System and methodology providing automation security analysis and network intrusion protection in an industrial environment
First Claim
1. A system, comprising:
- a pattern analysis component configured to generate at least one learned profile characterizing at least one learned pattern of data traffic determined based at least in part on data traffic information obtained by monitoring the data traffic associated with an industrial network at least during a training period; and
a comparison analyzer component configured to detect a deviation of a pattern of the data traffic from the at least one learned pattern of data traffic in excess of a defined threshold of deviation, and to initiate one or more security countermeasures in response to detecting the deviation.
2 Assignments
0 Petitions
Accused Products
Abstract
Automation security in a networked-based industrial controller environment is implemented. Various components, systems and methodologies are provided to facilitate varying levels of automation security in accordance with security analysis tools, security validation tools and/or security learning systems. The security analysis tool receives abstract factory models or descriptions for input and generates an output that can include security guidelines, components, topologies, procedures, rules, policies, and the like for deployment in an automation security network. The validation tools are operative in the automation security network, wherein the tools perform security checking and/or auditing functions, for example, to determine if security components are in place and/or in suitable working order. The security learning system monitors/learns network traffic patterns during a learning phase, fires alarms or events based upon detected deviations from the learned patterns, and/or causes other automated actions to occur.
151 Citations
20 Claims
-
1. A system, comprising:
-
a pattern analysis component configured to generate at least one learned profile characterizing at least one learned pattern of data traffic determined based at least in part on data traffic information obtained by monitoring the data traffic associated with an industrial network at least during a training period; and a comparison analyzer component configured to detect a deviation of a pattern of the data traffic from the at least one learned pattern of data traffic in excess of a defined threshold of deviation, and to initiate one or more security countermeasures in response to detecting the deviation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method, comprising:
-
generating, by a system comprising a processor, at least one learned profile comprising at least one learned data traffic pattern determined based at least in part on data traffic information relating to data traffic associated with an industrial automation network that is monitored at least during a training period; and identifying, by the system, a deviation of other data traffic associated with the industrial automation network from the at least one learned data traffic pattern in excess of a defined threshold of deviation to facilitate mitigating the deviation. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory computer-readable medium storing computer-executable instructions that, in response to execution, cause a system comprising a processor to perform operations, comprising:
-
creating at least one data traffic profile characterizing at least one determined pattern of data traffic based at least in part on data traffic information relating to data traffic associated with an industrial automation network that is monitored at least during a training period; and identifying a deviation of second data traffic associated with the industrial automation network from the at least one determined data traffic pattern in excess of a defined threshold of deviation to facilitate reducing the deviation using at least one security countermeasure. - View Dependent Claims (20)
-
Specification