CYBER SECURITY
First Claim
1. A computer implemented method for detecting cyber physical system behavior, comprising:
- utilizing one or more processors and associated memory storing one or more programs for execution by the one or more processors, the one or more programs including instructions for;
receiving data from a plurality of sensors associated with the cyber physical system;
constructing a metrization of the data utilizing a data structuring;
determining at least one ensemble and at least one summary variable from the metrized data, wherein the summary variable is based on automata model utilizing a probabilistic grammatical inference that includes discovering common subtrees of a string parse tree via a nonparametric Bayesian clustering method including a Dirichlet Process or a Beta Process a diffusion map technique;
applying a thermodynamic formalism to the at least one summary variable to classify a plurality of system behaviors;
identifying the plurality of system behaviors based at least in part on the classified plurality of system behaviors;
obtaining, by the one or more processors, a baseline of the system behavior associated with the classified plurality of systems behaviors; and
detecting an anomalous condition based on a deviation of the plurality of system behaviors from the baseline.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods that use probabilistic grammatical inference and statistical data analysis techniques to characterize the behavior of systems in terms of a low dimensional set of summary variables and, on the basis of these models, detect anomalous behaviors are disclosed. The disclosed information-theoretic system and method exploit the properties of information to deduce a structure for information flow and management. The properties of information can provide a fundamental basis for the decomposition of systems and hence a structure for the transmission and combination of observations at the desired levels of resolution (e.g., component, subsystem, system).
9 Citations
20 Claims
-
1. A computer implemented method for detecting cyber physical system behavior, comprising:
utilizing one or more processors and associated memory storing one or more programs for execution by the one or more processors, the one or more programs including instructions for; receiving data from a plurality of sensors associated with the cyber physical system; constructing a metrization of the data utilizing a data structuring; determining at least one ensemble and at least one summary variable from the metrized data, wherein the summary variable is based on automata model utilizing a probabilistic grammatical inference that includes discovering common subtrees of a string parse tree via a nonparametric Bayesian clustering method including a Dirichlet Process or a Beta Process a diffusion map technique; applying a thermodynamic formalism to the at least one summary variable to classify a plurality of system behaviors; identifying the plurality of system behaviors based at least in part on the classified plurality of system behaviors; obtaining, by the one or more processors, a baseline of the system behavior associated with the classified plurality of systems behaviors; and detecting an anomalous condition based on a deviation of the plurality of system behaviors from the baseline. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
13. A system for detecting cyber physical system behavior, comprising:
a processor and memory coupled to the processor, the processor executes the following executable components; a data collection component that receives encoded information from a plurality of sensors associated with the cyber physical system; a data assimilation component for decoding the encoded information, via a spectral graph analysis process comprising a diffusion mapping technique, by applying a manifold learning technique to the information to identify system features including at least one summary variable, wherein the data assimilation component applies a thermodynamic formalism to the at least one summary variable to obtain an indication of system behavior; and an operational component for receiving the indication of system behavior and for detecting an anomalous system behavior. - View Dependent Claims (14, 15, 16, 17, 18)
-
19. A tangible computer readable medium, comprising computer executable instructions that when executed by a processor perform operations, comprising:
-
receiving data from a plurality of sensors associated with the cyber physical system; constructing a metrization of the data utilizing a data structuring; determining at least one ensemble and at least one summary variable from the metrized data, wherein the summary variable is based on automata model utilizing a probabilistic grammatical inference that includes discovering common subtrees of a string parse tree via a nonparametric Bayesian clustering method including a Dirichlet Process or a Beta Process a diffusion map technique; applying a thermodynamic formalism to the at least one summary variable to classify a plurality of system behaviors; identifying the plurality of system behaviors based at least in part on the classified plurality of system behaviors; obtaining, by the one or more processors, a baseline of the system behavior associated with the classified plurality of systems behaviors; and detecting an anomalous condition based on a deviation of the plurality of system behaviors from the baseline. - View Dependent Claims (20)
-
Specification