Eureka AIR delivers breakthrough ideas for toughest innovation challenges, trusted by R&D personnel around the world.

Anomaly detection in industrial communications networks

A communication network and anomaly detection technology, applied in the direction of error detection/correction, general control system, electrical test/monitoring, etc., can solve problems such as interruption of factory operations, difficulty in detection, generation of errors or alarms, etc., to reduce workload, reduce The effect of the false positive rate

Active Publication Date: 2016-09-14
FISHER-ROSEMOUNT SYST INC
View PDF8 Cites 38 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Although it is possible to run background virus scanning software at every node of the communication network, this software takes up a lot of storage space and processing resources, needs to be updated regularly (which requires significant network maintenance resources and time), and still cannot detect zero day virus
[0009] In many cases, a virus or unauthorized software at a plant device or network node may degrade the performance of that device or network, may interrupt normal plant operations, and cause errors or alarms at that node or other nodes in the network , or may cause other serious and noticeable problems
In some of these cases, the operator or other plant personnel may be able to detect the presence of the virus relatively easily, but it is still difficult to detect the location of the virus
Furthermore, in many other cases, a virus or attack may operate undetected for a long period of time, while it may degrade network operations slightly, such degradation or other impact on plant operations may be negligible, So it's very difficult to detect
As a result, in many cases, viruses may go undetected for long periods of time, during which time they may operate to reduce plant efficiency, allow the theft of plant data, allow more serious intrusions, and expose network devices to under serious assault or injury, etc.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Anomaly detection in industrial communications networks
  • Anomaly detection in industrial communications networks
  • Anomaly detection in industrial communications networks

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0016]In general, the network security systems described herein work by detecting anomalies in network traffic patterns (e.g., traffic or message content, frequency, timing, length, etc.) at or across nodes in an industrial system or process control network To perform threat detection, it can be performed efficiently due to the a priori performance of industrial system or process control network configurations to compare measured traffic patterns with expected or known patterns. That is, the configuration of network communications in a process control, industrial system, or factory automation network is usually fairly well known prior to the implementation or operation of that communications network, so that network business patterns are not relevant during the use or operation of those networks. will not tend to change significantly. In contrast, network communication traffic patterns tend to be relatively static (in a statistical sense) during the operation of the communicat...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The anomaly detection system detects unexpected changes or anomalies in traffic patterns, to detect potentially infected nodes. The detection system generally consists of distributed data collection modules at each node of a network, and a centralised or separate anomaly analysis engine. The collection modules view the message traffic into and out of the node to generate metadata pertaining to the message traffic. This metadata is sent to the analysis engine which processes the metadata using a rules engine, analysis it with a set of logic rules, it can also use traffic pattern baseline data, to determine if the traffic patterns at the nodes are anomalous. If it does determine an anomalous pattern, it will generate a message, it also may perform some corrective action. An example is disconnecting the node from the network.

Description

technical field [0001] In general terms, this application relates to process or industrial plant communication systems, and in particular, this application relates to detecting control and maintenance communication networks (such as those used in process and industrial control systems) based on the detection of message traffic anomalies in plant communication networks. those) intrusions. Background technique [0002] Process or industrial control and maintenance systems, such as distributed or scalable process control systems such as those used in power generation, chemical, petroleum, or other manufacturing processes, typically include one or more A plurality of controllers communicatively coupled to at least one host or operator workstation via the process control network and to one or more field devices via an analog, digital, or combined analog / digital bus. Field devices (which can be, for example, valves, valve positioners, switches, and transmitters (such as temperatu...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06
CPCH04L63/1425H04L43/04H04L63/00H04L43/12G05B1/01G05B23/02G06F11/3006G06F11/34G06F21/55H04L43/02H04L43/062H04L63/1408
Inventor R·A·米克瑟G·K·劳A·E·卡特钦
Owner FISHER-ROSEMOUNT SYST INC
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com