公开(公告)号：US10305917B2

公开(公告)日：2019-05-28

申请号：US15213896

申请日：2016-07-19

Applicant: NEC Laboratories America, Inc.

Inventor： Zhengzhang Chen ,  LuAn Tang ,  Boxiang Dong ,  Guofei Jiang ,  Haifeng Chen

IPC: H04L29/06 ,  G06F21/55 ,  H04L12/24

Abstract: Methods and systems for detecting malicious processes include modeling system data as a graph comprising vertices that represent system entities and edges that represent events between respective system entities. Each edge has one or more timestamps corresponding respective events between two system entities. A set of valid path patterns that relate to potential attacks is generated. One or more event sequences in the system are determined to be suspicious based on the graph and the valid path patterns using a random walk on the graph.

公开(公告)号：US10289843B2

公开(公告)日：2019-05-14

申请号：US15479928

申请日：2017-04-05

Applicant: NEC Laboratories America, Inc.

Inventor： Junghwan Rhee ,  Zhichun Li ,  Zhenyu Wu ,  Kangkook Jee ,  Guofei Jiang

IPC: G06F21/56 ,  G06F11/36

Abstract: Systems and methods for identifying similarities in program binaries, including extracting program binary features from one or more input program binaries to generate corresponding hybrid features. The hybrid features include a reference feature, a resource feature, an abstract control flow feature, and a structural feature. Combinations of a plurality of pairs of binaries are generated from the extracted hybrid features, and a similarity score is determined for each of the pairs of binaries. A hybrid difference score is generated based on the similarity score for each of the binaries combined with input hybrid feature parameters. A likelihood of malware in the input program is identified based on the hybrid difference score.

公开(公告)号：US10169656B2

公开(公告)日：2019-01-01

申请号：US15688131

申请日：2017-08-28

Applicant: NEC Laboratories America, Inc.

Inventor： Dongjin Song ,  Haifeng Chen ,  Guofei Jiang ,  Yao Qin

IPC: G06K9/00 ,  G06N3/02 ,  G06F17/18 ,  G06F15/18 ,  G08B23/00 ,  G08B31/00 ,  G06F17/30 ,  G06N3/04 ,  G06Q10/06

Abstract: Systems and devices including an imaging sensor to capture video sequences in an environment having safety concerns therein. The systems and devices further including a processor to generate driving series based on observations from the video sequences, and generate predictions of future events based on the observations using a dual-stage attention-based recurrent neural network (DA-RNN). The DA-RNN includes an input attention mechanism to extract relevant driving series, an encoder to encode the extracted relevant driving series into hidden states, a temporal attention mechanism to extract relevant hidden states, and a decoder to decode the relevant hidden states. The processor further generates a signal for initiating an action to machines to mitigate harm to items.

公开(公告)号：US10114148B2

公开(公告)日：2018-10-30

申请号：US14503549

申请日：2014-10-01

Applicant: NEC Laboratories America, Inc.

Inventor： Xia Ning ,  Guofei Jiang ,  Haifeng Chen ,  Kenji Yoshihira

IPC: G01V99/00

Abstract: A method and system are provided for heterogeneous log analysis. The method includes performing hierarchical log clustering on heterogeneous logs to generate a log cluster hierarchy for the heterogeneous logs. The method further includes performing, by a log pattern recognizer device having a processor, log pattern recognition on the log cluster hierarchy to generate log pattern representations. The method also includes performing log field analysis on the log pattern representations to generate log field statistics. The method additionally includes performing log indexing on the log pattern representations to generate log indexes.

公开(公告)号：US10031788B2

公开(公告)日：2018-07-24

申请号：US15265267

申请日：2016-09-14

Applicant: NEC Laboratories America, Inc.

Inventor： Hui Zhang ,  Guofei Jiang ,  Junghwan Rhee ,  Nipun Arora

IPC: G06F3/00 ,  G06F9/44 ,  G06F9/46 ,  G06F13/00 ,  G06F9/54 ,  G06F9/445

Abstract: Methods and systems for profiling requests include generating request units based on collected kernel events that include complete request units and half-open request units. The generated request units are sequenced based on a causality relationship set that describes causality relationships between kernel events.

公开(公告)号：US20180165147A1

公开(公告)日：2018-06-14

申请号：US15830579

申请日：2017-12-04

Applicant: NEC Laboratories America, Inc.

Inventor： Biplob Debnath ,  Hui Zhang ,  Guofei Jiang

IPC: G06F11/07 ,  G06F17/30 ,  G06F17/27 ,  G06F11/34 ,  G06F11/30

Abstract: A computer-implemented method, computer program product, and computer processing system are provided. The method includes preprocessing, by a processor, a set of heterogeneous logs by splitting each of the logs into tokens to obtain preprocessed logs. Each of the logs in the set is associated with a timestamp and textual content in one or more fields. The method further includes generating, by the processor, a set of regular expressions from the preprocessed logs. The method also includes performing, by the processor, an unsupervised parsing operation by applying the regular expressions to the preprocessed logs to obtain a set of parsed logs and a set of unparsed logs, if any. The method additionally includes storing, by the processor, the set of parsed logs in a log analytics database and the set of unparsed logs in a debugging database.

公开(公告)号：US20180137001A1

公开(公告)日：2018-05-17

申请号：US15810960

申请日：2017-11-13

Applicant: NEC Laboratories America, Inc.

Inventor： Bo Zong ,  LuAn Tang ,  Qi Song ,  Biplob Debnath ,  Hui Zhang ,  Guofei Jiang

IPC: G06F11/07 ,  G06F11/34 ,  G06N5/04 ,  G06N3/08 ,  G06F15/18 ,  G06F17/30

CPC classification number: G06F11/079 ,  G06F11/0793 ,  G06F11/3476 ,  G06N3/084 ,  G06N5/022 ,  G06N5/04

Abstract: A method is provided that includes transforming training data into a neural network based learning model using a set of temporal graphs derived from the training data. The method includes performing model learning on the learning model by automatically adjusting learning model parameters based on the set of the temporal graphs to minimize differences between a predetermined ground-truth ranking list and a learning model output ranking list. The method includes transforming testing data into a neural network based inference model using another set of temporal graphs derived from the testing data. The method includes performing model inference by applying the inference and learning models to test data to extract context features for alerts in the test data and calculate a ranking list for the alerts based on the extracted context features. Top-ranked alerts are identified as critical alerts. Each alert represents an anomaly in the test data.

公开(公告)号：US20180129579A1

公开(公告)日：2018-05-10

申请号：US15784393

申请日：2017-10-16

Applicant: NEC Laboratories America, Inc.

Inventor： Biplob Debnath ,  Nipun Arora ,  Hui Zhang ,  Guofei Jiang ,  Mohiuddin Solaimani ,  Muhammad Ali Gulzar

IPC: G06F11/34 ,  G06F11/07 ,  G06F11/30 ,  G06F15/18

CPC classification number: G06F11/3476 ,  G06F11/0706 ,  G06F11/0775 ,  G06F11/0787 ,  G06F11/3065 ,  G06N20/00

Abstract: Systems and methods are disclosed for processing a stream of logged data by: creating one or more models from a set of training logs during a training phase; receiving testing data in real-time and generating anomalies using the models created during the training phase; updating the one or more models during real-time processing of a live stream of logs; and detecting a log anomaly from the live stream of logs.

公开(公告)号：US20180060748A1

公开(公告)日：2018-03-01

申请号：US15684293

申请日：2017-08-23

Applicant: NEC Laboratories America, Inc.

Inventor： Jianwu Xu ,  Biplob Debnath ,  Bo Zong ,  Hui Zhang ,  Guofei Jiang ,  Hancheng Ge

IPC: G06N5/04 ,  G06N7/00 ,  G06F17/16

CPC classification number: G06N5/047 ,  G06F17/16 ,  G06F17/20 ,  G06F17/2282 ,  G06F17/277 ,  G06N7/00

Abstract: A heterogeneous log pattern editing recommendation system and computer-implemented method are provided. The system has a processor configured to identify, from heterogeneous logs, patterns including variable fields and constant fields. The processor is also configured to extract a category feature, a cardinality feature, and a before-after n-gram feature by tokenizing the variable fields in the identified patterns. The processor is additionally configured to generate target similarity scores between target fields to be potentially edited and other fields from among the variable fields in the heterogeneous logs using pattern editing operations based on the extracted category feature, the extracted cardinality feature, and the extracted before-after n-gram feature. The processor is further configured to recommend, to a user, log pattern edits for at least one of the target fields based on the target similarity scores between the target fields in the heterogeneous logs.

公开(公告)号：US20180060666A1

公开(公告)日：2018-03-01

申请号：US15688131

申请日：2017-08-28

Applicant: NEC Laboratories America, Inc.

Inventor： Dongjin Song ,  Haifeng Chen ,  Guofei Jiang ,  Yao Qin

IPC: G06K9/00 ,  G06N3/04 ,  G08B23/00

CPC classification number: G06K9/00718 ,  G06F15/18 ,  G06F17/18 ,  G06F17/30392 ,  G06K9/00744 ,  G06K2009/00738 ,  G06N3/02 ,  G06N3/04 ,  G06N3/049 ,  G06Q10/06375 ,  G06T2207/20084 ,  G08B23/00 ,  G08B31/00

Abstract: Systems and devices including an imaging sensor to capture video sequences in an environment having safety concerns therein. The systems and devices further including a processor to generate driving series based on observations from the video sequences, and generate predictions of future events based on the observations using a dual-stage attention-based recurrent neural network (DA-RNN). The DA-RNN includes an input attention mechanism to extract relevant driving series, an encoder to encode the extracted relevant driving series into hidden states, a temporal attention mechanism to extract relevant hidden states, and a decoder to decode the relevant hidden states. The processor further generates a signal for initiating an action to machines to mitigate harm to items.