CYBER SECURITY
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods that use probabilistic grammatical inference and statistical data analysis techniques to characterize the behavior of systems in terms of a low dimensional set of summary variables and, on the basis of these models, detect anomalous behaviors are disclosed. The disclosed information-theoretic system and method exploit the properties of information to deduce a structure for information flow and management. The properties of information can provide a fundamental basis for the decomposition of systems and hence a structure for the transmission and combination of observations at the desired levels of resolution (e.g., component, subsystem, system).
12 Citations
21 Claims
-
1. (canceled)
-
2. A computer implemented method for detecting cyber physical system behavior, comprising:
utilizing one or more processors and associated memory storing one or more programs for execution by the one or more processors, the one or more programs including instructions for; receiving data from a sensor associated with the cyber physical system, wherein receiving data includes receiving time series data from the sensor monitoring a cyber-physical system; constructing a metrization of the data utilizing a data structuring; determining at least one summary variable from the metrized data, wherein the at least one summary variable is based at least in part upon automata model utilizing a probabilistic grammatical inference; applying a thermodynamic formalism to the at least one summary variable to classify a plurality of system behaviors; identifying the system behavior based at least in part on the classified plurality of system behaviors; and obtaining, by the one or more processors, a baseline of the system behavior associated with the classified plurality of systems behaviors. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
17. A system for detecting cyber physical system behavior, comprising:
a processor and memory coupled to the processor, the processor executes the following executable components; a data collection component that receives encoded information from the cyber physical system, wherein the encoded information includes time series data representative of the cyber-physical system; a data assimilation component that decodes the encoded information, via a spectral graph analysis process comprising a diffusion mapping technique, by applying a manifold learning technique to the information to identify system features including at least one summary variable, wherein the data assimilation component applies a thermodynamic formalism to the at least one summary variable to obtain an indication of system behavior; and an operational component that receives the indication of system behavior and identifies an uncharacteristic system behavior. - View Dependent Claims (18, 19, 20, 21)
Specification