Decision system and method for separating faults from attacks

Giani, Annarita; Abbaszadeh, Masoud; Mestha, Lalit Keshav

Advanced Search OptionsAdvanced Search queries use a traditional Term Search. For more info, see our FAQ.

All Fields:

Patent Title:

Abstract:

Assignee:

Inventor(s):

Patent Number:

Patent Classification (CPC):

All Classifications
A - human necessities
A01 - agriculture
A21 - baking
A22 - butchering
A23 - foods or foodstuffs
A24 - tobacco
A41 - wearing apparel
A42 - headwear
A43 - footwear
A44 - haberdashery
A45 - hand or travelling articles
A46 - brushware
A47 - furniture
A61 - medical or veterinary science
A62 - life-saving
A63 - sports
A99 - subject matter not otherwise provided for in this section
B - performing operations
B01 - physical or chemical processes or apparatus in general
B02 - crushing, pulverising, or disintegrating
B03 - separation of solid materials using liquids or using pneumatic tables or jigs
B04 - centrifugal apparatus or machines for carrying-out physical or chemical processes
B05 - spraying or atomising in general
B06 - generating or transmitting mechanical vibrations in general
B07 - separating solids from solids
B08 - cleaning
B09 - disposal of solid waste
B21 - mechanical metal-working without essentially removing material
B22 - casting
B23 - machine tools
B24 - grinding
B25 - hand tools
B26 - hand cutting tools
B27 - working or preserving wood or similar material
B28 - working cement, clay, or stone
B29 - working of plastics
B30 - presses
B31 - making articles of paper, cardboard or material worked in a manner analogous to paper
B32 - layered products
B33 - additive manufacturing technology
B41 - printing
B42 - bookbinding
B43 - writing or drawing implements
B44 - decorative arts
B60 - vehicles in general
B61 - railways
B62 - land vehicles for travelling otherwise than on rails
B63 - ships or other waterborne vessels
B64 - aircraft
B65 - conveying
B66 - hoisting
B67 - opening, closing {or cleaning} bottles, jars or similar containers
B68 - saddlery
B81 - microstructural technology
B82 - nanotechnology
B99 - subject matter not otherwise provided for in this section
C - chemistry
C01 - inorganic chemistry
C02 - treatment of water, waste water, sewage, or sludge
C03 - glass
C04 - cements
C05 - fertilisers
C06 - explosives
C07 - organic chemistry
C08 - organic macromolecular compounds
C09 - dyes
C10 - petroleum, gas or coke industries
C11 - animal or vegetable oils, fats, fatty substances or waxes
C12 - biochemistry
C13 - sugar industry
C14 - skins
C21 - metallurgy of iron
C22 - metallurgy
C23 - coating metallic material
C25 - electrolytic or electrophoretic processes
C30 - crystal growth
C40 - combinatorial technology
C99 - subject matter not otherwise provided for in this section
D - textiles
D01 - natural or man-made threads or fibres
D02 - yarns
D03 - weaving
D04 - braiding
D05 - sewing
D06 - treatment of textiles or the like
D07 - ropes
D10 - indexing scheme associated with sublasses of section d, relating to textiles
D21 - paper-making
D99 - subject matter not otherwise provided for in this section
E - fixed constructions
E01 - construction of roads, railways, or bridges
E02 - hydraulic engineering
E03 - water supply
E04 - building
E05 - locks
E06 - doors, windows, shutters, or roller blinds in general
E21 - earth drilling
E99 - subject matter not otherwise provided for in this section
F - mechanical engineering
F01 - machines or engines in general
F02 - combustion engines
F03 - machines or engines for liquids
F04 - positive - displacement machines for liquids
F05 - indexing schemes relating to engines or pumps in various subclasses of classes f01-f04
F15 - fluid-pressure actuators
F16 - engineering elements and units
F17 - storing or distributing gases or liquids
F21 - lighting
F22 - steam generation
F23 - combustion apparatus
F24 - heating
F25 - refrigeration or cooling
F26 - drying
F27 - furnaces
F28 - heat exchange in general
F41 - weapons
F42 - ammunition
F99 - subject matter not otherwise provided for in this section
G - physics
G01 - measuring
G02 - optics
G03 - photography
G04 - horology
G05 - controlling
G06 - computing
G07 - checking-devices
G08 - signalling
G09 - education
G10 - musical instruments
G11 - information storage
G12 - instrument details
G16 - information and communication technology [ict] specially adapted for specific application fields
G21 - nuclear physics
G99 - subject matter not otherwise provided for in this section
H - electricity
H01 - basic electric elements
H02 - generation
H03 - basic electronic circuitry
H04 - electric communication technique
H05 - electric techniques not otherwise provided for
H99 - subject matter not otherwise provided for in this section
Y - new / cross sectional technologies
Y02 - technologies or applications for mitigation or adaptation against climate change
Y04 - information or communication technologies having an impact on other technology areas
Y10 - technical subjects covered by former uspc

More Options ...

Title: Decision system and method for separating faults from attacks

Abstract

According to some embodiments, a plurality of monitoring nodes may each generate a series of current monitoring node values over time that represent a current operation of the industrial asset. A node classification computer may determine, for each monitoring node, a classification result indicating whether each monitoring node is in a normal or abnormal state. A disambiguation engine may receive the classification results from the node classification computer and associate a Hidden Markov Model (“HMM”) with each monitoring node. For each node in an abnormal state, the disambiguation engine may execute the HMM associated with that monitoring node to determine a disambiguation result indicating if the abnormal state is a result of an attack or a fault and output a current status of each monitoring node based on the associated classification result and the disambiguation result.

Inventors:: Giani, Annarita; Abbaszadeh, Masoud; Mestha, Lalit Keshav

Issue Date:: Tue Nov 17 00:00:00 EST 2020

Research Org.:: General Electric Co., Schenectady, NY (United States)

Sponsoring Org.:: USDOE

OSTI Identifier:: 1771655

Patent Number(s):: 10841322

Application Number:: 15/958,285

Assignee:: General Electric Company (Schenectady, NY)

Patent Classifications (CPCs):: G - PHYSICS G05 - CONTROLLING G05B - CONTROL OR REGULATING SYSTEMS IN GENERAL

G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING

Show more

G - PHYSICS G05 - CONTROLLING G05B - CONTROL OR REGULATING SYSTEMS IN GENERAL
G05B19/048 - Monitoring

G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING
G06F11/006 - {Identification
G06F21/50 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
G06F2201/86 - Event-based monitoring

H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
H04L63/14 - {for detecting or protecting against malicious traffic}
H04L63/1425 - {Traffic logging, e.g. anomaly detection}

Y - NEW / CROSS SECTIONAL TECHNOLOGIES Y04 - INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS Y04S - SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
Y04S40/20 - Information technology specific aspects

Show less

DOE Contract Number:: OE0000833

Resource Type:: Patent

Resource Relation:: Patent File Date: 04/20/2018

Country of Publication:: United States

Language:: English

Citation Formats


                    Giani, Annarita, Abbaszadeh, Masoud, and Mestha, Lalit Keshav. Decision system and method for separating faults from attacks.  United States: N. p., 2020. 
        Web.

Copy to clipboard


                    Giani, Annarita, Abbaszadeh, Masoud, & Mestha, Lalit Keshav. Decision system and method for separating faults from attacks.  United States.

Copy to clipboard


                    Giani, Annarita, Abbaszadeh, Masoud, and Mestha, Lalit Keshav. Tue .  
        "Decision system and method for separating faults from attacks".  United States.  https://www.osti.gov/servlets/purl/1771655.

Copy to clipboard


                    
@article{osti_1771655,

  title        = {Decision system and method for separating faults from attacks},

  author       = {Giani, Annarita and Abbaszadeh, Masoud and Mestha, Lalit Keshav},

  abstractNote = {According to some embodiments, a plurality of monitoring nodes may each generate a series of current monitoring node values over time that represent a current operation of the industrial asset. A node classification computer may determine, for each monitoring node, a classification result indicating whether each monitoring node is in a normal or abnormal state. A disambiguation engine may receive the classification results from the node classification computer and associate a Hidden Markov Model (“HMM”) with each monitoring node. For each node in an abnormal state, the disambiguation engine may execute the HMM associated with that monitoring node to determine a disambiguation result indicating if the abnormal state is a result of an attack or a fault and output a current status of each monitoring node based on the associated classification result and the disambiguation result.},

  doi          = {},

  journal      = {},
number       = ,

  volume       = ,

  place        = {United States},

  year         = {Tue Nov 17 00:00:00 EST 2020},

  month        = {Tue Nov 17 00:00:00 EST 2020}

}

Copy to clipboard

Patent:

Save / Share:

Export Metadata

Save to My Library

Works referenced in this record:

Applications of hidden Markov models to detecting multi-stage network attacks
conference, January 2003

Ourston, D.; Matzner, S.; Stump, W.
36th Annual Hawaii International Conference on System Sciences, 2003. Proceedings of the
https://doi.org/10.1109/HICSS.2003.1174909

Methods and Systems of Dual-layer Computer-System Security
patent-application, October 2017

Caramico, Luigius
US Patent Application 15/434010; 20170302679
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20170302679

Production Process Knowledge-based Intrusion Detection for Industrial Control Systems
patent-application, September 2017

Wei, Dong; Pfleger de Aguiar, Leandro; Martinez Canedo, Arquimedes
US Patent Application 15/066289; 20170264629
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20170264629

System and Method for Monitoring the Security of Cellular Device Communication
patent-application, December 2012

Kario, Daniel; Levy, Nir
US Patent Application 13/534069; 20120329426
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20120329426

System and Methodology Providing Automation Security Analysis, Validation, and Learning in an Industrial Controller Environment
patent-application, March 2015

Brandt, David D.; Hall, Kenwood; Anderson, Mark Burton
US Patent Application 14/535291; 20150067844
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20150067844

Defending malicious attacks in Cyber Physical Systems
conference, August 2013

Chen, Chia-Mei; Hsiao, Han-Wei; Yang, Peng-Yu
2013 IEEE 1st International Conference on Cyber-Physical Systems, Networks, and Applications (CPSNA)
https://doi.org/10.1109/CPSNA.2013.6614240

Telemetry Analysis System for Physical Process Anomaly Detection
patent-application, August 2017

Hassanzadeh, Amin; Mulchandani, Shaan; Salem, Malek Ben
US Patent Application 15/429900; 20170230410
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20170230410

Threat Detection and Localizatino for Monitoring Nodes of an Industrial Asset Control System
patent-application, December 2017

Bushey, Cody Joe; Mestha, Lalit Keshav; Holzhauer, Daniel Francis
US Patent Application 15/179034; 20170359366
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20170359366

Method and System for Generating a Kill Chain for Monitoring Computer Network Security
patent-application, March 2017

Muddu, Sudhakar; Tryfonas, Christos
US Patent Application 14/928451; 20170063898
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20170063898

System and Method for Detecting and/or Diagnosing Faults in Multi-variable Systems
patent-application, July 2012

Guo, Ying; Li, Jiaming; West, Sam
US Patent Application 13/336153; 20120185728
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20120185728

Similar Records in DOE Patents and OSTI.GOV collections:

Multi-class decision system for categorizing industrial asset attack and fault types

Patent Abbaszadeh, Masoud; Mestha, Lalit Keshav; Yan, Weizhong

According to some embodiments, a plurality of monitoring nodes may each generate a series of current monitoring node values over time that represent a current operation of the industrial asset. A node classifier computer, coupled to the plurality of monitoring nodes, may receive the series of current monitoring node values and generate a set of current feature vectors. The node classifier computer may also access at least one multi-class classifier model having at least one decision boundary. The at least one multi-class classifier model may be executed and the system may transmit a classification result based on the set ofmore » « less
Full Text Available
Systems and methods for global cyber-attack or fault detection model

Patent Xu, Rui; Yan, Weizhong; Abbaszadeh, Masoud; ...

An industrial asset may have monitoring nodes that generate current monitoring node values representing a current operation of the industrial asset. An abnormality detection computer may detect when a monitoring node is currently being attacked or experiencing a fault based on a current feature vector, calculated in accordance with current monitoring node values, and a detection model that includes a decision boundary. A model updater (e.g., a continuous learning model updater) may determine an update time-frame (e.g., short-term, mid-term, long-term, etc.) associated with the system based on trigger occurrence detection (e.g., associated with a time-based trigger, a performance-based trigger, anmore » « less
Full Text Available
Learning method and system for separating independent and dependent attacks

Patent Mestha, Lalit Keshav; Abbaszadeh, Masoud; Giani, Annartia

Streams of monitoring node signal values over time, representing a current operation of the industrial asset, are used to generate current monitoring node feature vectors. Each feature vector is compared with a corresponding decision boundary separating normal from abnormal states. When a first monitoring node passes a corresponding decision boundary, an attack is detected and classified as an independent attack. When a second monitoring node passes a decision boundary, an attack is detected and a first decision is generated based on a first set of inputs indicating if the attack is independent/dependent. From the beginning of the attack on themore » « less
Full Text Available
Dynamic concurrent learning method to neutralize cyber attacks and faults for industrial asset monitoring nodes

Patent Mestha, Lalit Keshav; Anubi, Olugbenga; Achanta, Hema Kumari

Input signals may be received from monitoring nodes of the industrial asset, each input signal comprising time series data representing current operation. A neutralization engine may transform the input signals into feature vectors in feature space, each feature vector being associated with one of a plurality of overlapping batches of received input signals. A dynamic decision boundary may be generated based on the set of feature vectors, and an abnormal state of the asset may be detected based on the set of feature vectors and a predetermined static decision boundary. An estimated neutralized value for each abnormal feature value maymore » « less
Full Text Available
Systems and methods for detecting and mitigating cyber attacks on power systems comprising distributed energy resources

Patent Johnson, Jay Tillay

Extensive deployment of interoperable distributed energy resources (DER) on power systems is increasing the power system cybersecurity attack surface. National and jurisdictional interconnection standards require DER to include a range of autonomous and commanded grid-support functions which can drastically influence power quality, voltage, and the generation-load balance. Investigations of the impact to the power system in scenarios where communications and operations of DER are controlled by an adversary show that each grid-support function exposes the power system to distinct types and magnitudes of risk. The invention provides methods for minimizing the risks to distribution and transmission systems using an engineeredmore » « less
Full Text Available

Similar Records

Title: Decision system and method for separating faults from attacks

Abstract

Citation Formats

Applications of hidden Markov models to detecting multi-stage network attacks conference, January 2003

Methods and Systems of Dual-layer Computer-System Security patent-application, October 2017

Production Process Knowledge-based Intrusion Detection for Industrial Control Systems patent-application, September 2017

System and Method for Monitoring the Security of Cellular Device Communication patent-application, December 2012

System and Methodology Providing Automation Security Analysis, Validation, and Learning in an Industrial Controller Environment patent-application, March 2015

Defending malicious attacks in Cyber Physical Systems conference, August 2013

Telemetry Analysis System for Physical Process Anomaly Detection patent-application, August 2017

Threat Detection and Localizatino for Monitoring Nodes of an Industrial Asset Control System patent-application, December 2017

Method and System for Generating a Kill Chain for Monitoring Computer Network Security patent-application, March 2017

System and Method for Detecting and/or Diagnosing Faults in Multi-variable Systems patent-application, July 2012

Applications of hidden Markov models to detecting multi-stage network attacks
conference, January 2003

Methods and Systems of Dual-layer Computer-System Security
patent-application, October 2017

Production Process Knowledge-based Intrusion Detection for Industrial Control Systems
patent-application, September 2017

System and Method for Monitoring the Security of Cellular Device Communication
patent-application, December 2012

System and Methodology Providing Automation Security Analysis, Validation, and Learning in an Industrial Controller Environment
patent-application, March 2015

Defending malicious attacks in Cyber Physical Systems
conference, August 2013

Telemetry Analysis System for Physical Process Anomaly Detection
patent-application, August 2017

Threat Detection and Localizatino for Monitoring Nodes of an Industrial Asset Control System
patent-application, December 2017

Method and System for Generating a Kill Chain for Monitoring Computer Network Security
patent-application, March 2017

System and Method for Detecting and/or Diagnosing Faults in Multi-variable Systems
patent-application, July 2012