公开(公告)号：US20190121971A1

公开(公告)日：2019-04-25

申请号：US16161769

申请日：2018-10-16

Applicant: NEC Laboratories America, Inc.

Inventor： LuAn Tang ,  Zhengzhang Chen ,  Zhichun Li ,  Zhenyu Wu ,  Jumpei Kamimura ,  Haifeng Chen

IPC: G06F21/55 ,  H04L12/24 ,  H04L29/06

Abstract: A computer-implemented method for implementing alert interpretation in enterprise security systems is presented. The computer-implemented method includes employing a plurality of sensors to monitor streaming data from a plurality of computing devices, generating alerts based on the monitored streaming data, and employing an alert interpretation module to interpret the alerts in real-time, the alert interpretation module including a process-star graph constructor for retrieving relationships from the streaming data to construct process-star graph models and an alert cause detector for analyzing the alerts based on the process-star graph models to determine an entity that causes an alert.

公开(公告)号：US20190121970A1

公开(公告)日：2019-04-25

申请号：US16161701

申请日：2018-10-16

Applicant: NEC Laboratories America, Inc.

Inventor： LuAn Tang ,  Zhengzhang Chen ,  Zhichun Li ,  Zhenyu Wu ,  Jumpei Kamimura ,  Haifeng Chen

IPC: G06F21/55 ,  H04L12/24 ,  H04L29/06

Abstract: A computer-implemented method for implementing alert interpretation in enterprise security systems is presented. The computer-implemented method includes employing a plurality of sensors to monitor streaming data from a plurality of computing devices, generating alerts based on the monitored streaming data, employing an alert interpretation module to interpret the alerts in real-time, matching problematic entities to the streaming data, retrieving following events, and generating an aftermath graph on a visualization component.

公开(公告)号：US20180364655A1

公开(公告)日：2018-12-20

申请号：US16009822

申请日：2018-06-15

Applicant: NEC Laboratories America, Inc.

Inventor： Tan Yan ,  Haifeng Chen ,  LuAn Tang

IPC: G05B13/02 ,  G05B13/04 ,  B01D53/30

CPC classification number: G05B13/0265 ,  B01D53/30 ,  B01D2258/06 ,  G05B13/04

Abstract: A computer-implemented method, system, and computer program product are provided for anomaly detection. The method includes receiving, by a processor, sensor data from a plurality of sensors in a system. The method also includes generating, by the processor, a relationship model based on the sensor data. The method additionally includes updating, by the processor, the relationship model with new sensor data. The method further includes identifying, by the processor, an anomaly based on a fused single-variant time series fitness score in the relationship model. The method also includes controlling an operation of a processor-based machine to change a state of the processor-based machine, responsive to the anomaly.

公开(公告)号：US20250131154A1

公开(公告)日：2025-04-24

申请号：US18619802

申请日：2024-03-28

Applicant: NEC Laboratories America, Inc.

Inventor： LuAn Tang ,  Peng Yuan ,  Haifeng Chen

IPC: G06F30/20

Abstract: Systems and methods for creating a model include converting historical data into categorical time series data; de-noising the categorical time series data by organizing events into transition sets and removing noisy transitions sets according to a coefficient of variation. A relationship graph is generated that determines relationships between pairs of nodes, where the nodes relate to respective data sources and where the relationships indicate a degree of correlation between nodes based on the de-noised categorical time-series data, using a Hawkes process that determines a likelihood of a category transition based on historical events. An anomaly threshold is determined based on anomaly scores for a validation dataset using the relationship graph, wherein a likelihood output of the Hawkes process that exceeds the anomaly threshold indicates an anomaly.

公开(公告)号：US20240354215A1

公开(公告)日：2024-10-24

申请号：US18594582

申请日：2024-03-04

Applicant: NEC Laboratories America, Inc.

Inventor： Peng Yuan ,  LuAn Tang ,  Haifeng Chen ,  Yuncong Chen ,  Zhengzhang Chen ,  Motoyuki Sato

IPC: G06F11/34 ,  G06F11/32

CPC classification number: G06F11/3452 ,  G06F11/327

Abstract: Systems and methods are provided for incident analysis in Cyber-Physical Systems (CPS) using a Temporal Graph-based Incident Analysis System (TGIAS) and/or Transition Based Categorical Anomaly Detection (TCAD). Dynamically gathered multimodal data from a distributed network of sensors across the CPS are preprocessed to identify abnormal sensor readings indicative of potential incidents, and a multi-layered incident timeline graph, representing abnormal sensor readings, relationships to specific CPS components, and temporal sequencing of events is constructed. Severity scores are calculated, and severity rankings are assigned to identified anomalies based on a composite index including impact on CPS operation, comparison with historical incident data, and predictive risk assessments. Probable root causes of incidents and pathways for anomaly propagation through the CPS are identified using causal interference and the incident timeline graph to detect underlying vulnerabilities and predict future system weaknesses. Recommended actions are generated and executed for incident resolution and system optimization.

公开(公告)号：US20240185026A1

公开(公告)日：2024-06-06

申请号：US18493391

申请日：2023-10-24

Applicant: NEC Laboratories America, Inc. ,  NEC Corporation

Inventor： LuAn Tang ,  Yuncong Chen ,  Wei Cheng ,  Haifeng Chen ,  Zhengzhang Chen ,  Yuji Kobayashi

IPC: G06N3/0442 ,  G06N3/08

CPC classification number: G06N3/0442 ,  G06N3/08

Abstract: Methods and systems for defect detection include determining a first residual score by comparing a first predicted system state, determined according to previously measured environment data, to an actual system state. A second residual score is determined by comparing a second predicted system state, determined according to previously measured system state data, to the actual system state. A defect score is generated based on a difference between the first residual score and the second residual score. An automatic action is performed responsive to a determination that the defect score indicates a defect in system behavior.

公开(公告)号：US11989983B2

公开(公告)日：2024-05-21

申请号：US17241481

申请日：2021-04-27

Applicant: NEC Laboratories America, Inc.

Inventor： LuAn Tang ,  Haifeng Chen ,  Wei Cheng ,  Junghwan Rhee ,  Jumpei Kamimura

IPC: G07C5/08 ,  B60W50/02 ,  B60W50/035 ,  B60W50/038 ,  G06N3/044 ,  G06N3/045 ,  G06N3/08 ,  G06N3/088 ,  G07C5/00

CPC classification number: G07C5/085 ,  B60W50/0205 ,  B60W50/035 ,  B60W50/038 ,  G06N3/044 ,  G06N3/045 ,  G06N3/08 ,  G06N3/088 ,  G07C5/008 ,  G07C5/0808 ,  B60W2710/06 ,  B60W2710/18

Abstract: Methods and systems for vehicle fault detection include collecting operational data from sensors in a vehicle. The sensors are associated with vehicle sub-systems. The operational data is processed with a neural network to generate a fault score, which represents a similarity to fault state training scenarios, and an anomaly score, which represents a dissimilarity to normal state training scenarios. The fault score is determined to be above a fault score threshold and the anomaly score is determined to be above an anomaly score threshold to detect a fault. A corrective action is performed responsive the fault, based on a sub-system associated with the fault.

公开(公告)号：US20230376758A1

公开(公告)日：2023-11-23

申请号：US18302939

申请日：2023-04-19

Applicant: NEC Laboratories America, Inc.

Inventor： Zhengzhang Chen ,  Yuncong Chen ,  LuAn Tang ,  Haifeng Chen

IPC: G06N3/08 ,  G06N3/0442 ,  G06N7/01

CPC classification number: G06N3/08 ,  G06N3/0442 ,  G06N7/01

Abstract: A method for employing root cause analysis is presented. The method includes embedding, by an embedding layer, a sequence of events into a low-dimension space, employing a feature extractor and representation learner to convert log data from the sequence of events to time series data, the feature extractor including an auto-encoder model and a language model, and detecting root causes of failure or fault activities from the time series data.

公开(公告)号：US11687772B2

公开(公告)日：2023-06-27

申请号：US16508512

申请日：2019-07-11

Applicant: NEC Laboratories America, Inc.

Inventor： Shuchu Han ,  LuAn Tang ,  Haifeng Chen

IPC: G06N3/08 ,  G06N3/04

CPC classification number: G06N3/08 ,  G06N3/04

Abstract: Methods and systems for optimizing performance of a cyber-physical system include training a machine learning model, according to sensor data from the cyber-physical system, to generate one or more parameters for controllable sensors in the cyber-physical system that optimize a performance indicator. New sensor data is collected from the cyber-physical system. One or more parameters for the controllable sensors are generated using the trained machine learning module and the new sensor data. The one or more parameters are applied to the controllable sensors to optimize the performance of the cyber-physical system.

公开(公告)号：US11496493B2

公开(公告)日：2022-11-08

申请号：US16565746

申请日：2019-09-10

Applicant: NEC Laboratories America, Inc.

Inventor： LuAn Tang ,  Jingchao Ni ,  Wei Cheng ,  Haifeng Chen ,  Dongjin Song ,  Bo Zong ,  Wenchao Yu

IPC: H04L29/06 ,  H04L9/40 ,  G06F16/901 ,  G06K9/62

Abstract: Systems and methods for implementing dynamic graph analysis (DGA) to detect anomalous network traffic are provided. The method includes processing communications and profile data associated with multiple devices to determine dynamic graphs. The method includes generating features to model temporal behaviors of network traffic generated by the multiple devices based on the dynamic graphs. The method also includes formulating a list of prediction results for sources of the anomalous network traffic from the multiple devices based on the temporal behaviors.