Systems and methods for monitoring traffic on industrial control and building automation system networks
| DWPI Title: System for detecting potential attacks to building automation system, has processor that determines that attack on network occurred based on machine-learning algorithm output and updates graphical user interface based on attack occurrence |
| Abstract: Technologies relating to monitoring communications traffic to detect potential attacks on industrial control system networks and building automation system networks are described herein. In an embodiment, a monitoring device receives a plurality of communications from a control network. The monitoring device transmits the communications to a computing device. Based on the communications, the computing device generates a listing of devices that communicated by way of the control network over a period of time, and computes a volume of traffic between each pair of devices in the listing of devices. The computing device then outputs a graphical user interface (GUI) by way of display, the GUI comprising data indicative of the computed volumes of traffic, which may be indicative of a potential attack on the control network. |
| Use: System for detecting potential attacks to building automation system. |
| Advantage: The volume of traffic is updated between each pair of devices in the updated listing of devices based on the additional communication data. The additional nodes or edges are representative of unexpected or unauthorized communication traffic. The natural user interface can rely on speech recognition, touch and stylus recognition, gesture recognition both on screen and adjacent to the screen, air gestures, head and eye tracking, voice and speech, vision, touch, gesture and machine intelligence. |
| Novelty: The system has a first and second programmable logic controller (PLC) that are in communication by way of a network (504,522). A monitoring device receives a communication transmitted by way of the network over a period of time. A computing device (608) is comprised of a memory (612) comprising instructions that cause the processor (610) to perform acts comprised of receiving the communication from the monitoring device. A graphical user interface (GUI) (624) displayed on a display (616) comprises data indicative of communication traffic on the network and the communication traffic indicative of a potential attack on the network and the GUI comprises a directed graph. The directed graph includes a machine-learning algorithm that executes over the communication received from the monitoring device. An attack is determined on the network occurred based upon an output of the machine-learning algorithm. The GUI is updated based upon the determination that the attack on the network occurred. |
| Filed: 2/20/2018 |
| Application Number: US15899893A |
| Tech ID: SD 13818.1 |
| This invention was made with Government support under Contract No. DE-NA0003525 awarded by the United States Department of Energy/National Nuclear Security Administration. The Government has certain rights in the invention. |
| Data from Derwent World Patents Index, provided by Clarivate All rights reserved. Republication or redistribution of Clarivate content, including by framing or similar means, is prohibited without the prior written consent of Clarivate. Clarivate and its logo, as well as all other trademarks used herein are trademarks of their respective owners and used under license. |