公开(公告)号：US20220066431A1

公开(公告)日：2022-03-03

申请号：US17418370

申请日：2018-12-28

Applicant: NEC Corporation

Inventor： Shohei MITANI ,  Satoru YAMANO

IPC: G05B23/02

Abstract: An estimation apparatus 1 includes: a normal index estimation unit 2 configured to estimate, using a second variable output by a second component 21 that influences a first variable output by a first component 21, an index A indicating that the first variable is achieved at a normal time; and an abnormality propagation information estimation unit 3 configured to estimate abnormality propagation information expressing an index indicating that an abnormality propagates to a third variable output by a third component 21 influenced by the first component 21, by changing the first variable.

公开(公告)号：US20220075693A1

公开(公告)日：2022-03-10

申请号：US17419645

申请日：2019-01-16

Applicant: NEC Corporation

Inventor： Shohei MITANI ,  Satoru YAMANO

IPC: G06F11/14 ,  G06F17/18

Abstract: An estimation apparatus 1 includes: a correlation index estimation unit 2 configured to receive a variable output by a component 21 as an input, and estimate correlation index information indicating a range that a value of the variable and a correlation can take after a predetermined time, at a normal time; an abnormality degree calculation unit 3 configured to calculate an abnormality degree using the correlation index information; and a causal effect estimation unit 4 configured to estimate a causal effect expressing an index indicating that an abnormality propagates to a variable output by the component 21.

公开(公告)号：US20220318277A1

公开(公告)日：2022-10-06

申请号：US17635568

申请日：2019-08-22

Applicant: NEC Corporation

Inventor： Takashi KONASHI ,  Satoru YAMANO ,  Shohei MITANI

IPC: G06F16/28 ,  G06F16/22 ,  G07C5/08

Abstract: An information processing device according to an aspect of the present disclosure includes: at least one memory; and at least one processor configured to execute instructions to: acquire a plurality of parameters indicating a state of a device; and extract a combination including two or more parameters from the plurality of parameters based on a dependency relationship between two parameters among the plurality of parameters.

公开(公告)号：US20210126925A1

公开(公告)日：2021-04-29

申请号：US16493930

申请日：2017-03-31

Applicant: NEC Corporation

Inventor： Toshiki WATANABE ,  Satoru YAMANO

IPC: H04L29/06 ,  H04L12/24 ,  G06K9/62

Abstract: An extraction apparatus (1) can obtain a first alert and a second alert that are generated, when an anomaly occurs in a control system, in order to provide notification of the anomaly. The extraction apparatus (1) includes: a classification unit (10) configured to generate association information associating the first alert with the second alert; a learning unit (20) configured to learn a generation pattern of the second alert when the anomaly occurs due to a cause other than a cyber-attack based on the association information generated by the classification unit (10) and a generation pattern of the first alert when the anomaly occurs due to a cause other than a cyber-attack; and an extraction unit (30) configured to extract, from among the second alerts, the second alert generated due to a cyber-attack based on the generation pattern of the second alert that is learned by the learning unit (20) and output the extracted second alert.

公开(公告)号：US20220279003A1

公开(公告)日：2022-09-01

申请号：US17631748

申请日：2019-08-09

Applicant: NEC Corporation

Inventor： Satoru YAMANO ,  Takashi KONASHI ,  Shohei MITANI

IPC: H04L9/40

Abstract: An anomaly detection apparatus 1 includes a period specification unit 2 that, at the time of learning, classifies learning packets by type, and, with use of a packet interval calculated for every packet type and a frequency indicating an incidence rate of the packet interval, specifies a period of the packet type, and a feature extraction unit 3 that extracts, based on the period, a sequence feature amount having sequence information indicating the order of the packet types and information indicating the time distribution between packets in the sequence information.

公开(公告)号：US20210400069A1

公开(公告)日：2021-12-23

申请号：US17285678

申请日：2018-10-29

Applicant: NEC Corporation

Inventor： Shohei MITANI ,  Satoru YAMANO

IPC: H04L29/06 ,  H04L12/24 ,  H04L12/26

Abstract: An information processing apparatus according to the present invention includes a generation unit configured to generate the allowable range of a possible value of data measured from a target system based on a model for predicting the data measured in the target system and the data having been measured from the target system; and a detection unit configured to detect the state of the target system based on the data measured from the target system and the allowable range.

公开(公告)号：US20210333787A1

公开(公告)日：2021-10-28

申请号：US16606537

申请日：2017-04-20

Applicant: NEC CORPORATION

Inventor： Satoru YAMANO ,  Norihito FUJITA ,  Tomohiko YAGYU

IPC: G05B23/02

Abstract: A device management system includes a learning unit 81 for learning a state model representing a normal state of a system including a control target device, based on a control sequence representing one or more time-series commands and data indicating a state of the control target device when the control sequence is issued.

公开(公告)号：US20210248385A1

公开(公告)日：2021-08-12

申请号：US17052957

申请日：2019-05-07

Applicant: NEC Corporation

Inventor： Takashi KONASHI ,  Satoru YAMANO ,  Shohei MITANI

IPC: G06K9/00 ,  G06N20/00

Abstract: A surveillance device according to the present invention includes: a memory; and at least one processor coupled to the memory. The processor performs operations. The operations includes: calculating, based on a value of a parameter that is contained in a received data frame and represents a state of an apparatus, a change in the state of the apparatus; and determining whether the change is included in an allowable range determined in accordance with the state of the apparatus before the change.

公开(公告)号：US20210141895A1

公开(公告)日：2021-05-13

申请号：US17042622

申请日：2018-04-27

Applicant: NEC CORPORATION

Inventor： Takashi KONASHI ,  Satoru YAMANO

IPC: G06F21/55 ,  H04L9/36

Abstract: An extraction device includes: at least one memory configured to store instructions; and at least one processor configured to execute the instructions to: sort each set of frames that have the same identifier associated with a node, into frames maintaining a cycle and frames out of the cycle; and extract, as an event rule, a feature of a bit change in a data field related to an event occurrence, from the frames that have the same identifier and are out of the cycle.

公开(公告)号：US20210026343A1

公开(公告)日：2021-01-28

申请号：US16982623

申请日：2018-03-30

Applicant: NEC CORPORATION

Inventor： Takashi KONASHI ,  Satoru YAMANO

IPC: G05B23/02

Abstract: An information processing device includes: an acquisition unit that acquires a communication packet used for monitoring and controlling a system and process data collected from an apparatus installed in the system via a network; and a detection unit that detects an abnormal communication pattern on the network based on a correspondence between a communication pattern related to the communication packet and the process data.