Decision system and method for separating faults from attacks
Abstract
According to some embodiments, a plurality of monitoring nodes may each generate a series of current monitoring node values over time that represent a current operation of the industrial asset. A node classification computer may determine, for each monitoring node, a classification result indicating whether each monitoring node is in a normal or abnormal state. A disambiguation engine may receive the classification results from the node classification computer and associate a Hidden Markov Model (“HMM”) with each monitoring node. For each node in an abnormal state, the disambiguation engine may execute the HMM associated with that monitoring node to determine a disambiguation result indicating if the abnormal state is a result of an attack or a fault and output a current status of each monitoring node based on the associated classification result and the disambiguation result.
- Inventors:
- Issue Date:
- Research Org.:
- General Electric Co., Schenectady, NY (United States)
- Sponsoring Org.:
- USDOE
- OSTI Identifier:
- 1771655
- Patent Number(s):
- 10841322
- Application Number:
- 15/958,285
- Assignee:
- General Electric Company (Schenectady, NY)
- Patent Classifications (CPCs):
-
G - PHYSICS G05 - CONTROLLING G05B - CONTROL OR REGULATING SYSTEMS IN GENERAL
G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING
- DOE Contract Number:
- OE0000833
- Resource Type:
- Patent
- Resource Relation:
- Patent File Date: 04/20/2018
- Country of Publication:
- United States
- Language:
- English
Citation Formats
Giani, Annarita, Abbaszadeh, Masoud, and Mestha, Lalit Keshav. Decision system and method for separating faults from attacks. United States: N. p., 2020.
Web.
Giani, Annarita, Abbaszadeh, Masoud, & Mestha, Lalit Keshav. Decision system and method for separating faults from attacks. United States.
Giani, Annarita, Abbaszadeh, Masoud, and Mestha, Lalit Keshav. Tue .
"Decision system and method for separating faults from attacks". United States. https://www.osti.gov/servlets/purl/1771655.
@article{osti_1771655,
title = {Decision system and method for separating faults from attacks},
author = {Giani, Annarita and Abbaszadeh, Masoud and Mestha, Lalit Keshav},
abstractNote = {According to some embodiments, a plurality of monitoring nodes may each generate a series of current monitoring node values over time that represent a current operation of the industrial asset. A node classification computer may determine, for each monitoring node, a classification result indicating whether each monitoring node is in a normal or abnormal state. A disambiguation engine may receive the classification results from the node classification computer and associate a Hidden Markov Model (“HMM”) with each monitoring node. For each node in an abnormal state, the disambiguation engine may execute the HMM associated with that monitoring node to determine a disambiguation result indicating if the abnormal state is a result of an attack or a fault and output a current status of each monitoring node based on the associated classification result and the disambiguation result.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {Tue Nov 17 00:00:00 EST 2020},
month = {Tue Nov 17 00:00:00 EST 2020}
}
Works referenced in this record:
Applications of hidden Markov models to detecting multi-stage network attacks
conference, January 2003
- Ourston, D.; Matzner, S.; Stump, W.
- 36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the
Methods and Systems of Dual-layer Computer-System Security
patent-application, October 2017
- Caramico, Luigius
- US Patent Application 15/434010; 20170302679
Production Process Knowledge-based Intrusion Detection for Industrial Control Systems
patent-application, September 2017
- Wei, Dong; Pfleger de Aguiar, Leandro; Martinez Canedo, Arquimedes
- US Patent Application 15/066289; 20170264629
System and Method for Monitoring the Security of Cellular Device Communication
patent-application, December 2012
- Kario, Daniel; Levy, Nir
- US Patent Application 13/534069; 20120329426
System and Methodology Providing Automation Security Analysis, Validation, and Learning in an Industrial Controller Environment
patent-application, March 2015
- Brandt, David D.; Hall, Kenwood; Anderson, Mark Burton
- US Patent Application 14/535291; 20150067844
Defending malicious attacks in Cyber Physical Systems
conference, August 2013
- Chen, Chia-Mei; Hsiao, Han-Wei; Yang, Peng-Yu
- 2013 IEEE 1st International Conference on Cyber-Physical Systems, Networks, and Applications (CPSNA)
Telemetry Analysis System for Physical Process Anomaly Detection
patent-application, August 2017
- Hassanzadeh, Amin; Mulchandani, Shaan; Salem, Malek Ben
- US Patent Application 15/429900; 20170230410
Threat Detection and Localizatino for Monitoring Nodes of an Industrial Asset Control System
patent-application, December 2017
- Bushey, Cody Joe; Mestha, Lalit Keshav; Holzhauer, Daniel Francis
- US Patent Application 15/179034; 20170359366
Method and System for Generating a Kill Chain for Monitoring Computer Network Security
patent-application, March 2017
- Muddu, Sudhakar; Tryfonas, Christos
- US Patent Application 14/928451; 20170063898
System and Method for Detecting and/or Diagnosing Faults in Multi-variable Systems
patent-application, July 2012
- Guo, Ying; Li, Jiaming; West, Sam
- US Patent Application 13/336153; 20120185728