MALICIOUS ATTACK DETECTION AND ANALYSIS
First Claim
1. A method of characterizing malicious activity in an intelligent utility grid system, the method executable by a computer having at least one processor and at least one memory, comprising:
- receiving, by the at least one processor, information-technology (IT) data including IT-related activity from the intelligent grid system;
receiving, by the at least one processor, non-IT data including location-specific event data from a plurality of electronic sources;
pre-processing, by the at least one processor, the non-IT data including;
disregarding the non-IT data failing to meet a predetermined level of relevance to one of a plurality of risk-related events;
applying, by the at least one processor, a plurality of rules to the pre-processed non-IT data to;
associate an undesired event with reference to the IT-related activity; and
determine a probability that the undesired event is indicative of malicious activity; and
applying, by the at least one processor, a risk characterization to the undesired event based on the probability and the IT-related activity.
2 Assignments
0 Petitions
Accused Products
Abstract
A system for characterizing malicious activity in an intelligent utility grid system includes a system storage in which to store a database including a plurality of rules. A collector is operable to collect and store in the system storage information-technology (IT) data including IT-related activity from the intelligent grid system. A complex event processing (CEP) bus is operable to receive non-IT data including location-specific event data from a plurality of electronic sources, the CEP bus further operable to disregard the non-IT data failing to meet a predetermined level of relevance to one of a plurality of risk-related events. A processor is operable to apply the plurality of rules to the relevant non-IT data to: associate an undesired event with reference to the IT-related activity; and determine a probability that the undesired event is indicative of malicious activity. The processor further applies a risk characterization to the undesired event based on the probability and the IT-related activity.
-
Citations
24 Claims
-
1. A method of characterizing malicious activity in an intelligent utility grid system, the method executable by a computer having at least one processor and at least one memory, comprising:
-
receiving, by the at least one processor, information-technology (IT) data including IT-related activity from the intelligent grid system; receiving, by the at least one processor, non-IT data including location-specific event data from a plurality of electronic sources; pre-processing, by the at least one processor, the non-IT data including;
disregarding the non-IT data failing to meet a predetermined level of relevance to one of a plurality of risk-related events;applying, by the at least one processor, a plurality of rules to the pre-processed non-IT data to; associate an undesired event with reference to the IT-related activity; and determine a probability that the undesired event is indicative of malicious activity; and applying, by the at least one processor, a risk characterization to the undesired event based on the probability and the IT-related activity. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for characterizing malicious activity in an intelligent utility grid system, comprising:
-
a system storage in which to store a database including a plurality of rules; a collector operable to collect and store in the system storage information-technology (IT) data including IT-related activity from the intelligent grid system; a complex event processing (CEP) bus operable to receive non-IT data including location-specific event data from a plurality of electronic sources, the CEP bus further operable to disregard the non-IT data failing to meet a predetermined level of relevance to one of a plurality of risk-related events; a processor operable to apply the plurality of rules to the relevant non-IT data to;
associate an undesired event with reference to the IT-related activity; and
determine a probability that the undesired event is indicative of malicious activity; andthe processor further to apply a risk characterization to the undesired event based on the probability and the IT-related activity. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer-readable storage medium comprising a set of instructions for characterizing malicious activity in an intelligent utility grid system executable by a computer having a processor and memory, the computer-readable medium comprising:
-
instructions to receive information-technology (IT) data including IT-related activity from the intelligent grid system; instructions to receive non-IT data including location-specific event data from a plurality of electronic sources; instructions to pre-process the non-IT data including;
disregarding the non-IT data failing to meet a predetermined level of relevance to one of a plurality of risk-related events;instructions to apply a plurality of rules to the pre-processed non-IT data to; associate an undesired event with reference to the IT-related activity; and determine a probability that the undesired event is indicative of malicious activity; and instructions to apply a risk characterization to the undesired event based on the probability and the IT-related activity. - View Dependent Claims (20, 21, 22, 23, 24)
-
Specification