公开(公告)号：US11729190B2

公开(公告)日：2023-08-15

申请号：US16666807

申请日：2019-10-29

Applicant: GENERAL ELECTRIC COMPANY

Inventor： Subhrajit Roychowdhury ,  Masoud Abbaszadeh ,  Mustafa Tekin Dokucu

IPC: G06F21/00 ,  H04L9/40 ,  G06F18/214 ,  G06F18/21

CPC classification number: H04L63/1425 ,  G06F18/214 ,  G06F18/2185 ,  H04L63/1416 ,  H04L63/1433 ,  H04L63/1458 ,  H04L63/1466

Abstract: An industrial asset may have monitoring nodes that generate current monitoring node values. A dynamic, resilient estimator may split a temporal monitoring node space into normal and one or more abnormal subspaces associated with different kinds of attack vectors. According to some embodiments, a neutralization model is constructed and trained for each attack vector using supervised learning and the associated abnormal subspace. In other embodiments, a single model is created using out-of-range values for abnormal monitoring nodes. Responsive to an indication of a particular abnormal monitoring node or nodes, the system may automatically invoke the appropriate neutralization model to determine estimated values of the particular abnormal monitoring node or nodes (e.g., by selecting the correct model or using out-of-range values). The series of current monitoring node values from the abnormal monitoring node or nodes may then be replaced with the estimated values.

公开(公告)号：US11693763B2

公开(公告)日：2023-07-04

申请号：US16525807

申请日：2019-07-30

Applicant: GENERAL ELECTRIC COMPANY

Inventor： Hema K Achanta ,  Masoud Abbaszadeh ,  Weizhong Yan ,  Mustafa Tekin Dokucu

IPC: G06F11/36 ,  H04L9/40 ,  H04L41/16 ,  G06N3/08 ,  G06F18/24 ,  G06F18/214 ,  H04L43/12 ,  G06V10/82 ,  G06F11/263 ,  H04W12/128 ,  G06N3/04

CPC classification number: G06F11/3684 ,  G06F11/263 ,  G06F18/214 ,  G06F18/24 ,  G06N3/08 ,  G06V10/82 ,  H04L41/16 ,  H04L43/12 ,  H04L63/1441 ,  H04W12/128 ,  G06N3/0418

Abstract: According to some embodiments, a system, method and non-transitory computer-readable medium are provided to protect a cyber-physical system having a plurality of monitoring nodes comprising: a normal space data source storing, for each of the plurality of monitoring nodes, a series of normal monitoring node values over time that represent normal operation of the cyber-physical system; a situational awareness module including an abnormal data generation platform, wherein the abnormal data generation platform is operative to generate abnormal data to represent abnormal operation of the cyber-physical system using values in the normal space data source and a generative model; a memory for storing program instructions; and a situational awareness processor, coupled to the memory, and in communication with the situational awareness module and operative to execute the program instructions to: receive a data signal, wherein the received data signal is an aggregation of data signals received from one or more of the plurality of monitoring nodes, wherein the data signal includes at least one real-time stream of data source signal values that represent a current operation of the cyber-physical system; determine, via a trained classifier, whether the received data signal is a normal signal or an abnormal signal, wherein the trained classifier is trained with the generated abnormal data and normal data; localize an origin of an anomaly when it is determined the received data signal is the abnormal signal; receive the determination and localization at a resilient estimator module; execute the resilient estimator module to generate a state estimation for the cyber-physical system. Numerous other aspects are provided.

公开(公告)号：US11503045B2

公开(公告)日：2022-11-15

申请号：US16261931

申请日：2019-01-30

Applicant: General Electric Company

Inventor： Masoud Abbaszadeh ,  Walter Yund ,  Daniel Francis Holzhauer

IPC: H04L29/06 ,  H04L9/40 ,  G05B19/4155 ,  G06N5/02

Abstract: A cyber-physical system may have monitoring nodes that generate a series of current monitoring node values over time that represent current operation of the system. A hierarchical abnormality localization computer platform accesses a multi-level hierarchy of elements, and elements in a first level of the hierarchy are associated with elements in at least one lower level of the hierarchy and at least some elements may be associated with monitoring nodes. The computer platform may then determine, based on feature vectors and a decision boundary, an abnormality status for a first element in the highest level of the hierarchy. If the abnormality status indicates an abnormality, the computer platform may determine an abnormality status for elements, associated with the first element, in at least one level of the hierarchy lower than the level of the first element. These determinations may be repeated until an abnormality is localized to a monitoring node.

公开(公告)号：US20220334540A1

公开(公告)日：2022-10-20

申请号：US17229934

申请日：2021-04-14

Applicant: General Electric Company

Inventor： Fernando Javier D'Amato ,  Mustafa Tekin Dokucu ,  Hema Kumari Achanta, III ,  Kalpesh Singal ,  Masoud Abbaszadeh ,  Yuh-Shyang Wang ,  Karla Kvaternik ,  Souransu Nandi ,  Georgios Boutselis

IPC: G05B15/02 ,  G06F21/55 ,  G06F9/455 ,  G06N20/00

Abstract: Systems and methods are provided for the control of an industrial asset, such as a power generating asset. Accordingly, a cyber-attack model predicts a plurality of operational impacts on the industrial asset resulting from a plurality of potential cyber-attacks. The cyber-attack model also predicts a corresponding plurality of potential mitigation responses. In operation, a cyber-attack impacting at least one component of the industrial asset is detected via the cyber-attack neutralization module and a protected operational impact of the cyber-attack is identified based on the cyber-attack model. The cyber-attack neutralization module selects at least one mitigation response of the plurality of mitigation responses based on the predicted operational impact and an operating state of the industrial asset is altered based on the selected mitigation response.

公开(公告)号：US11146579B2

公开(公告)日：2021-10-12

申请号：US16138408

申请日：2018-09-21

Applicant: General Electric Company

Inventor： Masoud Abbaszadeh ,  Fernando D'Amato

IPC: H04L29/06 ,  G06F17/18 ,  H04L12/26 ,  G06N20/00

Abstract: A cyber-physical system may have a plurality of monitoring nodes each generating a series of current monitoring node values over time representing current operation of the system. A data-driven features extraction computer platform may receive the series of current monitoring node values and generate current data-driven feature vectors based on the series of current monitoring node values. A residual features extraction computer platform may receive the series of current monitoring node values, execute a system model and utilize a stochastic filter to determine current residual values, and generate current residual-driven feature vectors based on the current residual values. An abnormal detection platform may then receive the current data-driven and residual-driven feature vectors and compare the current data-driven and residual-driven feature vectors with at least one decision boundary associated with an abnormal detection model. An abnormal alert signal may then be transmitted when appropriate based on a result of said comparison.

公开(公告)号：US11144683B2

公开(公告)日：2021-10-12

申请号：US15491243

申请日：2017-04-19

Applicant: General Electric Company

Inventor： Lalit Keshav Mestha ,  Masoud Abbaszadeh ,  Cody Bushey

IPC: G06F30/20 ,  G06F30/17 ,  G06F111/10

Abstract: An augmented system model may include a system high fidelity model that generates a first output. The augmented system model may further include a data driven model to receive data associated with the first output and to generate a second output, and a feature space version of the second output may be output from the augmented system model. Monitoring nodes may each generate a series of current monitoring node values over time representing current operation of an industrial asset. A model adaptation element may receive the current monitoring node values, calculate a feature space version of current operation, and compare the feature space version of the second output of the augmented system model with the feature space version of current operation. Parameters of the data driven model may then be adapted based on a result of the comparison.

公开(公告)号：US11113395B2

公开(公告)日：2021-09-07

申请号：US15988515

申请日：2018-05-24

Applicant: General Electric Company

Inventor： Masoud Abbaszadeh

IPC: G06F21/55 ,  F03D17/00 ,  F03D7/04

Abstract: According to some embodiments, a plurality of monitoring nodes each generate a series of current monitoring node values over time that represent a current operation of a wind turbine. An abnormality detection computer platform may receive the series of current monitoring node values and generate a set of current feature vectors. The abnormality detection computer platform may also access an abnormality detection model having a plurality of decision boundaries created using wind information (e.g., wind speed and/or acceleration) along with at least one of a set of normal feature vectors and a set of abnormal feature vectors. The abnormality detection computer platform may then select one of the decision boundaries based on current wind information associated with the wind turbine and execute the abnormality detection model and transmit an abnormality alert signal based on the set of current feature vectors and the selected decision boundary.

公开(公告)号：US20210182385A1

公开(公告)日：2021-06-17

申请号：US16710051

申请日：2019-12-11

Applicant: GENERAL ELECTRIC COMPANY

Inventor： Subhrajit Roychowdhury ,  Masoud Abbaszadeh ,  Mustafa Tekin Dokucu

IPC: G06F21/55 ,  G06N3/08 ,  G06N3/04 ,  G05B13/04 ,  G05B13/02

Abstract: An industrial asset may have monitoring nodes (e.g., sensor or actuator nodes) that generate current monitoring node values. An abnormality detection and localization computer may receive the series of current monitoring node values and output an indication of at least one abnormal monitoring node that is currently being attacked or experiencing a fault. An actor-critic platform may tune a dynamic, resilient state estimator for a sensor node and output tuning parameters for a controller that improve operation of the industrial asset during the current attack or fault. The actor-critic platform may include, for example, a dynamic, resilient state estimator, an actor model, and a critic model. According to some embodiments, a value function of the critic model is updated for each action of the actor model and each action of the actor model is evaluated by the critic model to update a policy of the actor-critic platform.

公开(公告)号：US11005870B2

公开(公告)日：2021-05-11

申请号：US16201461

申请日：2018-11-27

Applicant: General Electric Company

Inventor： Weizhong Yan ,  Masoud Abbaszadeh ,  Matthew Nielsen ,  Justin Varkey John

IPC: H04L29/06

Abstract: Systems and methods may be associated with a cyber-physical system, and a blueprint repository data store may contain electronic files that represent behavior-based asset monitoring parameters for different cyber-physical system asset types. A behavior-based asset monitoring creation computer platform may receive an indication of an asset type of the cyber-physical system. The behavior-based asset monitoring creation computer platform may then search the blueprint repository data store and retrieve an electronic file representing behavior-based asset monitoring parameters for the asset type of the cyber-physical system to be monitored. The behavior-based asset monitoring creation computer platform may also receive, from the remote operator device, adjustments to the retrieved behavior-based asset monitoring parameters and automatically configure, based on the adjusted behavior-based asset monitoring parameters, at least a portion of settings for an abnormal detection model. The abnormal detection model may then be created about output to be executed by an abnormal detection platform.

公开(公告)号：US10805324B2

公开(公告)日：2020-10-13

申请号：US15397062

申请日：2017-01-03

Applicant: General Electric Company

Inventor： Masoud Abbaszadeh ,  Cody Joe Bushey ,  Lalit Keshav Mestha ,  Daniel Francis Holzhauer

IPC: H04L29/06 ,  G06N20/00 ,  G05B19/00 ,  G05B23/00

Abstract: A threat detection model creation computer may receive a series of monitoring node values (representing normal and/or threatened operation of the industrial asset control system) and generate a set of normal feature vectors. The threat detection model creation computer may identify a first cluster and a second cluster in the set of feature vectors. The threat detection model creation computer may then automatically determine a plurality of cluster-based decision boundaries for a threat detection model. A first potential cluster-based decision boundary for the threat detection model may be automatically calculated based on the first cluster in the set of feature vectors. Similarly, the threat detection model creation computer may also automatically calculate a second potential cluster-based decision boundary for the threat detection model based on the second cluster in the set of feature vectors.