Intelligent system and method for mitigating cyber attacks in critical systems through controlling latency of messages in a communications network

US 8,826,437 B2
Filed: 12/14/2010
Issued: 09/02/2014
Est. Priority Date: 12/14/2010
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving a message at a power grid device;

determining whether the message represents potential malware and requires a delay to allow time to detect and respond to potential malware;

determining a delay amount for the delay associated with the message; and

processing the message based on the delay amount;

wherein processing the message comprises blocking the message if the delay amount is infinite.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method are provided for controlling the latency of messages to enable a network of devices to detect and respond to potential malware. The system and method receiving a message at a device and determining whether the message represents potential malware and requires a delay to allow time to detect and respond to potential malware. The amount of the delay associated with the message is determined and the message is processed based on the delay amount.

Citations

25 Claims

1. A method, comprising:
- receiving a message at a power grid device;
  
  determining whether the message represents potential malware and requires a delay to allow time to detect and respond to potential malware;
  
  determining a delay amount for the delay associated with the message; and
  
  processing the message based on the delay amount;
  
  wherein processing the message comprises blocking the message if the delay amount is infinite.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, further comprising:
    - determining a message type associated with the message; and
      
      wherein determining whether the message requires a delay comprises determining whether the message type requires the delay.
  - 3. The method of claim 2, wherein determining the delay amount for the delay associated with the message comprises:
    - determining the delay amount associated with the message type of the message.
  - 4. The method of claim 2, further comprises:
    - reporting receipt of the message type.
  - 5. The method of claim 2, wherein the message type comprises at least one of a message including TCP packets, UDP packets, or messages that contain data patterns associated with malware.
  - 6. The method of claim 1, wherein processing the message comprises:
    - applying the delay amount to the message; and
      
      forwarding the message.
  - 7. The method of claim 1, wherein processing the message comprises:
    - discarding the message.
  - 8. The method of claim 1, wherein processing the message comprises:
    - storing the message when the message requires a delay; and
      
      forwarding a copy of the message to an analytical system to analyze the message for potential malware.
  - 9. The method of claim 8, further comprising:
    - applying the delay amount to the message; and
      
      forwarding the message.
  - 10. The method of claim 8, further comprising:
    - updating the delay amount based on the analysis of the message.
  - 11. The method of claim 1, wherein processing the message comprises:
    - forwarding the message to an analytical system to analyze the message for potential malware.
  - 12. The method of claim 1, further comprising:
    - issuing an alarm.
  - 13. The method of claim 12, wherein the issuing comprises:
    - issuing the alarm when the delay for the message is above a predetermined threshold.

14. A non-transitory computer-readable medium comprising computer-readable instructions of a computer program that, when executed by a processor, cause the processor to perform a method, the method comprising:
- receiving a message at a power grid device;
  
  determining whether the message represents potential malware and requires a delay to allow time to detect and respond to potential malware;
  
  determining a delay amount for the delay associated with the message; and
  
  processing the message based on the delay amount;
  
  wherein processing the message comprises blocking the message if the delay amount is infinite.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
- - 15. The non-transitory computer-readable medium of claim 14, further comprising:
    - determining a message type associated with the message; and
      
      wherein determining whether the message requires a delay comprises determining whether the message type requires the delay.
  - 16. The non-transitory computer-readable medium of claim 15, wherein determining the delay amount for the delay associated with the message comprises:
    - determining the delay amount associated with the message type of the message.
  - 17. The non-transitory computer-readable medium of claim 15, further comprises:
    - reporting receipt of the message type.
  - 18. The non-transitory computer-readable medium of claim 14, wherein processing the message comprises:
    - applying the delay amount to the message; and
      
      forwarding the message.
  - 19. The non-transitory computer-readable medium of claim 14, wherein processing the message comprises:
    - discarding the message.
  - 20. The non-transitory computer-readable medium of claim 14, wherein processing the message comprises:
    - storing the message when the message requires a delay; and
      
      forwarding a copy of the message to an analytical system to analyze the message for potential malware.
  - 21. The non-transitory computer-readable medium of claim 20, further comprising:
    - applying the delay amount to the message; and
      
      forwarding the message.
  - 22. The non-transitory computer-readable medium of claim 20, further comprising:
    - updating the delay amount based on the analysis of the message.

23. A system, comprising:
- power grid devices connected to a network;
  
  a communication rate control module coupled to the power grid devices and the network;
  
  a delay database coupled to the communication rate control module for storing delay amounts associated with messages received by the power grid devices;
  
  wherein the communication rate control module is configured to;
  
  receive a message at a power grid device;
  
  determine whether the message represents potential malware and requires a delay to allow time to detect and respond to potential malware;
  
  determine a delay amount for the delay associated with the message; and
  
  process the message based on the delay amount;
  
  block the message if the delay amount is infinite.
- View Dependent Claims (24, 25)
- - 24. The system of claim 23, further comprising:
    - an analytical system for receiving information from the communication rate control module for further analyzing the message.
  - 25. The system of claim 23, wherein the power grid device includes utility meters, relays, reclosers, line switches, capacitor banks or honeypots.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
GE Infrastructure Technology, LLC (GE Vernova, Inc.)
Original Assignee
General Electric Company
Inventors
Hershey, John Erik, Dell'Anno, Michael Joseph, Barnett, Bruce Gordon, Thanos, Daniel
Primary Examiner(s)
McNally, Michael S

Application Number

US12/967,818
Publication Number

US 20120151589A1
Time in Patent Office

1,358 Days
Field of Search

726/24
US Class Current

726/24
CPC Class Codes

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

H04L 63/145   the attack involving the pr...

Y04S 40/20   Information technology spec...

Intelligent system and method for mitigating cyber attacks in critical systems through controlling latency of messages in a communications network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Intelligent system and method for mitigating cyber attacks in critical systems through controlling latency of messages in a communications network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links