DOE Patents title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Decision system and method for separating faults from attacks

Abstract

According to some embodiments, a plurality of monitoring nodes may each generate a series of current monitoring node values over time that represent a current operation of the industrial asset. A node classification computer may determine, for each monitoring node, a classification result indicating whether each monitoring node is in a normal or abnormal state. A disambiguation engine may receive the classification results from the node classification computer and associate a Hidden Markov Model (“HMM”) with each monitoring node. For each node in an abnormal state, the disambiguation engine may execute the HMM associated with that monitoring node to determine a disambiguation result indicating if the abnormal state is a result of an attack or a fault and output a current status of each monitoring node based on the associated classification result and the disambiguation result.

Inventors:
; ;
Issue Date:
Research Org.:
General Electric Co., Schenectady, NY (United States)
Sponsoring Org.:
USDOE
OSTI Identifier:
1771655
Patent Number(s):
10841322
Application Number:
15/958,285
Assignee:
General Electric Company (Schenectady, NY)
Patent Classifications (CPCs):
G - PHYSICS G05 - CONTROLLING G05B - CONTROL OR REGULATING SYSTEMS IN GENERAL
G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING
DOE Contract Number:  
OE0000833
Resource Type:
Patent
Resource Relation:
Patent File Date: 04/20/2018
Country of Publication:
United States
Language:
English

Citation Formats

Giani, Annarita, Abbaszadeh, Masoud, and Mestha, Lalit Keshav. Decision system and method for separating faults from attacks. United States: N. p., 2020. Web.
Giani, Annarita, Abbaszadeh, Masoud, & Mestha, Lalit Keshav. Decision system and method for separating faults from attacks. United States.
Giani, Annarita, Abbaszadeh, Masoud, and Mestha, Lalit Keshav. Tue . "Decision system and method for separating faults from attacks". United States. https://www.osti.gov/servlets/purl/1771655.
@article{osti_1771655,
title = {Decision system and method for separating faults from attacks},
author = {Giani, Annarita and Abbaszadeh, Masoud and Mestha, Lalit Keshav},
abstractNote = {According to some embodiments, a plurality of monitoring nodes may each generate a series of current monitoring node values over time that represent a current operation of the industrial asset. A node classification computer may determine, for each monitoring node, a classification result indicating whether each monitoring node is in a normal or abnormal state. A disambiguation engine may receive the classification results from the node classification computer and associate a Hidden Markov Model (“HMM”) with each monitoring node. For each node in an abnormal state, the disambiguation engine may execute the HMM associated with that monitoring node to determine a disambiguation result indicating if the abnormal state is a result of an attack or a fault and output a current status of each monitoring node based on the associated classification result and the disambiguation result.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {2020},
month = {11}
}

Works referenced in this record:

Applications of hidden Markov models to detecting multi-stage network attacks
conference, January 2003


Methods and Systems of Dual-layer Computer-System Security
patent-application, October 2017


Production Process Knowledge-based Intrusion Detection for Industrial Control Systems
patent-application, September 2017


System and Method for Monitoring the Security of Cellular Device Communication
patent-application, December 2012


System and Methodology Providing Automation Security Analysis, Validation, and Learning in an Industrial Controller Environment
patent-application, March 2015


Defending malicious attacks in Cyber Physical Systems
conference, August 2013


Telemetry Analysis System for Physical Process Anomaly Detection
patent-application, August 2017


Threat Detection and Localizatino for Monitoring Nodes of an Industrial Asset Control System
patent-application, December 2017


Method and System for Generating a Kill Chain for Monitoring Computer Network Security
patent-application, March 2017


System and Method for Detecting and/or Diagnosing Faults in Multi-variable Systems
patent-application, July 2012