SYSTEM AND METHOD FOR TAMPER DETECTION ON DISTRIBUTED UTILITY INFRASTRUCTURE
First Claim
1. A method for tamper detection on distributed utility infrastructure, comprising:
- receiving, within a first edge device of the utility infrastructure, sensor data from a plurality of sensors each positioned to detect physical events at the first edge device;
determining, from the sensor data, one or more indicators when the sensor data is outside a normal range value, respectively;
updating, based upon the one or more indicators, a limited factor graph corresponding to at least a portion of the utility infrastructure;
identifying, from the limited factor graph, an event that is occurring in the first edge device;
deciding whether the event is a tamper event; and
if the event is a tamper event, initiating mitigation of the tamper event.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method are disclosed that use information from a distributed, sensor-based network to decide if unwanted tampering is occurring within a utility infrastructure and how to respond. The system and method receive data from sensors located in embedded devices on the edge of the network (i.e., edge devices) and process the data to identify the presence or absence of indicators. A factor graph is generated and. updated with the indicators, along with historical incident and user-defined data, and relationships between the sensors. Based upon the factor graph, the system and method determine what events are occurring at edge devices and decide whether the events are tamper events caused by unwanted tampering. Enforcement programs are used to appropriately mitigate the tamper events.
-
Citations
20 Claims
-
1. A method for tamper detection on distributed utility infrastructure, comprising:
-
receiving, within a first edge device of the utility infrastructure, sensor data from a plurality of sensors each positioned to detect physical events at the first edge device; determining, from the sensor data, one or more indicators when the sensor data is outside a normal range value, respectively; updating, based upon the one or more indicators, a limited factor graph corresponding to at least a portion of the utility infrastructure; identifying, from the limited factor graph, an event that is occurring in the first edge device; deciding whether the event is a tamper event; and if the event is a tamper event, initiating mitigation of the tamper event. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for tamper detection on distributed utility infrastructure, comprising:
-
at least one edge device comprising; a plurality of sensors positioned to detect events at the at least one edge device of the utility infrastructure; a first processor communicatively coupled to the plurality of sensors; a first memory communicatively coupled with the first processor; and a factor graph stored within the first memory; at least one actuator communicatively coupled with the first processor; an information program comprising machine readable instructions stored within the first memory that, when executed by the first processor, is capable of; receiving data from the plurality of sensors; processing the data to compare with predetermined threshold values to identify the presence of at least one indicator; updating the factor graph, based upon the at least one indicator, to determine an event that is occurring at the at least one edge device; and deciding whether at least one event is a tamper event; and an first enforcement program comprising machine readable instructions stored within the first memory that, when executed by the first processor, is capable of controlling the at least one actuator to mitigate the tamper event. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. A software product comprising instructions, stored on non-transitory computer-readable media, wherein the instructions, when executed by a computer, perform steps for tamper detection on distributed utility infrastructure comprising:
an information program for a) receiving values from the plurality of sensors and processing the values based upon predetermined thresholds to identify at least one indicator, b) updating, based upon the at least one indicator, a factor graph corresponding to at least a portion of the utility infrastructure, c) determining, from the factor graph, an event that is occurring to the edge device, and d) deciding whether the event is a tamper event. - View Dependent Claims (17, 18, 19, 20)
Specification