| CPC G06F 21/577 (2013.01) [G06F 21/554 (2013.01); G06N 5/04 (2013.01); G06N 20/00 (2019.01); G06F 2221/034 (2013.01)] | 18 Claims |
|
1. A method for detecting manufacturing device exploitable vulnerabilities, comprising:
sequentially applying a plurality of sub-models of a hierarchy to a plurality of features extracted from device activity data, wherein each sub-model outputs a class when applied to at least a portion of the plurality of features, wherein each class comprises a classifier output representing a device attribute, wherein applying the plurality of sub-models further comprises iteratively determining a next sub-model to apply based on the classifier output by a most recently applied sub-model and the hierarchy;
determining a first device attribute of a manufacturing device based on the classifier output by a last sub-model of the sequentially applied plurality of sub-models;
determining at least one exploitation condition for the manufacturing device based on the first device attribute of the manufacturing device and a plurality of second device attributes indicated in a vulnerabilities database, wherein the vulnerabilities database further indicates a plurality of known exploits for the plurality of second device attributes;
analyzing the manufacturing device to detect an exploitable vulnerability for the manufacturing device, wherein the exploitable vulnerability is a behavior or configuration of the manufacturing device which meets the at least one exploitation condition, wherein analyzing the behavior and configuration of the manufacturing device further comprises identifying that a port is open and querying a vulnerability scanner for identifying information of the open port; and
performing at least one mitigation action based on the exploitable vulnerability.
|