CYBER SECURITY

摘要

Systems and methods that use probabilistic grammatical inference and statistical data analysis techniques to characterize the behavior of systems in terms of a low dimensional set of summary variables and, on the basis of these models, detect anomalous behaviors are disclosed. The disclosed information-theoretic system and method exploit the properties of information to deduce a structure for information flow and management. The properties of information can provide a fundamental basis for the decomposition of systems and hence a structure for the transmission and combination of observations at the desired levels of resolution (e.g., component, subsystem, system).

主权项

1. A computer implemented method for detecting cyber physical system behavior, comprising:
utilizing one or more processors and associated memory storing one or more programs for execution by the one or more processors, the one or more programs including instructions for:
receiving data from a plurality of sensors associated with the cyber physical system;constructing a metrization of the data utilizing a data structuring;determining at least one ensemble and at least one summary variable from the metrized data, wherein the summary variable is based on automata model utilizing a probabilistic grammatical inference that includes discovering common subtrees of a string parse tree via a nonparametric Bayesian clustering method including a Dirichlet Process or a Beta Process a diffusion map technique;applying a thermodynamic formalism to the at least one summary variable to classify a plurality of system behaviors;identifying the plurality of system behaviors based at least in part on the classified plurality of system behaviors;obtaining, by the one or more processors, a baseline of the system behavior associated with the classified plurality of systems behaviors; anddetecting an anomalous condition based on a deviation of the plurality of system behaviors from the baseline.