公开(公告)号：US11070584B1

公开(公告)日：2021-07-20

申请号：US16734499

申请日：2020-01-06

Applicant: GENERAL ELECTRIC COMPANY

Inventor： Honggang Wang ,  Masoud Abbaszadeh ,  Mustafa Tekin Dokucu

IPC: H04L29/06 ,  G05B19/406

Abstract: A procedure for neutralizing an attack on a control system of an industrial asset includes detecting an anomaly in a first sensor node associated with a first unit operating in a first operational mode, and receiving time series data associated with the first sensor node. A subset of the time series data is provided to each of a plurality of virtual sensor models A first virtual sensor model is selected from among a plurality of virtual sensor models based upon the subset of the time series data received by each of the plurality of virtual sensor models. A first confidence level of the first virtual sensor is determined. Responsive to determining that the first confidence level is below a first confidence level threshold, the first unit is transferred to a second operational mode using sensor readings associated with a second sensor node of a second unit of the industrial asset.

公开(公告)号：US11005873B2

公开(公告)日：2021-05-11

申请号：US16511463

申请日：2019-07-15

Applicant: General Electric Company

Inventor： Daniel Francis Holzhauer ,  Cody Joe Bushey ,  Lalit Keshav Mestha ,  Masoud Abbaszadeh ,  Justin Varkey John

IPC: H04L29/06 ,  H04L12/24 ,  H04L12/26 ,  H04L29/08

Abstract: According to some embodiments, streams of monitoring node signal values may be received over time that represent a current operation of an industrial asset control system. A current operating mode of the industrial asset control system may be received and used to determine a current operating mode group from a set of potential operating mode groups. For each stream of monitoring node signal values, a current monitoring node feature vector may be determined. Based on the current operating mode group, an appropriate decision boundary may be selected for each monitoring node, the appropriate decision boundary separating a normal state from an abnormal state for that monitoring node in the current operating mode. Each generated current monitoring node feature vector may be compared with the selected corresponding appropriate decision boundary, and a threat alert signal may be automatically transmitted based on results of said comparisons.

公开(公告)号：US10990668B2

公开(公告)日：2021-04-27

申请号：US16132705

申请日：2018-09-17

Applicant: General Electric Company

Inventor： Masoud Abbaszadeh ,  Walter Yund ,  Weizhong Yan

IPC: G06F21/00 ,  G06F21/55 ,  G06F21/57 ,  G06K9/62 ,  H04L29/06

Abstract: Monitoring nodes may generate a series of current monitoring node values over time representing current operation of a cyber-physical system. A decision fusion computer platform may receive, from a local status determination module, an indication of whether each node has an initial local status of “normal”/“abnormal” and a local certainty score (with higher values of the local certainty score representing greater likelihood of abnormality). The computer platform may also receive, from a global status determination module, an indication of whether the system has an initial global status of “normal”/“abnormal” and a global certainty score. The computer platform may output, for each node, a fused local status of “normal” or “abnormal,” at least one fused local status being based on the initial global status. The decision fusion computer platform may also output a fused global status of “normal” or “abnormal” based on at least one initial local status.

公开(公告)号：US10671060B2

公开(公告)日：2020-06-02

申请号：US15681974

申请日：2017-08-21

Applicant: General Electric Company

Inventor： Masoud Abbaszadeh ,  Lalit Keshav Mestha ,  Cody Joe Bushey

IPC: G06F21/55 ,  G05B19/418 ,  G06F21/60 ,  G06F21/56 ,  H04L29/06

Abstract: In some embodiments, a system model construction platform may receive, from a system node data store, system node data associated with an industrial asset. The system model construction platform may automatically construct a data-driven, dynamic system model for the industrial asset based on the received system node data. A synthetic attack platform may then inject at least one synthetic attack into the data-driven, dynamic system model to create, for each of a plurality of monitoring nodes, a series of synthetic attack monitoring node values over time that represent simulated attacked operation of the industrial asset. The synthetic attack platform may store, in a synthetic attack space data source, the series of synthetic attack monitoring node values over time that represent simulated attacked operation of the industrial asset. This information may then be used, for example, along with normal operational data to construct a threat detection model for the industrial asset.

公开(公告)号：US12230958B2

公开(公告)日：2025-02-18

申请号：US17274980

申请日：2018-09-13

Applicant: General Electric Company

Inventor： Masoud Abbaszadeh ,  Pierino Gianni Bonanni ,  Reza Ghaemi

IPC: F25B49/02 ,  B29C64/205 ,  B29C64/245 ,  B29C64/321 ,  B29C64/393 ,  B33Y10/00 ,  B33Y30/00 ,  B33Y50/02 ,  F25D11/00 ,  G05B13/04 ,  G05B15/02 ,  H02J13/00

Abstract: A method for controlling a distributed power system is provided, the system including an aggregator communicatively coupled to a plurality of nodes, each of the plurality of nodes including an associated load. The method includes receiving, at the aggregator, a commanded power profile from an independent service operator, the commanded power profile including a commanded power deviation for the distributed power system, calculating, using the aggregator, a score for each of the plurality of nodes based on a current operating power of each node, selecting, using the aggregator, a subset of the plurality of nodes based on the calculated scores, and commanding, using the aggregator, each node in the subset to adjust its current power by a respective predetermined amount, the predetermined amounts determined based on the commanded power deviation.

公开(公告)号：US20230385186A1

公开(公告)日：2023-11-30

申请号：US18321545

申请日：2023-05-22

Applicant: General Electric Company

Inventor： Hema K Achanta ,  Masoud Abbaszadeh ,  Weizhong Yan ,  Mustafa Tekin Dokucu

IPC: G06F11/36 ,  H04L9/40 ,  H04L41/16 ,  G06N3/08 ,  G06F18/24 ,  G06F18/214 ,  H04L43/12 ,  G06V10/82 ,  G06F11/263 ,  H04W12/128

CPC classification number: G06F11/3684 ,  H04L63/1441 ,  H04L41/16 ,  G06N3/08 ,  G06F18/24 ,  G06F18/214 ,  H04L43/12 ,  G06V10/82 ,  G06F11/263 ,  H04W12/128 ,  G06N3/0418

Abstract: According to some embodiments, a system, method and non-transitory computer-readable medium are provided to protect a cyber-physical system having a plurality of monitoring nodes comprising: a normal space data source storing, for each of the plurality of monitoring nodes, a series of normal monitoring node values over time that represent normal operation of the cyber-physical system; a situational awareness module including an abnormal data generation platform, wherein the abnormal data generation platform is operative to generate abnormal data to represent abnormal operation of the cyber-physical system using values in the normal space data source and a generative model; a memory for storing program instructions; and a situational awareness processor, coupled to the memory, and in communication with the situational awareness module and operative to execute the program instructions to: receive a data signal, wherein the received data signal is an aggregation of data signals received from one or more of the plurality of monitoring nodes, wherein the data signal includes at least one real-time stream of data source signal values that represent a current operation of the cyber-physical system; determine, via a trained classifier, whether the received data signal is a normal signal or an abnormal signal, wherein the trained classifier is trained with the generated abnormal data and normal data; localize an origin of an anomaly when it is determined the received data signal is the abnormal signal; receive the determination and localization at a resilient estimator module; execute the resilient estimator module to generate a state estimation for the cyber-physical system. Numerous other aspects are provided.

公开(公告)号：US11659001B2

公开(公告)日：2023-05-23

申请号：US16712221

申请日：2019-12-12

Applicant: GENERAL ELECTRIC COMPANY

Inventor： Honggang Wang ,  Masoud Abbaszadeh

IPC: H04L9/40 ,  G06F16/2458 ,  G06F16/28 ,  G05B19/418 ,  G01K13/00 ,  G01D21/02 ,  G06N3/04

CPC classification number: H04L63/1466 ,  G01D21/02 ,  G01K13/00 ,  G05B19/41885 ,  G06F16/2474 ,  G06F16/285 ,  G06N3/04 ,  G05B2219/32335

Abstract: In some embodiments, identifying a replay attack in an industrial control system of an industrial asset includes receiving a first set of time series data associated with an ambient condition of one or more first monitoring nodes at a first location of the industrial control system. An actual system feature value for the industrial asset is determined based upon the first set of time series data. A second set of time series data indicative of the ambient condition at a second location is received, and a nominal system feature value is determined based upon the second set of time series data. A correlation between the actual feature value and the nominal system feature value is analyzed to determine a correlation result. A request received by the industrial control system is selectively categorized as a replay attack based upon the correlation result.

公开(公告)号：US11658988B2

公开(公告)日：2023-05-23

申请号：US17470311

申请日：2021-09-09

Applicant: General Electric Company

Inventor： Masoud Abbaszadeh ,  Justin John ,  Austars Raymond Schnore, Jr.

IPC: H04L9/40 ,  H04L43/04

CPC classification number: H04L63/1416 ,  H04L63/123 ,  H04L63/145 ,  H04L63/1425 ,  H04L63/1466 ,  H04L63/30 ,  H04L43/04

Abstract: A cyber-physical system may have a plurality of system nodes including a plurality of monitoring nodes each generating a series of current monitoring node values over time that represent current operation of the cyber-physical system. According to some embodiments, a watermarking computer platform may randomly inject a watermarking signal into an injection subset of the system nodes. The watermarking computer platform may then receive current monitoring node values over time and generate a current watermarking feature vector based on the current monitoring node values. The watermarking computer platform might comprise a dedicated watermarking abnormality detection platform or a unified abnormality detection platform (e.g., that also uses data-drive feature vectors). The injection subset may be associated with a randomly selected subset of the system nodes and/or magnitudes of watermarking signals that are randomly selected.

公开(公告)号：US11520881B2

公开(公告)日：2022-12-06

申请号：US16255073

申请日：2019-01-23

Applicant: General Electric Company

Inventor： Honggang Wang ,  Willard Monten Wiseman ,  Masoud Abbaszadeh

IPC: H04L29/06 ,  G06F21/55 ,  B60L53/68 ,  B60L53/66 ,  H04L9/06 ,  H04L9/32 ,  H04L9/00

Abstract: Some embodiments provide a system to protect an electric vehicle charging infrastructure. An electric vehicle charging site may receive AC power from a power grid and provide DC power to electric vehicles. The charging site may include a plurality of monitoring nodes each generating a series of current monitoring node values over time that represent a current operation of the electric vehicle charging infrastructure. A supply equipment communication controller may receive an access request from an access requestor associated with an electric vehicle, the access request being associated with a platform certificate. A secondary actor policy decision point at the charging site may evaluate the access requestor's identity and respond with an action message allowing high-level communication with the access requestor to proceed. Note that information associated with the current monitoring node values and/or the access request may be stored in a secure, distributed transaction ledger (e.g., an attestation blockchain).

公开(公告)号：US11487598B2

公开(公告)日：2022-11-01

申请号：US16574493

申请日：2019-09-18

Applicant: GENERAL ELECTRIC COMPANY

Inventor： Masoud Abbaszadeh ,  Mustafa Tekin Dokucu ,  Justin Varkey John

IPC: G06F11/00 ,  G06F11/07 ,  H04L9/40 ,  G06F17/18 ,  G06K9/62 ,  G06N20/00

Abstract: An industrial asset may have a plurality of monitoring nodes, each monitoring node generating a series of monitoring node values over time representing current operation of the industrial asset. An abnormality detection computer may determine that an abnormal monitoring node is currently being attacked or experiencing a fault. An autonomous, resilient estimator may continuously execute an adaptive learning process to create or update virtual sensor models for that monitoring node. Responsive to an indication that a monitoring node is currently being attacked or experiencing a fault, a level of neutralization may be automatically determined. The autonomous, resilient estimator may then be dynamically reconfigured to estimate a series of virtual node values based on information from normal monitoring nodes, appropriate virtual sensor models, and the determined level of neutralization. The series of monitoring node values from the abnormal monitoring node or nodes may then be replaced with the virtual node values.