-
公开(公告)号:US20180336437A1
公开(公告)日:2018-11-22
申请号:US15981109
申请日:2018-05-16
Applicant: NEC Laboratories America, Inc.
Inventor: Wei Cheng , Haifeng Chen , Kenji Yoshihira
Abstract: A computer-implemented method, system, and computer program product are provided for a streaming graph display system with anomaly detection. The method includes receiving, by a processor, data or signals for creating a streaming graph. The method also includes creating, by the processor, a streaming graph from a plurality of vertices and edges in the data or the signals. The method additionally includes identifying, by the processor, an anomaly in the streaming graph based on a distance between edge codes and all current cluster centers determined by the plurality of vertices and edges. The method further includes controlling, by the processor, an operation of a processor-based machine to change a state of the processor-based machine, responsive to the anomaly. The method also includes displaying the streaming graph with the anomaly to a user.
-
公开(公告)号:US20180299877A1
公开(公告)日:2018-10-18
申请号:US15880979
申请日:2018-01-26
Applicant: NEC Laboratories America, Inc.
Inventor: Wei Cheng , Haifeng Chen , Kenji Yoshihira
Abstract: A method, computer program product, and a system is provided for power plant system fault diagnosis. The method includes detecting, using an invariant model, a fault event based on a broken pair-wise correlation. The method also includes constructing a fault signature based on the fault event. The method further includes generating a feature vector in a feature subspace for the fault signature, wherein said feature vector includes at least one status of at least one system component during the fault event. The method additionally includes determining a corrective action correlated to the fault signature, from among a plurality of candidate corrective actions associated with the one or more historical representative signature, based on a Jaccard similarity using the feature vector in the feature subspace. The method also includes initiating the corrective action on a hardware device to mitigate expected harm.
-
公开(公告)号:US20170132523A1
公开(公告)日:2017-05-11
申请号:US15340255
申请日:2016-11-01
Applicant: NEC Laboratories America, Inc.
Inventor: Hui Zhang , Haifeng Chen , Jianwu Xu , Kenji Yoshihira , Guofei Jiang
Abstract: Systems and methods are disclosed for detecting periodic event behaviors from machine generated logging by: capturing heterogeneous log messages, each log message including a time stamp and text content with one or more fields; recognizing log formats from log messages; transforming the text content into a set of time series data, one time series for each log format; during a training phase, analyzing the set of time series data and building a category model for each periodic event type in heterogeneous logs; and during live operation, applying the category model to a stream of time series data from live heterogeneous log messages and generating a flag on a time series data point violating the category model and generating an alarm report for the corresponding log message.
-
14.发明申请公开(公告)号:US20160086097A1
公开(公告)日:2016-03-24
申请号:US14846093
申请日:2015-09-04
Applicant: NEC Laboratories America, Inc.
Inventor: Hui Zhang , Jianwu Xu , Guofei Jiang , Kenji Yoshihira , Pallavi Joshi
CPC classification number: G06N99/005
Abstract: A method and system are provided. The method includes performing, by a logs-to-time-series converter, a logs-to-time-series conversion by transforming a plurality of heterogeneous logs into a set of time series. Each of the heterogeneous logs includes a time stamp and text portion with one or more fields. The method further includes performing, by a time-series-to-sequential-pattern converter, a time-series-to-sequential-pattern conversion by mining invariant relationships between the set of time series, and discovering sequential message patterns and association rules in the plurality of heterogeneous logs using the invariant relationships. The method also includes executing, by a processor, a set of log management applications, based on the sequential message patterns and the association rules.
Abstract translation: 提供了一种方法和系统。 该方法包括:通过日志到时间序列转换器,通过将多个异构日志转换为一组时间序列来进行日志到时间序列转换。 每个异类日志包括具有一个或多个字段的时间戳和文本部分。 该方法还包括通过时间序列到顺序模式转换器,通过在时间序列集合之间挖掘不变关系,并且发现顺序消息模式和关联规则来执行时间序列到顺序模式转换 使用不变关系的多个异类日志。 该方法还包括基于顺序消息模式和关联规则由处理器执行一组日志管理应用程序。
-
公开(公告)号:US20150094959A1
公开(公告)日:2015-04-02
申请号:US14503549
申请日:2014-10-01
Applicant: NEC Laboratories America, Inc.
Inventor: Xia Ning , Guofei Jiang , Haifeng Chen , Kenji Yoshihira
IPC: G01V99/00
CPC classification number: G01V99/005
Abstract: A method and system are provided for heterogeneous log analysis. The method includes performing hierarchical log clustering on heterogeneous logs to generate a log cluster hierarchy for the heterogeneous logs. The method further includes performing, by a log pattern recognizer device having a processor, log pattern recognition on the log cluster hierarchy to generate log pattern representations. The method also includes performing log field analysis on the log pattern representations to generate log field statistics. The method additionally includes performing log indexing on the log pattern representations to generate log indexes.
Abstract translation: 提供了一种用于异构对数分析的方法和系统。 该方法包括在异构日志上执行分层日志聚类,以生成异类日志的日志群集层次结构。 该方法还包括通过具有处理器的日志模式识别器装置执行日志簇层级上的日志模式识别以产生日志模式表示。 该方法还包括对日志模式表示执行日志字段分析以生成日志字段统计。 该方法还包括对日志模式表示执行日志索引以生成日志索引。
-
Patent Agency Ranking
公开(公告)号:US10476752B2
公开(公告)日:2019-11-12
申请号:US15477625
申请日:2017-04-03
Applicant: nec laboratories america, inc.
Inventor: Kenji Yoshihira , Zhichun Li , Zhengzhang Chen , Haifeng Chen , Guofei Jiang , LuAn Tang
Abstract: Methods and systems for reporting anomalous events include building a process graph that models states of process-level events in a network. A topology graph is built that models source and destination relationships between connection events in the network. A set of alerts is clustered based on the process graph and the topology graph. Clustered alerts that exceed a threshold level of trustworthiness are reported.
-
公开(公告)号:US10333815B2
公开(公告)日:2019-06-25
申请号:US15413812
申请日:2017-01-24
Applicant: NEC Laboratories America, Inc.
Inventor: LuAn Tang , Zhengzhang Chen , Haifeng Chen , Kenji Yoshihira , Guofei Jiang
Abstract: A computer-implemented method for real-time detecting of abnormal network connections is presented. The computer-implemented method includes collecting network connection events from at least one agent connected to a network, recording, via a topology graph, normal states of network connections among hosts in the network, and recording, via a port graph, relationships established between host and destination ports of all network connections.
-
公开(公告)号:US10298607B2
公开(公告)日:2019-05-21
申请号:US15725994
申请日:2017-10-05
Applicant: NEC Laboratories America, Inc.
Inventor: LuAn Tang , Hengtong Zhang , Zhengzhang Chen , Bo Zong , Zhichun Li , Guofei Jiang , Kenji Yoshihira
Abstract: Methods and systems for detecting anomalous events include detecting anomalous events in monitored system data. An event correlation graph is generated by determining a tendency for a first process to access a system target, including an innate tendency of the first process to access the system target, an influence of previous events from the first process, and an influence of processes other than the first process. Kill chains are generated from the event correlation graph that characterize events in an attack path over time. A security management action is performed based on the kill chains.
-
公开(公告)号:US20180336436A1
公开(公告)日:2018-11-22
申请号:US15981087
申请日:2018-05-16
Applicant: NEC Laboratories America, Inc.
Inventor: Wei Cheng , Haifeng Chen , Kenji Yoshihira
Abstract: A computer-implemented method, system, and computer program product are provided for anomaly detection system in streaming networks. The method includes receiving, by a processor, a plurality of vertices and edges from a streaming graph. The method also includes generating, by the processor, graph codes for the plurality of vertices and edges. The method additionally includes determining, by the processor, edge codes in real-time responsive to the graph codes. The method further includes identifying, by the processor, an anomaly based on a distance between edge codes and all current cluster centers. The method also includes controlling an operation of a processor-based machine to change a state of the processor-based machine, responsive to the anomaly.
-
公开(公告)号:US20170314961A1
公开(公告)日:2017-11-02
申请号:US15653115
申请日:2017-07-18
Applicant: NEC Laboratories America, Inc.
Inventor: Haifeng Chen , Kenji Yoshihira , Guofei Jiang
CPC classification number: G01D3/08 , G06F11/3055 , G06F11/3072 , G06F11/3447 , G06F17/18 , G06F17/5009 , G06F2201/805 , G06F2201/81 , G06K9/00536 , G06K9/6247 , G06K9/6252 , G06N5/04 , G06N7/08 , G06N20/00
Abstract: Systems and methods for anomaly detection in complex physical systems, including extracting features representative of a temporal evolution of the complex physical system, and analyzing the extracted features by deriving vector trajectories using sliding window segmentation of time series, applying a linear test to determine whether the vector trajectories are linear, and performing subspace decomposition on the vector trajectory based on the linear test. A system evolution model is generated from an ensemble of models, and a fitness score is determined by analyzing different data properties of the system based on specific data dependency relationships. An alarm is generated if the fitness score exceeds a predetermined number of threshold violations for the different data properties.
-
-
-
-
-
-
-
-
-
Search Results
47
records
(took 0.022 seconds)
