公开(公告)号：US11281990B2

公开(公告)日：2022-03-22

申请号：US15635995

申请日：2017-06-28

Applicant: NEC Laboratories America, Inc.

Inventor： Wei Cheng ,  Haifeng Chen ,  Guofei Jiang ,  Kai Zhang

IPC: G06N5/00 ,  G06N7/00 ,  G06N20/00

Abstract: A computer-implemented method for simultaneous metric learning and variable selection in non-linear regression is presented. The computer-implemented method includes introducing a dataset and a target variable, creating a univariate neighborhood probability map for each reference point of the dataset, and determining a pairwise distance between each reference point and other points within the dataset. The computer-implemented method further includes computing a Hessian matrix of a quadratic programming (QP) problem, performing optimization of the QP problem, re-weighing data derived from the optimization of the QP problem, and performing non-linear regression on the re-weighed data.

公开(公告)号：US10581665B2

公开(公告)日：2020-03-03

申请号：US15793358

申请日：2017-10-25

Applicant: NEC Laboratories America, Inc.

Inventor： Wei Cheng ,  Haifeng Chen ,  Guofei Jiang

IPC: G06F15/173 ,  H04L12/24 ,  H04L12/26

Abstract: Methods and systems for detecting a system fault include determining a network of broken correlations for a current timestamp, relative to a predicted set of correlations, based on a current set of sensor data. The network of broken correlations for the current timestamp is compared to networks of broken correlations for previous timestamps to determine a fault propagation pattern. It is determined whether a fault has occurred based on the fault propagation pattern. A system management action is performed if a fault has occurred.

公开(公告)号：US10367838B2

公开(公告)日：2019-07-30

申请号：US15425335

申请日：2017-02-06

Applicant: NEC Laboratories America, Inc.

Inventor： Zhengzhang Chen ,  LuAn Tang ,  Guofei Jiang ,  Kenji Yoshihira ,  Haifeng Chen

IPC: H04L12/00 ,  H04L29/06 ,  H04L12/24

Abstract: Methods and systems for detecting anomalous network activity include determining whether a network event exists within an existing topology graph and port graph. A connection probability for the network event is determined if the network does not exist within the existing topology graph and port graph. The network event is identified as abnormal if the connection probability is below a threshold.

公开(公告)号：US10333952B2

公开(公告)日：2019-06-25

申请号：US15729030

申请日：2017-10-10

Applicant: NEC Laboratories America, Inc.

Inventor： Zhengzhang Chen ,  LuAn Tang ,  Ying Lin ,  Zhichun Li ,  Haifeng Chen ,  Guofei Jiang

IPC: H04L29/06 ,  H04L12/24

Abstract: Methods and systems for detecting security intrusions include detecting alerts in monitored system data. Temporal dependencies are determined between the alerts based on a prefix tree formed from the detected alerts. Content dependencies between the alerts are determined based on a distance between alerts in a graph representation of the detected alerts. The alerts are ranked based on an optimization problem that includes the temporal dependencies and the content dependencies. A security management action is performed based on the ranked alerts.

公开(公告)号：US10296430B2

公开(公告)日：2019-05-21

申请号：US15478753

申请日：2017-04-04

Applicant: NEC Laboratories America, Inc.

Inventor： Jianwu Xu ,  Ke Zhang ,  Hui Zhang ,  Renqiang Min ,  Guofei Jiang

IPC: G06F11/22 ,  G06F11/00 ,  G06N3/08

Abstract: Mobile phones and methods for mobile phone failure prediction include receiving respective log files from one or more mobile phone components, including at least one user application. The log files have heterogeneous formats. A likelihood of failure of one or more mobile phone components is determined based on the received log files by clustering the plurality of log files according to structural log patterns and determining feature representations of the log files based on the log clusters. A user is alerted to a potential failure if the likelihood of component failure exceeds a first threshold. An automatic system control action is performed if the likelihood of component failure exceeds a second threshold.

公开(公告)号：US10289841B2

公开(公告)日：2019-05-14

申请号：US15725974

申请日：2017-10-05

Applicant: NEC Laboratories America, Inc.

Inventor： LuAn Tang ,  Hengtong Zhang ,  Zhengzhang Chen ,  Bo Zong ,  Zhichun Li ,  Guofei Jiang ,  Kenji Yoshihira

IPC: G06F21/55 ,  H04L12/24 ,  H04L29/06 ,  G06F21/57

Abstract: Methods and systems for detecting anomalous events include detecting anomalous events in monitored system data. An event correlation graph is generated based on the monitored system data that characterizes the tendency of processes to access system targets. Kill chains are generated that connect malicious events over a span of time from the event correlation graph that characterize events in an attack path over time by sorting events according to a maliciousness value and determining at least one sub-graph within the event correlation graph with an above-threshold maliciousness rank. A security management action is performed based on the kill chains.

公开(公告)号：US10289471B2

公开(公告)日：2019-05-14

申请号：US15420949

申请日：2017-01-31

Applicant: NEC Laboratories America, Inc.

Inventor： Wei Cheng ,  Kai Zhang ,  Haifeng Chen ,  Guofei Jiang

IPC: G06F11/00 ,  G06F11/07 ,  G06N20/00

Abstract: A method is provided for root cause anomaly detection in an invariant network having a plurality of nodes that generate time series data. The method includes modeling anomaly propagation in the network. The method includes reconstructing broken invariant links in an invariant graph based on causal anomaly ranking vectors. Each broken invariant link involves a respective node pair formed from the plurality of nodes such that one of the nodes in the respective node pair has an anomaly. Each causal anomaly ranking vector is for indicating a respective node anomaly status for a given one of the plurality of nodes when paired. The method includes calculating a sparse penalty of the casual anomaly ranking vectors to obtain a set of time-dependent anomaly rankings. The method includes performing temporal smoothing of the set of rankings, and controlling an anomaly-initiating one of the plurality of nodes based on the set of rankings.

公开(公告)号：US20190121973A1

公开(公告)日：2019-04-25

申请号：US16169081

申请日：2018-10-24

Applicant: NEC Laboratories America, Inc.

Inventor： Ding Li ,  Xusheng Xiao ,  Zhichun Li ,  Guofei Jiang ,  Peng Gao

IPC: G06F21/55 ,  G06F17/30 ,  G06F9/54

Abstract: A system and method are provided for identifying security risks in a computer system. The system includes an event stream generator configured to collect system event data from the computer system. The system further includes a query device configured to receive query requests that specify parameters of a query. Each query request includes at least one anomaly model. The query request and the anomaly model are included in a first syntax in which a system event is expressed as {subject-operation-object}. The system further includes a detection device configured to receive at least one query request from the query device and continuously compare the system event data to the anomaly models of the query requests to detect a system event that poses a security risk. The system also includes a reporting device configured to generate an alert for system events that pose a security risk detected by the detection device.

公开(公告)号：US20180060314A1

公开(公告)日：2018-03-01

申请号：US15659131

申请日：2017-07-25

Applicant: NEC Laboratories America, Inc.

Inventor： Jianwu Xu ,  Biplob Debnath ,  Hui Zhang ,  Guofei Jiang

IPC: G06F17/30

CPC classification number: G06F16/1794 ,  G06F16/258

Abstract: Methods and systems for log management include pre-processing heterogeneous logs and performing a log management action on the pre-processed plurality of heterogeneous logs. Pre-processing the logs includes performing a fixed tokenization of the heterogeneous logs based on a predefined set of symbols, performing a flexible tokenization of the heterogeneous logs based on a user-defined set of rules, converting timestamps in the heterogeneous logs to a single target timestamp format, and performing structural log tokenization of the heterogeneous logs based on user-defined structural information.

公开(公告)号：US20180054085A1

公开(公告)日：2018-02-22

申请号：US15680796

申请日：2017-08-18

Applicant: NEC Laboratories America, Inc.

Inventor： Tan Yan ,  Dongjin Song ,  Haifeng Chen ,  Guofei Jiang ,  Tingyang Xu

IPC: H02J13/00 ,  G05B17/02 ,  G06F17/14 ,  G06F17/16

CPC classification number: H02J13/0006 ,  G05B17/02 ,  G06F17/142 ,  G06F17/16 ,  G06F17/18 ,  G06K9/00563 ,  G06K9/6244 ,  G06K9/6267 ,  G06N7/08 ,  G06N20/00

Abstract: A power generator system with anomaly detection and methods for detecting anomalies include a power generator that includes one or more physical components configured to provide electrical power. Sensors are configured to make measurements of a state of respective physical components, outputting respective time series of said measurements. A monitoring system includes a fitting module configured to determine a predictive model for each pair of a set of time series, an anomaly detection module configured to compare new values of each pair of time series to values predicted by the respective predictive model to determine if the respective predictive model is broken and to determine a number of broken predictive model, and an alert module configured to generate an anomaly alert if the number of broken predictive models exceeds a threshold.