System and methods for automated detection, reasoning and recommendations for resilient cyber systems

Choudhury, Sutanay; Agarwal, Khushbu; Chen, Pin-Yu; Ray, Indrajit

Advanced Search OptionsAdvanced Search queries use a traditional Term Search. For more info, see our FAQ.

All Fields:

Patent Title:

Abstract:

Assignee:

Inventor(s):

Patent Number:

Patent Classification (CPC):

All Classifications
A - human necessities
A01 - agriculture
A21 - baking
A22 - butchering
A23 - foods or foodstuffs
A24 - tobacco
A41 - wearing apparel
A42 - headwear
A43 - footwear
A44 - haberdashery
A45 - hand or travelling articles
A46 - brushware
A47 - furniture
A61 - medical or veterinary science
A62 - life-saving
A63 - sports
A99 - subject matter not otherwise provided for in this section
B - performing operations
B01 - physical or chemical processes or apparatus in general
B02 - crushing, pulverising, or disintegrating
B03 - separation of solid materials using liquids or using pneumatic tables or jigs
B04 - centrifugal apparatus or machines for carrying-out physical or chemical processes
B05 - spraying or atomising in general
B06 - generating or transmitting mechanical vibrations in general
B07 - separating solids from solids
B08 - cleaning
B09 - disposal of solid waste
B21 - mechanical metal-working without essentially removing material
B22 - casting
B23 - machine tools
B24 - grinding
B25 - hand tools
B26 - hand cutting tools
B27 - working or preserving wood or similar material
B28 - working cement, clay, or stone
B29 - working of plastics
B30 - presses
B31 - making articles of paper, cardboard or material worked in a manner analogous to paper
B32 - layered products
B33 - additive manufacturing technology
B41 - printing
B42 - bookbinding
B43 - writing or drawing implements
B44 - decorative arts
B60 - vehicles in general
B61 - railways
B62 - land vehicles for travelling otherwise than on rails
B63 - ships or other waterborne vessels
B64 - aircraft
B65 - conveying
B66 - hoisting
B67 - opening, closing {or cleaning} bottles, jars or similar containers
B68 - saddlery
B81 - microstructural technology
B82 - nanotechnology
B99 - subject matter not otherwise provided for in this section
C - chemistry
C01 - inorganic chemistry
C02 - treatment of water, waste water, sewage, or sludge
C03 - glass
C04 - cements
C05 - fertilisers
C06 - explosives
C07 - organic chemistry
C08 - organic macromolecular compounds
C09 - dyes
C10 - petroleum, gas or coke industries
C11 - animal or vegetable oils, fats, fatty substances or waxes
C12 - biochemistry
C13 - sugar industry
C14 - skins
C21 - metallurgy of iron
C22 - metallurgy
C23 - coating metallic material
C25 - electrolytic or electrophoretic processes
C30 - crystal growth
C40 - combinatorial technology
C99 - subject matter not otherwise provided for in this section
D - textiles
D01 - natural or man-made threads or fibres
D02 - yarns
D03 - weaving
D04 - braiding
D05 - sewing
D06 - treatment of textiles or the like
D07 - ropes
D10 - indexing scheme associated with sublasses of section d, relating to textiles
D21 - paper-making
D99 - subject matter not otherwise provided for in this section
E - fixed constructions
E01 - construction of roads, railways, or bridges
E02 - hydraulic engineering
E03 - water supply
E04 - building
E05 - locks
E06 - doors, windows, shutters, or roller blinds in general
E21 - earth drilling
E99 - subject matter not otherwise provided for in this section
F - mechanical engineering
F01 - machines or engines in general
F02 - combustion engines
F03 - machines or engines for liquids
F04 - positive - displacement machines for liquids
F05 - indexing schemes relating to engines or pumps in various subclasses of classes f01-f04
F15 - fluid-pressure actuators
F16 - engineering elements and units
F17 - storing or distributing gases or liquids
F21 - lighting
F22 - steam generation
F23 - combustion apparatus
F24 - heating
F25 - refrigeration or cooling
F26 - drying
F27 - furnaces
F28 - heat exchange in general
F41 - weapons
F42 - ammunition
F99 - subject matter not otherwise provided for in this section
G - physics
G01 - measuring
G02 - optics
G03 - photography
G04 - horology
G05 - controlling
G06 - computing
G07 - checking-devices
G08 - signalling
G09 - education
G10 - musical instruments
G11 - information storage
G12 - instrument details
G16 - information and communication technology [ict] specially adapted for specific application fields
G21 - nuclear physics
G99 - subject matter not otherwise provided for in this section
H - electricity
H01 - basic electric elements
H02 - generation
H03 - basic electronic circuitry
H04 - electric communication technique
H05 - electric techniques not otherwise provided for
H99 - subject matter not otherwise provided for in this section
Y - new / cross sectional technologies
Y02 - technologies or applications for mitigation or adaptation against climate change
Y04 - information or communication technologies having an impact on other technology areas
Y10 - technical subjects covered by former uspc

More Options ...

Title: System and methods for automated detection, reasoning and recommendations for resilient cyber systems

Abstract

A method for securing an IT (information technology) system using a set of methods for knowledge extraction, event detection, risk estimation and explanation for ranking cyber-alerts which includes a method to explain the relationship (or an attack pathway) from an entity (user or host) and an event context to another entity (a high-value resource) and an event context (attack or service failure).

Inventors:: Choudhury, Sutanay; Agarwal, Khushbu; Chen, Pin-Yu; Ray, Indrajit

Issue Date:: Tue Dec 01 00:00:00 EST 2020

Research Org.:: Pacific Northwest National Laboratory (PNNL), Richland, WA (United States)

Sponsoring Org.:: USDOE

OSTI Identifier:: 1771700

Patent Number(s):: 10855706

Application Number:: 15/730,028

Assignee:: Battelle Memorial Institute (Richland, WA)

Patent Classifications (CPCs):: G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING

G - PHYSICS G06 - COMPUTING G06N - COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS

Show more

G - PHYSICS G06 - COMPUTING G06F - ELECTRIC DIGITAL DATA PROCESSING
G06F16/9024 - {Graphs
G06F21/566 - {Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities}

G - PHYSICS G06 - COMPUTING G06N - COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
G06N3/08 - Learning methods
G06N5/022 - {Knowledge engineering

H - ELECTRICITY H04 - ELECTRIC COMMUNICATION TECHNIQUE H04L - TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
H04L63/1416 - {Event detection, e.g. attack signature detection}
H04L63/1425 - {Traffic logging, e.g. anomaly detection}
H04L63/1441 - {Countermeasures against malicious traffic
H04L63/20 - {for managing network security

Show less

DOE Contract Number:: AC05-76RL01830

Resource Type:: Patent

Resource Relation:: Patent File Date: 10/11/2017

Country of Publication:: United States

Language:: English

Citation Formats


                    Choudhury, Sutanay, Agarwal, Khushbu, Chen, Pin-Yu, and Ray, Indrajit. System and methods for automated detection, reasoning and recommendations for resilient cyber systems.  United States: N. p., 2020. 
        Web.

Copy to clipboard


                    Choudhury, Sutanay, Agarwal, Khushbu, Chen, Pin-Yu, & Ray, Indrajit. System and methods for automated detection, reasoning and recommendations for resilient cyber systems.  United States.

Copy to clipboard


                    Choudhury, Sutanay, Agarwal, Khushbu, Chen, Pin-Yu, and Ray, Indrajit. Tue .  
        "System and methods for automated detection, reasoning and recommendations for resilient cyber systems".  United States.  https://www.osti.gov/servlets/purl/1771700.

Copy to clipboard


                    
@article{osti_1771700,

  title        = {System and methods for automated detection, reasoning and recommendations for resilient cyber systems},

  author       = {Choudhury, Sutanay and Agarwal, Khushbu and Chen, Pin-Yu and Ray, Indrajit},

  abstractNote = {A method for securing an IT (information technology) system using a set of methods for knowledge extraction, event detection, risk estimation and explanation for ranking cyber-alerts which includes a method to explain the relationship (or an attack pathway) from an entity (user or host) and an event context to another entity (a high-value resource) and an event context (attack or service failure).},

  doi          = {},

  journal      = {},
number       = ,

  volume       = ,

  place        = {United States},

  year         = {Tue Dec 01 00:00:00 EST 2020},

  month        = {Tue Dec 01 00:00:00 EST 2020}

}

Copy to clipboard

Patent:

Save / Share:

Export Metadata

Save to My Library

Works referenced in this record:

Deep Learning for Semantic Parsing Including Semantic Utterance Classification
patent-application, October 2015

Dauphin, Yann Nicolas; Hakkani-Tur, Dilek Z.; Tur, Gokhan
US Patent Application 14/260419; 20150310862
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20150310862

System and Method for Visualizing and Analyzing Cyber-Attacks Using a Graph Model
patent-application, October 2017

Noel, Steven; Harley, Eric; Tam, Kam Him
US Patent Application 15/084153; 20170289187
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20170289187

Detection Mitigation and Remediation of Cyberattacks Employing an Advanced Cyber-decision Platform
patent-application, May 2017

Crabtree, Jason; Sellers, Andrew
US Patent Application 15/237625; 20170126712
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20170126712

Network security threat detection by user/user-entity behavioral analysis
patent, December 2016

Muddu, Sudhakar; Tryfonas, Christos
US Patent Document 9,516,053
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/9516053

Platform, System, Process for Distributed Graph Databases and Computing
patent-application, December 2017

Zhang, Cheu; Wu, Jing
US Patent Application 15/624246; 20170364534
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20170364534

System, Method, and Computer Program Product for Determining Whether Parameter Configurations Meet Predetermined Criteria
patent-application, January 2014

Spitzer, John F.
US Patent Application 13/543184; 20140013303
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20140013303

Detecting Anomalies in Behavioral Network With Contextual Side Information
patent-application, July 2014

Wang, Xiang; Thiesson, Bo; Stokes, III, Jack Wilson
US Patent Application 13/730078; 20140188895
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20140188895

Network Anomaly Detection
patent-application, November 2015

Lefebvre, Michael L.; Carver, Matthew; Ellett, Eric
US Patent Application 14/285487; 20150341379
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20150341379

Cognitive offense analysis using contextual data and knowledge graphs
patent-application, February 2018

Bird, William Alexander; Deffeyes, Suzanne Carol; Jang, Jiyong
US Patent Application 15/236575; 20180048661
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20180048661

Performance Anomaly Diagnosis
patent-application, May 2016

Konig, Arnd Christian; Dvorkin, Igor; Kumar, Manish
US Patent Application 14/687848; 20160147585
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20160147585

System and Method for Generating Material Compositions
patent-application, April 2017

Chee, Yi-Min; Jagmohan, Ashish; Luna, Pamela N.
US Patent Application 14/974595; 20170116517
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20170116517

Intrusion Detection Platform
patent-application, March 2016

Srivastava, Ashok N.; Gao, Yong; Xu, Yian
US Patent Application 14/472886; 20160065594
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20160065594

Modular model workflow in a distributed computation system
patent, October 2018

Muddu, Sudhakar; Tryfonas, Christos; Kavacheri, Sathyanarayanan
US Patent Document 10,110,617
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/10110617

Anomaly Detection in Groups of Network Addresses
patent-application, October 2015

Bernstein, Ruth; Dulkin, Andrey; Weiss, Assaf
US Patent Application 14/253945; 20150304349
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20150304349

Anomaly Detection System and Method
patent-application, October 2016

Malhotra, Pankaj; Shroff, Gautam; Agarwal, Puneet
US Patent Application 15/019681; 20160299938
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20160299938

Cognitive memory encoding networks for fast semantic indexing storage and retrieval
patent, October 2015

Majumdar, Arun
US Patent Document 9,158,847
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/9158847

System and Method for Authorizing Customized Content
patent-application, June 2016

Toumayan, Samuel G.; McMullin, III, John L.; Lewis, Paul
US Patent Application 15/062393; 20160189193
URL: https://image-ppubs.uspto.gov/dirsearch-public/print/downloadPdf/20160189193

Similar Records in DOE Patents and OSTI.GOV collections:

Systems and methods for detecting and mitigating cyber attacks on power systems comprising distributed energy resources

Patent Johnson, Jay Tillay

Extensive deployment of interoperable distributed energy resources (DER) on power systems is increasing the power system cybersecurity attack surface. National and jurisdictional interconnection standards require DER to include a range of autonomous and commanded grid-support functions which can drastically influence power quality, voltage, and the generation-load balance. Investigations of the impact to the power system in scenarios where communications and operations of DER are controlled by an adversary show that each grid-support function exposes the power system to distinct types and magnitudes of risk. The invention provides methods for minimizing the risks to distribution and transmission systems using an engineeredmore » « less
Full Text Available
Systems and methods for detecting and mitigating cyber attacks on power systems comprising distributed energy resources

Patent Johnson, Jay Tillay

Extensive deployment of interoperable distributed energy resources (DER) on power systems is increasing the power system cybersecurity attack surface. National and jurisdictional interconnection standards require DER to include a range of autonomous and commanded grid-support functions which can drastically influence power quality, voltage, and the generation-load balance. Investigations of the impact to the power system in scenarios where communications and operations of DER are controlled by an adversary show that each grid-support function exposes the power system to distinct types and magnitudes of risk. The invention provides methods for minimizing the risks to distribution and transmission systems using an engineeredmore » « less
Full Text Available
Systems and methods for global cyber-attack or fault detection model

Patent Xu, Rui; Yan, Weizhong; Abbaszadeh, Masoud; ...

An industrial asset may have monitoring nodes that generate current monitoring node values representing a current operation of the industrial asset. An abnormality detection computer may detect when a monitoring node is currently being attacked or experiencing a fault based on a current feature vector, calculated in accordance with current monitoring node values, and a detection model that includes a decision boundary. A model updater (e.g., a continuous learning model updater) may determine an update time-frame (e.g., short-term, mid-term, long-term, etc.) associated with the system based on trigger occurrence detection (e.g., associated with a time-based trigger, a performance-based trigger, anmore » « less
Full Text Available
Dynamic, resilient sensing system for automatic cyber-attack neutralization

Patent Dokucu, Mustafa Tekin; Roychowdhury, Subhrajit; Anubi, Olugbenga; ...

An industrial asset may have monitoring nodes that generate current monitoring node values. An abnormality detection computer may determine that an abnormal monitoring node is currently being attacked or experiencing fault. A dynamic, resilient estimator constructs, using normal monitoring node values, a latent feature space (of lower dimensionality as compared to a temporal space) associated with latent features. The system also constructs, using normal monitoring node values, functions to project values into the latent feature space. Responsive to an indication that a node is currently being attacked or experiencing fault, the system may compute optimal values of the latent featuresmore » « less
Full Text Available
Dynamic, resilient virtual sensing system and shadow controller for cyber-attack neutralization

Patent Roychowdhury, Subhrajit; Abbaszadeh, Masoud; Dokucu, Mustafa Tekin

An industrial asset may have monitoring nodes (e.g., sensor or actuator nodes) that generate current monitoring node values. An abnormality detection and localization computer may receive the series of current monitoring node values and output an indication of at least one abnormal monitoring node that is currently being attacked or experiencing a fault. An actor-critic platform may tune a dynamic, resilient state estimator for a sensor node and output tuning parameters for a controller that improve operation of the industrial asset during the current attack or fault. The actor-critic platform may include, for example, a dynamic, resilient state estimator, anmore » « less
Full Text Available

Similar Records

Title: System and methods for automated detection, reasoning and recommendations for resilient cyber systems

Abstract

Citation Formats

Deep Learning for Semantic Parsing Including Semantic Utterance Classification patent-application, October 2015

System and Method for Visualizing and Analyzing Cyber-Attacks Using a Graph Model patent-application, October 2017

Detection Mitigation and Remediation of Cyberattacks Employing an Advanced Cyber-decision Platform patent-application, May 2017

Network security threat detection by user/user-entity behavioral analysis patent, December 2016

Platform, System, Process for Distributed Graph Databases and Computing patent-application, December 2017

System, Method, and Computer Program Product for Determining Whether Parameter Configurations Meet Predetermined Criteria patent-application, January 2014

Detecting Anomalies in Behavioral Network With Contextual Side Information patent-application, July 2014

Network Anomaly Detection patent-application, November 2015

Cognitive offense analysis using contextual data and knowledge graphs patent-application, February 2018

Performance Anomaly Diagnosis patent-application, May 2016

System and Method for Generating Material Compositions patent-application, April 2017

Intrusion Detection Platform patent-application, March 2016

Modular model workflow in a distributed computation system patent, October 2018

Anomaly Detection in Groups of Network Addresses patent-application, October 2015

Anomaly Detection System and Method patent-application, October 2016

Cognitive memory encoding networks for fast semantic indexing storage and retrieval patent, October 2015

System and Method for Authorizing Customized Content patent-application, June 2016

Deep Learning for Semantic Parsing Including Semantic Utterance Classification
patent-application, October 2015

System and Method for Visualizing and Analyzing Cyber-Attacks Using a Graph Model
patent-application, October 2017

Detection Mitigation and Remediation of Cyberattacks Employing an Advanced Cyber-decision Platform
patent-application, May 2017

Network security threat detection by user/user-entity behavioral analysis
patent, December 2016

Platform, System, Process for Distributed Graph Databases and Computing
patent-application, December 2017

System, Method, and Computer Program Product for Determining Whether Parameter Configurations Meet Predetermined Criteria
patent-application, January 2014

Detecting Anomalies in Behavioral Network With Contextual Side Information
patent-application, July 2014

Network Anomaly Detection
patent-application, November 2015

Cognitive offense analysis using contextual data and knowledge graphs
patent-application, February 2018

Performance Anomaly Diagnosis
patent-application, May 2016

System and Method for Generating Material Compositions
patent-application, April 2017

Intrusion Detection Platform
patent-application, March 2016

Modular model workflow in a distributed computation system
patent, October 2018

Anomaly Detection in Groups of Network Addresses
patent-application, October 2015

Anomaly Detection System and Method
patent-application, October 2016

Cognitive memory encoding networks for fast semantic indexing storage and retrieval
patent, October 2015

System and Method for Authorizing Customized Content
patent-application, June 2016