Cyber security
DCFirst Claim
1. A computer implemented method for detecting cyber physical system behavior, comprising:
- utilizing one or more processors and associated memory storing one or more programs for execution by the one or more processors, the one or more programs including instructions for;
receiving data from a plurality of sensors associated with the cyber physical system;
constructing a metrization of the data utilizing a data structuring;
determining at least one ensemble and at least one summary variable from the metrized data, wherein the determining includes a symbolic encoding of the metrized data and inferring an automata model utilizing a probabilistic grammatical inference that comprises an ε
-Machine Reconstruction statistical machine learning technique that includes describing a system trajectory as a string of symbols and describing system dynamics in terms of shift dynamics of the associated symbol string, wherein the ε
-Machine Reconstruction statistical machine learning technique includes at least one of;
(a) discovering common subtrees of a string parse tree via a nonparametric Bayesian clustering method including a Dirichlet Process or a Beta Process;
or(b) a diffusion map technique;
applying a thermodynamic formalism to the at least one summary variable to classify a plurality of system behaviors;
identifying the plurality of system behaviors based at least in part on the classified plurality of system behaviors;
obtaining, by the one or more processors, a baseline of the system behavior associated with the classified plurality of system behaviors;
detecting an anomalous condition based on a deviation of the plurality of system behaviors from the baseline; and
generating an output indicating the identified plurality of system behaviors or the anomalous condition.
2 Assignments
Litigations
0 Petitions
Accused Products
Abstract
Systems and methods that use probabilistic grammatical inference and statistical data analysis techniques to characterize the behavior of systems in terms of a low dimensional set of summary variables and, on the basis of these models, detect anomalous behaviors are disclosed. The disclosed information-theoretic system and method exploit the properties of information to deduce a structure for information flow and management. The properties of information can provide a fundamental basis for the decomposition of systems and hence a structure for the transmission and combination of observations at the desired levels of resolution (e.g., component, subsystem, system).
19 Citations
13 Claims
-
1. A computer implemented method for detecting cyber physical system behavior, comprising:
utilizing one or more processors and associated memory storing one or more programs for execution by the one or more processors, the one or more programs including instructions for; receiving data from a plurality of sensors associated with the cyber physical system; constructing a metrization of the data utilizing a data structuring; determining at least one ensemble and at least one summary variable from the metrized data, wherein the determining includes a symbolic encoding of the metrized data and inferring an automata model utilizing a probabilistic grammatical inference that comprises an ε
-Machine Reconstruction statistical machine learning technique that includes describing a system trajectory as a string of symbols and describing system dynamics in terms of shift dynamics of the associated symbol string, wherein the ε
-Machine Reconstruction statistical machine learning technique includes at least one of;(a) discovering common subtrees of a string parse tree via a nonparametric Bayesian clustering method including a Dirichlet Process or a Beta Process;
or(b) a diffusion map technique; applying a thermodynamic formalism to the at least one summary variable to classify a plurality of system behaviors; identifying the plurality of system behaviors based at least in part on the classified plurality of system behaviors; obtaining, by the one or more processors, a baseline of the system behavior associated with the classified plurality of system behaviors; detecting an anomalous condition based on a deviation of the plurality of system behaviors from the baseline; and generating an output indicating the identified plurality of system behaviors or the anomalous condition. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
10. A system for detecting cyber physical system behavior, comprising:
a processor and memory coupled to the processor, the processor executes the following executable components; a data collection component that receives encoded information from a plurality of sensors associated with the cyber physical system; a data assimilation component for decoding the encoded information by applying a manifold learning technique to the information to identify system features including at least one summary variable, wherein the data assimilation component applies a thermodynamic formalism to the at least one summary variable to obtain an indication of system behavior, wherein the data assimilation component utilizes a spectral graph analysis process that includes integrating data across at least one of a continuous physical domain or a discrete physical domains and at least one of a computational cyber domain or a transactional cyber domain, wherein the spectral graph analysis process comprises a Diffusion Mapping technique; and an operational component for receiving the indication of system behavior and for detecting an anomalous system behavior. - View Dependent Claims (11, 12, 13)
Specification