PLC backplane analyzer for field forensics and intrusion detection
| DWPI Title: System for determining e.g. unexpected activity, occurring between components communicatively coupled across backplane, has analyzer system for comparing operational data with baseline data and generating alarm for receipt by operator |
| Abstract: The various technologies presented herein relate to the determination of unexpected and/or malicious activity occurring between components communicatively coupled across a backplane. Control data, etc., can be intercepted at a backplane where the backplane facilitates communication between a controller and at least one device in an automation process. During interception of the control data, etc., a copy of the control data can be made, e.g., the original control data can be replicated to generate a copy of the original control data. The original control data can continue on to its destination, while the control data copy can be forwarded to an analyzer system to determine whether the control data contains a data anomaly. The content of the copy of the control data can be compared with a previously captured baseline data content, where the baseline data can be captured for a same operational state as the subsequently captured control data. |
| Use: System for determining unexpected and/or malicious activity occurring between components communicatively coupled across a backplane. |
| Advantage: The system includes a capture component and/or a configuration component to enable protocol conversion for facilitating transmission of data between the capture component and the analyzer system so as to facilitate analysis of the data to be communicated on a backplane. The system forwards an alarm notification to the controller so as to facilitate placing operation of process associated with the controller into a safe operating state. |
| Novelty: The system has an analyzer system (150) adapted to compare operational data with baseline data, identify anomaly between content of the operational data and content of the baseline data based on the comparison and generate alarm for receipt by an operator in responsive to identifying the anomaly between the content of the operational data and the content of the baseline data, where the baseline data is generated by controllers (110, 110A) based on a control signal and directed to devices (140A-140N) at previous point in time. |
| Filed: 7/22/2013 |
| Application Number: US13947887A |
| Tech ID: SD 12238.1 |
| This invention was made with Government support under Contract No. DE-NA0003525 awarded by the United States Department of Energy/National Nuclear Security Administration. The Government has certain rights in the invention. |
| Data from Derwent World Patents Index, provided by Clarivate All rights reserved. Republication or redistribution of Clarivate content, including by framing or similar means, is prohibited without the prior written consent of Clarivate. Clarivate and its logo, as well as all other trademarks used herein are trademarks of their respective owners and used under license. |