GENERIC FRAMEWORK TO DETECT CYBER THREATS IN ELECTRIC POWER GRID
First Claim
1. A system to protect an electric power grid, comprising:
- a plurality of heterogeneous data source nodes each generating a series of current data source node values over time that represent a current operation of the electric power grid; and
a real-time threat detection computer, coupled to the plurality of heterogeneous data source nodes, to;
(i) receive the series of current data source node values and generate a set of current feature vectors,(ii) access an abnormal state detection model having at least one decision boundary created offline using a set of feature vectors, and(iii) execute the abnormal state detection model and transmit a threat alert signal based on the set of current feature vectors and the at least one decision boundary.
2 Assignments
0 Petitions
Accused Products
Abstract
According to some embodiments, a plurality of heterogeneous data source nodes may each generate a series of current data source node values over time that represent a current operation of an electric power grid. A real-time threat detection computer, coupled to the plurality of heterogeneous data source nodes, may receive the series of current data source node values and generate a set of current feature vectors. The threat detection computer may then access an abnormal state detection model having at least one decision boundary created offline using at least one of normal and abnormal feature vectors. The abnormal state detection model may be executed, and a threat alert signal may be transmitted if appropriate based on the set of current feature vectors and the at least one decision boundary.
-
Citations
22 Claims
-
1. A system to protect an electric power grid, comprising:
-
a plurality of heterogeneous data source nodes each generating a series of current data source node values over time that represent a current operation of the electric power grid; and a real-time threat detection computer, coupled to the plurality of heterogeneous data source nodes, to; (i) receive the series of current data source node values and generate a set of current feature vectors, (ii) access an abnormal state detection model having at least one decision boundary created offline using a set of feature vectors, and (iii) execute the abnormal state detection model and transmit a threat alert signal based on the set of current feature vectors and the at least one decision boundary. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computerized method to protect an electric power grid, comprising:
-
retrieving, for each of a plurality of heterogeneous data source nodes, a series of normal data source node values over time that represent normal operation of the electric power grid; generating, offline, a set of normal feature vectors based on the normal data source node values; retrieving, for each of the plurality of data source nodes, a series of abnormal data source node values over time that represent an abnormal operation of the electric power grid; generating a set of abnormal feature vectors based on the abnormal data source node values; and automatically calculating and outputting, by an offline abnormal state detection model creation computer, at least one decision boundary for an abnormal state detection model based on the set of normal feature vectors and the set of abnormal feature vectors. - View Dependent Claims (17, 18, 19)
-
-
20. A non-transitory, computer-readable medium storing instructions that, when executed by a computer processor, cause the computer processor to perform a method associated with protection of an electric power grid, the method comprising:
-
receiving, from a plurality of heterogeneous data source nodes, a series of current data source node values over time that represent a current operation of the electric power grid; accessing, by a real-time threat detection computer, an abnormal state detection model having at least one decision boundary created offline using a set of feature vectors; and executing the abnormal state detection model and transmitting a threat alert signal based on the set of current feature vectors and the at least one decision boundary. - View Dependent Claims (21, 22)
-
Specification