logo

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 8578494 B1

PDFFull Text
Date of Patent:
Nov. 05, 2013

Filed:

Aug. 11, 2011

Security threat detection

Applicants:

Joseph J. Engler, Coggon, IA (US);

Timothy B. Jones, Mount Vernon, IA (US);

Gregory W. Rice, Cedar Rapids, IA (US);

Inventors:

Joseph J. Engler, Coggon, IA (US);

Timothy B. Jones, Mount Vernon, IA (US);

Gregory W. Rice, Cedar Rapids, IA (US);

Assignee:

Rockwell Collins, Inc., Cedar Rapids, IA (US);

Attorneys:

Donna P. Suchy

Daniel M. Barbieri

Primary Examiner:

Thanhnga B Truong

Int. Cl.
CPC ...
G06F 11/22 (2006.01);
U.S. Cl.
CPC ...
Abstract

A method of detecting a potential security threat on a computing system is provided. The method comprises embedding time series data relating to the computing system within a reconstructed phase space and partitioning the reconstructed phase space into a plurality of regions. The method further comprises generating a first matrix having a plurality of cells. The first matrix comprises a row and a column for each of the plurality of regions. A value stored in each cell is based on a probability that the system will transition from a first region associated with the cell to a second region associated with the cell and a rate of separation of trajectories of the embedded data within at least one of the first region and the second region. The first matrix is generated using a first set of the time series data that is associated with a normal operating condition of the computing system in which the computing system is not under attack from a security threat. The method further comprises generating a second matrix based on a second set of the time series data and comparing the first matrix and the second matrix to detect whether a potential security threat is present on the computing system.

Find Patent Forward Citations

Loading…