Abstract: Disclosed herein are systems and methods for reducing or mitigation alert fatigue from real-time alerts in cyber-physical systems or other types of edge computing systems are provided. In one or more examples, the edge computing system monitor can look for one or more patterns within received data that can indicate malicious activity or other conditions that may warrant a real-time or near-real time response from the operator. In one or more examples, a detection of any of the specified patterns in the streaming data can trigger an alert to the operator of the edge computing system. In one or more examples, the alerts can be suppressed until the number of alerts associated with a particular pattern crosses a pre-determined threshold. Additionally or alternatively, alerts can be suppressed based on a duration that the alerts have been generated. The suppression of alerts can be configured to reduce operator alert fatigue.

Abstract: Accordingly, systems and methods for facilitating operator assisted responses to real-time alerts in cyber-physical systems or other types of edge computing systems are provided. In one or more examples, an edge computing system of an enterprise computing network (where an operator is stationed to operate it), can comprise an edge computing system monitor. In one or more examples, the edge computing system monitor can receive streaming analytic data from one or more components of the edge computing system. In one or more examples, the edge computing system monitor can look for one or more patterns within the received data that can be indicative of malicious activity or other conditions that may warrant a real-time or near-real time response from the operator. In one or more examples, a detection of any of the specified patterns in the streaming data can trigger an alert to the operator of the edge computing system.

Abstract: Provided herein are systems and methods for detecting predefined patterns in streaming data being transmitted in a distributed computing system that contains a plurality of computing devices wherein the plurality of computing devices are collectively configured to execute a distributed software program. In one or more examples, a detection engine can be implemented on a computing device and can be configured to receive streaming data that is being transmitted between computing devices of the system. The detection engine can be further configured to analyze the streaming data to determine if the data matches one or more patterns that is specified by a watch point which can be converted into a happened before language expression. In one or more examples, the streaming data can be converted into an intermediate log file that is compared against patterns expressed by a regular expression and if a match is found, an alert can be generated.

Abstract: Predefined patterns are detected in streaming data being transmitted in a distributed computing system that contains a plurality of computing devices wherein the plurality of computing devices are collectively configured to execute a distributed software program. In one or more examples, a detection engine can be implemented on a computing device and can be configured to receive streaming data that is being transmitted between computing devices of the system. The detection engine can be further configured to analyze the streaming data to determine if the data matches one or more patterns that is specified by a watch point which can be converted into a happened before language expression. In one or more examples, the streaming data can be converted into an intermediate log file that is compared against patterns expressed by a regular expression and if a match is found, an alert can be generated.

Abstract: Described are systems and methods for evaluating cyber effects in a cyber physical system (CPS). In some embodiments, a simulation model of the CPS is built and includes a plurality of component sets. The plurality of component sets includes at least one component in the simulation model. A control component is inserted into the simulation model. One or more connections between the plurality of component sets is routed through the control component. A cyber-attack on a component set selected from the plurality of component sets can be simulated by configuring the control component to control an output transmitted via a routed connection between the plurality of component sets. The model components may be iteratively replaced by CPS components, including software or physical components, to improve the cyber-attack and evaluation fidelity.

Abstract: Systems and methods for automatically injecting effects in cyber-physical systems and their simulations are provided herein. In one example, the cyber-physical system under test can include one or more watch-point monitors that can analyze messages between components of the system to determine the presence of one or more particular patterns present in the messages being passed between components of the system during operation. In one or more examples, upon detection of one or more conditions matching a watch point, the systems and methods presented herein can activate an effect and inject it into the cyber-physical system under test based on the detected watch point. In one or more examples, the systems and methods can provide a domain-specific “effects language” (EL) that can allow a user to specify a watch point and an effect corresponding to the watch point.

Abstract: Described are systems and methods for evaluating cyber effects in a cyber-physical system (CPS). In some embodiments, a simulation model of the CPS is built and includes an attacked component set and an evaluated component set. A control component is inserted into the simulation model. One or more direct connections between the attacked component set and the evaluated component set are disconnected. One or more indirect connections are identified and then disconnected from the simulation model with disconnected direct connections. The one or more direct connections and indirect connections are routed through the control component. A cyber-attack on the attacked component set can be simulated by configuring the control component to control outputs transmitted via a routed connection, the routed connection being one of the routed direct or indirect connections. The simulated components of the simulation model can be progressively and iteratively replaced by corresponding components from the CPS.

Abstract: Systems and methods for automatically injecting effects in cyber-physical systems and their simulations are provided herein. In one example, the cyber-physical system under test can include one or more watch-point monitors that can analyze messages between components of the system to determine the presence of one or more particular patterns present in the messages being passed between components of the system during operation. In one or more examples, upon detection of one or more conditions matching a watch point, the systems and methods presented herein can activate an effect and inject it into the cyber-physical system under test based on the detected watch point. In one or more examples, the systems and methods can provide a domain-specific “effects language” (EL) that can allow a user to specify a watch point and an effect corresponding to the watch point.

Abstract: Provided herein are systems and methods for detecting predefined patterns in streaming data being transmitted in a distributed computing system that contains a plurality of computing devices wherein the plurality of computing devices are collectively configured to execute a distributed software program. In one or more examples, a detection engine can be implemented on a computing device and can be configured to receive streaming data that is being transmitted between computing devices of the system. The detection engine can be further configured to analyze the streaming data to determine if the data matches one or more patterns that is specified by a watch point which can be converted into a happened before language expression. In one or more examples, the streaming data can be converted into an intermediate log file that is compared against patterns expressed by a regular expression and if a match is found, an alert can be generated.

Abstract: Described are systems and methods for evaluating cyber effects in a cyber-physical system (CPS). In some embodiments, a simulation model of the CPS is built and includes an attacked component set and an evaluated component set. A control component is inserted into the simulation model. One or more direct connections between the attacked component set and the evaluated component set are disconnected. One or more indirect connections are identified and then disconnected from the simulation model with disconnected direct connections. The one or more direct connections and indirect connections are routed through the control component. A cyber-attack on the attacked component set can be simulated by configuring the control component to control outputs transmitted via a routed connection, the routed connection being one of the routed direct or indirect connections. The simulated components of the simulation model can be progressively and iteratively replaced by corresponding components from the CPS.

Abstract: Described are systems and methods for evaluating cyber effects in a cyber-physical system (CPS). In some embodiments, a simulation model of the CPS is built and includes an attacked component set and an evaluated component set. A control component is inserted into the simulation model. One or more direct connections between the attacked component set and the evaluated component set are disconnected. One or more indirect connections are identified and then disconnected from the simulation model with disconnected direct connections. The one or more direct connections and indirect connections are routed through the control component. A cyber-attack on the attacked component set can be simulated by configuring the control component to control outputs transmitted via a routed connection, the routed connection being one of the routed direct or indirect connections. The simulated components of the simulation model can be progressively and iteratively replaced by corresponding components from the CPS.

Abstract: A graphical user interface configured to facilitate replay debugging in distributed software programs is provided. In one or more examples, the graphical user interface provides a visual progress bar, wherein a position on the visual progress bar corresponds to a log file generated when the distributed software program is executed. The user can manipulate the graphical user to replay the log files and visualize the state of the playback through the visual progress bar. The graphical user interface can also allow the user to provide watch points and can allow the user to visualize variables that are contained within the log files. The watch points can represent one or more conditions. The log files can be analyzed to determine if they meet the condition specified in the watch point, and if the log files meet the condition, a visual indication can be provided on the visual progress bar.

Abstract: A graphical user interface configured to facilitate replay debugging in distributed software programs is provided. The graphical user interface can allow the user to provide watchpoints and can allow the user to visualize variables that are contained within the log files. The watchpoints can represent one or more conditions. The user defined watchpoints can be converted into regex expressions and applied to the log files to determine if they meet the condition specified in the watchpoint, and if the log files meet the condition, a visual indication can be provided on a visual progress bar.

Abstract: A graphical user interface configured to facilitate replay debugging in distributed software programs is provided. In one or more examples, the graphical user interface provides a visual progress bar, wherein a position on the visual progress bar corresponds to a log file generated when the distributed software program is executed. The user can manipulate the graphical user to replay the log files and visualize the state of the playback through the visual progress bar. The graphical user interface can also allow the user to provide watch points and can allow the user to visualize variables that are contained within the log files. The watch points can represent one or more conditions. The log files can be analyzed to determine if they meet the condition specified in the watch point, and if the log files meet the condition, a visual indication can be provided on the visual progress bar.

Abstract: Systems and methods are disclosed that provide high-level, ontology-based analysis of low-level data stored within an unstructured key/value store. The systems and methods allow an analyst to make sense of massive amounts of data from diverse sources without having any knowledge of the underlying physical data storage. The systems and methods provide flexible ontology assisted addressing, embedding such addressing in existing query languages such as widely used Structured Query Language (SQL), and returning results and provenance information of the results.

Abstract: Described are systems and methods for evaluating cyber effects in a cyber-physical system (CPS). In some embodiments, a simulation model of the CPS is built and includes an attacked component set and an evaluated component set. A control component is inserted into the simulation model. One or more direct connections between the attacked component set and the evaluated component set are disconnected. One or more indirect connections are identified and then disconnected from the simulation model with disconnected direct connections. The one or more direct connections and indirect connections are routed through the control component. A cyber-attack on the attacked component set can be simulated by configuring the control component to control outputs transmitted via a routed connection, the routed connection being one of the routed direct or indirect connections. The simulated components of the simulation model can be progressively and iteratively replaced by corresponding components from the CPS.

Abstract: Systems and methods are disclosed that provide high-level, ontology-based analysis of low-level data stored within an unstructured key/value store. The systems and methods allow an analyst to make sense of massive amounts of data from diverse sources without having any knowledge of the underlying physical data storage. The systems and methods provide flexible ontology assisted addressing, embedding such addressing in existing query languages such as widely used Structured Query Language (SQL), and returning results and provenance information of the results.

Abstract: Systems and methods are disclosed that provide high-level, ontology-based analysis of low-level data stored within an unstructured key/value store. The systems and methods allow an analyst to make sense of massive amounts of data from diverse sources without having any knowledge of the underlying physical data storage. Additional features include feasibility queries to determine if requested data exists in the key/value store before performing an expensive query; automatic query optimization using secondary indexes; and a usage history service to identify performance bottlenecks and fine tune the storage schema.

Abstract: Systems and methods are disclosed that provide high-level, ontology-based analysis of low-level data stored within an unstructured key/value store. The systems and methods allow an analyst to make sense of massive amounts of data from diverse sources without having any knowledge of the underlying physical data storage. Additional features include feasibility queries to determine if requested data exists in the key/value store before performing an expensive query; automatic query optimization using secondary indexes; and a usage history service to identify performance bottlenecks and fine tune the storage schema.

Abstract: A computer implemented system and method for managing inventory includes determining a value for a parameter indicative of a response time associated with at least one transaction for an item of inventory. In conjunction with executing any particular transaction, an inventory update method is selected from a plurality of inventory update methods based at least in part on the determined value. A record indicative of an inventory level of the item is modified according to the selected inventory update method. A first inventory update method alters a locked inventory record and a second inventory update method alters a freely accessible proxy for the locked inventory record.