Hybrid unsupervised machine learning framework for industrial control system intrusion detection
A system for monitoring an industrial system for cyberattacks includes an industrial control system including a plurality of actuators, a plurality of sensors each arranged to measure one of a plurality of operating parameters, and an edge device and a computer including a data storage device having...
Gespeichert in:
| Hauptverfasser: | , , , , |
|---|---|
| Format: | Patent |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | |
| container_volume | |
| creator | Pfleger de Aguiar, Leandro Zonouz, Saman Pi, Jiaxing Wei, Dong Wang, Honggang |
| description | A system for monitoring an industrial system for cyberattacks includes an industrial control system including a plurality of actuators, a plurality of sensors each arranged to measure one of a plurality of operating parameters, and an edge device and a computer including a data storage device having stored thereon a program that includes each of a time-series database including expected operating ranges for each operating parameter, a clustering-based database that includes clusters of operating parameters having similarities, and a correlation database that includes pairs of operating parameters that show a correlation. An alarm system is operable to initiate an alarm in response to current operating data including a measurement from one of the plurality of sensors falling outside of an expected range, a change in the expected clustering of one of the plurality of sensors based on the current operating data from each of the plurality of sensors, and a variation in the current operating data between two of the plurality of sensors that falls outside of an expected correlation of the two of the plurality of sensors. |
| format | Patent |
| fullrecord | <record><control><sourceid>epo_EVB</sourceid><recordid>TN_cdi_epo_espacenet_US11924227B2</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>US11924227B2</sourcerecordid><originalsourceid>FETCH-epo_espacenet_US11924227B23</originalsourceid><addsrcrecordid>eNqNijEOwjAMALswIOAP5gEMDUiIFQTqDswlJC5EJE5lO6D-ng48gOlOuptWt2a4c_BQSEqP_A6CHpJ1z0AIES1ToAd0bBN-Mr-gywyBfBHlYCO4TMo5ggyimMaiXCRkAo-KTkebV5PORsHFj7NqeTpeDs0K-9yi9NYhobbXc13vzMaY7d6s_3m-lbk_Cw</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>patent</recordtype></control><display><type>patent</type><title>Hybrid unsupervised machine learning framework for industrial control system intrusion detection</title><source>esp@cenet</source><creator>Pfleger de Aguiar, Leandro ; Zonouz, Saman ; Pi, Jiaxing ; Wei, Dong ; Wang, Honggang</creator><creatorcontrib>Pfleger de Aguiar, Leandro ; Zonouz, Saman ; Pi, Jiaxing ; Wei, Dong ; Wang, Honggang</creatorcontrib><description>A system for monitoring an industrial system for cyberattacks includes an industrial control system including a plurality of actuators, a plurality of sensors each arranged to measure one of a plurality of operating parameters, and an edge device and a computer including a data storage device having stored thereon a program that includes each of a time-series database including expected operating ranges for each operating parameter, a clustering-based database that includes clusters of operating parameters having similarities, and a correlation database that includes pairs of operating parameters that show a correlation. An alarm system is operable to initiate an alarm in response to current operating data including a measurement from one of the plurality of sensors falling outside of an expected range, a change in the expected clustering of one of the plurality of sensors based on the current operating data from each of the plurality of sensors, and a variation in the current operating data between two of the plurality of sensors that falls outside of an expected correlation of the two of the plurality of sensors.</description><language>eng</language><subject>ELECTRIC COMMUNICATION TECHNIQUE ; ELECTRICITY ; TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><creationdate>2024</creationdate><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&date=20240305&DB=EPODOC&CC=US&NR=11924227B2$$EHTML$$P50$$Gepo$$Hfree_for_read</linktohtml><link.rule.ids>230,308,780,885,25563,76418</link.rule.ids><linktorsrc>$$Uhttps://worldwide.espacenet.com/publicationDetails/biblio?FT=D&date=20240305&DB=EPODOC&CC=US&NR=11924227B2$$EView_record_in_European_Patent_Office$$FView_record_in_$$GEuropean_Patent_Office$$Hfree_for_read</linktorsrc></links><search><creatorcontrib>Pfleger de Aguiar, Leandro</creatorcontrib><creatorcontrib>Zonouz, Saman</creatorcontrib><creatorcontrib>Pi, Jiaxing</creatorcontrib><creatorcontrib>Wei, Dong</creatorcontrib><creatorcontrib>Wang, Honggang</creatorcontrib><title>Hybrid unsupervised machine learning framework for industrial control system intrusion detection</title><description>A system for monitoring an industrial system for cyberattacks includes an industrial control system including a plurality of actuators, a plurality of sensors each arranged to measure one of a plurality of operating parameters, and an edge device and a computer including a data storage device having stored thereon a program that includes each of a time-series database including expected operating ranges for each operating parameter, a clustering-based database that includes clusters of operating parameters having similarities, and a correlation database that includes pairs of operating parameters that show a correlation. An alarm system is operable to initiate an alarm in response to current operating data including a measurement from one of the plurality of sensors falling outside of an expected range, a change in the expected clustering of one of the plurality of sensors based on the current operating data from each of the plurality of sensors, and a variation in the current operating data between two of the plurality of sensors that falls outside of an expected correlation of the two of the plurality of sensors.</description><subject>ELECTRIC COMMUNICATION TECHNIQUE</subject><subject>ELECTRICITY</subject><subject>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</subject><fulltext>true</fulltext><rsrctype>patent</rsrctype><creationdate>2024</creationdate><recordtype>patent</recordtype><sourceid>EVB</sourceid><recordid>eNqNijEOwjAMALswIOAP5gEMDUiIFQTqDswlJC5EJE5lO6D-ng48gOlOuptWt2a4c_BQSEqP_A6CHpJ1z0AIES1ToAd0bBN-Mr-gywyBfBHlYCO4TMo5ggyimMaiXCRkAo-KTkebV5PORsHFj7NqeTpeDs0K-9yi9NYhobbXc13vzMaY7d6s_3m-lbk_Cw</recordid><startdate>20240305</startdate><enddate>20240305</enddate><creator>Pfleger de Aguiar, Leandro</creator><creator>Zonouz, Saman</creator><creator>Pi, Jiaxing</creator><creator>Wei, Dong</creator><creator>Wang, Honggang</creator><scope>EVB</scope></search><sort><creationdate>20240305</creationdate><title>Hybrid unsupervised machine learning framework for industrial control system intrusion detection</title><author>Pfleger de Aguiar, Leandro ; Zonouz, Saman ; Pi, Jiaxing ; Wei, Dong ; Wang, Honggang</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-epo_espacenet_US11924227B23</frbrgroupid><rsrctype>patents</rsrctype><prefilter>patents</prefilter><language>eng</language><creationdate>2024</creationdate><topic>ELECTRIC COMMUNICATION TECHNIQUE</topic><topic>ELECTRICITY</topic><topic>TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION</topic><toplevel>online_resources</toplevel><creatorcontrib>Pfleger de Aguiar, Leandro</creatorcontrib><creatorcontrib>Zonouz, Saman</creatorcontrib><creatorcontrib>Pi, Jiaxing</creatorcontrib><creatorcontrib>Wei, Dong</creatorcontrib><creatorcontrib>Wang, Honggang</creatorcontrib><collection>esp@cenet</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Pfleger de Aguiar, Leandro</au><au>Zonouz, Saman</au><au>Pi, Jiaxing</au><au>Wei, Dong</au><au>Wang, Honggang</au><format>patent</format><genre>patent</genre><ristype>GEN</ristype><title>Hybrid unsupervised machine learning framework for industrial control system intrusion detection</title><date>2024-03-05</date><risdate>2024</risdate><abstract>A system for monitoring an industrial system for cyberattacks includes an industrial control system including a plurality of actuators, a plurality of sensors each arranged to measure one of a plurality of operating parameters, and an edge device and a computer including a data storage device having stored thereon a program that includes each of a time-series database including expected operating ranges for each operating parameter, a clustering-based database that includes clusters of operating parameters having similarities, and a correlation database that includes pairs of operating parameters that show a correlation. An alarm system is operable to initiate an alarm in response to current operating data including a measurement from one of the plurality of sensors falling outside of an expected range, a change in the expected clustering of one of the plurality of sensors based on the current operating data from each of the plurality of sensors, and a variation in the current operating data between two of the plurality of sensors that falls outside of an expected correlation of the two of the plurality of sensors.</abstract><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | |
| ispartof | |
| issn | |
| language | eng |
| recordid | cdi_epo_espacenet_US11924227B2 |
| source | esp@cenet |
| subjects | ELECTRIC COMMUNICATION TECHNIQUE ELECTRICITY TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHICCOMMUNICATION |
| title | Hybrid unsupervised machine learning framework for industrial control system intrusion detection |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-09T07%3A04%3A40IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-epo_EVB&rft_val_fmt=info:ofi/fmt:kev:mtx:patent&rft.genre=patent&rft.au=Pfleger%20de%20Aguiar,%20Leandro&rft.date=2024-03-05&rft_id=info:doi/&rft_dat=%3Cepo_EVB%3EUS11924227B2%3C/epo_EVB%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |