PLC backplane analyzer for field forensics and intrusion detection

Mulder, John; Schwartz, Moses Daniel; Berg, Michael; Van Houten, Jonathan Roger; Urrea, Jorge Mario; King, Michael Aaron; Clements, Abraham Anthony; Trent, Jason; Depoy, Jennifer M; Jacob, Joshua

Advanced Search OptionsAdvanced Search queries use a traditional Term Search. For more info, see our FAQ.

All Fields:

Patent Title:

Abstract:

Assignee:

Inventor(s):

Patent Number:

Patent Classification (CPC):

All Classifications
A - human necessities
A01 - agriculture
A21 - baking
A22 - butchering
A23 - foods or foodstuffs
A24 - tobacco
A41 - wearing apparel
A42 - headwear
A43 - footwear
A44 - haberdashery
A45 - hand or travelling articles
A46 - brushware
A47 - furniture
A61 - medical or veterinary science
A62 - life-saving
A63 - sports
A99 - subject matter not otherwise provided for in this section
B - performing operations
B01 - physical or chemical processes or apparatus in general
B02 - crushing, pulverising, or disintegrating
B03 - separation of solid materials using liquids or using pneumatic tables or jigs
B04 - centrifugal apparatus or machines for carrying-out physical or chemical processes
B05 - spraying or atomising in general
B06 - generating or transmitting mechanical vibrations in general
B07 - separating solids from solids
B08 - cleaning
B09 - disposal of solid waste
B21 - mechanical metal-working without essentially removing material
B22 - casting
B23 - machine tools
B24 - grinding
B25 - hand tools
B26 - hand cutting tools
B27 - working or preserving wood or similar material
B28 - working cement, clay, or stone
B29 - working of plastics
B30 - presses
B31 - making articles of paper, cardboard or material worked in a manner analogous to paper
B32 - layered products
B33 - additive manufacturing technology
B41 - printing
B42 - bookbinding
B43 - writing or drawing implements
B44 - decorative arts
B60 - vehicles in general
B61 - railways
B62 - land vehicles for travelling otherwise than on rails
B63 - ships or other waterborne vessels
B64 - aircraft
B65 - conveying
B66 - hoisting
B67 - opening, closing {or cleaning} bottles, jars or similar containers
B68 - saddlery
B81 - microstructural technology
B82 - nanotechnology
B99 - subject matter not otherwise provided for in this section
C - chemistry
C01 - inorganic chemistry
C02 - treatment of water, waste water, sewage, or sludge
C03 - glass
C04 - cements
C05 - fertilisers
C06 - explosives
C07 - organic chemistry
C08 - organic macromolecular compounds
C09 - dyes
C10 - petroleum, gas or coke industries
C11 - animal or vegetable oils, fats, fatty substances or waxes
C12 - biochemistry
C13 - sugar industry
C14 - skins
C21 - metallurgy of iron
C22 - metallurgy
C23 - coating metallic material
C25 - electrolytic or electrophoretic processes
C30 - crystal growth
C40 - combinatorial technology
C99 - subject matter not otherwise provided for in this section
D - textiles
D01 - natural or man-made threads or fibres
D02 - yarns
D03 - weaving
D04 - braiding
D05 - sewing
D06 - treatment of textiles or the like
D07 - ropes
D10 - indexing scheme associated with sublasses of section d, relating to textiles
D21 - paper-making
D99 - subject matter not otherwise provided for in this section
E - fixed constructions
E01 - construction of roads, railways, or bridges
E02 - hydraulic engineering
E03 - water supply
E04 - building
E05 - locks
E06 - doors, windows, shutters, or roller blinds in general
E21 - earth drilling
E99 - subject matter not otherwise provided for in this section
F - mechanical engineering
F01 - machines or engines in general
F02 - combustion engines
F03 - machines or engines for liquids
F04 - positive - displacement machines for liquids
F05 - indexing schemes relating to engines or pumps in various subclasses of classes f01-f04
F15 - fluid-pressure actuators
F16 - engineering elements and units
F17 - storing or distributing gases or liquids
F21 - lighting
F22 - steam generation
F23 - combustion apparatus
F24 - heating
F25 - refrigeration or cooling
F26 - drying
F27 - furnaces
F28 - heat exchange in general
F41 - weapons
F42 - ammunition
F99 - subject matter not otherwise provided for in this section
G - physics
G01 - measuring
G02 - optics
G03 - photography
G04 - horology
G05 - controlling
G06 - computing
G07 - checking-devices
G08 - signalling
G09 - education
G10 - musical instruments
G11 - information storage
G12 - instrument details
G16 - information and communication technology [ict] specially adapted for specific application fields
G21 - nuclear physics
G99 - subject matter not otherwise provided for in this section
H - electricity
H01 - basic electric elements
H02 - generation
H03 - basic electronic circuitry
H04 - electric communication technique
H05 - electric techniques not otherwise provided for
H99 - subject matter not otherwise provided for in this section
Y - new / cross sectional technologies
Y02 - technologies or applications for mitigation or adaptation against climate change
Y04 - information or communication technologies having an impact on other technology areas
Y10 - technical subjects covered by former uspc

More Options ...

Title: PLC backplane analyzer for field forensics and intrusion detection

Abstract

The various technologies presented herein relate to the determination of unexpected and/or malicious activity occurring between components communicatively coupled across a backplane. Control data, etc., can be intercepted at a backplane where the backplane facilitates communication between a controller and at least one device in an automation process. During interception of the control data, etc., a copy of the control data can be made, e.g., the original control data can be replicated to generate a copy of the original control data. The original control data can continue on to its destination, while the control data copy can be forwarded to an analyzer system to determine whether the control data contains a data anomaly. The content of the copy of the control data can be compared with a previously captured baseline data content, where the baseline data can be captured for a same operational state as the subsequently captured control data.

Inventors:: Mulder, John; Schwartz, Moses Daniel; Berg, Michael; Van Houten, Jonathan Roger; Urrea, Jorge Mario; King, Michael Aaron; Clements, Abraham Anthony; Trent, Jason; Depoy, Jennifer M; Jacob, Joshua

Issue Date:: Tue May 12 00:00:00 EDT 2015

Research Org.:: Sandia National Lab. (SNL-NM), Albuquerque, NM (United States)

Sponsoring Org.:: USDOE

OSTI Identifier:: 1179220

Patent Number(s):: 9032522

Application Number:: 13/947,887

Assignee:: Sandia Corporation (Albuquerque, NM)

Patent Classifications (CPCs):: G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING

Show more

G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING
G06F21/552 - {involving long-term monitoring or reporting}

Show less

DOE Contract Number:: AC04-94AL85000

Resource Type:: Patent

Resource Relation:: Patent File Date: 2013 Jul 22

Country of Publication:: United States

Language:: English

Subject:: 99 GENERAL AND MISCELLANEOUS; 97 MATHEMATICS AND COMPUTING

Citation Formats


                    Mulder, John, Schwartz, Moses Daniel, Berg, Michael, Van Houten, Jonathan Roger, Urrea, Jorge Mario, King, Michael Aaron, Clements, Abraham Anthony, Trent, Jason, Depoy, Jennifer M, and Jacob, Joshua. PLC backplane analyzer for field forensics and intrusion detection.  United States: N. p., 2015. 
        Web.

Copy to clipboard


                    Mulder, John, Schwartz, Moses Daniel, Berg, Michael, Van Houten, Jonathan Roger, Urrea, Jorge Mario, King, Michael Aaron, Clements, Abraham Anthony, Trent, Jason, Depoy, Jennifer M, & Jacob, Joshua. PLC backplane analyzer for field forensics and intrusion detection.  United States.

Copy to clipboard


                    Mulder, John, Schwartz, Moses Daniel, Berg, Michael, Van Houten, Jonathan Roger, Urrea, Jorge Mario, King, Michael Aaron, Clements, Abraham Anthony, Trent, Jason, Depoy, Jennifer M, and Jacob, Joshua. Tue .  
        "PLC backplane analyzer for field forensics and intrusion detection".  United States.  https://www.osti.gov/servlets/purl/1179220.

Copy to clipboard


                    
@article{osti_1179220,

  title        = {PLC backplane analyzer for field forensics and intrusion detection},

  author       = {Mulder, John and Schwartz, Moses Daniel and Berg, Michael and Van Houten, Jonathan Roger and Urrea, Jorge Mario and King, Michael Aaron and Clements, Abraham Anthony and Trent, Jason and Depoy, Jennifer M and Jacob, Joshua},

  abstractNote = {The various technologies presented herein relate to the determination of unexpected and/or malicious activity occurring between components communicatively coupled across a backplane. Control data, etc., can be intercepted at a backplane where the backplane facilitates communication between a controller and at least one device in an automation process. During interception of the control data, etc., a copy of the control data can be made, e.g., the original control data can be replicated to generate a copy of the original control data. The original control data can continue on to its destination, while the control data copy can be forwarded to an analyzer system to determine whether the control data contains a data anomaly. The content of the copy of the control data can be compared with a previously captured baseline data content, where the baseline data can be captured for a same operational state as the subsequently captured control data.},

  doi          = {},

  journal      = {},
number       = ,

  volume       = ,

  place        = {United States},

  year         = {Tue May 12 00:00:00 EDT 2015},

  month        = {Tue May 12 00:00:00 EDT 2015}

}

Copy to clipboard

Patent:

Save / Share:

Export Metadata

Save to My Library

Works referenced in this record:

The real story of stuxnet
journal, March 2013

Kushner, David
IEEE Spectrum, Vol. 50, Issue 3
https://doi.org/10.1109/MSPEC.2013.6471059

Transparent bridging and routing in an industrial automation environment
patent, December 2010

Callaghan, David M.
US Patent Document 7,853,677
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/7853677

Similar Records in DOE Patents and OSTI.GOV collections:

In-situ trainable intrusion detection system

Patent Symons, Christopher T.; Beaver, Justin M.; Gillen, Rob; ...

A computer implemented method detects intrusions using a computer by analyzing network traffic. The method includes a semi-supervised learning module connected to a network node. The learning module uses labeled and unlabeled data to train a semi-supervised machine learning sensor. The method records events that include a feature set made up of unauthorized intrusions and benign computer requests. The method identifies at least some of the benign computer requests that occur during the recording of the events while treating the remainder of the data as unlabeled. The method trains the semi-supervised learning module at the network node in-situ, such thatmore » « less
Full Text Available
Intrusion detection apparatus, system and methods

Patent Jenkins, Chris; Roesler, Alexander

Described herein are various technologies for detection and mitigation of rogue terminal attacks on multiplex data buses. An intrusion detection device is incorporated between a bus controller and a bus of a multiplex data bus. The intrusion detection device receives message that are communicated among the bus controller and a plurality of remote terminals (by way of the bus). The intrusion detection device determines whether messages are unauthorized based upon origins of the messages and predefined rules. When a message is determined to be unauthorized, the intrusion detection device outputs a notification that the unauthorized message has been detected andmore » can block the unauthorized message. « less
Full Text Available
Intrusion detection using secure signatures

Patent Nelson, Trent Darnel; Haile, Jedediah

A method and device for intrusion detection using secure signatures comprising capturing network data. A search hash value, value employing at least one one-way function, is generated from the captured network data using a first hash function. The presence of a search hash value match in a secure signature table comprising search hash values and an encrypted rule is determined. After determining a search hash value match, a decryption key is generated from the captured network data using a second hash function, a hash function different form the first hash function. One or more of the encrypted rules of themore » « less
Full Text Available
Systems and methods for intrusion detection using GHz beams

Patent Russell, John L.; Prather, Dennis; Schuetz, Christopher

The present disclosure is directed to systems and methods that use 1 GHz to 1000 GHz sources and sensors to create an intrusion detection array that does not have the physical limitations of an Active IR sensor. The array is created by a plurality of wave sources and sensor pairs that form a plane of wave break beams. The plane detects an intruder as he/she passes through the beams.
Full Text Available
Infrared intrusion detection system (IRIDS)

Patent Russell, John L.; Small, Daniel E.; Bradley, Jon David

A system and method for intrusion detection includes an imager directed towards an object in an interior space. The imager is in data communication with a computer. The computer is arranged to process digital three-dimensional image data received from the imager and programmed to execute a change detection algorithm in response to the processed three-dimensional data to determine movement of the object. The computer generates an alarm output in response to detecting movement of the object above a predetermined threshold. The method includes providing an imager directed towards an object in an interior space; receiving Time of Flight signals bymore » « less
Full Text Available

Similar Records

Title: PLC backplane analyzer for field forensics and intrusion detection

Abstract

Citation Formats

The real story of stuxnet journal, March 2013

Transparent bridging and routing in an industrial automation environment patent, December 2010

The real story of stuxnet
journal, March 2013

Transparent bridging and routing in an industrial automation environment
patent, December 2010