LIVE SERVICE ANOMALY DETECTION SYSTEM FOR PROVIDING CYBER PROTECTION FOR THE ELECTRIC GRID
First Claim
1. A method of improving security in an electrical grid network, comprising:
- configuring a lifecycle map associated with an operation in the electrical grid network, the lifecycle map including at least a start configuration, a final configuration, and a plurality of valid events arranged to link the start configuration and the final configuration, the start configuration and the final configuration corresponding to particular states of the electrical grid network;
monitoring at least one of messages and device configurations in the electrical grid network to detect one or more live events associated with the operation; and
comparing the plurality of live events to the lifecycle map to identify an anomaly in the live events.
1 Assignment
0 Petitions
Accused Products
Abstract
Provided is a method of improving security in an electrical grid network. The method includes configuring a lifecycle map associated with an operation in the electrical grid network, the lifecycle map including at least a start configuration, a final configuration, and a plurality of valid events arranged to link the start configuration and the final configuration, the start configuration and the final configuration corresponding to particular states of the electrical grid network. The method also includes monitoring at least one of messages and device configurations in the electrical grid network to detect one or more live events associated with the operation and comparing the plurality of live events to the lifecycle map to identify an anomaly in the live events.
97 Citations
20 Claims
-
1. A method of improving security in an electrical grid network, comprising:
-
configuring a lifecycle map associated with an operation in the electrical grid network, the lifecycle map including at least a start configuration, a final configuration, and a plurality of valid events arranged to link the start configuration and the final configuration, the start configuration and the final configuration corresponding to particular states of the electrical grid network; monitoring at least one of messages and device configurations in the electrical grid network to detect one or more live events associated with the operation; and comparing the plurality of live events to the lifecycle map to identify an anomaly in the live events. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for improving security and resiliency of an electrical grid network, comprising:
-
a processor; a memory coupled to the processor; a process lifecycle map creator configured to be executed by the processor and further configured to configure, in the memory, a lifecycle map associated with an operation in the electrical grid network, wherein the lifecycle map includes at least a start configuration, a final configuration, and a plurality of valid events arranged to directly or indirectly link the start configuration and the final configuration, wherein the start configuration and the final configuration correspond to particular states of the electrical grid network; an event monitor configured to be executed by the processor and further configured to monitor at least one of messages and device configurations in the electrical grid network to detect a plurality of live events associated with the operation; an event comparing module configured to be executed by the processor and further configured to compare the plurality of live events to the lifecycle map to identify an anomaly in the plurality of live events; and an alerting module configured to be executed by the processor and further configured to report, based upon the comparing, the anomaly associated with the operation. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer readable storage medium storing instructions thereon, the instructions, when executed by a processor, are configure to perform a method comprising:
-
configuring a lifecycle map associated with an operation in the electrical grid network, wherein the lifecycle map includes at least a start configuration, a final configuration, and a plurality of valid events arranged to directly or indirectly link the start configuration and the final configuration, wherein the start configuration and the final configuration correspond to particular states of the electrical grid network; monitoring at least one of messages and device configurations in the electrical grid network to detect a plurality of live events associated with the operation; and comparing the plurality of live events to the lifecycle map to identify an anomaly in the plurality of live events. - View Dependent Claims (18, 19, 20)
-
Specification