-
1.发明授权公开(公告)号:US10805324B2
公开(公告)日:2020-10-13
申请号:US15397062
申请日:2017-01-03
Applicant: General Electric Company
Inventor: Masoud Abbaszadeh , Cody Joe Bushey , Lalit Keshav Mestha , Daniel Francis Holzhauer
Abstract: A threat detection model creation computer may receive a series of monitoring node values (representing normal and/or threatened operation of the industrial asset control system) and generate a set of normal feature vectors. The threat detection model creation computer may identify a first cluster and a second cluster in the set of feature vectors. The threat detection model creation computer may then automatically determine a plurality of cluster-based decision boundaries for a threat detection model. A first potential cluster-based decision boundary for the threat detection model may be automatically calculated based on the first cluster in the set of feature vectors. Similarly, the threat detection model creation computer may also automatically calculate a second potential cluster-based decision boundary for the threat detection model based on the second cluster in the set of feature vectors.
-
公开(公告)号:US10204226B2
公开(公告)日:2019-02-12
申请号:US15371905
申请日:2016-12-07
Applicant: General Electric Company
Inventor: Cody Joe Bushey , Lalit Keshav Mestha , Justin Varkey John , Daniel Francis Holzhauer
Abstract: According to some embodiments, a threat detection model creation computer may receive a series of normal monitoring node values (representing normal operation of the industrial asset control system) and generate a set of normal feature vectors. The threat detection model creation computer may also receive a series of threatened monitoring node values (representing a threatened operation of the industrial asset control system) and generate a set of threatened feature vectors. At least one potential decision boundary for a threat detection model may be calculated based on the set of normal feature vectors, the set of threatened feature vectors, and an initial algorithm parameter. A performance of the at least one potential decision boundary may be evaluated based on a performance metric. The initial algorithm parameter may then be tuned based on a result of the evaluation, and the at least one potential decision boundary may be re-calculated.
-
公开(公告)号:US11208920B2
公开(公告)日:2021-12-28
申请号:US16433119
申请日:2019-06-06
Applicant: General Electric Company
Inventor: John Lawrence Meyer , Cody Joe Bushey
Abstract: Embodiments of the present disclosure include a method for controlling a power generation system, the method including: calculating, during operation of the power generation system, a target water level within a pressure vessel of the power generation system, the pressure vessel receiving a feedwater input and generating a steam output; calculating a flow rate change of the steam output from the pressure vessel; calibrating the target water level within the pressure vessel based on the output from mass flux through the pressure vessel, the mass flux through the pressure vessel being derived from the at least the feedwater input and the steam output; and adjusting an operating parameter of the power generation system based on the calibrated target water level within the pressure vessel.
-
公开(公告)号:US10397257B2
公开(公告)日:2019-08-27
申请号:US15371723
申请日:2016-12-07
Applicant: General Electric Company
Inventor: Daniel Francis Holzhauer , Cody Joe Bushey , Lalit Keshav Mestha , Masoud Abbaszadeh , Justin Varkey John
Abstract: According to some embodiments, streams of monitoring node signal values may be received over time that represent a current operation of an industrial asset control system. A current operating mode of the industrial asset control system may be received and used to determine a current operating mode group from a set of potential operating mode groups. For each stream of monitoring node signal values, a current monitoring node feature vector may be determined. Based on the current operating mode group, an appropriate decision boundary may be selected for each monitoring node, the appropriate decision boundary separating a normal state from an abnormal state for that monitoring node in the current operating mode. Each generated current monitoring node feature vector may be compared with the selected corresponding appropriate decision boundary, and a threat alert signal may be automatically transmitted based on results of said comparisons.
-
5.发明授权公开(公告)号:US11005863B2
公开(公告)日:2021-05-11
申请号:US15179034
申请日:2016-06-10
Applicant: General Electric Company
Inventor: Cody Joe Bushey , Lalit Keshav Mestha , Daniel Francis Holzhauer , Justin Varkey John
Abstract: In some embodiments, a plurality of real-time monitoring node signal inputs receive streams of monitoring node signal values over time that represent a current operation of the industrial asset control system. A threat detection computer platform, coupled to the plurality of real-time monitoring node signal inputs, may receive the streams of monitoring node signal values and, for each stream of monitoring node signal values, generate a current monitoring node feature vector. The threat detection computer platform may then compare each generated current monitoring node feature vector with a corresponding decision boundary for that monitoring node, the decision boundary separating a normal state from an abnormal state for that monitoring node, and localize an origin of a threat to a particular monitoring node. The threat detection computer platform may then automatically transmit a threat alert signal based on results of said comparisons along with an indication of the particular monitoring node.
-
Patent Agency Ranking
6.发明授权公开(公告)号:US10826922B2
公开(公告)日:2020-11-03
申请号:US16679749
申请日:2019-11-11
Applicant: General Electric Company
Inventor: Lalit Keshav Mestha , Hema Kumari Achanta , Justin Varkey John , Cody Joe Bushey
Abstract: In some embodiments, an industrial asset may be associated with a plurality of monitoring nodes, each monitoring node generating a series of monitoring node values over time that represent operation of the industrial asset. A threat detection computer may determine that an attacked monitoring node is currently being attacked. Responsive to this determination, a virtual sensor coupled to the plurality of monitoring nodes may estimate a series of virtual node values for the attacked monitoring node(s) based on information received from monitoring nodes that are not currently being attacked. The virtual sensor may then replace the series of monitoring node values from the attacked monitoring node(s) with the virtual node values. Note that in some embodiments, virtual node values may be estimated for a particular node even before it is determined that the node is currently being attacked.
-
公开(公告)号:US10678912B2
公开(公告)日:2020-06-09
申请号:US15351809
申请日:2016-11-15
Applicant: General Electric Company
Inventor: Lalit Keshav Mestha , Cody Joe Bushey , Daniel Francis Holzhauer
Abstract: Operation of an industrial asset control system may be simulated or monitored under various operating conditions to generate a set of operating results. Subsets of the operating results may be used to calculate a normalization function for each of a plurality of operating conditions. Streams of monitoring node signal values over time may be received that represent a current operation of the industrial asset control system. A threat detection platform may then dynamically calculate normalized monitoring node signal values based at least in part on a normalization function in an operating mode database. For each stream of normalized monitoring node signal values, a current monitoring node feature vector may be generated and compared with a corresponding decision boundary for that monitoring node, the decision boundary separating normal and abnormal states for that monitoring node. A threat alert signal may then be automatically transmitted based on results of those comparisons.
-
公开(公告)号:US11036194B2
公开(公告)日:2021-06-15
申请号:US16354926
申请日:2019-03-15
Applicant: General Electric Company
Inventor: Cody Joe Bushey , Lalit Keshav Mestha , Daniel Francis Holzhauer
Abstract: According to some embodiments, a validation platform computer may interpret at least one received data packet to identify a control command for a controller of an industrial asset control system. The at least data packet being might be received, for example, from a network associated with a current operation of the industrial asset control system. The control command may then be introduced into an industrial asset simulation executing in parallel with the industrial asset control system. A simulated result of the control command from the industrial asset simulation may be validated, and, upon validation of the simulated result, it may be arranged for the control command to be provided to the controller of the industrial asset control system. Additionally, in some embodiments failed validation of a simulated result will prompt a threat-alert signal as well as prevent the command (e.g., data packet) from continuing to the controller.
-
公开(公告)号:US11005873B2
公开(公告)日:2021-05-11
申请号:US16511463
申请日:2019-07-15
Applicant: General Electric Company
Inventor: Daniel Francis Holzhauer , Cody Joe Bushey , Lalit Keshav Mestha , Masoud Abbaszadeh , Justin Varkey John
Abstract: According to some embodiments, streams of monitoring node signal values may be received over time that represent a current operation of an industrial asset control system. A current operating mode of the industrial asset control system may be received and used to determine a current operating mode group from a set of potential operating mode groups. For each stream of monitoring node signal values, a current monitoring node feature vector may be determined. Based on the current operating mode group, an appropriate decision boundary may be selected for each monitoring node, the appropriate decision boundary separating a normal state from an abnormal state for that monitoring node in the current operating mode. Each generated current monitoring node feature vector may be compared with the selected corresponding appropriate decision boundary, and a threat alert signal may be automatically transmitted based on results of said comparisons.
-
公开(公告)号:US10671060B2
公开(公告)日:2020-06-02
申请号:US15681974
申请日:2017-08-21
Applicant: General Electric Company
Inventor: Masoud Abbaszadeh , Lalit Keshav Mestha , Cody Joe Bushey
IPC: G06F21/55 , G05B19/418 , G06F21/60 , G06F21/56 , H04L29/06
Abstract: In some embodiments, a system model construction platform may receive, from a system node data store, system node data associated with an industrial asset. The system model construction platform may automatically construct a data-driven, dynamic system model for the industrial asset based on the received system node data. A synthetic attack platform may then inject at least one synthetic attack into the data-driven, dynamic system model to create, for each of a plurality of monitoring nodes, a series of synthetic attack monitoring node values over time that represent simulated attacked operation of the industrial asset. The synthetic attack platform may store, in a synthetic attack space data source, the series of synthetic attack monitoring node values over time that represent simulated attacked operation of the industrial asset. This information may then be used, for example, along with normal operational data to construct a threat detection model for the industrial asset.
-
-
-
-
-
-
-
-
-
Search Results
11
records
(took 0.012 seconds)
