公开(公告)号：US20210048994A1

公开(公告)日：2021-02-18

申请号：US16985647

申请日：2020-08-05

Applicant: NEC Laboratories America, Inc.

Inventor： Xiao Yu ,  Xueyuan Han ,  Ding Li ,  Junghwan Rhee ,  Haifeng Chen

IPC: G06F8/61 ,  G06N3/04 ,  G06F16/901

Abstract: A computer-implemented method for securing software installation through deep graph learning includes extracting a new software installation graph (SIG) corresponding to a new software installation based on installation data associated with the new software installation, using at least two node embedding models to generate a first vector representation by embedding the nodes of the new SIG and inferring any embeddings for out-of-vocabulary (OOV) words corresponding to unseen pathnames, utilizing a deep graph autoencoder to reconstruct nodes of the new SIG from latent vector representations encoded by the graph LSTM, wherein reconstruction losses resulting from a difference of a second vector representation generated by the deep graph autoencoder and the first vector representation represent anomaly scores for each node, and performing anomaly detection by comparing an overall anomaly score of the anomaly scores to a threshold of normal software installation.

公开(公告)号：US11321066B2

公开(公告)日：2022-05-03

申请号：US16985647

申请日：2020-08-05

Applicant: NEC Laboratories America, Inc.

Inventor： Xiao Yu ,  Xueyuan Han ,  Ding Li ,  Junghwan Rhee ,  Haifeng Chen

IPC: G06F8/61 ,  G06F16/901 ,  G06N3/04

Abstract: A computer-implemented method for securing software installation through deep graph learning includes extracting a new software installation graph (SIG) corresponding to a new software installation based on installation data associated with the new software installation, using at least two node embedding models to generate a first vector representation by embedding the nodes of the new SIG and inferring any embeddings for out-of-vocabulary (OOV) words corresponding to unseen pathnames, utilizing a deep graph autoencoder to reconstruct nodes of the new SIG from latent vector representations encoded by the graph LSTM, wherein reconstruction losses resulting from a difference of a second vector representation generated by the deep graph autoencoder and the first vector representation represent anomaly scores for each node, and performing anomaly detection by comparing an overall anomaly score of the anomaly scores to a threshold of normal software installation.