公开(公告)号：US20220035906A1

公开(公告)日：2022-02-03

申请号：US17290458

申请日：2018-11-12

Applicant: NEC Corporation

Inventor： Etsuko ICHIHARA ,  Yoshiaki SAKAE ,  Kazuhiko ISOYAMA ,  Jun NISHIOKA

IPC: G06F21/54 ,  G06F21/44 ,  G06F21/31

Abstract: An information processing apparatus (2000) acquires an event graph (10) to be output. In the event graph (10), an activity content in an event related to an activity of a program is represented as an edge, and each of a subject and an object of the event is represented as a node. By using score information, the information processing apparatus (2000) determines a subgraph that matches an event graph (10) having a score equal to or higher than a threshold value from the event graphs (10) to be output. The score information associates each of a plurality of event graphs (10) with a score based on the number of occurrences of an event sequence represented by the event graph (10). The information processing apparatus (2000) outputs the event graph (10) to be output in a mode in which the determined subgraph and the other portion can be discriminated from each other.

公开(公告)号：US20210042412A1

公开(公告)日：2021-02-11

申请号：US16976311

申请日：2018-03-01

Applicant: NEC CORPORATION

Inventor： Kazuhiko ISOYAMA ,  Yoshiaki SAKAE ,  Jun NISHIOKA ,  Etsuko ICHIHARA ,  Kosuke YOSHIDA

IPC: G06F21/56 ,  G06N20/20

Abstract: An information processing apparatus (2000) classifies each event that occurred in a target apparatus to be determined (10) either as an event (event of a first class) that also occurs in a standard apparatus (20) or as an event (event of a second class) that does not occur in the standard apparatus (20). Herein, a first model used for a determination with respect to an event that also occurs in the standard apparatus (20) and a second model used for a determination with respect to an event that does not occur in the standard apparatus (20) are used as models for determining whether an event that occurs in a target apparatus to be determined (10) is a target for warning. The information processing apparatus (2000) performs learning of the first model using an event of the first class. Further, the information processing apparatus (2000) performs learning of the second model using an event of the second class.

公开(公告)号：US20180276064A1

公开(公告)日：2018-09-27

申请号：US15781527

申请日：2016-12-06

Applicant: NEC Corporation

Inventor： Kazuhiko ISOYAMA ,  Koji KIDA ,  Hiroki TAGATO ,  Yoshiaki SAKAE ,  Junpei KAMIMURA ,  Yuji KOBAYASHI ,  Etsuko ICHIHARA

IPC: G06F11/07

Abstract: The diagnosis device specifies a progression degree relating to a first information processing device for output information output by a first detection device at a first timing with respect to the first information processing device, based on device information indicates a progression degree that represents a degree to which the information processing device is abnormal with respect to the information processing device, determines whether or not information in which a first detection device identifier of the first detection device and the specified progression degree are associated with each other is included in progression-degree information in which a detection device identifier capable of identifying a detection device and the progression degree are associated with each other; and calculates the progression degree relating to the first information processing device according to the specified progression degree when the information is determined to be included in the progression-degree information.

公开(公告)号：US20170255305A1

公开(公告)日：2017-09-07

申请号：US15508546

申请日：2015-09-07

Applicant: NEC Corporation

Inventor： Kazuhiko ISOYAMA ,  Etsuko ICHIHARA ,  Junpei KAMIMURA ,  Yoshiaki SAKAE ,  Yuji KOBAYASHI ,  Takashi NOMURA ,  Koji KIDA

IPC: G06F3/048 ,  G06F13/10 ,  G06F11/32

Abstract: Disclosed are a display device, etc. which display information in a display format that provides high visibility. The display device 201 comprises a display unit 202 which displays first nodes, each representing a different communication entity with communication capabilities, or second nodes, each representing a different group of a plurality of communication entities, around a first region, and which shows communications being carried out between first and second nodes, between a plurality of first nodes, or between a plurality of second nodes, in a display format in which the connections between these communicating nodes are indicated within the first region.

公开(公告)号：US20220366035A1

公开(公告)日：2022-11-17

申请号：US17619314

申请日：2019-06-26

Applicant: NEC Corporation

Inventor： Yoshiaki SAKAE ,  Kazuhiko ISOYAMA ,  Takashi KONASHI ,  Jun NISHIOKA

IPC: G06F21/53

Abstract: An execution control system (2000) determines whether to permit execution of a target application (30). The determination includes first determination and second determination. The second determination is performed when the first determination cannot determine whether to permit the execution of the target application (30). The execution control system (2000) executes the target application (30) in a protected environment after the first determination is finished and while the second determination is performed.

公开(公告)号：US20220284107A1

公开(公告)日：2022-09-08

申请号：US17632361

申请日：2019-08-07

Applicant: NEC Corporation

Inventor： Jun NISHIOKA ,  Yoshiaki SAKAE ,  Kazuhiko ISOYAMA ,  Takashi KONASHI

IPC: G06F21/57 ,  G06F21/31 ,  G06F21/78

Abstract: A policy evaluation apparatus (2000) acquires, with respect to each of a plurality of control groups (10) including an evaluation target group, control policies (20). Each of the control policy (20) indicates execution permission/non-permission of an application. Further, the policy evaluation apparatus (2000) compares an evaluation target policy being the control policy (20) of the evaluation target group with other plurality of control policies (20), and generates evaluation information (30) based on the comparison result.

公开(公告)号：US20220229716A1

公开(公告)日：2022-07-21

申请号：US17614677

申请日：2019-05-30

Applicant: NEC Corporation

Inventor： Kazuhiko ISOYAMA ,  Yashiaki SAKAE ,  Jun NISHIOKA

IPC: G06F11/07 ,  G06F11/30 ,  G06F8/61

Abstract: An evaluation apparatus (2000) acquires introduction-related information (30) for an application (10) in which an abnormality is detected. The introduction-related information (30) is information related to introduction of the application (10). The evaluation apparatus (2000) performs, by using the introduction-related information (30), an evaluation of the application (10) in which an abnormality is detected.

公开(公告)号：US20220038472A1

公开(公告)日：2022-02-03

申请号：US17277379

申请日：2018-09-26

Applicant: NEC corporation

Inventor： Jun NISHIOKA ,  Yoshiaki SAKAE ,  Kazuhiko ISOYAMA ,  Etsuko ICHIHARA

IPC: H04L29/06 ,  H04W24/08

Abstract: An information processing apparatus (2000) extracts, from a communication history (20) representing a history of network communication performed by each of a plurality of mobile terminals (10), a communication history (20) indicating communication related to a similar attack. Herein, the communication history (20) includes positional information about the mobile terminal (10). The information processing apparatus (2000) generates attack information related to an attack on the mobile terminal (10) by using positional information indicated by each of the extracted communication histories (20), and outputs the generated attack information.

公开(公告)号：US20210357274A1

公开(公告)日：2021-11-18

申请号：US17278371

申请日：2018-09-28

Applicant: NEC Corporation

Inventor： Yoshiaki SAKAE ,  Kazuhiko ISOYAMA ,  Jun NISHIOKA ,  Etsuko ICHIHARA

IPC: G06F9/54

Abstract: A first information processing apparatus (2000) determines an alternative representation (20) of an event sequence represented by a plurality of event histories (12), by use of dictionary data (30). The first information processing apparatus (2000) outputs information including the determined alternative representation (20). The dictionary data (30) indicate an event sequence and an alternative representation (20) relating to the event sequence in association with each other.

公开(公告)号：US20210049477A1

公开(公告)日：2021-02-18

申请号：US16963873

申请日：2018-12-20

Applicant: NEC CORPORATION

Inventor： Yoshiaki SAKAE ,  Kazuhiko ISOYAMA ,  Takayoshi ASAKURA

IPC: G06N5/02 ,  G06F9/54 ,  G06F11/30

Abstract: Based on a normal model, it is detected whether or not an event signal of a computer system is anomalous. In parallel with the normal-model-based anomaly detection, it is detected based on a rule whether or not the event signal is anomalous. Then, a final anomaly detection result is generated by performing comprehensive determination based on detection results of the normal-model-based anomaly detection and the rule-based anomaly detection.