公开(公告)号：US20170139806A1

公开(公告)日：2017-05-18

申请号：US15352546

申请日：2016-11-15

Applicant: NEC Laboratories America, Inc.

Inventor： Jianwu Xu ,  Biplob Debnath ,  Hui Zhang ,  Guofei Jiang ,  Nipun Arora

IPC: G06F11/36

CPC classification number: G06F11/3612 ,  G06F11/0706 ,  G06F11/0766 ,  G06F11/3636

Abstract: Systems and methods are disclosed for handling log data from one or more applications, sensors or instruments by receiving heterogeneous logs from arbitrary/unknown systems or applications; generating regular expression patterns from the heterogeneous log sources using machine learning and extracting a log pattern therefrom; generating models and profiles from training logs based on different conditions and updating a global model database storing all models generated over time; tokenizing raw log messages from one or more applications, sensors or instruments running a production system; transforming incoming tokenized streams are into data-objects for anomaly detection and forwarding of log messages to various anomaly detectors; and generating an anomaly alert from the one or more applications, sensors or instruments running a production system.

公开(公告)号：US09654372B2

公开(公告)日：2017-05-16

申请号：US14300843

申请日：2014-06-10

Applicant: NEC Laboratories America, Inc.

Inventor： Cristian Lumezanu ,  Curtis Yu ,  Abhishek Sharma ,  Guofei Jiang ,  Qiang Xu

IPC: H04L12/26

CPC classification number: H04L43/106 ,  H04L43/0852

Abstract: In a software defined network having switches including first and last switches and intermediate switches, wherein a default routing path exists between the first and last switches, a system and method are provided for computing path latency. The method includes inserting a respective monitoring rule(s) in each switch, mandating for each switch, forwarding a received rule matching packet to a next switch, and further mandating for the first switch and the last switch, sending a PacketIn message to a controller. The method includes inserting, in each switch, a respective monitoring probe(s) matching the respective monitoring rule(s) in a same switch to initiate mandates specified by the respective monitoring rule(s) in the same switch responsive to an arrival of the packet thereat. The method includes time-stamping the PacketIn messages to generate PacketIn timestamps, aggregating the PacketIn timestamps, and estimating the path latency from an aggregation of PacketIn timestamps.

公开(公告)号：US20170118100A1

公开(公告)日：2017-04-27

申请号：US15264706

申请日：2016-09-14

Applicant: NEC Laboratories America, Inc.

Inventor： Qiang Xu ,  Cristian Lumezanu ,  Cheng Jin ,  Hyun-Wook Baek ,  Guofei Jiang

IPC: H04L12/26 ,  H04L12/815 ,  H04L12/707 ,  H04L12/741 ,  H04L12/721

CPC classification number: H04L43/0882 ,  H04L41/0823 ,  H04L41/14 ,  H04L43/0823 ,  H04L45/22 ,  H04L45/54 ,  H04L45/70 ,  H04L47/22

Abstract: Methods and systems for network management include performing path regression to determine an end-to-end path across physical links for each data flow in a network. A per-flow utilization of each physical link in the network is estimated based on the determined end-to-end paths. A management action is performed in the network based on the estimated per-flow utilization.

公开(公告)号：US09602338B2

公开(公告)日：2017-03-21

申请号：US14575013

申请日：2014-12-18

Applicant: NEC Laboratories America, Inc.

Inventor： Hui Zhang ,  Junghwan Rhee ,  Nipun Arora ,  Cristian Lumezanu ,  Guofei Jiang

IPC: H04L12/26 ,  H04L12/24

CPC classification number: H04L41/0631 ,  H04L41/069 ,  H04L41/14 ,  H04L43/0858

Abstract: A computer implemented method for network monitoring includes providing network packet event characterization and analysis for network monitoring that includes supporting summarization and characterization of network packet traces collected across multiple processing elements of different types in a virtual network, including a trace slicing to organize individual packet events into path-based trace slices, a trace characterization to extract at least 2 types of feature matrix describing those trace slices, and a trace analysis to cluster, rank and query packet traces based on metrics of the feature matrix.

公开(公告)号：US20160330226A1

公开(公告)日：2016-11-10

申请号：US15213896

申请日：2016-07-19

Applicant: NEC Laboratories America, Inc.

Inventor： Zhengzhang Chen ,  LuAn Tang ,  Boxiang Dong ,  Guofei Jiang ,  Haifeng Chen

IPC: H04L29/06 ,  H04L12/24

CPC classification number: H04L63/14 ,  G06F21/55 ,  H04L29/06877 ,  H04L29/06891 ,  H04L29/06911 ,  H04L41/12 ,  H04L41/142 ,  H04L63/1416 ,  H04L2463/121

Abstract: Methods and systems for detecting malicious processes include modeling system data as a graph comprising vertices that represent system entities and edges that represent events between respective system entities. Each edge has one or more timestamps corresponding respective events between two system entities. A set of valid path patterns that relate to potential attacks is generated. One or more event sequences in the system are determined to be suspicious based on the graph and the valid path patterns using a random walk on the graph.

Abstract translation: 用于检测恶意进程的方法和系统包括将系统数据建模为包括表示系统实体的顶点和表示各个系统实体之间的事件的边的图。 每个边缘具有对应于两个系统实体之间的相应事件的一个或多个时间戳。 产生一组与潜在攻击有关的有效路径模式。 系统中的一个或多个事件序列被确定为可疑的基于图和有效的路径模式使用图形上的随机游走。

公开(公告)号：US09413646B2

公开(公告)日：2016-08-09

申请号：US14831570

申请日：2015-08-20

Applicant: NEC Laboratories America, Inc.

Inventor： Cristian Lumezanu ,  Cheng Jin ,  Hui Zhang ,  Abhishek Sharma ,  Qiang Xu ,  Nipun Arora ,  Guofei Jiang

IPC: H04L12/28 ,  H04L12/753 ,  H04L12/721 ,  H04L12/46

CPC classification number: H04L45/48 ,  H04L12/462 ,  H04L45/14 ,  H04L45/16 ,  H04L45/18 ,  H04L45/64

Abstract: Systems and methods for controlling legacy switch routing in one or more hybrid networks of interconnected computers and switches, including generating a network underlay for the one or more hybrid networks by generating a minimum spanning tree (MST) and a forwarding graph (FWG) over a physical network topology of the one or more hybrid networks, determining an optimal path between hosts on the FWG by optimizing an initial path with a minimum cost mapping, and adjusting the initial path to enforce the optimal path by generating and installing special packets in one or more programmable switches to trigger installation of forwarding rules for one or more legacy switches.

Abstract translation: 用于控制互连计算机和交换机的一个或多个混合网络中的传统交换机路由的系统和方法，包括通过在一个或多个混合网络上生成最小生成树（MST）和转发图（FWG）来生成用于所述一个或多个混合网络的网络底层 一个或多个混合网络的物理网络拓扑，通过利用最小成本映射优化初始路径来确定FWG上的主机之间的最佳路径，以及通过在一个或多个混合网络中生成和安装专用分组来调整初始路径以实施最佳路径 更多的可编程开关来触发一个或多个传统交换机的转发规则的安装。

公开(公告)号：US09367428B2

公开(公告)日：2016-06-14

申请号：US14512653

申请日：2014-10-13

Applicant: NEC Laboratories America, Inc.

Inventor： Junghwan Rhee ,  Hui Zhang ,  Nipun Arora ,  Guofei Jiang ,  Chung Hwan Kim

IPC: G06F11/36 ,  G06F9/44

CPC classification number: G06F11/3636 ,  G06F11/3419

Abstract: Methods and systems for performance inference include inferring an internal application status based on a unified call stack trace that includes both user and kernel information by inferring user function instances. A calling context encoding is generated that includes information regarding function calling paths. Application performance is analyzed based on the encoded calling contexts. The analysis includes performing a top-down latency breakdown and ranking calling contexts according to how costly each function calling path is.

Abstract translation: 用于性能推理的方法和系统包括通过推断用户功能实例来推断基于包括用户和内核信息的统一调用堆栈跟踪的内部应用程序状态。 生成包含有关函数调用路径的信息的调用上下文编码。 基于编码的呼叫上下文来分析应用性能。 分析包括根据每个功能调用路径的代价昂贵地执行自上而下的延迟故障和排序呼叫上下文。

公开(公告)号：US20160125094A1

公开(公告)日：2016-05-05

申请号：US14932799

申请日：2015-11-04

Applicant: NEC Laboratories America, Inc.

Inventor： Zhichun Li ,  Xusheng Xiao ,  Zhenyu Wu ,  Bo Zong ,  Guofei Jiang

IPC: G06F17/30

CPC classification number: G06F16/9024 ,  G06F21/552

Abstract: A method and system for constructing behavior queries in temporal graphs using discriminative sub-trace mining. The method includes generating system data logs to provide temporal graphs, wherein the temporal graphs include a first temporal graph corresponding to a target behavior and a second temporal graph corresponding to a set of background behaviors, generating temporal graph patterns for each of the first and second temporal graphs to determine whether a pattern exists between a first temporal graph pattern and a second temporal graph pattern, wherein the pattern between the temporal graph patterns is a non-repetitive graph pattern, pruning the pattern between the first and second temporal graph patterns to provide a discriminative temporal graph, and generating behavior queries based on the discriminative temporal graph.

Abstract translation: 一种使用区分性子跟踪挖掘在时间图中构建行为查询的方法和系统。 该方法包括生成系统数据日志以提供时间图，其中时间图包括对应于目标行为的第一时间图和对应于一组背景行为的第二时间图，为第一和第二 时间图以确定在第一时间图形图案和第二时间图形图案之间是否存在图案，其中时间图形图案之间的图案是非重复图形图案，修剪第一和第二时间图形图案之间的图案以提供 判别时间图，并基于辨别时间图生成行为查询。

公开(公告)号：US20160057054A1

公开(公告)日：2016-02-25

申请号：US14831570

申请日：2015-08-20

Applicant: NEC Laboratories America, Inc.

Inventor： Cristian Lumezanu ,  Cheng Jin ,  Hui Zhang ,  Abhishek Sharma ,  Qiang Xu ,  Nipun Arora ,  Guofei Jiang

IPC: H04L12/753 ,  H04L12/44 ,  H04L12/721 ,  H04L12/24

CPC classification number: H04L45/48 ,  H04L12/462 ,  H04L45/14 ,  H04L45/16 ,  H04L45/18 ,  H04L45/64

Abstract: Systems and methods for controlling legacy switch routing in one or more hybrid networks of interconnected computers and switches, including generating a network underlay for the one or more hybrid networks by generating a minimum spanning tree (MST) and a forwarding graph (FWG) over a physical network topology of the one or more hybrid networks, determining an optimal path between hosts on the FWG by optimizing an initial path with a minimum cost mapping, and adjusting the initial path to enforce the optimal path by generating and installing special packets in one or more programmable switches to trigger installation of forwarding rules for one or more legacy switches.

Abstract translation: 用于控制互连计算机和交换机的一个或多个混合网络中的传统交换机路由的系统和方法，包括通过在一个或多个混合网络上生成最小生成树（MST）和转发图（FWG）来生成用于所述一个或多个混合网络的网络底层 一个或多个混合网络的物理网络拓扑，通过利用最小成本映射优化初始路径来确定FWG上的主机之间的最佳路径，以及通过在一个或多个混合网络中生成和安装专用分组来调整初始路径以实施最佳路径 更多的可编程开关来触发一个或多个传统交换机的转发规则的安装。

公开(公告)号：US20150281076A1

公开(公告)日：2015-10-01

申请号：US14665069

申请日：2015-03-23

Applicant: NEC Laboratories America, Inc.

Inventor： Hui Zhang ,  Cristian Lumezanu ,  Junghwan Rhee ,  Nipun Arora ,  Qiang Xu ,  Guofei Jiang

IPC: H04L12/741 ,  H04L12/721 ,  H04L12/801 ,  H04L12/947

CPC classification number: H04L45/02 ,  H04L43/12 ,  H04L45/64 ,  H04L45/70

Abstract: A computer implemented method for network monitoring includes providing network packet event characterization and analysis for network monitoring that includes supporting summarization and characterization of network packet traces collected across multiple processing elements of different types in a virtual network, including a trace slicing to organize individual packet events into path-based trace slices, a trace characterization to extract at least 2 types of feature matrix describing those trace slices, and a trace analysis to cluster, rank and query packet traces based on metrics of the feature matrix.

Abstract translation: 一种用于网络监测的计算机实现方法包括为网络监测提供网络分组事件表征和分析，其包括支持在虚拟网络中跨越不同类型的多个处理元件收集的网络分组跟踪的概括和表征，包括用于组织各个分组事件的跟踪分片 基于路径的跟踪切片，提取描述这些跟踪切片的至少2种类型的特征矩阵的跟踪表征，以及基于特征矩阵的度量的集群，排序和查询分组跟踪的跟踪分析。