公开(公告)号：US20180276064A1

公开(公告)日：2018-09-27

申请号：US15781527

申请日：2016-12-06

Applicant: NEC Corporation

Inventor： Kazuhiko ISOYAMA ,  Koji KIDA ,  Hiroki TAGATO ,  Yoshiaki SAKAE ,  Junpei KAMIMURA ,  Yuji KOBAYASHI ,  Etsuko ICHIHARA

IPC: G06F11/07

Abstract: The diagnosis device specifies a progression degree relating to a first information processing device for output information output by a first detection device at a first timing with respect to the first information processing device, based on device information indicates a progression degree that represents a degree to which the information processing device is abnormal with respect to the information processing device, determines whether or not information in which a first detection device identifier of the first detection device and the specified progression degree are associated with each other is included in progression-degree information in which a detection device identifier capable of identifying a detection device and the progression degree are associated with each other; and calculates the progression degree relating to the first information processing device according to the specified progression degree when the information is determined to be included in the progression-degree information.

公开(公告)号：US20170255305A1

公开(公告)日：2017-09-07

申请号：US15508546

申请日：2015-09-07

Applicant: NEC Corporation

Inventor： Kazuhiko ISOYAMA ,  Etsuko ICHIHARA ,  Junpei KAMIMURA ,  Yoshiaki SAKAE ,  Yuji KOBAYASHI ,  Takashi NOMURA ,  Koji KIDA

IPC: G06F3/048 ,  G06F13/10 ,  G06F11/32

Abstract: Disclosed are a display device, etc. which display information in a display format that provides high visibility. The display device 201 comprises a display unit 202 which displays first nodes, each representing a different communication entity with communication capabilities, or second nodes, each representing a different group of a plurality of communication entities, around a first region, and which shows communications being carried out between first and second nodes, between a plurality of first nodes, or between a plurality of second nodes, in a display format in which the connections between these communicating nodes are indicated within the first region.

公开(公告)号：US20240265300A1

公开(公告)日：2024-08-08

申请号：US18290190

申请日：2021-05-18

Applicant: NEC Corporation

Inventor： Yuji KOBAYASHI ,  Yoshiaki SAKAE ,  Takashi KONASHI ,  Hiroki TAGATO ,  Jun NISHIOKA ,  Jun KODAMA ,  Etsuko ICHIHARA

IPC: G06N20/00

CPC classification number: G06N20/00

Abstract: In a model optimization device for a parameter estimation concerning optical communications, A model acquisition acquires a trained model. A data acquisition means acquires data from a terminal device. A model update means performs a model update of the trained model step by step to generate an updated model based on the data. A model output means outputs to an output destination device corresponding to the terminal device.

公开(公告)号：US20220391516A1

公开(公告)日：2022-12-08

申请号：US17767138

申请日：2019-10-25

Applicant: NEC Corporation

Inventor： Jun NISHIOKA ,  Yoshiaki SAKAE ,  Kazuhiko ISOYAMA ,  Yuji KOBAYASHI

IPC: G06F21/57

Abstract: In order to provide an evaluation apparatus that appropriately evaluates risk of a source code changing over time, an evaluation apparatus includes a generating unit and an output unit. The generating unit generates an evaluation related to risk of a first library described in a source code. The output unit calculates the degree of risk of the fist library, based on at least the generated evaluation, calculates a risk value indicating risk inherent in the source code, based on the calculated degree of risk, and also outputs time-series data of the calculated risk value.

公开(公告)号：US20220156371A1

公开(公告)日：2022-05-19

申请号：US17439509

申请日：2019-03-25

Applicant: NEC Corporation

Inventor： Jun NISHIOKA ,  Yoshiaki SAKAE ,  Kazuhiko ISOYAMA ,  Etsuko ICHUHARA

IPC: G06F21/56

Abstract: A warning apparatus (2000) acquires first detected event information (10) representing, at a first abstraction level, an event set being a set of events having occurred in a target system. The warning apparatus (2000) generates second detected event information (20) from the first detected event information (10). The second detected event information (20) represents, at a second abstraction level, the event set represented by the first detected event information (10). The warning apparatus (2000) determines, from among a plurality of pieces of threat information (30) each representing a threat activity, the threat information (30) having a high degree of relevance to at least either of the first detected event information (10) and the second detected event information (20). The warning apparatus (2000) generates warning information (40) relating to a threat being occurring in the target system, based on the determined threat information (30) and a matching level being an abstraction level associated with the detected event information having a high degree of relevance to the threat information (30).

公开(公告)号：US20220035914A1

公开(公告)日：2022-02-03

申请号：US17278767

申请日：2018-09-26

Applicant: NEC Corporation

Inventor： Kazuhiko ISOYAMA ,  Yoshiaki SAKAE ,  Jun NISHIOKA ,  Etsuko ICHIHARA

IPC: G06F21/56

Abstract: An information processing apparatus (2000) compares a name of a determination target file with a name of one or more normal files. The information processing apparatus (2000) outputs information related to the determination target file, when a name of the determination target file does not coincide with a name of any of the normal files, and a degree of reliability of the determination target file is equal to or less than a threshold value. A degree of reliability of the determination target file is calculated, based on a degree of similarity between a name of the determination target file and a name of each of the normal files.

公开(公告)号：US20220019660A1

公开(公告)日：2022-01-20

申请号：US17294167

申请日：2018-11-16

Applicant: NEC Corporation

Inventor： Etsuko ICHIHARA ,  Yoshiaki SAKAE ,  Kazuhiko ISOYAMA ,  Jun NISHIOKA

IPC: G06F21/55 ,  G06F16/901

Abstract: An information processing apparatus (2000) acquires an event graph (10) to be output and determines a subgraph satisfying a predetermined reference from the acquired event graph (10) to be output. In the event graph (10), an activity content in an event related to an activity of a program is represented as an edge (14), and each of a subject and an object of the event is represented as a node (12). The information processing apparatus (2000) outputs the event graph (10) with an output mode of the determined subgraph as a first mode and with an output mode of another portion as a mode other than the first mode. The first mode is a mode in which at least one of the number of nodes (12) and the number of edges (14) is reduced than the number included in the determined graph.

公开(公告)号：US20220012345A1

公开(公告)日：2022-01-13

申请号：US17431508

申请日：2019-02-20

Applicant: NEC Corporation

Inventor： Kazuhiko ISOYAMA ,  Yoshiaki SAKAE ,  Jun NISHIOKA ,  Etsuko ISHIHARA

IPC: G06F21/57 ,  G06F21/55

Abstract: A history output apparatus (2000) acquires an abnormal event history (10) being information representing an abnormal event occurring in a target system (100), and determines a kind of the abnormal event represented by the abnormal event history (10). When a kind of the determined abnormal event is a first kind, the history output apparatus (2000) determines a terminal (110) in which the abnormal event occurs, as an output target terminal. Further, the history output apparatus (2000) also determines another terminal (110) performing communication with the terminal (110) in which the abnormal event occurs at or before a point when the abnormal event occurs, as an output target terminal. When the abnormal event represented by the acquired abnormal event history (10) is an abnormal event occurring in the output target terminal, the history output apparatus (2000) outputs information relating to the abnormal event.

公开(公告)号：US20210397498A1

公开(公告)日：2021-12-23

申请号：US17279155

申请日：2018-09-26

Applicant: NEC corporation

Inventor： Yoshiaki SAKAE ,  Kazuhiko lSOYAMA ,  Jun NISHOKA ,  Etsuko ICHIHARA

IPC: G06F11/07

Abstract: An information processing apparatus 2000 executes analysis for an event history set (10). The event history set (10) is a set of a plurality of event histories (12). The event history (12) is information relating to an event generated in a target computer system. The information processing apparatus 2000 selects, based on a result of the analysis, an event history (12) to be excluded from deletion targets. The information processing apparatus (2000) deletes, from the event history set (10), an event history (12) other than the event history (12) excluded from the deletion targets.

公开(公告)号：US20210109801A1

公开(公告)日：2021-04-15

申请号：US16464555

申请日：2017-11-17

Applicant: NEC Corporation

Inventor： Masato YASUDA ,  Yoshiaki SAKAE ,  Hiroki TAGATO ,  Shuichi KARINO ,  Kazuhiko ISOYAMA ,  Yuji KOBAYASHI

IPC: G06F11/07

Abstract: An anomaly assessment device includes: a storage storing a correspondence relation between a type of a device, and a transition state candidate group in a stable state of the device of the type; at least one memory storing instructions; and at least one processor configured to execute the instructions to: acquire event information of a monitoring target device; identify a transition state associated with the event information acquired of the monitoring target device; and assesse normality/anomaly of the monitoring target device, based on the transition state candidate group associated with a type of the monitoring target device in the stored correspondence relation, and the identified transition state.