US 12,348,543 B2
Method and system for detecting a cyber-attack on a machine controller
Rishith Ellath Meethal, Bavaria (DE); Christoph Ernst Ludwig, Munich (DE); Mohamed Khalil, Munich (DE); Christoph Heinrich, Donauwörth (DE); Steffen Fries, Baldham (DE); Uwe Blöcher, Puchheim (DE); and Dirk Hartmann, Aßling (DE)
Assigned to SIEMENS AKTIENGESELLSCHAFT, Munich (DE)
Appl. No. 18/028,599
Filed by Siemens Aktiengesellschaft, Munich (DE)
PCT Filed Sep. 10, 2021, PCT No. PCT/EP2021/074905
§ 371(c)(1), (2) Date Mar. 27, 2023,
PCT Pub. No. WO2022/069188, PCT Pub. Date Apr. 7, 2022.
Claims priority of application No. 20199058 (EP), filed on Sep. 29, 2020.
Prior Publication US 2024/0031388 A1, Jan. 25, 2024
Int. Cl. H04L 9/40 (2022.01); G05B 19/418 (2006.01); G06F 21/50 (2013.01); G06F 21/53 (2013.01)
CPC H04L 63/1425 (2013.01) [G05B 19/4183 (2013.01); G05B 19/41885 (2013.01); G06F 21/50 (2013.01); G06F 21/53 (2013.01); H04L 63/1408 (2013.01)] 12 Claims
OG exemplary drawing
 
1. A computer-implemented method for detecting a cyber-attack on a machine controller controlling a machine, the method comprising:
a) running a concurrent simulation of the machine on a computer in a secured access domain;
b) transmitting, from the machine controller, actual control data to the machine and resulting monitoring data to a monitoring device;
c) transmitting sensor data of the machine to the concurrent simulation on a first secured transmission path;
d) simulating, by the concurrent simulation, an operational behavior of the machine based on the sensor data, thus inferring simulated monitoring data;
e) comparing the simulated monitoring data with the resulting monitoring data; and
f) triggering an alarm signal depending on the comparing.