×

Method for mitigation of cyber attacks on industrial control systems

  • US 10,015,188 B2
  • Filed: 08/20/2015
  • Issued: 07/03/2018
  • Est. Priority Date: 08/20/2015
  • Status: Active Grant
First Claim
Patent Images

1. A method for detecting a potential compromise of cyber security in an industrial network utilizing a protocol for controlling an industrial process, comprising:

  • polling specific fields of packet data at a fixed frequency for a plurality of programmable logic controllers (PLCs), to establish network behavior;

    deriving a vector based on the specific packet data fields, wherein the specific packet data fields represent the protocol which signifies particular network communications;

    generating a value based on the vector indicative of a network behavioral state;

    maintaining a network behavior state machine comprising a list of network states and transition counts,wherein the transition count is maintained in accordance to the value;

    determining a transition probability corresponding to the transition counts, wherein the transition probability denotes an estimated probability of a first network state being followed temporally by a second network state, during normal network operation;

    establishing, for the network behavior state machine, a threshold representing the probability below which a sequence of network states is anomalous;

    determining, by the network behavior state machine, a probability for the occurrence of a sequence of network states, according to the derived vector;

    and, taking protective action according to whether the determined probability is below the established threshold.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×