-
公开(公告)号:US20180052998A1
公开(公告)日:2018-02-22
申请号:US15623589
申请日:2017-06-15
Applicant: NEC Laboratories America, Inc.
Inventor: Junghwan Rhee , Yuseok Jeon , Zhichun Li , Kangkook Jee , Zhenyu Wu , Guofei Jiang
CPC classification number: G06F21/566 , G06F21/54 , G06F21/563 , G06F21/577 , G06F21/6218 , G06F2221/034 , G06F2221/2141
Abstract: A computer-implemented method for analyzing operations of privilege changes is presented. The computer-implemented method includes inputting a program and performing source code analysis on the program by generating a privilege control flow graph (PCFG), generating a privilege data flow graph (PDFG), and generating a privilege call context graph (PCCG). The computer-implemented method further includes, based on the source code analysis results, instrumenting the program to perform inspections on execution states at privilege change operations, and performing runtime inspection and anomaly prevention.
-
公开(公告)号:US20180052995A1
公开(公告)日:2018-02-22
申请号:US15652796
申请日:2017-07-18
Applicant: NEC Laboratories America, Inc.
Inventor: Zhenyu Wu , Jungwhan Rhee , Yuseok Jeon , Zhichun Li , Kangkook Jee , Guofei Jiang
Abstract: Methods and systems for security analysis include determining whether a process has an origin internal to a system or external to the system using a processor based on monitored behavior events associated with the process. A security analysis is performed on only processes that have an external origin to determine if any of the processes having an external origin represent a security threat. A security action is performed if a process having an external origin is determined to represent a security threat.
-
公开(公告)号:US20180034836A1
公开(公告)日:2018-02-01
申请号:US15729030
申请日:2017-10-10
Applicant: NEC Laboratories America, Inc.
Inventor: Zhengzhang Chen , LuAn Tang , Ying Lin , Zhichun Li , Haifeng Chen , Guofei Jiang
IPC: H04L29/06
CPC classification number: H04L63/1416 , G06F21/554 , H04L41/12 , H04L41/142 , H04L41/145 , H04L63/1425
Abstract: Methods and systems for detecting security intrusions include detecting alerts in monitored system data. Temporal dependencies are determined between the alerts based on a prefix tree formed from the detected alerts. Content dependencies between the alerts are determined based on a distance between alerts in a graph representation of the detected alerts. The alerts are ranked based on an optimization problem that includes the temporal dependencies and the content dependencies. A security management action is performed based on the ranked alerts.
-
公开(公告)号:US20180013775A1
公开(公告)日:2018-01-11
申请号:US15644018
申请日:2017-07-07
Applicant: NEC Laboratories America, Inc. , NEC Corporation
Inventor: Kangkook Jee , Zhichun Li , Guofei Jiang , Lauri Korts-Parn , Zhenyu Wu , Yixin Sun , Junghwan Rhee
CPC classification number: H04L63/1416 , H04L61/1511 , H04L61/2007 , H04L63/1425
Abstract: A system and computer-implemented method are provided for host level detection of malicious Domain Name System (DNS) activities in a network environment having multiple end-hosts. The system includes a set of DNS resolver agents configured to (i) gather DNS activities from each of the multiple end-hosts by recording DNS queries and DNS responses corresponding to the DNS queries, and (ii) associate the DNS activities with Program Identifiers (PIDs) that identify programs that issued the DNS queries. The system further includes a backend server configured to detect one or more of the malicious DNS activities based on the gathered DNS activities and the PIDs.
-
15.发明申请公开(公告)号:US20170308427A1
公开(公告)日:2017-10-26
申请号:US15490499
申请日:2017-04-18
Applicant: NEC Laboratories America, Inc.
Inventor: Wei Cheng , Kenji Yoshihira , Haifeng Chen , Guofei Jiang
IPC: G06F11/07
CPC classification number: G06F11/0793 , G06F11/0709 , G06F11/079 , H04L41/064
Abstract: Methods are provided for both single modal and multimodal fault diagnosis. In a method, a fault fingerprint is constructed based on a fault event using an invariant model. A similarity matrix between the fault fingerprint and one or more historical representative fingerprints are derived using dynamic time warping and at least one convolution. A feature vector in a feature subspace for the fault fingerprint is generated. The feature vector includes at least one status of at least one system component during the fault event. A corrective action correlated to the fault fingerprint is determined. The corrective action is initiated on a hardware device to mitigate expected harm to at least one item selected from the group consisting of the hardware device, another hardware device related to the hardware device, and a person related to the hardware device.
-
Patent Agency Ranking
公开(公告)号:US20170293761A1
公开(公告)日:2017-10-12
申请号:US15479928
申请日:2017-04-05
Applicant: NEC Laboratories America, Inc.
Inventor: Junghwan Rhee , Zhichun Li , Zhenyu Wu , Kangkook Jee , Guofei Jiang
CPC classification number: G06F21/563 , G06F11/3688 , G06F11/3692 , G06F21/564 , G06F2221/033
Abstract: Systems and methods for identifying similarities in program binaries, including extracting program binary features from one or more input program binaries to generate corresponding hybrid features. The hybrid features include a reference feature, a resource feature, an abstract control flow feature, and a structural feature. Combinations of a plurality of pairs of binaries are generated from the extracted hybrid features, and a similarity score is determined for each of the pairs of binaries. A hybrid difference score is generated based on the similarity score for each of the binaries combined with input hybrid feature parameters. A likelihood of malware in the input program is identified based on the hybrid difference score.
-
公开(公告)号:US20170293542A1
公开(公告)日:2017-10-12
申请号:US15478714
申请日:2017-04-04
Applicant: NEC Laboratories America, Inc.
Inventor: Jianwu Xu , Ke Zhang , Hui Zhang , Renqiang Min , Guofei Jiang
CPC classification number: G06F11/2263 , G06N3/0445 , G06N5/04 , G06N99/005
Abstract: Methods for system failure prediction include clustering log files according to structural log patterns. Feature representations of the log files are determined based on the log clusters. A likelihood of a system failure is determined based on the feature representations using a neural network. An automatic system control action is performed if the likelihood of system failure exceeds a threshold.
-
公开(公告)号:US09602528B2
公开(公告)日:2017-03-21
申请号:US14712421
申请日:2015-05-14
Applicant: NEC Laboratories America, Inc.
Inventor: Zhiyun Qian , Jun Wang , Zhichun Li , Zhenyu Wu , Junghwan Rhee , Xia Ning , Guofei Jiang
CPC classification number: H04L63/1425 , G06F11/30 , G06F21/50 , G06F21/552 , G06F21/554 , G06N99/005 , H04L63/1441
Abstract: Methods and systems for process constraint include collecting system call information for a process. It is detected whether the process is idle based on the system call information and then whether the process is repeating using autocorrelation to determine whether the process issues system calls in a periodic fashion. The process is constrained if it is idle or repeating to limit an attack surface presented by the process.
-
公开(公告)号:US20170016354A1
公开(公告)日:2017-01-19
申请号:US15211191
申请日:2016-07-15
Applicant: NEC Laboratories America, Inc.
Inventor: Kai Zhang , Haifeng Chen , Kenji Yoshihira , Guofei Jiang
CPC classification number: F01K13/02 , F01K13/003 , G05B13/048
Abstract: Systems and methods are provided for optimizing system output in production systems, comprising. The method includes separating, by a processor, one or more initial input variables into a plurality of output variables, the output variables including environmental variables and system response variables. The method also includes building, using the processor, a nonparametric estimation that determines a relationship between one or more initial control variables and the system response variables, and estimating a global input-output mapping function, using the determined relationship, and a range of the environmental variables. The method further includes generating one or more optimal control variables from the initial control variables by maximizing the input-output mapping function and the range of the environmental variables. The method additionally includes incorporating one or more of the optimal control variables into a production system to increase production output of the production system.
Abstract translation: 提供了用于优化生产系统中的系统输出的系统和方法,包括。 该方法包括将处理器将一个或多个初始输入变量分离成多个输出变量,输出变量包括环境变量和系统响应变量。 该方法还包括使用处理器构建非参数估计,其确定一个或多个初始控制变量与系统响应变量之间的关系,以及使用所确定的关系估计全局输入 - 输出映射函数,以及范围的 环境变量。 该方法还包括通过最大化输入 - 输出映射函数和环境变量的范围从初始控制变量产生一个或多个最优控制变量。 该方法还包括将一个或多个最佳控制变量并入到生产系统中以增加生产系统的生产输出。
-
20.发明授权Dynamic border line tracing for tracking message flows across distributed systems 有权用于跟踪跨分布式系统的消息流的动态边界线跟踪公开(公告)号:US09535814B2
公开(公告)日:2017-01-03
申请号:US14665519
申请日:2015-03-23
Applicant: NEC Laboratories America, Inc.
Inventor: Nipun Arora , Junghwan Rhee , Hui Zhang , Guofei Jiang
CPC classification number: G06F11/3466
Abstract: The present invention enables capturing API level calls using a combination of dynamic instrumentation and library overriding. The invention allows event level tracing of API function calls and returns, and is able to generate an execution trace. The instrumentation is lightweight and relies on dynamic library/shared library linking mechanisms in most operating systems. Hence we need no source code modification or binary injection. The tool can be used to capture parameter values, and return values, which can be used to correlate traces across API function calls to generate transaction flow logic.
Abstract translation: 本发明可以使用动态检测和库重写的组合捕获API级别调用。 本发明允许API函数调用和返回的事件级别跟踪,并且能够生成执行跟踪。 该仪器是轻量级的,并且依赖于大多数操作系统中的动态库/共享库链接机制。 因此,我们不需要源代码修改或二进制注入。 该工具可用于捕获参数值和返回值,可用于将API函数调用之间的跟踪相关联,以生成事务流逻辑。
-
-
-
-
-
-
-
-
-
Search Results
176
records
(took 0.021 seconds)
