Threat detection and mitigation in a virtualized computing environment
US-10320813-B1 · Jun 11, 2019 · US
Prediction of potential cyber security threats and risks in an industrial control system using predictive cyber analytics
US2017237752A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2017237752-A1 |
| Application number | US-201615042054-A |
| Country | US |
| Kind code | A1 |
| Filing date | Feb 11, 2016 |
| Priority date | Feb 11, 2016 |
| Publication date | Aug 17, 2017 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
This disclosure provides systems and methods for prediction of potential cyber security threats and risks in an industrial control system using predictive cyber analytics. A method includes receiving, by a risk manager system, real-time data from a plurality of connected devices. The method includes creating, by the risk manager system, a data model based on the real-time data. The method includes analyzing, by the risk manager system, the data model to identify potential current threats. The method includes predicting, by the risk manager system, potential threats. The method includes notifying a user, by the risk manager system, of the potential threats.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method comprising: receiving, by a risk manager system, real-time data from a plurality of connected devices; creating, by the risk manager system, a data model based on the real-time data; analyzing, by the risk manager system, the data model to identify potential current threats; predicting, by the risk manager system, potential threats; notifying a user, by the risk manager system, of the potential current threats and predicted potential threats. 2 . The method of claim 1 , wherein the data model is analyzed by correlating the real-time data with cyber threat intelligence to discover patterns and to establish a correlation between the patterns in order to identify the potential current threats or predicted potential threats. 3 . The method of claim 1 , wherein analyzing the data model includes identifying security gaps which contribute to the potential current threats or predicted potential threats. 4 . The method of claim 1 , further comprising prioritizing the potential current threats or predicted potential threats. 5 . The method of claim 1 , wherein notifying the user is performed by one of email notification, text message notification, or via a dashboard. 6 . The method of claim 1 , wherein the predicted potential threats are predicted based on at least one of the data model, cyber-threat intelligence, or the potential current threats. 7 . The method of claim 1 , wherein the real-time data includes one or more of system and process events, system and application logs, system diagnostics, system performance, network device logs, control system network traffic, and system configuration and policy data. 8 . A risk manager system comprising: a controller; and a memory, the risk manager system configured to: receive real-time data from a plurality of connected devices; create a data model based on the real-time data; analyze the data model to identify potential current threats; predict potential threats; notify a user of the potential current threats and predicted potential threats. 9 . The risk manager system of claim 8 , wherein the data model is analyzed by correlating the real-time data with cyber threat intelligence to discover patterns and to establish a correlation between the patterns in order to identify the potential current threats or predicted potential threats. 10 . The risk manager system of claim 8 , wherein analyzing the data model includes identifying security gaps which contribute to the potential current threats or predicted potential threats. 11 . The risk manager system of claim 8 , wherein the risk manager system is further configured to prioritize the potential current threats or predicted potential threats. 12 . The risk manager system of claim 8 , wherein notifying the user is performed by one of email notification, text message notification, or via a dashboard. 13 . The risk manager system of claim 8 , wherein the predicted potential threats are predicted based on at least one of the data model, cyber-threat intelligence, or the potential current threats. 14 . The risk manager system of claim 8 , wherein the real-time data includes one or more of system and process events, system and application logs, system diagnostics, system performance, network device logs, control system network traffic, and system configuration and policy data. 15 . A non-transitory machine-readable medium encoded with executable instructions that, when executed, cause one or more processors of a risk manager system to: receive real-time data from a plurality of connected devices; create a data model based on the real-time data; analyze the data model to identify potential current threats; predict potential threats; notify a user of the potential current threats and predicted potential threats. 16 . The non-transitory machine-readable medium of claim 15 , wherein the data model is analyzed by correlating the real-time data with cyber threat intelligence to discover patterns and to establish a correlation between the patterns in order to identify the potential current threats or predicted potential threats. 17 . The non-transitory machine-readable medium of claim 15 , wherein analyzing the data model includes identifying security gaps which contribute to the potential current threats or predicted potential threats. 18 . The non-transitory machine-readable medium of claim 15 , wherein the instructions further cause the one or more processors of the risk manager system to prioritize the potential current threats or predicted potential threats. 19 . The non-transitory machine-readable medium of claim 15 , wherein notifying the user is performed by one of email notification, text message notification, or via a dashboard. 20 . The non-transitory machine-readable medium of claim 15 , wherein the predicted potential threats are predicted based on at least one of the data model, cyber-threat intelligence, or the potential current threats.
Assignees
Inventors
Classifications
Vulnerability analysis · CPC title
Inference or reasoning models · CPC title
Assessing vulnerabilities and evaluating computer system security · CPC title
Test or assess a computer or a system · CPC title
- H04L63/1416Primary
Event detection, e.g. attack signature detection · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2017237752A1 cover?
- This disclosure provides systems and methods for prediction of potential cyber security threats and risks in an industrial control system using predictive cyber analytics. A method includes receiving, by a risk manager system, real-time data from a plurality of connected devices. The method includes creating, by the risk manager system, a data model based on the real-time data. The method inclu…
- Who is the assignee on this patent?
- Honeywell Int Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1416. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Thu Aug 17 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).