Patent · US Active

Intrusion detection via semantic fuzzing and message provenance

US11689544B2 · kind B2 · utility

3Cited by

3References

24Claims

0Family size

Assignee

SRI International · US

Inventors

Gabriela F. Ciocarlie · New York, US
Michael E. Locasto · Mina, US
Cherita Corbett · Rockville, US
Dejan Jovanovic · Austin, US

Key dates

Filing date	Mar 15, 2017
Grant date	Jun 27, 2023
Priority date	—
Expiry date	Mar 23, 2037

Classification

Technology area (CPC H)Electricity
CPC primaryH04L67/12
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

Intrusion detection systems and methods monitor legal control messages in an operational control system to detect subtly malicious sequences of control messages with undesirable emergent effects on devices in the operational control system. A message provenance component may investigate system-level correlations between messages rather than detecting if individual messages are anomalous. A semantic fuzzing component may search, based on the operational effect of candidate message sequences, the space of legal messages for sequences that cause actual harm. Behavior oracles may be used to test message sequences to identify sequences that induce drift towards a failure state. The intrusion detection system is able to prevent harm and disruption arising from control messages that individually appear legitimate and benign but that, in combination with other messages, can cause undesirable outcomes.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.