CYBER SECURITY

US 20160253495A1
Filed: 05/12/2016
Published: 09/01/2016
Est. Priority Date: 03/15/2013
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for detecting cyber physical system behavior, comprising:

utilizing one or more processors and associated memory storing one or more programs for execution by the one or more processors, the one or more programs including instructions for;

receiving data from a plurality of sensors associated with the cyber physical system;

constructing a metrization of the data utilizing a data structuring;

determining at least one ensemble and at least one summary variable from the metrized data, wherein the summary variable is based on automata model utilizing a probabilistic grammatical inference that includes discovering common subtrees of a string parse tree via a nonparametric Bayesian clustering method including a Dirichlet Process or a Beta Process a diffusion map technique;

applying a thermodynamic formalism to the at least one summary variable to classify a plurality of system behaviors;

identifying the plurality of system behaviors based at least in part on the classified plurality of system behaviors;

obtaining, by the one or more processors, a baseline of the system behavior associated with the classified plurality of systems behaviors; and

detecting an anomalous condition based on a deviation of the plurality of system behaviors from the baseline.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods that use probabilistic grammatical inference and statistical data analysis techniques to characterize the behavior of systems in terms of a low dimensional set of summary variables and, on the basis of these models, detect anomalous behaviors are disclosed. The disclosed information-theoretic system and method exploit the properties of information to deduce a structure for information flow and management. The properties of information can provide a fundamental basis for the decomposition of systems and hence a structure for the transmission and combination of observations at the desired levels of resolution (e.g., component, subsystem, system).

9 Citations

View as Search Results

20 Claims

1. A computer implemented method for detecting cyber physical system behavior, comprising:
- utilizing one or more processors and associated memory storing one or more programs for execution by the one or more processors, the one or more programs including instructions for;
  
  receiving data from a plurality of sensors associated with the cyber physical system;
  
  constructing a metrization of the data utilizing a data structuring;
  
  determining at least one ensemble and at least one summary variable from the metrized data, wherein the summary variable is based on automata model utilizing a probabilistic grammatical inference that includes discovering common subtrees of a string parse tree via a nonparametric Bayesian clustering method including a Dirichlet Process or a Beta Process a diffusion map technique;
  
  applying a thermodynamic formalism to the at least one summary variable to classify a plurality of system behaviors;
  
  identifying the plurality of system behaviors based at least in part on the classified plurality of system behaviors;
  
  obtaining, by the one or more processors, a baseline of the system behavior associated with the classified plurality of systems behaviors; and
  
  detecting an anomalous condition based on a deviation of the plurality of system behaviors from the baseline.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method for detecting cyber physical system behavior of claim 1, wherein determining at least one summary variable includes a symbolic encoding of the metrized data.
  - 3. The method for detecting cyber physical system behavior of claim 1, wherein the probabilistic grammatical inference comprises an ε
    - -Machine Reconstruction statistical machine learning technique that includes describing a system trajectory as a string of symbols and describing system dynamics in terms of shift dynamics of the associated symbol string.
  - 4. The method for detecting cyber physical system behavior of claim 3, including identifying cycles in strings of symbols utilizing pumping lemmas.
  - 5. The method for detecting cyber physical system behavior of claim 1 further comprising:
    - generating an output indicating the identified plurality of system behaviors or the anomalous condition.
  - 6. The method for detecting cyber physical system behavior of claim 1, wherein the at least one ensemble is determined empirically.
  - 7. The method for detecting cyber physical system behavior of claim 1, wherein applying a thermodynamic formalism includes applying thermodynamic techniques to the sensor data.
  - 8. The method for detecting cyber physical system behavior of claim 1, wherein the data structuring includes a manifold learning technique comprising at least one of a Diffusion Mapping, a bijective mapping or a spectral graph analysis.
  - 9. The method for detecting cyber physical system behavior of claim 1, wherein the at least one summary variable is determined by forming a derivative of a natural variable.
  - 10. The method for detecting cyber physical system behavior of claim 1, wherein receiving data includes receiving time series data from a plurality of sensors monitoring a cyber-physical system.
  - 11. The method for detecting cyber physical system behavior of claim 10, wherein the cyber-physical system is an electrical power grid system.
  - 12. The method for detecting cyber physical system behavior of claim 1, wherein detecting an anomalous condition includes at least one of predicting or detecting the presence of an Improvised Explosive Device.

13. A system for detecting cyber physical system behavior, comprising:
- a processor and memory coupled to the processor, the processor executes the following executable components;
  
  a data collection component that receives encoded information from a plurality of sensors associated with the cyber physical system;
  
  a data assimilation component for decoding the encoded information, via a spectral graph analysis process comprising a diffusion mapping technique, by applying a manifold learning technique to the information to identify system features including at least one summary variable, wherein the data assimilation component applies a thermodynamic formalism to the at least one summary variable to obtain an indication of system behavior; and
  
  an operational component for receiving the indication of system behavior and for detecting an anomalous system behavior.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The system for detecting cyber physical system behavior of claim 13, wherein the encoded information includes at least one of continuous, discrete or transactional cyber physical system dynamics.
  - 15. The system for detecting cyber physical system behavior of claim 13, wherein the operational component provides an output indicating the anomalous system behavior.
  - 16. The system for detecting cyber physical system behavior of claim 13, wherein the data assimilation component utilizes the spectral graph analysis process that includes integrating data across at least one of a continuous physical domain or a discrete physical domains and at least one of a computational cyber domain or a transactional cyber domain.
  - 17. The system for detecting cyber physical system behavior of claim 16, wherein the operational component is further configured to generate an output indicating the identified anomalous system behavior.
  - 18. The system for detecting cyber physical system behavior of claim 13, wherein the data assimilation component utilizes a bijective mapping technique.

19. A tangible computer readable medium, comprising computer executable instructions that when executed by a processor perform operations, comprising:
- receiving data from a plurality of sensors associated with the cyber physical system;
  
  constructing a metrization of the data utilizing a data structuring;
  
  determining at least one ensemble and at least one summary variable from the metrized data, wherein the summary variable is based on automata model utilizing a probabilistic grammatical inference that includes discovering common subtrees of a string parse tree via a nonparametric Bayesian clustering method including a Dirichlet Process or a Beta Process a diffusion map technique;
  
  applying a thermodynamic formalism to the at least one summary variable to classify a plurality of system behaviors;
  
  identifying the plurality of system behaviors based at least in part on the classified plurality of system behaviors;
  
  obtaining, by the one or more processors, a baseline of the system behavior associated with the classified plurality of systems behaviors; and
  
  detecting an anomalous condition based on a deviation of the plurality of system behaviors from the baseline.
- View Dependent Claims (20)
- - 20. The tangible computer readable medium of claim 19, wherein the determining at least one summary variable includes a symbolic encoding of the metrized data and wherein the probabilistic grammatical inference comprises an ε
    - -Machine Reconstruction statistical machine learning technique that includes describing a system trajectory as a string of symbols and describing system dynamics in terms of shift dynamics of the associated symbol string

Specification

Resources

Litigation Campaign Assessment

Current Assignee
KA Holding, LLC (Markel Corporation)
Original Assignee
Cyberricade, Inc
Inventors
Angeline, Barry D., Kolacinski, Richard M., Loparo, Kenneth A.

Granted Patent

US 9,569,615 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/52   during program execution, e...

G06F 21/55   Detecting local intrusion o...

G06F 21/552   involving long-term monitor...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/034   Test or assess a computer o...

G06N 20/00   Machine learning

G06N 7/01   Probabilistic graphical mod...

Y04S 40/20   Information technology spec...

CYBER SECURITY

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

9 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

CYBER SECURITY

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links