Patent attributes
The disclosure provides for a two-stage method for analyzing data from an oil and gas field operation site for cyber threats. The method includes, in a first stage of analysis, filtering captured events using local edge computing at the site to perform initial cyber anomaly detection by applying classification models to the captured events, forming filtered data. The method includes transmitting the filtered data to a second stage of analysis and, in the second stage of analysis, analyzing the filtered data in a cloud by applying system context and referring vulnerability databases. The disclosure provides for a system for analyzing data, including an edge computing device that includes computer instructions to filter captured events to perform initial cyber anomaly detection, forming filtered data. The system includes a cloud-based ML cluster to implement a second stage of analysis to analyze the filtered.
