with bowtie analysis
journal, January 2018

Cyber signal isolator
patent, February 2019