Cyber security
DCFirst Claim
1. A computer implemented method for detecting cyber physical system behavior, comprising:
- utilizing one or more hardware processors and associated memory storing one or more programs for execution by the one or more hardware processors, the one or more programs including instructions for;
receiving data from a sensor associated with the cyber physical system, wherein receiving data includes receiving time series data from the sensor monitoring a cyber-physical system;
constructing a metrization of the data utilizing a data structuring;
determining at least one summary variable from the metrized data, wherein the at least one summary variable is based at least in part upon automata model utilizing a probabilistic grammatical inference;
applying a thermodynamic formalism to the at least one summary variable to classify a plurality of system behaviors;
identifying the system behavior based at least in part on the classified plurality of system behaviors; and
obtaining, by the one or more processors, a baseline of the system behavior associated with the classified plurality of systems behaviors;
detecting an anomalous condition based on a deviation of the system behavior from the baseline; and
generating an output indicating the identified system behavior or the anomalous condition.
2 Assignments
Litigations
0 Petitions
Accused Products
Abstract
Systems and methods that use probabilistic grammatical inference and statistical data analysis techniques to characterize the behavior of systems in terms of a low dimensional set of summary variables and, on the basis of these models, detect anomalous behaviors are disclosed. The disclosed information-theoretic system and method exploit the properties of information to deduce a structure for information flow and management. The properties of information can provide a fundamental basis for the decomposition of systems and hence a structure for the transmission and combination of observations at the desired levels of resolution (e.g., component, subsystem, system).
-
Citations
17 Claims
-
1. A computer implemented method for detecting cyber physical system behavior, comprising:
-
utilizing one or more hardware processors and associated memory storing one or more programs for execution by the one or more hardware processors, the one or more programs including instructions for; receiving data from a sensor associated with the cyber physical system, wherein receiving data includes receiving time series data from the sensor monitoring a cyber-physical system; constructing a metrization of the data utilizing a data structuring; determining at least one summary variable from the metrized data, wherein the at least one summary variable is based at least in part upon automata model utilizing a probabilistic grammatical inference; applying a thermodynamic formalism to the at least one summary variable to classify a plurality of system behaviors; identifying the system behavior based at least in part on the classified plurality of system behaviors; and obtaining, by the one or more processors, a baseline of the system behavior associated with the classified plurality of systems behaviors; detecting an anomalous condition based on a deviation of the system behavior from the baseline; and generating an output indicating the identified system behavior or the anomalous condition. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system for detecting cyber physical system behavior, comprising:
a hardware processor and memory coupled to the processor, the hardware processor executes the following executable components stored in the memory; a data collection component that receives encoded information from the cyber physical system, wherein the encoded information includes time series data representative of the cyber-physical system; a data assimilation component that decodes the encoded information, via a spectral graph analysis process comprising a diffusion mapping technique, by applying a manifold learning technique to the information to identify system features including at least one summary variable, wherein the data assimilation component applies a thermodynamic formalism to the at least one summary variable to obtain an indication of system behavior; and an operational component that receives the indication of system behavior and identifies an uncharacteristic system behavior, wherein the operational component detects an anomalous condition based on a deviation of the system behavior from a baseline, and generates an output indicating the identified uncharacteristic system behavior or the anomalous condition. - View Dependent Claims (15, 16, 17)
Specification