| CPC H04L 63/1416 (2013.01) [G05B 19/4063 (2013.01); G05B 2219/45103 (2013.01)] | 19 Claims |
|
1. An industrial controller for an industrial control system, the industrial controller comprising:
at least one processor;
a memory device connected to the at least one processor;
a communication interface configured to permit communications with other industrial controllers of the industrial control system; and
an intrusion detection system, the intrusion detection system having instructions that, when executed by the at least one processor, cause the at least one processor to:
receive state information about one or more devices connected to the industrial controller;
receive, from additional industrial controllers of the industrial control system via the communication interface, additional state information on additional devices connected to the additional industrial controllers; and
evaluate, with a plurality of first state estimators and one or more second state estimators, the received state information and the received additional state information to determine whether the one or more devices or the additional devices are operating within expected ranges, wherein operation of a device outside of a corresponding expected range indicates that the industrial control system is being attacked, and wherein each of the additional devices has a corresponding first state estimator of the plurality of first state estimators and each of the one or more devices has a corresponding second state estimator of the one or more second state estimators.
|