Abstract: Apparatuses and methods for tapping serial communications and transforming the serial data into a format appropriate for routable networks are significant for purposes of security and troubleshooting, especially in critical infrastructure networks. Communication taps should be completely passive such that any failure would not interrupt the serial communications. Furthermore, automatic determination of unspecified serial protocol frames allow general implementation across various networks, or across devices within a single network, without the need to customize for each implementation.

Abstract: Methods are described for protecting a cyber-physical system against a potential attacker of the system. The methods include a method of generating a plurality of examples for a training data set and training a system model using the training data set to generate a decoy configured to generate a synthetic output that mimics historical outputs generated by the system for a given historical system context. Also described is a method including receiving a system context of a cyber-physical system; receiving an inquiry into the system by a potential attacker; applying a system model to the system context and the inquiry; obtaining from the system model a synthetic output that mimics how a component of the system would respond to the inquiry given the system context; and providing the synthetic output to the potential attacker.

Abstract: Computing system operational methods and apparatus are described. According to one aspect, a computing system operational method includes accessing user information regarding a user logging onto a computing device of the computing system, processing the user information to determine if the user information is authentic, as a result of the processing determining that the user information is authentic, first enabling the computing device to execute an application segment, and as a result of the processing determining that the user information is authentic, second enabling the application segment to communicate data externally of the computing device via one of a plurality of network segments of the computing system.

Abstract: Methods are described for protecting a cyber-physical system against a potential attacker of the system. The methods include a method of generating a plurality of examples for a training data set and training a system model using the training data set to generate a decoy configured to generate a synthetic output that mimics historical outputs generated by the system for a given historical system context. Also described is a method including receiving a system context of a cyber-physical system; receiving an inquiry into the system by a potential attacker; applying a system model to the system context and the inquiry; obtaining from the system model a synthetic output that mimics how a component of the system would respond to the inquiry given the system context; and providing the synthetic output to the potential attacker.

Abstract: Computing system operational methods and apparatus are described. According to one aspect, a computing system operational method includes accessing user information regarding a user logging onto a computing device of the computing system, processing the user information to determine if the user information is authentic, as a result of the processing determining that the user information is authentic, first enabling the computing device to execute an application segment, and as a result of the processing determining that the user information is authentic, second enabling the application segment to communicate data externally of the computing device via one of a plurality of network segments of the computing system.

Abstract: A system is described for protecting a cyber-physical system against a potential attacker of the cyber-physical system. The system includes at least one processor configured to: collect historical information about the cyber-physical system, and train, based on the historical information, a machine-learned model to predict future conditions of at least a portion of the cyber-physical system. Responsive to detecting an input signal to the cyber-physical system, the system is configured to output an alert to the cyber-physical system indicative of a potential attacker, and respond to the input signal by simulating, based on the future conditions predicted by the machine-learned model, functionality and communications of the at least a portion of the cyber-physical system.

Abstract: Apparatuses and methods for tapping serial communications and transforming the serial data into a format appropriate for routable networks are significant for purposes of security and troubleshooting, especially in critical infrastructure networks. Communication taps should be completely passive such that any failure would not interrupt the serial communications. Furthermore, automatic determination of unspecified serial protocol frames allow general implementation across various networks, or across devices within a single network, without the need to customize for each implementation.

Abstract: Apparatuses and methods for tapping serial communications and transforming the serial data into a format appropriate for routable networks are significant for purposes of security and troubleshooting, especially in critical infrastructure networks. Communication taps should be completely passive such that any failure would not interrupt the serial communications. Furthermore, automatic determination of unspecified serial protocol frames allow general implementation across various networks, or across devices within a single network, without the need to customize for each implementation.

Abstract: A network analysis tool receives network flow information and uses deep learning—machine learning that models high-level abstractions in the network flow information—to identify dependencies between network assets. Based on the identified dependencies, the network analysis tool can discover functional relationships between network assets. For example, a network analysis tool receives network flow information, identifies dependencies between multiple network assets based on evaluation of the network flow information, and outputs results of the identification of the dependencies. When evaluating the network flow information, the network analysis tool can pre-process the network flow information to produce input vectors, use deep learning to extract patterns in the input vectors, and then determine dependencies based on the extracted patterns. The network analysis tool can repeat this process so as to update an assessment of the dependencies between network assets on a near real-time basis.

Abstract: Computing system operational methods and apparatus are described. According to one aspect, a computing system operational method includes accessing user information regarding a user logging onto a computing device of the computing system, processing the user information to determine if the user information is authentic, as a result of the processing determining that the user information is authentic, first enabling the computing device to execute an application segment, and as a result of the processing determining that the user information is authentic, second enabling the application segment to communicate data externally of the computing device via one of a plurality of network segments of the computing system.

Abstract: A system is described for protecting a cyber-physical system against a potential attacker of the cyber-physical system. The system includes at least one processor configured to: collect historical information about the cyber-physical system, and train, based on the historical information, a machine-learned model to predict future conditions of at least a portion of the cyber-physical system. Responsive to detecting an input signal to the cyber-physical system, the system is configured to output an alert to the cyber-physical system indicative of a potential attacker, and respond to the input signal by simulating, based on the future conditions predicted by the machine-learned model, functionality and communications of the at least a portion of the cyber-physical system.

Abstract: A network analysis tool receives network flow information and uses deep learning—machine learning that models high-level abstractions in the network flow information—to identify dependencies between network assets. Based on the identified dependencies, the network analysis tool can discover functional relationships between network assets. For example, a network analysis tool receives network flow information, identifies dependencies between multiple network assets based on evaluation of the network flow information, and outputs results of the identification of the dependencies. When evaluating the network flow information, the network analysis tool can pre-process the network flow information to produce input vectors, use deep learning to extract patterns in the input vectors, and then determine dependencies based on the extracted patterns. The network analysis tool can repeat this process so as to update an assessment of the dependencies between network assets on a near real-time basis.

Abstract: Apparatuses and methods for tapping serial communications and transforming the serial data into a format appropriate for routable networks are significant for purposes of security and troubleshooting, especially in critical infrastructure networks. Communication taps should be completely passive such that any failure would not interrupt the serial communications. Furthermore, automatic determination of unspecified serial protocol frames allow general implementation across various networks, or across devices within a single network, without the need to customize for each implementation.

Abstract: Apparatuses and methods for tapping serial communications and transforming the serial data into a format appropriate for routable networks are significant for purposes of security and troubleshooting, especially in critical infrastructure networks. Communication taps should be completely passive such that any failure would not interrupt the serial communications. Furthermore, automatic determination of unspecified serial protocol frames allow general implementation across various networks, or across devices within a single network, without the need to customize for each implementation.

Abstract: A system and a method for securing control systems for critical infrastructure, complex networks and/or industrial processing facilities. Aspects of the invention can include a proximity-based user identification device that generates a computer-readable identification of operators who are in proximity to a control device in the control system and an imaging device that captures a visual likeness of operators in proximity to the control device. A network sensor can read operation data from the control system. An overlay network can interconnect the proximity-based identification device, the imaging device, and the network sensor, and can interface to the control system without modifying the control system. Processing hardware can execute processor-implemented instructions to generate a correlation between at least a portion of the operation data and the control system, the computer-readable identification, and the visual likeness.