公开(公告)号：US11475124B2

公开(公告)日：2022-10-18

申请号：US15594779

申请日：2017-05-15

Applicant: General Electric Company

Inventor： Masoud Abbaszadeh ,  Lalit Keshav Mestha

IPC: G06F21/55 ,  G06N5/04 ,  G06F21/57 ,  G06N20/00

Abstract: The example embodiments are directed to a system and method for forecasting anomalies in feature detection. In one example, the method includes storing feature behavior information of at least one monitoring node of an asset, including a normalcy boundary identifying normal feature behavior and abnormal feature behavior for the at least one monitoring node in feature space, receiving input signals from the at least one monitoring node of the asset and transforming the input signals into feature values in the feature space, wherein the feature values are located within the normalcy boundary, forecasting that a future feature value corresponding to a future input signal from the at least one monitoring node is going to be positioned outside the normalcy boundary based on the feature values within the normalcy boundary, and outputting information concerning the forecasted future feature value being outside the normalcy boundary for display.

公开(公告)号：US10826932B2

公开(公告)日：2020-11-03

申请号：US16108742

申请日：2018-08-22

Applicant: General Electric Company

Inventor： Masoud Abbaszadeh ,  Lalit Keshav Mestha

IPC: H04L29/06 ,  G06N7/00 ,  G06N5/04 ,  G06K9/62 ,  G06N20/00

Abstract: A plurality of monitoring nodes may each generate a time-series of current monitoring node values representing current operation of a cyber-physical system. A feature-based forecasting framework may receive the time-series of and generate a set of current feature vectors using feature discovery techniques. The feature behavior for each monitoring node may be characterized in the form of decision boundaries that separate normal and abnormal space based on operating data of the system. A set of ensemble state-space models may be constructed to represent feature evolution in the time-domain, wherein the forecasted outputs from the set of ensemble state-space models comprise anticipated time evolution of features. The framework may then obtain an overall features forecast through dynamic ensemble averaging and compare the overall features forecast to a threshold to generate an estimate associated with at least one feature vector crossing an associated decision boundary.

公开(公告)号：US10452845B2

公开(公告)日：2019-10-22

申请号：US15453544

申请日：2017-03-08

Applicant: General Electric Company

Inventor： Lalit Keshav Mestha ,  Santosh Sambamoorthy Veda ,  Masoud Abbaszadeh ,  Chaitanya Ashok Baone ,  Weizhong Yan ,  Saikat Ray Majumder ,  Sumit Bose ,  Annartia Giani ,  Olugbenga Anubi

IPC: G06F21/55 ,  G05B23/02

Abstract: According to some embodiments, a plurality of heterogeneous data source nodes may each generate a series of current data source node values over time that represent a current operation of an electric power grid. A real-time threat detection computer, coupled to the plurality of heterogeneous data source nodes, may receive the series of current data source node values and generate a set of current feature vectors. The threat detection computer may then access an abnormal state detection model having at least one decision boundary created offline using at least one of normal and abnormal feature vectors. The abnormal state detection model may be executed, and a threat alert signal may be transmitted if appropriate based on the set of current feature vectors and the at least one decision boundary.

公开(公告)号：US20180186379A1

公开(公告)日：2018-07-05

申请号：US15397545

申请日：2017-01-03

Applicant: General Electric Company

Inventor： James Brooks ,  Lalit Keshav Mestha

IPC: B60W40/08 ,  B60W50/08

CPC classification number: B60W40/08 ,  A61B5/18 ,  B60K28/06 ,  B60W50/082 ,  B60W50/14 ,  B60W2040/0818 ,  B60W2050/0089 ,  B60W2050/143

Abstract: An alerter augmentation system includes one or more processors that determine an alertness of an operator of a vehicle system. The one or more processors also generate operator input requests that are separated in time by a temporal delay. These input requests seek responses or action by the operator in an attempt to keep or make the operator alert. The one or more processors change one or more of the temporal delay between the input requests and/or a type of the input requests that are generated based at least in part on the alertness of the operator that is determined.

公开(公告)号：US11582042B2

公开(公告)日：2023-02-14

申请号：US15923279

申请日：2018-03-16

Applicant: General Electric Company

Inventor： Benjamin Edward Beckmann ,  Anilkumar Vadali ,  Lalit Keshav Mestha ,  Daniel Francis Holzhauer ,  John William Carbone

IPC: H04L29/06 ,  H04L9/32 ,  G06F16/27 ,  G06F16/22 ,  H04L9/00

Abstract: A verification platform may include a data connection to receive a stream of industrial asset data, including a subset of the industrial asset data, from industrial asset sensors. The verification platform may store the subset of industrial asset data into a data store, the subset of industrial asset data being marked as invalid, and record a hash value associated with a compressed representation of the subset of industrial asset data combined with metadata in a secure, distributed ledger (e.g., associated with blockchain technology). The verification platform may then receive a transaction identifier from the secure, distributed ledger and mark the subset of industrial asset data in the data store as being valid after using the transaction identifier to verify that the recorded hash value matches a hash value of an independently created version of the compressed representation of the subset of industrial asset data combined with metadata.

公开(公告)号：US11144683B2

公开(公告)日：2021-10-12

申请号：US15491243

申请日：2017-04-19

Applicant: General Electric Company

Inventor： Lalit Keshav Mestha ,  Masoud Abbaszadeh ,  Cody Bushey

IPC: G06F30/20 ,  G06F30/17 ,  G06F111/10

Abstract: An augmented system model may include a system high fidelity model that generates a first output. The augmented system model may further include a data driven model to receive data associated with the first output and to generate a second output, and a feature space version of the second output may be output from the augmented system model. Monitoring nodes may each generate a series of current monitoring node values over time representing current operation of an industrial asset. A model adaptation element may receive the current monitoring node values, calculate a feature space version of current operation, and compare the feature space version of the second output of the augmented system model with the feature space version of current operation. Parameters of the data driven model may then be adapted based on a result of the comparison.

公开(公告)号：US10931687B2

公开(公告)日：2021-02-23

申请号：US15899903

申请日：2018-02-20

Applicant: General Electric Company

Inventor： Lalit Keshav Mestha ,  Olugbenga Anubi ,  Justin Varkey John

IPC: H04L29/06 ,  G06F21/50 ,  G06N20/00 ,  B64C39/02 ,  G08G5/00 ,  G06F21/55

Abstract: In some embodiments, an Unmanned Aerial Vehicle (“UAV”) system may be associated with a plurality of monitoring nodes, each monitoring node generating a series of monitoring node values over time that represent operation of the UAV system. An attack detection computer platform may receive the series of current monitoring node values and generate a set of current feature vectors. The attack detection computer platform may access an attack detection model having at least one decision boundary (e.g., created using a set of normal feature vectors a set of attacked feature vectors). The attack detection model may then be executed and the platform may transmit an attack alert signal based on the set of current feature vectors and the at least one decision boundary. According to some embodiments, attack localization and/or neutralization functions may also be provided.

公开(公告)号：US10805324B2

公开(公告)日：2020-10-13

申请号：US15397062

申请日：2017-01-03

Applicant: General Electric Company

Inventor： Masoud Abbaszadeh ,  Cody Joe Bushey ,  Lalit Keshav Mestha ,  Daniel Francis Holzhauer

IPC: H04L29/06 ,  G06N20/00 ,  G05B19/00 ,  G05B23/00

Abstract: A threat detection model creation computer may receive a series of monitoring node values (representing normal and/or threatened operation of the industrial asset control system) and generate a set of normal feature vectors. The threat detection model creation computer may identify a first cluster and a second cluster in the set of feature vectors. The threat detection model creation computer may then automatically determine a plurality of cluster-based decision boundaries for a threat detection model. A first potential cluster-based decision boundary for the threat detection model may be automatically calculated based on the first cluster in the set of feature vectors. Similarly, the threat detection model creation computer may also automatically calculate a second potential cluster-based decision boundary for the threat detection model based on the second cluster in the set of feature vectors.

公开(公告)号：US10785237B2

公开(公告)日：2020-09-22

申请号：US15977558

申请日：2018-05-11

Applicant: General Electric Company

Inventor： Lalit Keshav Mestha ,  Masoud Abbaszadeh ,  Annarita Giani

IPC: H04L29/06 ,  G06N7/00 ,  G06K9/62

Abstract: Streams of monitoring node signal values over time, representing a current operation of the industrial asset, are used to generate current monitoring node feature vectors. Each feature vector is compared with a corresponding decision boundary separating normal from abnormal states. When a first monitoring node passes a corresponding decision boundary, an attack is detected and classified as an independent attack. When a second monitoring node passes a decision boundary, an attack is detected and a first decision is generated based on a first set of inputs indicating if the attack is independent/dependent. From the beginning of the attack on the second monitoring node until a final time, the first decision is updated as new signal values are received for the second monitoring node. When the final time is reached, a second decision is generated based on a second set of inputs indicating if the attack is independent/dependent.

公开(公告)号：US10417415B2

公开(公告)日：2019-09-17

申请号：US15478425

申请日：2017-04-04

Applicant: General Electric Company

Inventor： Masoud Abbaszadeh ,  Lalit Keshav Mestha ,  Cody Bushey ,  Daniel Francis Holzhauer

IPC: G06F21/55 ,  G06N20/00 ,  H04L29/06

Abstract: According to some embodiments, a threat detection computer platform may receive a plurality of real-time monitoring node signal values over time that represent a current operation of the industrial asset. For each stream of monitoring node signal values, the platform may generate a current monitoring node feature vector. The feature vector may also be estimated using a dynamic model output with that monitoring node signal values. The platform may then compare the feature vector with a corresponding decision boundary for that monitoring node, the decision boundary separating a normal state from an abnormal state for that monitoring node. The platform may detect that a particular monitoring node has passed the corresponding decision boundary and classify that particular monitoring node as being under attack. The platform may then automatically determine if the attack on that particular monitoring node is an independent attack or a dependent attack.