CYBER SECURITY

US 20150096026A1
Filed: 03/14/2014
Published: 04/02/2015
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for detecting cyber physical system behavior, comprising:

utilizing one or more processors and associated memory storing one or more programs for execution by the one or more processors, the one or more programs including instructions for;

receiving data from a plurality of sensors associated with the system;

constructing a metrization of the data utilizing a data structuring;

determining at least one ensemble and at least one summary variable from the metrized data;

applying a thermodynamic formalism to the at least one summary variable to classify a plurality of system behaviors;

identifying the system behaviors based at least in part on the classified behaviors;

obtaining a baseline of the system associated with the classified behaviors;

detecting an anomalous condition based on a deviation of the system behaviors from the baseline; and

providing an output indicating the identified system behaviors or the anomalous condition.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods that use probabilistic grammatical inference and statistical data analysis techniques to characterize the behavior of systems in terms of a low dimensional set of summary variables and, on the basis of these models, detect anomalous behaviors are disclosed. The disclosed information-theoretic system and method exploit the properties of information to deduce a structure for information flow and management. The properties of information can provide a fundamental basis for the decomposition of systems and hence a structure for the transmission and combination of observations at the desired levels of resolution (e.g., component, subsystem, system).

23 Citations

View as Search Results

20 Claims

1. A computer implemented method for detecting cyber physical system behavior, comprising:
- utilizing one or more processors and associated memory storing one or more programs for execution by the one or more processors, the one or more programs including instructions for;
  
  receiving data from a plurality of sensors associated with the system;
  
  constructing a metrization of the data utilizing a data structuring;
  
  determining at least one ensemble and at least one summary variable from the metrized data;
  
  applying a thermodynamic formalism to the at least one summary variable to classify a plurality of system behaviors;
  
  identifying the system behaviors based at least in part on the classified behaviors;
  
  obtaining a baseline of the system associated with the classified behaviors;
  
  detecting an anomalous condition based on a deviation of the system behaviors from the baseline; and
  
  providing an output indicating the identified system behaviors or the anomalous condition.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method for detecting cyber physical system behavior of claim 1, wherein determining at least one summary variable includes a symbolic encoding of the metrized data and inferring an automata model utilizing a probabilistic grammatical inference.
  - 3. The method for detecting cyber physical system behavior of claim 2, wherein the probabilistic grammatical inference comprises an ε
    - -Machine Reconstruction statistical machine learning technique that includes describing a system trajectory as a string of symbols and describing system dynamics in terms of shift dynamics of the associated symbol string.
  - 4. The method for detecting cyber physical system behavior of claim 3, including identifying cycles in strings of symbols utilizing pumping lemmas.
  - 5. The method for detecting cyber physical system behavior of claim 3, wherein the ε
    - -Machine Reconstruction statistical machine learning technique includes at least one ofa. discovering common subtrees of a string parse tree via a nonparametric Bayesian clustering method including a Dirichlet Process or a Beta Process;
      
      orb. a diffusion map technique.
  - 6. The method for detecting cyber physical system behavior of claim 1, wherein the at least one ensemble is determined empirically.
  - 7. The method for detecting cyber physical system behavior of claim 1, wherein applying a thermodynamic formalism includes applying thermodynamic techniques to the sensor data.
  - 8. The method for detecting cyber physical system behavior of claim 1, wherein the data structuring includes a manifold learning technique comprising at least one of a Diffusion Mapping, a bijective mapping or a spectral graph analysis.
  - 9. The method for detecting cyber physical system behavior of claim 1, wherein the at least one summary variable is determined by forming a derivative of a natural variable.
  - 10. The method for detecting cyber physical system behavior of claim 1, wherein receiving data includes receiving time series data from a plurality of sensors monitoring a cyber-physical system.
  - 11. The method for detecting cyber physical system behavior of claim 10, wherein the cyber-physical system is an electrical power grid system.
  - 12. The method for detecting cyber physical system behavior of claim 1, wherein detecting an anomalous condition includes at least one of predicting or detecting the presence of an Improvised Explosive Device.

13. A system for detecting cyber physical system behavior, comprising:
- a data collection component that receives encoded information from a plurality of sensors associated with the cyber physical system;
  
  a data assimilation component for decoding the encoded information by applying a manifold learning technique to the information to identify system features including at least one summary variable, wherein the data assimilation component applies a thermodynamic formalism to the at least one summary variable to obtain an indication of system behavior; and
  
  an operational component for receiving the indication of system behavior and for detecting an anomalous system behavior.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The system for detecting cyber physical system behavior of claim 13, wherein the encoded information includes at least one of continuous, discrete or transactional cyber physical system dynamics.
  - 15. The system for detecting cyber physical system behavior of claim 13, wherein the operational component provides an output indicating the anomalous system behavior.
  - 16. The system for detecting cyber physical system behavior of claim 13, wherein the data assimilation component utilizes a spectral graph analysis process that includes integrating data across at least one of a continuous physical domain or a discrete physical domains and at least one of a computational cyber domain or a transactional cyber domain.
  - 17. The system for detecting cyber physical system behavior of claim 16, wherein the spectral graph analysis process comprises a Diffusion Mapping technique.
  - 18. The system for detecting cyber physical system behavior of claim 13, wherein the data assimilation component utilizes a bijective mapping technique.

19. A computer implemented method of defining a model for detecting electrical power grid behavior, comprising:
- utilizing one or more processors and associated memory storing one or more programs for execution by the one or more processors, the one or more programs including instructions for;
  
  accessing a data set comprising information regarding a characteristic of the electric power grid;
  
  metrizing a subset of the data set;
  
  processing the metrized subset of the data to provide at least one natural variable and at least one thermodynamic variable; and
  
  constructing a model for processing the information regarding a characteristic of the power grid based at least in part on the natural variable and the thermodynamic variable.
- View Dependent Claims (20)
- - 20. The method of defining a model for detecting electrical power grid behavior of claim 19, wherein the data comprises time series data and processing the subset of data includes calculating node relations from subsequences of a subset of the time series data

Specification

Resources

Litigation Campaign Assessment

Current Assignee
KA Holding, LLC (Markel Corporation)
Original Assignee
Cyberricade, Inc
Inventors
Loparo, Kenneth A., Kolacinski, Richard M., Angeline, Barry D.

Granted Patent

US 9,367,683 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

G06F 21/52   during program execution, e...

G06F 21/55   Detecting local intrusion o...

G06F 21/552   involving long-term monitor...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/034   Test or assess a computer o...

G06N 20/00   Machine learning

G06N 7/01   Probabilistic graphical mod...

Y04S 40/20   Information technology spec...

CYBER SECURITY

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

23 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

CYBER SECURITY

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others