Method of malware characterization and prediction
US-2019342308-A1 · Nov 7, 2019 · US
Graph-based sensor ranking
US11228606B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11228606-B2 |
| Application number | US-201916590514-A |
| Country | US |
| Kind code | B2 |
| Filing date | Oct 2, 2019 |
| Priority date | Oct 4, 2018 |
| Publication date | Jan 18, 2022 |
| Grant date | Jan 18, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Methods and systems for detecting and correcting anomalies include ranking sensors in a cyber-physical system according to a degree of influence each sensor has on a measured performance indicator in the cyber-physical system. An anomaly is detected in the cyber-physical system based on the measured performance indicator. A corrective action is performed responsive to the detected anomaly, prioritized according to sensor rank.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for detecting and correcting anomalies, comprising: ranking sensors in a cyber-physical system, using a hardware processor, according to a degree of influence each sensor has on a measured performance indicator in the cyber-physical system; detecting an anomaly in the cyber-physical system based on the measured performance indicator; and performing a corrective action responsive to the detected anomaly, prioritized according to sensor rank. 2. The method of claim 1 , further comprising recording time series data for each sensor in the cyber-physical system and dividing each time series into time segments. 3. The method of claim 2 , wherein ranking the sensors comprises determining respective feature graphs for each time segment of each sensor's time series data. 4. The method of claim 3 , wherein determining the feature graphs comprises weighting edges in the feature graphs according to a dynamic time warping distance between pairs of time segments. 5. The method of claim 3 , wherein ranking the sensors further comprises determining a single label graph for measurements of the performance indicator at each time segment. 6. The method of claim 5 , wherein ranking the sensors further comprises minimizing a loss function based on the feature graphs and the label graph to determine a set of ranking coefficients that rank the sensors according to the degree of influence each sensor has on the measured performance indicator. 7. The method of claim 6 , wherein the loss function is: ℒ ( G k x , G y ) = 1 2 G y - ∑ i = 1 m a i G i x 2 2 + β a k 1 where G k x is a feature graph for the k th sensor, G y is the label graph, m is a number of sensors, a k is a ranking coefficient corresponding to the k th sensor, and β is a user-specified parameter. 8. The method of claim 7 , wherein minimizing the loss function determines a set of values a k that minimize a difference between the label graph G y and an approximation of the label graph at a particular sensor i, a i G i x . 9. The method of claim 1 , wherein performing the corrective action includes performing an action selected from the group consisting of changing a security setting for an application or hardware component, changing an operational parameter of an application or hardware component, halting and/or restarting an application, halting and/or rebooting a hardware component, changing an environmental condition, and changing a network interface's status or settings. 10. A system for detecting and correcting anomalies, comprising: a sensor ranking module configured to rank sensors in a cyber-physical system, using a hardware processor, according to a degree of influence each sensor has on a measured performance indicator in the cyber-physical system; an anomaly detector configured to detect an anomaly in the cyber-physical system based on the measured performance indicator; and a control module configured to perform a corrective action responsive to the detected anomaly, prioritized according to sensor rank. 11. The system of claim 10 , wherein the sensor ranking module is further configured to record time series data for each sensor in the cyber-physical system and dividing each time series into time segments. 12. The system of claim 11 , wherein the sensor ranking module is further configured to determine respective feature graphs for each time segment of each sensor's time series data. 13. The system of claim 12 , wherein the sensor ranking module is further configured to weight edges in the feature graphs according to a dynamic time warping distance between pairs of time segments. 14. The system of claim 13 , wherein the sensor ranking module is further configured to determine a single label graph for measurements of the performance indicator at each time segment. 15. The system of claim 14 , wherein the sensor ranking module is further configured to minimize a loss function based on the feature graphs and the label graph to determine a set of ranking coefficients that rank the sensors according to the degree of influence each sensor has on the measured performance indicator. 16. The system of claim 15 , wherein the loss function is: ℒ ( G k x , G y ) = 1 2 G y - ∑ i = 1 m a
Assignees
Inventors
Classifications
involving long-term monitoring or reporting · CPC title
- G06F21/57Primary
Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities · CPC title
involving event detection and direct action · CPC title
using ranking · CPC title
- H04L63/1425Primary
Traffic logging, e.g. anomaly detection · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11228606B2 cover?
- Methods and systems for detecting and correcting anomalies include ranking sensors in a cyber-physical system according to a degree of influence each sensor has on a measured performance indicator in the cyber-physical system. An anomaly is detected in the cyber-physical system based on the measured performance indicator. A corrective action is performed responsive to the detected anomaly, prio…
- Who is the assignee on this patent?
- Nec Lab America Inc, Nec Corp
- What technology area does this patent fall under?
- Primary CPC classification G06F21/57. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jan 18 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).