General Electric Company
Detection and protection against mode switching attacks in cyber-physical systems

Abstract:

A cyber-physical system may have a plurality of monitoring nodes each generating a series of current monitoring node values over time that represent current operation of the cyber-physical system. According to some embodiments, a features extraction computer platform may receive the series of current monitoring node values over time and generate current feature vectors based on the series of current monitoring mode values. A system mode estimation computer platform may provide the current feature vectors to a probabilistic graphical model to generate an estimated system mode. The system mode estimation computer platform may then compare the estimated system mode with a currently reported system mode output by the cyber-physical system and generate a system mode status indication based on a result of said comparison. According to some embodiments, the system mode status indication can be used to override the currently reported system mode of the cyber-physical system.