Cyber security
DC
First Claim
Patent Images
1. A computer implemented method for detecting cyber physical system behavior, comprising:
- utilizing one or more hardware processors and associated memory storing one or more programs for execution by the one or more hardware processors, the one or more programs including instructions for;
receiving data from a plurality of sensors associated with a cyber physical system, wherein the receiving the data includes receiving time series data from the plurality of sensors monitoring the cyber physical system and wherein the cyber physical system is an electrical power grid system;
constructing a metrization of the data utilizing a data structuring;
determining at least one ensemble and at least one summary variable from the metrized data, wherein the at least one summary variable is based on automata model utilizing a probabilistic grammatical inference that includes discovering common subtrees of a string parse tree via a nonparametric Bayesian clustering method including a Dirichlet Process or a Beta Process or a diffusion map technique;
applying a thermodynamic formalism to the at least one summary variable to classify a plurality of system behaviors;
identifying the plurality of system behaviors based at least in part on the classified plurality of system behaviors;
obtaining, by the one or more hardware processors, a baseline of the system behavior associated with the classified plurality of systems behaviors; and
detecting an anomalous condition based on a deviation of the plurality of system behaviors from the baseline.
2 Assignments
Litigations
0 Petitions
Accused Products
Abstract
Systems and methods that use probabilistic grammatical inference and statistical data analysis techniques to characterize the behavior of systems in terms of a low dimensional set of summary variables and, on the basis of these models, detect anomalous behaviors are disclosed. The disclosed information-theoretic system and method exploit the properties of information to deduce a structure for information flow and management. The properties of information can provide a fundamental basis for the decomposition of systems and hence a structure for the transmission and combination of observations at the desired levels of resolution (e.g., component, subsystem, system).
5 Citations
18 Claims
-
1. A computer implemented method for detecting cyber physical system behavior, comprising:
utilizing one or more hardware processors and associated memory storing one or more programs for execution by the one or more hardware processors, the one or more programs including instructions for; receiving data from a plurality of sensors associated with a cyber physical system, wherein the receiving the data includes receiving time series data from the plurality of sensors monitoring the cyber physical system and wherein the cyber physical system is an electrical power grid system; constructing a metrization of the data utilizing a data structuring; determining at least one ensemble and at least one summary variable from the metrized data, wherein the at least one summary variable is based on automata model utilizing a probabilistic grammatical inference that includes discovering common subtrees of a string parse tree via a nonparametric Bayesian clustering method including a Dirichlet Process or a Beta Process or a diffusion map technique; applying a thermodynamic formalism to the at least one summary variable to classify a plurality of system behaviors; identifying the plurality of system behaviors based at least in part on the classified plurality of system behaviors; obtaining, by the one or more hardware processors, a baseline of the system behavior associated with the classified plurality of systems behaviors; and detecting an anomalous condition based on a deviation of the plurality of system behaviors from the baseline. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
11. A system for detecting cyber physical system behavior, comprising:
-
a hardware processor and memory coupled to the hardware processor, the hardware processor executes the following executable components; a data collection component that receives encoded information from a plurality of sensors associated with a cyber physical system, wherein the encoded information includes time series data from the plurality of sensors monitoring the cyber physical system and wherein the cyber physical system is an electrical power grid system; a data assimilation component for decoding the encoded information, via a spectral graph analysis process comprising a diffusion mapping technique, by applying a manifold learning technique to the information to identify system features including at least one summary variable, wherein the data assimilation component applies a thermodynamic formalism to the at least one summary variable to obtain an indication of system behavior; and an operational component for receiving the indication of system behavior and for detecting an anomalous system behavior. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A non-transitory computer readable medium, comprising computer executable instructions that when executed by a hardware processor perform operations comprising:
-
receiving data from a plurality of sensors associated with a cyber physical system, wherein the receiving the data includes receiving time series data from the plurality of sensors monitoring the cyber physical system and wherein the cyber physical system is an electrical power grid system; constructing a metrization of the data utilizing a data structuring; determining at least one ensemble and at least one summary variable from the metrized data, wherein the at least one summary variable is based on automata model utilizing a probabilistic grammatical inference that includes discovering common subtrees of a string parse tree via a nonparametric Bayesian clustering method including a Dirichlet Process or a Beta Process or a diffusion map technique; applying a thermodynamic formalism to the at least one summary variable to classify a plurality of system behaviors; identifying the plurality of system behaviors based at least in part on the classified plurality of system behaviors; obtaining, by the one or more processors, a baseline of the system behavior associated with the classified plurality of systems behaviors; and detecting an anomalous condition based on a deviation of the plurality of system behaviors from the baseline. - View Dependent Claims (18)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
Litigation Data
-
Current AssigneeKA Holding, LLC (Markel Corporation)
-
Original AssigneeCyberricade, Inc
-
InventorsAngeline, Barry D., Loparo, Kenneth A., Kolacinski, Richard M.
-
Primary Examiner(s)Lemma, Samson
-
Assistant Examiner(s)VICTORIA, NARCISO F
-
Application NumberUS15/152,702Publication NumberTime in Patent Office278 DaysField of SearchUS Class Current1/1CPC Class CodesG06F 21/52 during program execution, e...G06F 21/55 Detecting local intrusion o...G06F 21/552 involving long-term monitor...G06F 21/577 Assessing vulnerabilities a...G06F 2221/034 Test or assess a computer o...G06N 20/00 Machine learningG06N 7/01 Probabilistic graphical mod...Y04S 40/20 Information technology spec...
