公开(公告)号：US11916940B2

公开(公告)日：2024-02-27

申请号：US17228191

申请日：2021-04-12

Applicant: General Electric Company

Inventor： Masoud Abbaszadeh ,  Matthew Christian Nielsen ,  Weizhong Yan ,  Justin Varkey John

IPC: H04L29/06 ,  H04L9/40

CPC classification number: H04L63/1425 ,  H04L63/1416

Abstract: According to some embodiments, a system, method, and non-transitory computer readable medium are provided comprising a plurality of real-time monitoring nodes to receive streams of monitoring node signal values over time that represent a current operation of the cyber physical system; and a threat detection computer platform, coupled to the plurality of real-time monitoring nodes, to: receive the monitoring node signal values; compute an anomaly score; compare the anomaly score with an adaptive threshold; and detect that one of a particular monitoring node and a system is outside a decision boundary based on the comparison, and classify that particular monitoring node or system as anomalous. Numerous other aspects are provided.

公开(公告)号：US20220345468A1

公开(公告)日：2022-10-27

申请号：US17236638

申请日：2021-04-21

Applicant: General Electric Company

Inventor： Weizhong Yan ,  Zhaoyuan Yang ,  Masoud Abbaszadeh ,  Yuh-Shyang Wang ,  Fernando Javier D'Amato ,  Hema Kumari Achanta

IPC: H04L29/06 ,  G06N20/00 ,  G06N5/04

Abstract: A method for detecting a cyberattack on a control system of a wind turbine includes providing a plurality of classification models of the control system. The method also includes receiving, via each of the plurality of classification models, a time series of operating data from one or more monitoring nodes of the wind turbine. The method further includes extracting, via the plurality of classification models, a plurality of features using the time series of operating data. Each of the plurality of features is a mathematical characterization of the time series of operating data. Moreover, the method includes generating an output from each of the plurality of classification models and determining, using a decision fusion module, a probability of the cyberattack occurring on the control system based on a combination of the outputs. Thus, the method includes implementing a control action when the probability exceeds a probability threshold.

公开(公告)号：US11448671B2

公开(公告)日：2022-09-20

申请号：US16580525

申请日：2019-09-24

Applicant: GENERAL ELECTRIC COMPANY

Inventor： Weizhong Yan ,  Honggang Wang

IPC: G01R19/25 ,  G06N3/08 ,  G01R31/08

Abstract: Briefly, embodiments are directed to a system, method, and article for identifying power system event signatures. Input measurement data may be received from one or more data sources relating to a power grid system. The input measurement data may comprise normal system operation measurement data and power system event measurement data. A processor may perform operations during an online application phase. During the online application phase, a feature matrix may be generated for the power system event measurement data and the at least one trained auto-associative model. The feature matrix for the power system event measurement data may be processed to determine power system event residuals. Also during the online application phase, the power system event signatures may be identified based on residual statistics for normal system operation measurement data residuals and on the power system event residuals.

公开(公告)号：US11252169B2

公开(公告)日：2022-02-15

申请号：US16374067

申请日：2019-04-03

Applicant: General Electric Company

Inventor： Weizhong Yan ,  Masoud Abbaszadeh

IPC: H04L29/06 ,  G06N20/00

Abstract: A Cyber-Physical System (“CPS”) may have monitoring nodes that generate a series of current monitoring node values representing current operation of the CPS. A normal space data source may store, for each monitoring node, a series of normal monitoring node values representing normal operation of the CPS. An abnormal data generation platform may utilize information in the normal space data source and a generative model to create generated abnormal to represent abnormal operation of the CPS. An abnormality detection model creation computer may receive the normal monitoring node values (and generate normal feature vectors) and automatically calculate and output an abnormality detection model including information about a decision boundary created via supervised learning based on the normal feature vectors and the generated abnormal data.

公开(公告)号：US10990668B2

公开(公告)日：2021-04-27

申请号：US16132705

申请日：2018-09-17

Applicant: General Electric Company

Inventor： Masoud Abbaszadeh ,  Walter Yund ,  Weizhong Yan

IPC: G06F21/00 ,  G06F21/55 ,  G06F21/57 ,  G06K9/62 ,  H04L29/06

Abstract: Monitoring nodes may generate a series of current monitoring node values over time representing current operation of a cyber-physical system. A decision fusion computer platform may receive, from a local status determination module, an indication of whether each node has an initial local status of “normal”/“abnormal” and a local certainty score (with higher values of the local certainty score representing greater likelihood of abnormality). The computer platform may also receive, from a global status determination module, an indication of whether the system has an initial global status of “normal”/“abnormal” and a global certainty score. The computer platform may output, for each node, a fused local status of “normal” or “abnormal,” at least one fused local status being based on the initial global status. The decision fusion computer platform may also output a fused global status of “normal” or “abnormal” based on at least one initial local status.

公开(公告)号：US20140289852A1

公开(公告)日：2014-09-25

申请号：US13848354

申请日：2013-03-21

Applicant: GENERAL ELECTRIC COMPANY

Inventor： Scott Charles Evans ,  Richard Brownell Arthur ,  Bouchra Bouqata ,  Piyush Mishra ,  Weizhong Yan ,  Anil Varma

IPC: G06F21/57

CPC classification number: G06F21/55

Abstract: A system includes a physical analysis module, a cyber analysis module, and a determination module. The physical analysis module is configured to obtain physical diagnostic information, and to determine physical analysis information using the physical diagnostic information. The cyber analysis module is configured to obtain cyber security data of the functional system, and to determine cyber analysis information using the cyber security data. The determination module is configured to obtain the physical analysis information and the cyber analysis information, and to determine a state of the functional system using the physical analysis information and the cyber analysis information. The state determined corresponds to at least one of physical condition or cyber security threat. The determination module is also configured to identify if the state corresponds to one or more of a non-malicious condition or a malicious condition.

Abstract translation: 系统包括物理分析模块，网络分析模块和确定模块。 物理分析模块被配置为获得物理诊断信息，并且使用物理诊断信息来确定物理分析信息。 网络分析模块被配置为获取功能系统的网络安全数据，并使用网络安全数据来确定网络分析信息。 确定模块被配置为获得物理分析信息和网络分析信息，并且使用物理分析信息和网络分析信息来确定功能系统的状态。 所确定的状态对应于身体状况或网络安全威胁中的至少一种。 确定模块还被配置为识别该状态是否对应于非恶意条件或恶意条件中的一个或多个。