| CPC G06F 21/552 (2013.01) [G06F 9/45508 (2013.01); G06F 30/20 (2020.01); G06N 20/00 (2019.01); G06F 2221/034 (2013.01)] | 13 Claims |
|
1. A method, comprising:
receiving, by a honeypot system comprising a deep learning processor, an input from an interface coupled to the honeypot system, the input comprising a malware attack;
initiating, by the honeypot system, a simulated process performed by a simulator of the honeypot system, wherein the simulated process simulates a manufacturing process performed by a manufacturing system;
generating, by an emulator of the honeypot system, one or more emulated control signals, the emulator configured to emulate a process controller deployed in the manufacturing system;
generating, by the simulator of the honeypot system, simulated response data based on the one or more emulated control signals;
generating, by the deep learning processor of the honeypot system, expected response data based on the one or more emulated control signals;
generating, by the deep learning processor of the honeypot system, actual response data based on the simulated response data;
comparing, by the deep learning processor of the honeypot system, the expected response data to the actual response data to the actual response data; and
learning, by the deep learning processor of the honeypot system, to identify anomalous activity based on the comparing.
|