Method for intrusion detection in industrial automation and control system

A method and system for automatic signalling an alert when a possible intrusion occurs in an industrial automation and control system, based on security events which occur in the industrial automation and control system or are externally fed into the system. The method includes the steps of: (a) det...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Obermeier, Sebastian, Wahler, Michael, Schlegel, Roman
Format: Patent
Sprache:eng
Schlagworte:
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page
container_title
container_volume
creator Obermeier, Sebastian
Wahler, Michael
Schlegel, Roman
description A method and system for automatic signalling an alert when a possible intrusion occurs in an industrial automation and control system, based on security events which occur in the industrial automation and control system or are externally fed into the system. The method includes the steps of: (a) determining a correlation of a first and second security event and storing the correlation in an event database, wherein the correlation includes a probability that the first security event is followed by the second security event within a normalized time period, (b) identifying a candidate event as the first security event, based on event information of the candidate event, upon occurrence of the candidate event, (c) classifying the candidate event as anomalous when the probability exceeds a predetermined threshold and no second security event follows the candidate event within the normalized time period, and (d) signalling the alert indicating the candidate event.
format Patent
fullrecord <record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_US10187411B2</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>US10187411B2</sourcerecordid><originalsourceid>FETCH-epo_espacenet_US10187411B23</originalsourceid><addsrcrecordid>eNrjZPDyTS3JyE9RSMsvUsjMKykqLc7Mz1NISS1JTS4BsTJBKKW0uKQoMzFHIbG0JD83ESyRmJeikJwP1JGfo1BcWVySmsvDwJqWmFOcyguluRkU3VxDnD10Uwvy41OLCxKTU_NSS-JDgw0NDC3MTQwNnYyMiVEDAH5oNfU</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>Method for intrusion detection in industrial automation and control system</title><source>esp@cenet</source><creator>Obermeier, Sebastian ; Wahler, Michael ; Schlegel, Roman</creator><creatorcontrib>Obermeier, Sebastian ; Wahler, Michael ; Schlegel, Roman</creatorcontrib><description>A method and system for automatic signalling an alert when a possible intrusion occurs in an industrial automation and control system, based on security events which occur in the industrial automation and control system or are externally fed into the system. The method includes the steps of: (a) determining a correlation of a first and second security event and storing the correlation in an event database, wherein the correlation includes a probability that the first security event is followed by the second security event within a normalized time period, (b) identifying a candidate event as the first security event, based on event information of the candidate event, upon occurrence of the candidate event, (c) classifying the candidate event as anomalous when the probability exceeds a predetermined threshold and no second security event follows the candidate event within the normalized time period, and (d) signalling the alert indicating the candidate event.</description><language>eng</language><subject>CALCULATING ; COMPUTING ; CONTROL OR REGULATING SYSTEMS IN GENERAL ; CONTROLLING ; COUNTING ; ELECTRIC COMMUNICATION TECHNIQUE ; ELECTRIC DIGITAL DATA PROCESSING ; ELECTRICITY ; FUNCTIONAL ELEMENTS OF SUCH SYSTEMS ; MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS ORELEMENTS ; PHYSICS ; REGULATING ; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><creationdate>2019</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20190122&amp;DB=EPODOC&amp;CC=US&amp;NR=10187411B2$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,308,780,885,25564,76547</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&amp;date=20190122&amp;DB=EPODOC&amp;CC=US&amp;NR=10187411B2$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>Obermeier, Sebastian</creatorcontrib><creatorcontrib>Wahler, Michael</creatorcontrib><creatorcontrib>Schlegel, Roman</creatorcontrib><title>Method for intrusion detection in industrial automation and control system</title><description>A method and system for automatic signalling an alert when a possible intrusion occurs in an industrial automation and control system, based on security events which occur in the industrial automation and control system or are externally fed into the system. The method includes the steps of: (a) determining a correlation of a first and second security event and storing the correlation in an event database, wherein the correlation includes a probability that the first security event is followed by the second security event within a normalized time period, (b) identifying a candidate event as the first security event, based on event information of the candidate event, upon occurrence of the candidate event, (c) classifying the candidate event as anomalous when the probability exceeds a predetermined threshold and no second security event follows the candidate event within the normalized time period, and (d) signalling the alert indicating the candidate event.</description><subject>CALCULATING</subject><subject>COMPUTING</subject><subject>CONTROL OR REGULATING SYSTEMS IN GENERAL</subject><subject>CONTROLLING</subject><subject>COUNTING</subject><subject>ELECTRIC COMMUNICATION TECHNIQUE</subject><subject>ELECTRIC DIGITAL DATA PROCESSING</subject><subject>ELECTRICITY</subject><subject>FUNCTIONAL ELEMENTS OF SUCH SYSTEMS</subject><subject>MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS ORELEMENTS</subject><subject>PHYSICS</subject><subject>REGULATING</subject><subject>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2019</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNrjZPDyTS3JyE9RSMsvUsjMKykqLc7Mz1NISS1JTS4BsTJBKKW0uKQoMzFHIbG0JD83ESyRmJeikJwP1JGfo1BcWVySmsvDwJqWmFOcyguluRkU3VxDnD10Uwvy41OLCxKTU_NSS-JDgw0NDC3MTQwNnYyMiVEDAH5oNfU</recordid><startdate>20190122</startdate><enddate>20190122</enddate><creator>Obermeier, Sebastian</creator><creator>Wahler, Michael</creator><creator>Schlegel, Roman</creator><scope>EVB</scope></search><sort><creationdate>20190122</creationdate><title>Method for intrusion detection in industrial automation and control system</title><author>Obermeier, Sebastian ; Wahler, Michael ; Schlegel, Roman</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_US10187411B23</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>eng</language><creationdate>2019</creationdate><topic>CALCULATING</topic><topic>COMPUTING</topic><topic>CONTROL OR REGULATING SYSTEMS IN GENERAL</topic><topic>CONTROLLING</topic><topic>COUNTING</topic><topic>ELECTRIC COMMUNICATION TECHNIQUE</topic><topic>ELECTRIC DIGITAL DATA PROCESSING</topic><topic>ELECTRICITY</topic><topic>FUNCTIONAL ELEMENTS OF SUCH SYSTEMS</topic><topic>MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS ORELEMENTS</topic><topic>PHYSICS</topic><topic>REGULATING</topic><topic>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</topic><toplevel>online_resources</toplevel><creatorcontrib>Obermeier, Sebastian</creatorcontrib><creatorcontrib>Wahler, Michael</creatorcontrib><creatorcontrib>Schlegel, Roman</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Obermeier, Sebastian</au><au>Wahler, Michael</au><au>Schlegel, Roman</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>Method for intrusion detection in industrial automation and control system</title><date>2019-01-22</date><risdate>2019</risdate><abstract>A method and system for automatic signalling an alert when a possible intrusion occurs in an industrial automation and control system, based on security events which occur in the industrial automation and control system or are externally fed into the system. The method includes the steps of: (a) determining a correlation of a first and second security event and storing the correlation in an event database, wherein the correlation includes a probability that the first security event is followed by the second security event within a normalized time period, (b) identifying a candidate event as the first security event, based on event information of the candidate event, upon occurrence of the candidate event, (c) classifying the candidate event as anomalous when the probability exceeds a predetermined threshold and no second security event follows the candidate event within the normalized time period, and (d) signalling the alert indicating the candidate event.</abstract><oa>free_for_read</oa></addata></record>
fulltext fulltext_linktorsrc
identifier
ispartof
issn
language eng
recordid cdi_epo_espacenet_US10187411B2
source esp@cenet
subjects CALCULATING
COMPUTING
CONTROL OR REGULATING SYSTEMS IN GENERAL
CONTROLLING
COUNTING
ELECTRIC COMMUNICATION TECHNIQUE
ELECTRIC DIGITAL DATA PROCESSING
ELECTRICITY
FUNCTIONAL ELEMENTS OF SUCH SYSTEMS
MONITORING OR TESTING ARRANGEMENTS FOR SUCH SYSTEMS ORELEMENTS
PHYSICS
REGULATING
TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION
title Method for intrusion detection in industrial automation and control system
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2024-12-23T11%3A03%3A14IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=Obermeier,%20Sebastian&rft.date=2019-01-22&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3EUS10187411B2%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true