公开(公告)号：US20150278069A1

公开(公告)日：2015-10-01

申请号：US14665519

申请日：2015-03-23

Applicant: NEC Laboratories America, Inc.

Inventor： Nipun Arora ,  Junghwan Rhee ,  Hui Zhang ,  Guofei Jiang

IPC: G06F11/34

CPC classification number: G06F11/3466

Abstract: The present invention enables capturing API level calls using a combination of dynamic instrumentation and library overriding. The invention allows event level tracing of API function calls and returns, and is able to generate an execution trace. The instrumentation is lightweight and relies on dynamic library/shared library linking mechanisms in most operating systems. Hence we need no source code modification or binary injection. The tool can be used to capture parameter values, and return values, which can be used to correlate traces across API function calls to generate transaction flow logic.

Abstract translation: 本发明可以使用动态检测和库重写的组合捕获API级别调用。 本发明允许API函数调用和返回的事件级别跟踪，并且能够生成执行跟踪。 该仪器是轻量级的，并且依赖于大多数操作系统中的动态库/共享库链接机制。 因此，我们不需要源代码修改或二进制注入。 该工具可用于捕获参数值和返回值，可用于将API函数调用之间的跟踪相关联，以生成事务流逻辑。

公开(公告)号：US20150235139A1

公开(公告)日：2015-08-20

申请号：US14527413

申请日：2014-10-29

Applicant: NEC Laboratories America, Inc.

Inventor： Abhishek Sharma ,  Haifeng Chen ,  Guofei Jiang ,  Om Prasad Patri

IPC: G06N5/04

CPC classification number: G06N5/043 ,  G06N5/003

Abstract: A method and system are provided. The method includes extracting shapelets from each of a plurality of time series dimensions of multi-dimensional time series data. The method further includes building a plurality of decision-tree classifiers, one for each time series dimension, responsive to the shapelets extracted therefrom. The method also includes generating a pairwise similarity matrix between respective different ones of the plurality of time series dimensions using the shapelets as intermediaries for determining similarity. The method additionally includes applying a feature selection technique to the matrix to determine respective feature weights for each of shapelet features of the shapelets and respective classifier weights for each of the decision-tree classifiers that uses the shapelet features. The method further includes combining decisions issued from the decision-tree classifiers to generate a final verdict of classification for a time series dimension responsive to the respective feature weights and the respective classifier weights.

Abstract translation: 提供了一种方法和系统。 该方法包括从多维时间序列数据的多个时间序列维度中的每一个提取形状。 该方法还包括响应于从其提取的形状，构建多个决策树分类器，每个时间序列维度一个。 该方法还包括使用形状作为用于确定相似性的中介来在多个时间序列维度中的各个不同的时间序列维之间生成成对相似性矩阵。 该方法另外包括将特征选择技术应用于矩阵，以确定使用形状特征的每个决策树分类器的形状的每个形状特征和相应分类器权重的各个特征权重。 该方法还包括组合从决策树分类器发出的决策，以响应于相应的特征权重和相应的分类器权重来产生对于时间序列尺寸的分类的最终判定。

公开(公告)号：US20150172185A1

公开(公告)日：2015-06-18

申请号：US14571778

申请日：2014-12-16

Applicant: NEC Laboratories America, Inc.

Inventor： Hui Zhang ,  Behnaz Arzani ,  Franjo Ivancic ,  Junghwan Rhee ,  Nipun Arora ,  Guofei Jiang

IPC: H04L12/721

CPC classification number: H04L45/42 ,  H04L41/12 ,  H04L41/145 ,  H04L43/0864 ,  H04L43/106 ,  H04L45/00 ,  H04L45/64 ,  H04L47/283

Abstract: Methods and systems for finding a packet's routing path in a network includes intercepting control messages sent by a controller to one or more switches in a software defined network (SDN). A state of the SDN at a requested time is emulated and one or more possible routing paths through the emulated SDN is identified by replaying the intercepted control messages to one or more emulated switches in the emulated SDN. The one or more possible routing paths correspond to a requested packet injected into the SDN at the requested time.

Abstract translation: 用于在网络中找到分组的路由路径的方法和系统包括将由控制器发送的控制消息拦截在软件定义网络（SDN）中的一个或多个交换机上。 仿真在请求时间的SDN的状态，并且通过在被仿真的SDN中重放被拦截的控制消息给一个或多个仿真的交换机来识别通过仿真的SDN的一个或多个可能的路由路径。 一个或多个可能的路由路径对应于在请求的时间内注入到SDN中的请求的分组。

公开(公告)号：US20150095490A1

公开(公告)日：2015-04-02

申请号：US14503562

申请日：2014-10-01

Applicant: NEC Laboratories America, Inc.

Inventor： Xia Ning ,  Jiaji Huang ,  Guofei Jiang

IPC: H04L12/26

CPC classification number: H04L41/145 ,  H04L41/064

Abstract: A method and system are provided for online sparse regularized joint analysis for heterogeneous data. The method generates a latent space model modeling a latent space in which correlation information is encoded for a plurality of heterogeneous data points at respective time instants, responsive to respective energy-preserving projections and structure-preserving projections of the data points in the latent space. The method performs online anomaly detection on a current one of the data points responsive to the encoded correlation information for respective ones of the energy-preserving projections and structure-preserving projections for a previous one of the data points without anomaly. The method generates an alarm responsive to a detection of an anomaly for the current one of the data points. The method updates the latent space model for the current one of the data points, by a processor-based online model updater, responsive to a lack of the detection of the anomaly.

Abstract translation: 提供了异构数据的在线稀疏正则化联合分析的方法和系统。 该方法响应于相应的能量保留投影和潜在空间中的数据点的结构保留投影，产生潜在空间模型，潜在空间模型对潜在空间建模，其中相应信息针对各个时刻的多个异质数据点进行编码。 该方法响应于编码的相关信息，对于没有异常的前一个数据点的能量保留投影和结构保留投影，对当前一个数据点进行在线异常检测。 该方法响应于对当前数据点的异常的检测而产生报警。 该方法通过基于处理器的在线模型更新器来更新当前一个数据点的潜在空间模型，响应于缺少异常检测。

公开(公告)号：US20150043382A1

公开(公告)日：2015-02-12

申请号：US14453054

申请日：2014-08-06

Applicant: NEC Laboratories America, Inc.

Inventor： Nipun Arora ,  Hui Zhang ,  Cristian Lumezanu ,  Junghwan Rhee ,  Guofei Jiang ,  Hui Lu

IPC: H04L12/24 ,  H04L12/46

CPC classification number: H04L41/082 ,  H04L12/4675 ,  H04L41/0226 ,  H04L41/0803 ,  H04L41/12 ,  H04L41/20

Abstract: Method and systems for controlling a hybrid network having software-defined network (SDN) switches and legacy switches include initializing a hybrid network topology by retrieving information on a physical and virtual infrastructure of the hybrid network; generating a path between two nodes on the hybrid network based on the physical and virtual infrastructure of the hybrid network; generating a virtual local area network by issuing remote procedure call instructions to legacy switches in accordance with a network configuration request; and generating an SDN network slice by issuing SDN commands to SDN switches in accordance with the network configuration request.

Abstract translation: 用于控制具有软件定义网络（SDN）交换机和传统交换机的混合网络的方法和系统包括通过检索混合网络的物理和虚拟基础设施上的信息来初始化混合网络拓扑; 基于混合网络的物理和虚拟基础设施，在混合网络上生成两个节点之间的路径; 通过根据网络配置请求向传统交换机发出远程过程呼叫指令来产生虚拟局域网; 以及根据网络配置请求向SDN交换机发出SDN命令来生成SDN网络切片。

公开(公告)号：US08943367B2

公开(公告)日：2015-01-27

申请号：US13738004

申请日：2013-01-10

Applicant: NEC Laboratories America, Inc.

Inventor： Guofei Jiang ,  Min Ding ,  Yong Ge

IPC: G06F11/00 ,  G06F11/07 ,  G06F11/34 ,  G06F19/24

CPC classification number: G06F11/079 ,  G06F11/3457 ,  G06F19/24

Abstract: A method for metric ranking in invariant networks includes, given an invariant network and a set of broken invariants, two ranking processes are used to determine and rank the anomaly scores of each monitoring metrics in large-scale systems. Operators can follow the rank to investigate the root-cause in problem investigation. In a first ranking process, given a node/metric, the method determines multiple scores by integrating information from immediate neighbors to decide the anomaly score for metric ranking. In a second ranking process, given a node/metric, an iteration process is used to recursively integrate the information from immediate neighbors at each round to determine its anomaly score for metric ranking.

Abstract translation: 在不变网络中的度量排序的方法包括给定不变网络和一组破坏的不变量，使用两个排序过程来确定和排列大型系统中每个监测度量的异常分数。 运营商可以按照排名调查问题调查的根本原因。 在第一排序过程中，给定节点/度量，该方法通过集成来自直接邻居的信息来确定度量排名的异常得分来确定多个分数。 在第二个排序过程中，给定一个节点/度量，迭代过程被用来递归地整合来自每个轮次的直接邻居的信息，以确定其针对度量排名的异常得分。

公开(公告)号：US20140310561A1

公开(公告)日：2014-10-16

申请号：US14250340

申请日：2014-04-10

Applicant: NEC Laboratories America, Inc.

Inventor： Hui Zhang ,  Nipun Arora ,  Jungwhan Rhee ,  Kai Ma ,  Guofei Jiang

IPC: G06F11/36

CPC classification number: G06F11/3636

Abstract: The invention is directed to a computer implemented method and a system that implements an application performance profiler with hardware performance event information. The profiler provides dynamic tracing of application programs, and offers fine-grained hardware performance event profiling at function levels. To control the perturbation on target applications, the profiler also includes a control mechanism to constraint the function profiling overhead within a budget configured by users.

Abstract translation: 本发明涉及一种计算机实现的方法和一种实现具有硬件性能事件信息的应用性能分析器的系统。 分析器提供应用程序的动态跟踪，并在功能级别提供精细的硬件性能事件分析。 为了控制目标应用程序的扰动，分析器还包括一个控制机制，用于在用户配置的预算范围内限制功能分析开销。

公开(公告)号：US20140108324A1

公开(公告)日：2014-04-17

申请号：US14050808

申请日：2013-10-10

Applicant: NEC Laboratories America, Inc.

Inventor： Haifeng Chen ,  Min Ding ,  Bin Liu ,  Abhishek Sharma ,  Kenji Yoshihira ,  Guofei Jiang

IPC: G06N5/04

CPC classification number: G06N20/00 ,  G06F11/3055 ,  G06F11/3072 ,  G06F17/18 ,  G06N5/048

Abstract: Systems and method for modeling system dynamics, including extracting features representative of a temporal evolution of a dynamical system, further including deriving one or more vector trajectories by performing sliding window segmentation of one or more time series; applying a linear test to determine whether the one or more vector trajectories are linear or nonlinear; and performing linear or nonlinear subspace decomposition on the vector trajectory based on the linear test. The system and method may generate a system evolution model from the extracted features of the dynamical system and determine a fitness score of the system evolution model.

Abstract translation: 用于建模系统动力学的系统和方法，包括提取表示动力系统的时间演化的特征，还包括通过执行一个或多个时间序列的滑动窗口分割来导出一个或多个矢量轨迹; 应用线性测试来确定一个或多个矢量轨迹是线性还是非线性; 并基于线性测试对矢量轨迹进行线性或非线性子空间分解。 系统和方法可以从动力系统的提取特征生成系统演化模型，并确定系统演化模型的适应度。

公开(公告)号：US20140098678A1

公开(公告)日：2014-04-10

申请号：US14041102

申请日：2013-09-30

Applicant: NEC Laboratories America, Inc.

Inventor： Cristian Lumezanu ,  Curtis Yu ,  Vishal Kumar Singh ,  Yueping Zhang ,  Guofei Jiang

IPC: H04L12/24

CPC classification number: H04L41/12 ,  H04L43/0876 ,  H04L43/10 ,  Y02D30/30

Abstract: A method implemented in a network apparatus used in a network is disclosed. The method includes sensing network topology and network utilization, receiving a request from an application, deciding path setup requirement using network state information obtained from the network topology and the network utilization, and translating the path setup requirement into a rule to be installed. Other methods, apparatuses, and systems also are disclosed.

Abstract translation: 公开了一种在网络中使用的网络装置中实现的方法。 该方法包括感知网络拓扑和网络利用率，从应用接收请求，使用从网络拓扑获得的网络状态信息和网络利用率确定路径设置要求，以及将路径设置要求转换为要安装的规则。 还公开了其它方法，装置和系统。

公开(公告)号：US20140059690A1

公开(公告)日：2014-02-27

申请号：US13768439

申请日：2013-02-15

Applicant: NEC Laboratories America, Inc.

Inventor： Zhichun Li ,  Long Lu ,  Zhenyu Wu ,  Guofei Jiang

IPC: G06F21/57

CPC classification number: G06F21/577 ,  G06F11/3604 ,  G06F21/562 ,  G06F2221/033

Abstract: A method for scalable analysis of Android applications for security includes applying Android application analytics to an Android application, which in turn includes applying an application taint tracking to the Android application and applying application repacking detection to the Android application, and determining security vulnerabilities in the Android application responsive to the analytics.

Abstract translation: Android应用程序的可扩展分析方法包括将Android应用程序分析应用于Android应用程序，Android应用程序分析应用程序将应用程序污染跟踪应用于Android应用程序，并将应用程序重新包装检测应用于Android应用程序，并确定Android中的安全漏洞 响应分析的应用程序。