-
公开(公告)号:US20210034488A1
公开(公告)日:2021-02-04
申请号:US17041584
申请日:2018-03-28
Applicant: NEC CORPORATION
Inventor: Etsuko ICHIHARA , Yoshiaki SAKAE , Kazuhiko ISOYAMA , Jun NISHIOKA
IPC: G06F11/30 , G06T11/20 , G06F16/901 , G06F21/56 , G06F11/32
Abstract: An information processing apparatus generates a graph that represents an action of a program. On the graph, an edge represents action contents of a process in an event. Further, two nodes connected by the edge respectively represent a subject and an object of the event. The information processing apparatus outputs the generated graph. Further, the information processing apparatus also alters the generated graph. When an index value of an event satisfies a first predetermined condition which index value is based on the number of occurrences or the frequency of occurrences of the event, the information processing apparatus alters the graph with respect to an edge representing the event.
-
公开(公告)号:US20190018959A1
公开(公告)日:2019-01-17
申请号:US15781542
申请日:2016-12-06
Applicant: NEC Corporation
Inventor: Kazuhiko ISOYAMA , Koji KIDA , Hiroki TAGATO , Yoshiaki SAKAE , Junpei KAMIMURA , Yuji KOBAYASHI , Etsuko ICHIHARA
Abstract: The purpose of the present invention is to provide a software analysis device which efficiently analyzes a computer environment in which software is capable of running. The software analysis system determines an order of detection devices, generates order information representing the order, and calculate a progression degree of abnormality based on how degree a predetermined order include the order in the order information.
-
公开(公告)号:US20170075746A1
公开(公告)日:2017-03-16
申请号:US15122602
申请日:2015-03-18
Applicant: NEC Corporation
Inventor: Takashi NOMURA , Koji KIDA , Junpei KAMIMURA , Yoshiaki SAKAE , Etsuko KATSUDA , Kazuhiko ISOYAMA , Kentaro YAMASAKI , Yuji KOBAYASHI
CPC classification number: G06F11/079 , G06F11/0721 , G06F11/3006 , G06F11/3024 , G06F11/3055 , G06F11/3072 , G06F11/323 , G06F11/3476 , G06F2201/86 , G06F2201/865 , G06F2201/875
Abstract: The present invention provides an information processing device that outputs information including the data transmission relationship between elements constituting an information processing system, the information indicating the state of the information processing system. The information processing device includes a graphing means for generating a relationship graph based on an event log indicating the behavior of each of a plurality of processes operating in the system, the relationship graph having the processes as the vertices thereof and having the data transmission relationship between the vertices as the sides thereof; and a graph output means for outputting the generated relationship graph.
Abstract translation: 本发明提供了一种信息处理装置,其输出包括构成信息处理系统的元件之间的数据传输关系的信息,指示信息处理系统的状态的信息。 信息处理装置包括图形装置,用于基于指示系统中操作的多个处理中的每一个的行为的事件日志来生成关系图,所述关系图具有作为其顶点的处理,并且具有数据传输关系 顶点作为其侧面; 以及用于输出所生成的关系图的图形输出装置。
-
公开(公告)号:US20220391516A1
公开(公告)日:2022-12-08
申请号:US17767138
申请日:2019-10-25
Applicant: NEC Corporation
Inventor: Jun NISHIOKA , Yoshiaki SAKAE , Kazuhiko ISOYAMA , Yuji KOBAYASHI
IPC: G06F21/57
Abstract: In order to provide an evaluation apparatus that appropriately evaluates risk of a source code changing over time, an evaluation apparatus includes a generating unit and an output unit. The generating unit generates an evaluation related to risk of a first library described in a source code. The output unit calculates the degree of risk of the fist library, based on at least the generated evaluation, calculates a risk value indicating risk inherent in the source code, based on the calculated degree of risk, and also outputs time-series data of the calculated risk value.
-
公开(公告)号:US20220156371A1
公开(公告)日:2022-05-19
申请号:US17439509
申请日:2019-03-25
Applicant: NEC Corporation
Inventor: Jun NISHIOKA , Yoshiaki SAKAE , Kazuhiko ISOYAMA , Etsuko ICHUHARA
IPC: G06F21/56
Abstract: A warning apparatus (2000) acquires first detected event information (10) representing, at a first abstraction level, an event set being a set of events having occurred in a target system. The warning apparatus (2000) generates second detected event information (20) from the first detected event information (10). The second detected event information (20) represents, at a second abstraction level, the event set represented by the first detected event information (10). The warning apparatus (2000) determines, from among a plurality of pieces of threat information (30) each representing a threat activity, the threat information (30) having a high degree of relevance to at least either of the first detected event information (10) and the second detected event information (20). The warning apparatus (2000) generates warning information (40) relating to a threat being occurring in the target system, based on the determined threat information (30) and a matching level being an abstraction level associated with the detected event information having a high degree of relevance to the threat information (30).
-
Patent Agency Ranking
公开(公告)号:US20220035914A1
公开(公告)日:2022-02-03
申请号:US17278767
申请日:2018-09-26
Applicant: NEC Corporation
Inventor: Kazuhiko ISOYAMA , Yoshiaki SAKAE , Jun NISHIOKA , Etsuko ICHIHARA
IPC: G06F21/56
Abstract: An information processing apparatus (2000) compares a name of a determination target file with a name of one or more normal files. The information processing apparatus (2000) outputs information related to the determination target file, when a name of the determination target file does not coincide with a name of any of the normal files, and a degree of reliability of the determination target file is equal to or less than a threshold value. A degree of reliability of the determination target file is calculated, based on a degree of similarity between a name of the determination target file and a name of each of the normal files.
-
公开(公告)号:US20220019660A1
公开(公告)日:2022-01-20
申请号:US17294167
申请日:2018-11-16
Applicant: NEC Corporation
Inventor: Etsuko ICHIHARA , Yoshiaki SAKAE , Kazuhiko ISOYAMA , Jun NISHIOKA
IPC: G06F21/55 , G06F16/901
Abstract: An information processing apparatus (2000) acquires an event graph (10) to be output and determines a subgraph satisfying a predetermined reference from the acquired event graph (10) to be output. In the event graph (10), an activity content in an event related to an activity of a program is represented as an edge (14), and each of a subject and an object of the event is represented as a node (12). The information processing apparatus (2000) outputs the event graph (10) with an output mode of the determined subgraph as a first mode and with an output mode of another portion as a mode other than the first mode. The first mode is a mode in which at least one of the number of nodes (12) and the number of edges (14) is reduced than the number included in the determined graph.
-
公开(公告)号:US20220012345A1
公开(公告)日:2022-01-13
申请号:US17431508
申请日:2019-02-20
Applicant: NEC Corporation
Inventor: Kazuhiko ISOYAMA , Yoshiaki SAKAE , Jun NISHIOKA , Etsuko ISHIHARA
Abstract: A history output apparatus (2000) acquires an abnormal event history (10) being information representing an abnormal event occurring in a target system (100), and determines a kind of the abnormal event represented by the abnormal event history (10). When a kind of the determined abnormal event is a first kind, the history output apparatus (2000) determines a terminal (110) in which the abnormal event occurs, as an output target terminal. Further, the history output apparatus (2000) also determines another terminal (110) performing communication with the terminal (110) in which the abnormal event occurs at or before a point when the abnormal event occurs, as an output target terminal. When the abnormal event represented by the acquired abnormal event history (10) is an abnormal event occurring in the output target terminal, the history output apparatus (2000) outputs information relating to the abnormal event.
-
公开(公告)号:US20210109801A1
公开(公告)日:2021-04-15
申请号:US16464555
申请日:2017-11-17
Applicant: NEC Corporation
Inventor: Masato YASUDA , Yoshiaki SAKAE , Hiroki TAGATO , Shuichi KARINO , Kazuhiko ISOYAMA , Yuji KOBAYASHI
IPC: G06F11/07
Abstract: An anomaly assessment device includes: a storage storing a correspondence relation between a type of a device, and a transition state candidate group in a stable state of the device of the type; at least one memory storing instructions; and at least one processor configured to execute the instructions to: acquire event information of a monitoring target device; identify a transition state associated with the event information acquired of the monitoring target device; and assesse normality/anomaly of the monitoring target device, based on the transition state candidate group associated with a type of the monitoring target device in the stored correspondence relation, and the identified transition state.
-
公开(公告)号:US20200301907A1
公开(公告)日:2020-09-24
申请号:US15779580
申请日:2016-12-01
Applicant: NEC Corporation
Inventor: Junpei KAMIMURA , Koji KIDA , Kazuhiko ISOYAMA , Yuji KOBAYASHI , Hiroki TAGATO , Etsuko ICHIHARA , Yoshiaki SAKAE
IPC: G06F16/23 , G06F16/901
Abstract: The purpose of the present invention is to provide a technology which assists a verifying party in ascertaining an anomaly in an event of which notification has been made. Provided is an assistance device, comprising: an acquisition unit which acquires as an associated event, from among events which take place among a plurality of elements, and with respect to elements which have been associated with an event which has been detected as an anomalous event, an event other than the anomalous event which has been associated with the elements; and a generating unit which, on the basis of the anomalous event and the associated event, generates a relational graph in which the elements are vertices, the relations among the elements are edges, the anomalous event and the associated event are respectively represented, and the associated event is displayed in a display screen in a different manner from the manner in which the anomalous event is displayed.
-
-
-
-
-
-
-
-
-
Search Results
35
records
(took 0.014 seconds)
