| 发明名称 | PLC backplane analyzer for field forensics and intrusion detection | ||
| 摘要 | The various technologies presented herein relate to the determination of unexpected and/or malicious activity occurring between components communicatively coupled across a backplane. Control data, etc., can be intercepted at a backplane where the backplane facilitates communication between a controller and at least one device in an automation process. During interception of the control data, etc., a copy of the control data can be made, e.g., the original control data can be replicated to generate a copy of the original control data. The original control data can continue on to its destination, while the control data copy can be forwarded to an analyzer system to determine whether the control data contains a data anomaly. The content of the copy of the control data can be compared with a previously captured baseline data content, where the baseline data can be captured for a same operational state as the subsequently captured control data. | ||
| 申请公布号 | US9032522(B1) | 申请公布日期 | 2015.05.12 |
| 申请号 | US201313947887 | 申请日期 | 2013.07.22 |
| 申请人 | Sandia Corporation | 发明人 | Mulder John;Schwartz Moses Daniel;Berg Michael;Van Houten Jonathan Roger;Urrea Jorge Mario;King Michael Aaron;Clements Abraham Anthony;Trent Jason;Depoy Jennifer M.;Jacob Joshua |
| 分类号 | H04L29/00;G06F21/55 | 主分类号 | H04L29/00 |
| 代理机构 | Medley Behrens & Lewis, LLC | 代理人 | Medley Behrens & Lewis, LLC |
| 主权项 | 1. A system comprising: a capture component interposed between a controller and a backplane, the backplane is utilized for communication of data between the controller and a device under control of the controller, the capture component is configured to: capture operational data, the operational data identified as corresponding to an operational state of the controller, the operational data based upon a first control signal generated by the controller and directed to the device at a current point in time; and an analyzer system configured to: compare the operational data with baseline data, the baseline data identified as corresponding to the operational state of the controller, the baseline data based upon a second control signal generated by the controller and directed to the device at a previous point in time;based at least in part upon the comparison, identify an anomaly between content of the operational data and content of the baseline data; andgenerate an alarm for receipt by an operator responsive to identifying the anomaly between the content of the operational data and the content of the baseline data. | ||
| 地址 | Albuquerque NM US | ||