Cyber security
DCFirst Claim
1. A computer implemented method for detecting cyber physical system behavior, comprising:
- utilizing one or more hardware processors and associated memory storing one or more programs for execution by the one or more hardware processors, the one or more programs including instructions for;
receiving data from a plurality of sensors associated with a cyber physical system, wherein the receiving the data includes receiving time series data from the plurality of sensors monitoring the cyber physical system and wherein the cyber physical system is an electrical power grid system;
constructing a metrization of the data utilizing a data structuring;
determining at least one ensemble and at least one summary variable from the metrized data, wherein the at least one summary variable is based on automata model utilizing a probabilistic grammatical inference that includes discovering common subtrees of a string parse tree via a nonparametric Bayesian clustering method including a Dirichlet Process or a Beta Process or a diffusion map technique;
applying a thermodynamic formalism to the at least one summary variable to classify a plurality of system behaviors;
identifying the plurality of system behaviors based at least in part on the classified plurality of system behaviors;
obtaining, by the one or more hardware processors, a baseline of the system behavior associated with the classified plurality of systems behaviors; and
detecting an anomalous condition based on a deviation of the plurality of system behaviors from the baseline.
2 Assignments
Litigations
0 Petitions
Accused Products
Abstract
Systems and methods that use probabilistic grammatical inference and statistical data analysis techniques to characterize the behavior of systems in terms of a low dimensional set of summary variables and, on the basis of these models, detect anomalous behaviors are disclosed. The disclosed information-theoretic system and method exploit the properties of information to deduce a structure for information flow and management. The properties of information can provide a fundamental basis for the decomposition of systems and hence a structure for the transmission and combination of observations at the desired levels of resolution (e.g., component, subsystem, system).
5 Citations
18 Claims
-
1. A computer implemented method for detecting cyber physical system behavior, comprising:
utilizing one or more hardware processors and associated memory storing one or more programs for execution by the one or more hardware processors, the one or more programs including instructions for; receiving data from a plurality of sensors associated with a cyber physical system, wherein the receiving the data includes receiving time series data from the plurality of sensors monitoring the cyber physical system and wherein the cyber physical system is an electrical power grid system; constructing a metrization of the data utilizing a data structuring; determining at least one ensemble and at least one summary variable from the metrized data, wherein the at least one summary variable is based on automata model utilizing a probabilistic grammatical inference that includes discovering common subtrees of a string parse tree via a nonparametric Bayesian clustering method including a Dirichlet Process or a Beta Process or a diffusion map technique; applying a thermodynamic formalism to the at least one summary variable to classify a plurality of system behaviors; identifying the plurality of system behaviors based at least in part on the classified plurality of system behaviors; obtaining, by the one or more hardware processors, a baseline of the system behavior associated with the classified plurality of systems behaviors; and detecting an anomalous condition based on a deviation of the plurality of system behaviors from the baseline. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
11. A system for detecting cyber physical system behavior, comprising:
-
a hardware processor and memory coupled to the hardware processor, the hardware processor executes the following executable components; a data collection component that receives encoded information from a plurality of sensors associated with a cyber physical system, wherein the encoded information includes time series data from the plurality of sensors monitoring the cyber physical system and wherein the cyber physical system is an electrical power grid system; a data assimilation component for decoding the encoded information, via a spectral graph analysis process comprising a diffusion mapping technique, by applying a manifold learning technique to the information to identify system features including at least one summary variable, wherein the data assimilation component applies a thermodynamic formalism to the at least one summary variable to obtain an indication of system behavior; and an operational component for receiving the indication of system behavior and for detecting an anomalous system behavior. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A non-transitory computer readable medium, comprising computer executable instructions that when executed by a hardware processor perform operations comprising:
-
receiving data from a plurality of sensors associated with a cyber physical system, wherein the receiving the data includes receiving time series data from the plurality of sensors monitoring the cyber physical system and wherein the cyber physical system is an electrical power grid system; constructing a metrization of the data utilizing a data structuring; determining at least one ensemble and at least one summary variable from the metrized data, wherein the at least one summary variable is based on automata model utilizing a probabilistic grammatical inference that includes discovering common subtrees of a string parse tree via a nonparametric Bayesian clustering method including a Dirichlet Process or a Beta Process or a diffusion map technique; applying a thermodynamic formalism to the at least one summary variable to classify a plurality of system behaviors; identifying the plurality of system behaviors based at least in part on the classified plurality of system behaviors; obtaining, by the one or more processors, a baseline of the system behavior associated with the classified plurality of systems behaviors; and detecting an anomalous condition based on a deviation of the plurality of system behaviors from the baseline. - View Dependent Claims (18)
-
Specification