DOE Patents title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Decision system and method for separating faults from attacks

Abstract

According to some embodiments, a plurality of monitoring nodes may each generate a series of current monitoring node values over time that represent a current operation of the industrial asset. A node classification computer may determine, for each monitoring node, a classification result indicating whether each monitoring node is in a normal or abnormal state. A disambiguation engine may receive the classification results from the node classification computer and associate a Hidden Markov Model (“HMM”) with each monitoring node. For each node in an abnormal state, the disambiguation engine may execute the HMM associated with that monitoring node to determine a disambiguation result indicating if the abnormal state is a result of an attack or a fault and output a current status of each monitoring node based on the associated classification result and the disambiguation result.

Inventors:
; ;
Issue Date:
Research Org.:
General Electric Co., Schenectady, NY (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
1771655
Patent Number(s):
10841322
Application Number:
15/958,285
Assignee:
General Electric Company (Schenectady, NY)
Patent Classifications (CPCs):
G - PHYSICS G06 - COMPUTING G06K - RECOGNITION OF DATA
Y - NEW / CROSS SECTIONAL TECHNOLOGIES Y04 - INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS Y04S - SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
DOE Contract Number:  
OE0000833
Resource Type:
Patent
Resource Relation:
Patent File Date: 04/20/2018
Country of Publication:
United States
Language:
English

Citation Formats

Giani, Annarita, Abbaszadeh, Masoud, and Mestha, Lalit Keshav. Decision system and method for separating faults from attacks. United States: N. p., 2020. Web.
Giani, Annarita, Abbaszadeh, Masoud, & Mestha, Lalit Keshav. Decision system and method for separating faults from attacks. United States.
Giani, Annarita, Abbaszadeh, Masoud, and Mestha, Lalit Keshav. Tue . "Decision system and method for separating faults from attacks". United States. https://www.osti.gov/servlets/purl/1771655.
@article{osti_1771655,
title = {Decision system and method for separating faults from attacks},
author = {Giani, Annarita and Abbaszadeh, Masoud and Mestha, Lalit Keshav},
abstractNote = {According to some embodiments, a plurality of monitoring nodes may each generate a series of current monitoring node values over time that represent a current operation of the industrial asset. A node classification computer may determine, for each monitoring node, a classification result indicating whether each monitoring node is in a normal or abnormal state. A disambiguation engine may receive the classification results from the node classification computer and associate a Hidden Markov Model (“HMM”) with each monitoring node. For each node in an abnormal state, the disambiguation engine may execute the HMM associated with that monitoring node to determine a disambiguation result indicating if the abnormal state is a result of an attack or a fault and output a current status of each monitoring node based on the associated classification result and the disambiguation result.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {2020},
month = {11}
}

Works referenced in this record:

Applications of hidden Markov models to detecting multi-stage network attacks
conference, January 2003


Defending malicious attacks in Cyber Physical Systems
conference, August 2013