Knowledge graph for real time industrial control system security event monitoring and management

Assignees

• Siemens Aktiengesellschaft · DE
• WASHINGTON STATE UNIVERSITY · US

Inventors

• Jiaxing Pi · Weehawken, US
• Dong Wei · Edison, US
• Leandro Pfleger de Aguiar · Lawrence, US
• Yinghui Wu · Cedar Hill, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/562
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Methods and systems are disclosed for security management in an industrial control system (ICS). An event entity detection and linking module generates a model for a plurality of event entities extracted from a plurality of different data sources including one ICS data source and one IT data source. The model encodes a set of linked event entities and their relationships, each event entity associated with a vector of attribute value pairs. A data standardization of domain knowledge includes translating, by a machine learning application, extracted knowledge base information to rules for the constraints and using the rules to validate the constraints and to add new constraints. A fusion module performs temporal correlation detection across data streams of the different data sources for establishing causality between triplets of association models within a defined time span.