| CPC G06F 11/3684 (2013.01) [G06F 11/263 (2013.01); G06F 18/213 (2023.01); G06F 18/214 (2023.01); G06F 18/24 (2023.01); G06N 3/08 (2013.01); G06V 10/82 (2022.01); H04L 41/16 (2013.01); H04L 43/12 (2013.01); H04L 63/1441 (2013.01); H04W 12/128 (2021.01); G06N 3/0418 (2013.01)] | 20 Claims |
|
1. A system to protect a cyber-physical system having a plurality of monitoring nodes comprising:
a normal space data source storing, for each of the plurality of monitoring nodes, a series of normal monitoring node values over time that represent normal operation of the cyber-physical system;
a situational awareness module including an abnormal data generation platform, wherein the abnormal data generation platform is operative to generate abnormal data to represent abnormal operation of the cyber-physical system using values in the normal space data source and a generative model;
a memory for storing program instructions; and
a situational awareness processor, coupled to the memory, and in communication with the situational awareness module and operative to execute the program instructions to:
receive a data signal, wherein the received data signal is an aggregation of data signals received from one or more of the plurality of monitoring nodes, wherein the data signal includes at least one real-time stream of data source signal values that represent a current operation of the cyber-physical system;
determine, via a trained classifier, whether the received data signal is a normal signal or an abnormal signal, wherein the trained classifier is trained with the generated abnormal data and data stored in the normal space data source;
localize an origin of an anomaly when it is determined the received data signal is the abnormal signal;
receive the determination and the origin of the anomaly at a resilient estimator module; and
execute the resilient estimator module to generate a state estimation for the cyber-physical system.
|