公开(公告)号：US20180060385A1

公开(公告)日：2018-03-01

申请号：US15684273

申请日：2017-08-23

Applicant: NEC Laboratories America, Inc.

Inventor： Xusheng Xiao ,  Zhichun Li ,  Mu Zhang ,  Guofei Jiang ,  Jiaping Gui

IPC: G06F17/30

CPC classification number: G06F16/24532 ,  G06F16/22 ,  G06F16/245 ,  G06F16/24535 ,  G06F16/24545 ,  G06F21/57 ,  G06F21/6227 ,  G06F2221/034

Abstract: Methods for querying a database and database systems include optimizing a database query for parallel execution using spatial and temporal information relating to elements in the database, the optimized database query being split into sub-queries with sub-queries being divided spatially according to host and temporally according to time window. The sub-queries are executed in parallel. The results of the database query are outputted progressively.

公开(公告)号：US20180336256A1

公开(公告)日：2018-11-22

申请号：US15979512

申请日：2018-05-15

Applicant: NEC Laboratories America, Inc.

Inventor： Ding Li ,  Kangkook Jee ,  Zhichun Li ,  Mu Zhang ,  Zhenyu Wu

IPC: G06F17/30

CPC classification number: G06F16/1744 ,  G06F3/0643 ,  G06F16/2246 ,  G06F16/2272 ,  G06F16/24568 ,  G06F16/25 ,  G06F16/258 ,  G06F16/9027 ,  G06F21/552 ,  G06F21/6218 ,  G06F2216/03 ,  G06F2221/2143 ,  G06K9/6219

Abstract: Systems and methods for data reduction including organizing data of an event stream into a file access table concurrently with receiving the event stream, the data including independent features and dependent features. A frequent pattern tree (FP-Tree) is built including nodes corresponding to the dependent features according to a frequency of occurrence of the dependent features relative to the independent features. Each single path in the FP-Tree is merged into a special node corresponding to segments of dependent features to produce a reduced FP-Tree. All path combinations in the reduced FP-Tree are identified. A compressible file access template (CFAT) is generated corresponding to each of the path combinations. The data of the event stream is compressed with the CFATs to reduce the dependent features to special events representing the dependent features.

公开(公告)号：US11030157B2

公开(公告)日：2021-06-08

申请号：US15979514

申请日：2018-05-15

Applicant: NEC Laboratories America, Inc.

Inventor： Ding Li ,  Kangkook Jee ,  Zhichun Li ,  Mu Zhang ,  Zhenyu Wu

IPC: G06F16/00 ,  G06F16/174 ,  G06F3/06 ,  G06K9/62 ,  G06F16/25 ,  G06F16/22 ,  G06F16/2455 ,  G06F21/62 ,  G06F16/901 ,  G06F21/55

Abstract: Systems and methods for mining and compressing commercial data including a network of point of sale devices to log commercial activity data including independent commercial events and corresponding dependent features. A middleware system is in communication with the network of point of sale devices to continuously collect and compress a stream of the commercial activity data and concurrently store the compressed commercial activity data. Compressing the stream includes a file access table corresponding to the commercial activity data, producing compressible file access templates (CFATs) according to frequent patterns of commercial activity data using the file access table, and replacing dependent feature sequences with a matching compressible file access template. A database is in communication with the middleware system to store the compressed commercial data. A commercial pattern analysis system is in communication with the database to determine patterns in commercial activities across the network of point of sale devices.

公开(公告)号：US20180336349A1

公开(公告)日：2018-11-22

申请号：US15972911

申请日：2018-05-07

Applicant: NEC Laboratories America, Inc.

Inventor： Mu Zhang ,  Kangkook Jee ,  Zhichun Li ,  Ding Li ,  Zhenyu Wu ,  Junghwan Rhee

IPC: G06F21/55

Abstract: A method and system are provided for causality analysis of Operating System-level (OS-level) events in heterogeneous enterprise hosts. The method includes storing, by the processor, the OS-level events in a priority queue in a prioritized order based on priority scores determined from event rareness scores and event fanout scores for the OS-level events. The method includes processing, by the processor, the OS-level events stored in the priority queue in the prioritized order to provide a set of potentially anomalous ones of the OS-level events within a set amount of time. The method includes generating, by the processor, a dependency graph showing causal dependencies of at least the set of potentially anomalous ones of the OS-level events, based on results of the causality dependency analysis. The method includes initiating, by the processor, an action to improve a functioning of the hosts responsive to the dependency graph or information derived therefrom.

公开(公告)号：US10885027B2

公开(公告)日：2021-01-05

申请号：US15684273

申请日：2017-08-23

Applicant: NEC Laboratories America, Inc.

Inventor： Xusheng Xiao ,  Zhichun Li ,  Mu Zhang ,  Guofei Jiang ,  Jiaping Gui

IPC: G06F16/2453 ,  G06F21/62 ,  G06F16/245 ,  G06F21/57 ,  G06F16/22

Abstract: Methods for querying a database and database systems include optimizing a database query for parallel execution using spatial and temporal information relating to elements in the database, the optimized database query being split into sub-queries with sub-queries being divided spatially according to host and temporally according to time window. The sub-queries are executed in parallel. The results of the database query are outputted progressively.

公开(公告)号：US10831750B2

公开(公告)日：2020-11-10

申请号：US15684325

申请日：2017-08-23

Applicant: NEC Laboratories America, Inc.

Inventor： Xusheng Xiao ,  Zhichun Li ,  Mu Zhang ,  Guofei Jiang ,  Jiaping Gui ,  Ding Li

IPC: G06F7/00 ,  G06F16/2453 ,  G06F21/62 ,  G06F16/245 ,  G06F21/57 ,  G06F16/22

Abstract: Automated security systems and methods include a set monitored systems, each having one or more corresponding monitors configured to record system state information. A progressive software behavioral query language (PROBEQL) database is configured to store the system state information from the monitored systems. A query optimizing module is configured to optimize a database query for parallel execution using spatial and temporal information relating to elements in the PROBEQL database. The optimized database query is split into sub-queries with sub-queries being divided spatially according to host and temporally according to time window. A parallel execution module is configured to execute the sub-queries on the PROBEQL database in parallel. A results module is configured to output progressive results of the database query. A security control system is configured to perform a security control action in accordance with the progressive results.

公开(公告)号：US10733149B2

公开(公告)日：2020-08-04

申请号：US15979512

申请日：2018-05-15

Applicant: NEC Laboratories America, Inc.

Inventor： Ding Li ,  Kangkook Jee ,  Zhichun Li ,  Mu Zhang ,  Zhenyu Wu

IPC: G06F17/00 ,  G06F7/00 ,  G06F16/174 ,  G06F3/06 ,  G06K9/62 ,  G06F16/25 ,  G06F16/22 ,  G06F16/2455 ,  G06F21/62 ,  G06F16/901 ,  G06F21/55

Abstract: Systems and methods for data reduction including organizing data of an event stream into a file access table concurrently with receiving the event stream, the data including independent features and dependent features. A frequent pattern tree (FP-Tree) is built including nodes corresponding to the dependent features according to a frequency of occurrence of the dependent features relative to the independent features. Each single path in the FP-Tree is merged into a special node corresponding to segments of dependent features to produce a reduced FP-Tree. All path combinations in the reduced FP-Tree are identified. A compressible file access template (CFAT) is generated corresponding to each of the path combinations. The data of the event stream is compressed with the CFATs to reduce the dependent features to special events representing the dependent features.

公开(公告)号：US20180336218A1

公开(公告)日：2018-11-22

申请号：US15979514

申请日：2018-05-15

Applicant: NEC Laboratories America, Inc.

Inventor： Ding Li ,  Kangkook Jee ,  Zhichun Li ,  Mu Zhang ,  Zhenyu Wu

IPC: G06F17/30 ,  G06F3/06 ,  G06K9/62

Abstract: Systems and methods for mining and compressing commercial data including a network of point of sale devices to log commercial activity data including independent commercial events and corresponding dependent features. A middleware system is in communication with the network of point of sale devices to continuously collect and compress a stream of the commercial activity data and concurrently store the compressed commercial activity data. Compressing the stream includes a file access table corresponding to the commercial activity data, producing compressible file access templates (CFATs) according to frequent patterns of commercial activity data using the file access table, and replacing dependent feature sequences with a matching compressible file access template. A database is in communication with the middleware system to store the compressed commercial data. A commercial pattern analysis system is in communication with the database to determine patterns in commercial activities across the network of point of sale devices.

公开(公告)号：US20180060586A1

公开(公告)日：2018-03-01

申请号：US15684325

申请日：2017-08-23

Applicant: NEC Laboratories America, Inc.

Inventor： Xusheng Xiao ,  Zhichun Li ,  Mu Zhang ,  Guofei Jiang ,  Jiaping Gui

IPC: G06F21/57

CPC classification number: G06F16/24532 ,  G06F16/22 ,  G06F16/245 ,  G06F16/24535 ,  G06F16/24545 ,  G06F21/57 ,  G06F21/6227 ,  G06F2221/034

Abstract: Automated security systems and methods include a set monitored systems, each having one or more corresponding monitors configured to record system state information. A progressive software behavioral query language (PROBEQL) database is configured to store the system state information from the monitored systems. A query optimizing module is configured to optimize a database query for parallel execution using spatial and temporal information relating to elements in the PROBEQL database. The optimized database query is split into sub-queries with sub-queries being divided spatially according to host and temporally according to time window. A parallel execution module is configured to execute the sub-queries on the PROBEQL database in parallel. A results module is configured to output progressive results of the database query. A security control system is configured to perform a security control action in accordance with the progressive results.