发明名称 |
CYBER SECURITY |
摘要 |
Systems and methods that use probabilistic grammatical inference and statistical data analysis techniques to characterize the behavior of systems in terms of a low dimensional set of summary variables and, on the basis of these models, detect anomalous behaviors are disclosed. The disclosed information-theoretic system and method exploit the properties of information to deduce a structure for information flow and management. The properties of information can provide a fundamental basis for the decomposition of systems and hence a structure for the transmission and combination of observations at the desired levels of resolution (e.g., component, subsystem, system). |
申请公布号 |
US2016253495(A1) |
申请公布日期 |
2016.09.01 |
申请号 |
US201615152702 |
申请日期 |
2016.05.12 |
申请人 |
Kolacinski Richard M.;Angeline Barry D.;Loparo Kenneth A. |
发明人 |
Kolacinski Richard M.;Angeline Barry D.;Loparo Kenneth A. |
分类号 |
G06F21/55;G06N7/00;G06N99/00 |
主分类号 |
G06F21/55 |
代理机构 |
|
代理人 |
|
主权项 |
1. A computer implemented method for detecting cyber physical system behavior, comprising:
utilizing one or more processors and associated memory storing one or more programs for execution by the one or more processors, the one or more programs including instructions for:
receiving data from a plurality of sensors associated with the cyber physical system;constructing a metrization of the data utilizing a data structuring;determining at least one ensemble and at least one summary variable from the metrized data, wherein the summary variable is based on automata model utilizing a probabilistic grammatical inference that includes discovering common subtrees of a string parse tree via a nonparametric Bayesian clustering method including a Dirichlet Process or a Beta Process a diffusion map technique;applying a thermodynamic formalism to the at least one summary variable to classify a plurality of system behaviors;identifying the plurality of system behaviors based at least in part on the classified plurality of system behaviors;obtaining, by the one or more processors, a baseline of the system behavior associated with the classified plurality of systems behaviors; anddetecting an anomalous condition based on a deviation of the plurality of system behaviors from the baseline. |
地址 |
South Euclid OH US |