Abstract: This disclosure provides an apparatus and method for intelligent data access using latent semantic analysis and topic modeling. A method includes receiving, by a semantic query processing engine, a set of operator logbooks that include computer-readable text, receiving a natural language query, performing latent semantic analysis on the set of operator logbooks that include computer-readable text and the natural language query, and generating an ordered list of operator logbooks from the set of operator logbooks that include computer-readable text, wherein the ordered list of operator logbooks is ordered by relevance to the natural language query as determined using the latent semantic analysis.

Abstract: A method of securing data in an industrial processing facility (IPF) includes creating a private blockchain (PB) using a OPC UA standard functionality and storing the PB in an OPC UA address space adding it to an OPC UA communication protocol framework including edge-nodes coupled to a cloud-based or edge-located data storage. The edge-nodes are PB participant nodes, and a regulator or leader assigns them a single role as a blockmaker, block voter, or observer. The hash in the public ledger is updated once a new block is validated by a majority of the block voters, and the new block is propagated to all PB participant nodes. The regulator, leader or observer utilizes a time bound majority voting consensus to determine whether the PB participant nodes come to a consensus on a current state in the storage medium, and if a consensus the new block added to the public ledger.

Abstract: A method, an electronic device, and a computer readable medium for vulnerability detection are disclosed. The method includes generating a mapped dataset of a portion of an OPC UA server by mapping the portion of the server, wherein the server is compatible with OPC UA machine to machine (M2M) protocol communication including transport encodings and services. The method also includes identifying input test data to test the portion of the server based in part on the mapped dataset set in order to detect errors. The method further includes performing a plurality of targeted attacks by loading the input test data onto the portion of the server. In response to loading the input test data into the server, the method includes monitoring responses of the server to detect an error. Further, in response to detecting the error the method includes generating a report that indicates the detect error.

Abstract: A method, an electronic device, and a computer readable medium for vulnerability detection are disclosed. The method includes receiving a request, from a computing device, for data associated with an industrial plant. The method also includes generating a session with the computing device. The method further includes gathering nodes from one or more servers associated with the industrial plant, wherein each of the nodes includes data associated a particular feature of the industrial plant. Additionally the method includes deriving contextual links between the nodes and the received request for data to identify levels of similarity between the nodes and the request for data. The method also includes ranking the nodes based on the identified levels of similarity.

Abstract: This disclosure provides an apparatus and method for intelligent data access using latent semantic analysis and topic modeling. A method includes receiving, by a semantic query processing engine, a set of operator logbooks that include computer-readable text, receiving a natural language query, performing latent semantic analysis on the set of operator logbooks that include computer-readable text and the natural language query, and generating an ordered list of operator logbooks from the set of operator logbooks that include computer-readable text, wherein the ordered list of operator logbooks is ordered by relevance to the natural language query as determined using the latent semantic analysis.

Abstract: A method of controlling tunneling in a communication network of an industrial process facility including a client computer and server computer running different communication protocols coupled by the communication network. The method includes providing the client and server computer with a processor connected to a memory. The processor implements a tunneling reliability program including a training model including labeled groups representing reliability data and security data determined from data sources received across the communication network and a learning classifying algorithm for classifying the reliability data and security data as being reliable or not reliable. The processor determines if the communication network is reliable based on the classified reliability data and security data. In response to determining that the communication network is not reliable or secure a notification is generated for a user that the communication network is not reliable and the notification is transmitted to the user.

Abstract: A method and apparatus for identifying malicious activity. At least one memory is configured to store historical communication data. At least one processor is configured to retrieve the historical communication data related to communications between a server and a plurality of clients in a system. The processor is further configured to cluster the historical communication data to group communications of the historical communication data. The processor is further configured to identify a plurality of patterns that indicate malicious activity based on the grouped communications. The processor is further configured to receive current communication data. The processor is further configured to determine whether the current communication data matches the one of the plurality of patterns.

Abstract: A method of securing data in an industrial processing facility (IPF) includes creating a private blockchain (PB) using a OPC UA standard functionality and storing the PB in an OPC UA address space adding it to an OPC UA communication protocol framework including edge-nodes coupled to a cloud-based or edge-located data storage. The edge-nodes are PB participant nodes, and a regulator or leader assigns them a single role as a blockmaker, block voter, or observer. The hash in the public ledger is updated once a new block is validated by a majority of the block voters, and the new block is propagated to all PB participant nodes. The regulator, leader or observer utilizes a time bound majority voting consensus to determine whether the PB participant nodes come to a consensus on a current state in the storage medium, and if a consensus the new block added to the public ledger.

Abstract: A method, an electronic device, and a computer readable medium for vulnerability detection are disclosed. The method includes generating a mapped dataset of a portion of an OPC UA server by mapping the portion of the server, wherein the server is compatible with OPC UA machine to machine (M2M) protocol communication including transport encodings and services. The method also includes identifying input test data to test the portion of the server based in part on the mapped dataset set in order to detect errors. The method further includes performing a plurality of targeted attacks by loading the input test data onto the portion of the server. In response to loading the input test data into the server, the method includes monitoring responses of the server to detect an error. Further, in response to detecting the error the method includes generating a report that indicates the detect error.

Abstract: A method, an electronic device, and a computer readable medium for vulnerability detection are disclosed. The method includes receiving a request, from a computing device, for data associated with an industrial plant. The method also includes generating a session with the computing device. The method further includes gathering nodes from one or more servers associated with the industrial plant, wherein each of the nodes includes data associated a particular feature of the industrial plant. Additionally the method includes deriving contextual links between the nodes and the received request for data to identify levels of similarity between the nodes and the request for data. The method also includes ranking the nodes based on the identified levels of similarity.