Abstract: A system and method for a threat monitoring device for determining, within an industrial control system over a data communication network, cross-correlated behaviors of an information technology domain, an operational technology domain, and a physical access domain and associated threats. The method includes receiving sensor data from the information technology domain, sensor data from the operational technology domain, and sensor data from the physical access domain, fusing the sensor data of each of the domains to obtain fused sensor data, determining feature sets from the fused sensor data using behavior profiles, constructing behaviors as sets of the features over time periods, classifying the behaviors to determine a degree of anomaly, classifying anomalous behaviors to determine a threat probability, generating an alert based on the degree of anomaly and the threat probability, displaying particular sensor data and particular time periods associated with the alert.
Type:
Grant
Filed:
April 21, 2021
Date of Patent:
March 19, 2024
Assignee:
SONALYSTS, INC.
Inventors:
Scott Brunza, Timothy Ouellette, William Russ, Stephen Dorton
Abstract: A system and method for a threat monitoring device for determining, within an industrial control system over a data communication network, cross-correlated behaviors of an information technology domain, an operational technology domain, and a physical access domain and associated threats. The method includes receiving sensor data from the information technology domain, sensor data from the operational technology domain, and sensor data from the physical access domain, fusing the sensor data of each of the domains to obtain fused sensor data, determining feature sets from the fused sensor data using behavior profiles, constructing behaviors as sets of the features over time periods, classifying the behaviors to determine a degree of anomaly, classifying anomalous behaviors to determine a threat probability, generating an alert based on the degree of anomaly and the threat probability, displaying particular sensor data and particular time periods associated with the alert.
Type:
Application
Filed:
April 21, 2021
Publication date:
October 27, 2022
Applicant:
SONALYSTS, INC.
Inventors:
Scott BRUNZA, Timothy OUELLETTE, William RUSS, Stephen DORTON
Abstract: A method of determining, within a deployed environment over a data communication network, network threats and their associated behaviors. The method includes the steps of acquiring sensor data that identifies a specific contact, normalizing the acquired sensor data to generate transformed sensor data, deriving, for the specific contact from the transformed sensor data, a contact behavior feature vector for each of a plurality of time periods, determining, for the specific contact, scores associated with each of a plurality of classification modules to form a contact score vector, the contact score vector being independent of an identity of the specific contact, identifying a type of the specific contact based on the contact score vector, and determining a threat type, based on the contact behavioral profile and the contact score vector, when the specific contact is determined to be a threat in the identifying step.
Abstract: A method of determining, within a deployed environment over a data communication network, network threats and their associated behaviors. The method includes the steps of acquiring sensor data that identifies a specific contact, normalizing the acquired sensor data to generate transformed sensor data, deriving, for the specific contact from the transformed sensor data, a contact behavior feature vector for each of a plurality of time periods, determining, for the specific contact, scores associated with each of a plurality of classification modules to form a contact score vector, the contact score vector being independent of an identity of the specific contact, identifying a type of the specific contact based on the contact score vector, and determining a threat type, based on the contact behavioral profile and the contact score vector, when the specific contact is determined to be a threat in the identifying step.
Abstract: A method for controlling the population of marine and aquatic species in an area of water includes the development of data concerning the response of various species to stimuli in different environmental conditions, and the generation of stimuli in the control area to affect the species in that area and thus control the population. The stimuli are generally sonic waves, but other stimuli such as light, radio waves, and magnetism may also be employed in place thereof or in addition thereto. The system uses a feedback monitor and computer with data concerning species response to adapt the stimuli to changing species and conditions.