公开(公告)号：US12001551B2

公开(公告)日：2024-06-04

申请号：US17439509

申请日：2019-03-25

Applicant: NEC Corporation

Inventor： Jun Nishioka ,  Yoshiaki Sakae ,  Kazuhiko Isoyama ,  Etsuko Ichihara

IPC: G06F21/00 ,  G06F21/56

CPC classification number: G06F21/56 ,  G06F2221/034

Abstract: A warning apparatus (2000) acquires first detected event information (10) representing, at a first abstraction level, an event set being a set of events having occurred in a target system. The warning apparatus (2000) generates second detected event information (20) from the first detected event information (10). The second detected event information (20) represents, at a second abstraction level, the event set represented by the first detected event information (10). The warning apparatus (2000) determines, from among a plurality of pieces of threat information (30) each representing a threat activity, the threat information (30) having a high degree of relevance to at least either of the first detected event information (10) and the second detected event information (20). The warning apparatus (2000) generates warning information (40) relating to a threat being occurring in the target system, based on the determined threat information (30) and a matching level being an abstraction level associated with the detected event information having a high degree of relevance to the threat information (30).

公开(公告)号：US20230349750A1

公开(公告)日：2023-11-02

申请号：US17794019

申请日：2020-01-30

Applicant: NEC Corporation

Inventor： Yuji Kobayashi ,  Yoshiaki Sakae ,  Hiroki Tagato ,  Kazuhiko Isoyama ,  Jun Nishioka

IPC: G01H9/00

CPC classification number: G01H9/004 ,  E01C23/01

Abstract: A structure deterioration detection system according to the present disclosure includes: a sensing optical fiber (10) laid on a structure; a reception unit (201) that receives vibration information detected by the sensing optical fiber (10); an identification unit (202) that identifies a change pattern of a vibration characteristic of each of a plurality of points on the structure, based on the vibration information; and an analysis unit (203) that analyzes a deterioration state of at least one point among the plurality of points, based on a change pattern of a vibration characteristic of each of the plurality of points.

公开(公告)号：US11513884B2

公开(公告)日：2022-11-29

申请号：US17279155

申请日：2018-09-26

Applicant: NEC Corporation

Inventor： Yoshiaki Sakae ,  Kazuhiko Isoyama ,  Jun Nishioka ,  Etsuko Ichihara

IPC: G06F11/00 ,  G06F11/07

Abstract: An information processing apparatus 2000 executes analysis for an event history set (10). The event history set (10) is a set of a plurality of event histories (12). The event history (12) is information relating to an event generated in a target computer system. The information processing apparatus 2000 selects, based on a result of the analysis, an event history (12) to be excluded from deletion targets. The information processing apparatus (2000) deletes, from the event history set (10), an event history (12) other than the event history (12) excluded from the deletion targets.

公开(公告)号：US11449405B2

公开(公告)日：2022-09-20

申请号：US17041584

申请日：2018-03-28

Applicant: NEC CORPORATION

Inventor： Etsuko Ichihara ,  Yoshiaki Sakae ,  Kazuhiko Isoyama ,  Jun Nishioka

IPC: G06F11/30 ,  G06F16/901 ,  G06F11/32 ,  G06F21/56 ,  G06T11/20

Abstract: An information processing apparatus generates a graph that represents an action of a program. On the graph, an edge represents action contents of a process in an event. Further, two nodes connected by the edge respectively represent a subject and an object of the event. The information processing apparatus outputs the generated graph. Further, the information processing apparatus also alters the generated graph. When an index value of an event satisfies a first predetermined condition which index value is based on the number of occurrences or the frequency of occurrences of the event, the information processing apparatus alters the graph with respect to an edge representing the event.

公开(公告)号：US10754719B2

公开(公告)日：2020-08-25

申请号：US15781527

申请日：2016-12-06

Applicant: NEC Corporation

Inventor： Kazuhiko Isoyama ,  Koji Kida ,  Hiroki Tagato ,  Yoshiaki Sakae ,  Junpei Kamimura ,  Yuji Kobayashi ,  Etsuko Ichihara

IPC: G06F11/00 ,  G06F11/07 ,  G06F21/57

Abstract: The diagnosis device specifies a progression degree relating to a first information processing device for output information output by a first detection device at a first timing with respect to the first information processing device, based on device information indicates a progression degree that represents a degree to which the information processing device is abnormal with respect to the information processing device, determines whether or not information in which a first detection device identifier of the first detection device and the specified progression degree are associated with each other is included in progression-degree information in which a detection device identifier capable of identifying a detection device and the progression degree are associated with each other; and calculates the progression degree relating to the first information processing device according to the specified progression degree when the information is determined to be included in the progression-degree information.

公开(公告)号：US20150242253A1

公开(公告)日：2015-08-27

申请号：US14422810

申请日：2013-08-23

Applicant: NEC Corporation

Inventor： Kazuhiko Isoyama

IPC: G06F9/54 ,  G06F1/14

CPC classification number: G06F9/542 ,  G06F1/14 ,  G06F9/50 ,  G06F9/5027 ,  G06F13/00 ,  H04L41/0686 ,  H04L41/5019 ,  H04L67/12

Abstract: In an event processing system, a service level required for event processing is satisfied. A node information acquisition unit 110 acquires node information which includes information related to a connection destination node and performance information, from each of a plurality of nodes. Each of the plurality of nodes transfers an event or an event processing result to another connected node according to a transfer path. A node and path determination unit 120 determines a combination of an event processing node which is a node to perform the event processing and the transfer path from a source node from which an event is transmitted to a destination node to which an event processing result is transmitted, through one or more nodes including the event processing node, in such a way to satisfy a specified service level, on the basis of the node information.

Abstract translation: 在事件处理系统中，满足事件处理所需的服务等级。 节点信息获取单元110从多个节点中的每一个获取包括与连接目的地节点相关的信息和演出信息的节点信息。 多个节点中的每一个根据传送路径将事件或事件处理结果传送到另一个连接的节点。 节点和路径确定单元120确定作为执行事件处理的节点的事件处理节点和从发送事件的源节点到发送了事件处理结果的目的地节点的传输路径的组合 通过包括事件处理节点的一个或多个节点，以满足指定服务级别的方式，基于节点信息。

公开(公告)号：US12254097B2

公开(公告)日：2025-03-18

申请号：US17767138

申请日：2019-10-25

Applicant: NEC Corporation

Inventor： Jun Nishioka ,  Yoshiaki Sakae ,  Kazuhiko Isoyama ,  Yuji Kobayashi

IPC: G06F21/00 ,  G06F21/57

Abstract: In order to provide an evaluation apparatus that appropriately evaluates risk of a source code changing over time, an evaluation apparatus includes a generating unit and an output unit. The generating unit generates an evaluation related to risk of a first library described in a source code. The output unit calculates the degree of risk of the fist library, based on at least the generated evaluation, calculates a risk value indicating risk inherent in the source code, based on the calculated degree of risk, and also outputs time-series data of the calculated risk value.

公开(公告)号：US20240419807A1

公开(公告)日：2024-12-19

申请号：US18702865

申请日：2021-10-29

Applicant: NEC Corporation

Inventor： Junpei Kamimura ,  Kazuhiko Isoyama

IPC: G06F21/57

Abstract: A security analysis apparatus includes a determination unit. The determination unit searches for information described in a data flow diagram of a computer system to be analyzed, using a search query corresponding to an analysis rule for use in analysis, and determines a relationship between the data flow diagram and the analysis rule based on retrieved information.

公开(公告)号：US12118476B2

公开(公告)日：2024-10-15

申请号：US16963873

申请日：2018-12-20

Applicant: NEC CORPORATION

Inventor： Yoshiaki Sakae ,  Kazuhiko Isoyama ,  Takayoshi Asakura

IPC: G06N5/025 ,  G06F9/54 ,  G06F11/30

CPC classification number: G06N5/025 ,  G06F9/542 ,  G06F9/544 ,  G06F11/3051

Abstract: Based on a normal model, it is detected whether or not an event signal of a computer system is anomalous. In parallel with the normal-model-based anomaly detection, it is detected based on a rule whether or not the event signal is anomalous. Then, a final anomaly detection result is generated by performing comprehensive determination based on detection results of the normal-model-based anomaly detection and the rule-based anomaly detection.

公开(公告)号：US11914493B2

公开(公告)日：2024-02-27

申请号：US17145949

申请日：2021-01-11

Applicant: NEC CORPORATION

Inventor： Shuichi Karino ,  Kazuhiko Isoyama ,  Yuji Kobayashi ,  Yoshiaki Sakae ,  Hiroki Tagato ,  Masato Yasuda

IPC: G06F11/30 ,  G06F11/07 ,  G06F11/34

CPC classification number: G06F11/3006 ,  G06F11/079 ,  G06F11/0751 ,  G06F11/3055 ,  G06F11/3409 ,  G06F2201/86

Abstract: Provided is an information processing device which is capable of suppressing a deterioration in accuracy of detecting an anomaly and accuracy of analyzing the anomaly, while suppressing an increase in an amount of data to be stored. The information processing system includes anomaly detection unit that collects event data indicating a predetermined event detected in a process of a device to be monitored, determines whether a predetermined index value related to the event exceeds a preset first threshold, and instructs enhanced monitoring of the device to be monitored and the process related to the event when the index value exceeds the first threshold, and collection instruction unit that determines an additional event being an event to be additionally monitored when the enhanced monitoring is instructed, and instructs the device to be monitored, which is subjected to the enhanced monitoring, to monitor the determined additional event.