| CPC H04L 63/1416 (2013.01) [H04L 63/1425 (2013.01); H04L 63/1466 (2013.01)] | 20 Claims |
|
1. A method of protecting an industrial system from cyberattacks, the method comprising:
collecting initial operating data from a plurality of sensors each positioned within the industrial system and operable to monitor an operating parameter of the industrial system;
analyzing the initial operating data to develop a program that includes a time-series database including expected operating ranges for each operating parameter, a clustering-based database that includes clusters of operating parameters having similarities, and a correlation database that includes pairs of operating parameters that show a correlation in their initial operating data;
operating the program including the time-series database, the clustering-based database, and the correlation database in a computer, the program operable to receive current operating data and to analyze that operating data in view of each of the time-series database, the clustering-based database, and the correlation database; and
triggering an alarm in response to the analysis of the current operating data indicating at least one of an operating parameter outside of an expected range, a change in the expected clustering, and a variation in a correlation.
|