公开(公告)号：US20180060314A1

公开(公告)日：2018-03-01

申请号：US15659131

申请日：2017-07-25

Applicant: NEC Laboratories America, Inc.

Inventor： Jianwu Xu ,  Biplob Debnath ,  Hui Zhang ,  Guofei Jiang

IPC: G06F17/30

CPC classification number: G06F16/1794 ,  G06F16/258

Abstract: Methods and systems for log management include pre-processing heterogeneous logs and performing a log management action on the pre-processed plurality of heterogeneous logs. Pre-processing the logs includes performing a fixed tokenization of the heterogeneous logs based on a predefined set of symbols, performing a flexible tokenization of the heterogeneous logs based on a user-defined set of rules, converting timestamps in the heterogeneous logs to a single target timestamp format, and performing structural log tokenization of the heterogeneous logs based on user-defined structural information.

公开(公告)号：US20170293542A1

公开(公告)日：2017-10-12

申请号：US15478714

申请日：2017-04-04

Applicant: NEC Laboratories America, Inc.

Inventor： Jianwu Xu ,  Ke Zhang ,  Hui Zhang ,  Renqiang Min ,  Guofei Jiang

IPC: G06F11/22 ,  G06N5/04 ,  G06N3/04

CPC classification number: G06F11/2263 ,  G06N3/0445 ,  G06N5/04 ,  G06N99/005

Abstract: Methods for system failure prediction include clustering log files according to structural log patterns. Feature representations of the log files are determined based on the log clusters. A likelihood of a system failure is determined based on the feature representations using a neural network. An automatic system control action is performed if the likelihood of system failure exceeds a threshold.

公开(公告)号：US09535814B2

公开(公告)日：2017-01-03

申请号：US14665519

申请日：2015-03-23

Applicant: NEC Laboratories America, Inc.

Inventor： Nipun Arora ,  Junghwan Rhee ,  Hui Zhang ,  Guofei Jiang

IPC: G06F9/44 ,  G06F11/34

CPC classification number: G06F11/3466

Abstract: The present invention enables capturing API level calls using a combination of dynamic instrumentation and library overriding. The invention allows event level tracing of API function calls and returns, and is able to generate an execution trace. The instrumentation is lightweight and relies on dynamic library/shared library linking mechanisms in most operating systems. Hence we need no source code modification or binary injection. The tool can be used to capture parameter values, and return values, which can be used to correlate traces across API function calls to generate transaction flow logic.

Abstract translation: 本发明可以使用动态检测和库重写的组合捕获API级别调用。 本发明允许API函数调用和返回的事件级别跟踪，并且能够生成执行跟踪。 该仪器是轻量级的，并且依赖于大多数操作系统中的动态库/共享库链接机制。 因此，我们不需要源代码修改或二进制注入。 该工具可用于捕获参数值和返回值，可用于将API函数调用之间的跟踪相关联，以生成事务流逻辑。

公开(公告)号：US20160179600A1

公开(公告)日：2016-06-23

申请号：US14957566

申请日：2015-12-02

Applicant: NEC Laboratories America, Inc.

Inventor： Pallavi Joshi ,  Hui Zhang ,  Jianwu Xu ,  Xiao Yu ,  Guofei Jiang

IPC: G06F11/07

CPC classification number: G06F11/0751 ,  G06F11/0715 ,  G06F11/3006 ,  G06F11/3414 ,  G06F11/3447 ,  G06F11/3476 ,  H04L41/00 ,  H04L41/142 ,  H04L41/16

Abstract: Systems and methods are disclosed for detecting error in a cloud infrastructure by running a plurality of training tasks on the cloud infrastructure and generating training execution logs; generating a model miner with the training execution logs to represent one or more correct task executions in the cloud infrastructure; after training, running a plurality of tasks on the cloud infrastructure and capturing live execution logs; and from the live execution logs, if a current task deviates from the correct task execution, indicating an execution error for correction in real-time.

Abstract translation: 公开了用于通过在云基础设施上运行多个训练任务并生成训练执行日志来检测云基础架构中的错误的系统和方法; 生成具有训练执行日志的模型矿工，以表示云基础架构中的一个或多个正确的任务执行; 培训后，在云基础架构上运行多个任务并捕获实时执行日志; 如果当前任务偏离正确的任务执行，则表示实时执行错误。

公开(公告)号：US20140298300A1

公开(公告)日：2014-10-02

申请号：US14227481

申请日：2014-03-27

Applicant: NEC Laboratories America, Inc.

Inventor： Jungwhan Rhee ,  Hui Zhang ,  Nipun Arora ,  Guofei Jiang ,  Qiang Zeng

IPC: G06F11/34

CPC classification number: G06F11/3466 ,  G06F2201/865

Abstract: A computer implemented method for maintaining a program's calling context correct even when a monitoring of the program goes out of a scope of a program analysis by validating function call transitions and recovering partial paths before and after the violation of the program's control flow. The method includes detecting a violation of control flow invariants in the software system including validating a source and destination of a function call in the software system, interpreting a pre-violation partial path responsive to a failure of the validating, and interpreting a post violation path after a violation of program flow.

Abstract translation: 即使当程序的监视超出程序分析的范围时，通过验证功能调用转换并在违反程序的控制流程之前和之后恢复部分路径，用于维护程序的调用上下文的计算机实现的方法也是正确的。 该方法包括检测软件系统中的控制流不变量的违反，包括验证软件系统中的函数调用的源和目的地，响应于验证失败解释预先违反部分路径，以及解释后违反路径 违反程序流程后。

公开(公告)号：US20140068351A1

公开(公告)日：2014-03-06

申请号：US14012000

申请日：2013-08-28

Applicant: NEC Laboratories America, Inc.

Inventor： Junghwan Rhee ,  Hui Zhang ,  Nipun Arora ,  Guofei Jiang ,  Kenji Yoshihira

IPC: G06F11/30

CPC classification number: G06F11/3034 ,  G06F11/073 ,  G06F11/079 ,  G06F11/30 ,  G06F11/3037 ,  G06F11/3051 ,  G06F11/3476 ,  G06F11/3604 ,  G06F11/3636 ,  G06F2201/865

Abstract: A computer implemented method provides efficient monitoring and analysis of a program's memory objects in the operation stage. The invention can visualize and analyze a monitored program's data status with improved semantic information without requiring source code at runtime. The invention can provide higher quality of system management, performance debugging, and root-cause error analysis of enterprise software in the production stage.

Abstract translation: 计算机实现的方法在操作阶段提供对程序的存储器对象的有效监视和分析。 本发明可以使用改进的语义信息可视化和分析被监视程序的数据状态，而不需要运行时的源代码。 本发明可以在生产阶段提供更高质量的系统管理，性能调试和企业软件的根本原因误差分析。

公开(公告)号：US11196758B2

公开(公告)日：2021-12-07

申请号：US15889666

申请日：2018-02-06

Applicant: NEC Laboratories America, Inc.

Inventor： Hui Zhang ,  Jianwu Xu ,  Biplob Debnath

IPC: H04L29/06 ,  G06N20/00 ,  G06N5/04

Abstract: Systems and methods for enabling automated log analysis with controllable resource requirements are provided. A training set for log pattern learning is generated based on heterogeneous logs generated by a computer system. An incremental learning process is implemented to generate a set of log patterns from the training set. The heterogeneous logs are parsed using the set of log patterns. A set of applications is applied to the parsed logs.

公开(公告)号：US11055631B2

公开(公告)日：2021-07-06

申请号：US15874220

申请日：2018-01-18

Applicant: NEC Laboratories America, Inc.

Inventor： Hui Zhang ,  Bo Zong

IPC: G06N20/00 ,  G05B23/02 ,  C23C16/455 ,  G06N5/04 ,  G06F16/951 ,  C07F1/00 ,  C07F1/08 ,  C07F3/00 ,  C07F3/02 ,  C07F3/06 ,  C07F5/00 ,  C07F7/00 ,  C07F7/28 ,  C07F9/00 ,  C07F11/00 ,  C07F13/00 ,  C07F15/00 ,  C07F15/02 ,  C07F15/04 ,  C07F15/06 ,  C23C16/18 ,  H01L21/02

Abstract: Systems and methods for automatically generating a set of meta-parameters used to train invariant-based anomaly detectors are provided. Data is transformed into a first set of time series data and a second set of time series data. A fitness threshold search is performed on the first set of time series data to automatically generate a fitness threshold, and a time resolution search is performed on the set of second time series data to automatically generate a time resolution. A set of meta-parameters including the fitness threshold and the time resolution are sent to one or more user devices across a network to govern the training of an invariant-based anomaly detector.

公开(公告)号：US10706229B2

公开(公告)日：2020-07-07

申请号：US16145580

申请日：2018-09-28

Applicant: NEC Laboratories America, Inc.

Inventor： Jianwu Xu ,  Hui Zhang ,  Haifeng Chen ,  Tanay Kumar Saha

IPC: G06F17/40 ,  G06F40/211 ,  G06F7/06 ,  G06F40/30 ,  G06F40/216 ,  G06F40/284

Abstract: A computer-implemented method, system, and computer program product are provided for content aware heterogeneous log pattern comparative analysis. The method includes receiving, by a processor-device, a plurality of heterogeneous logs. The method also includes extracting, by the processor-device, a plurality of log syntactic patterns from the plurality of heterogenous logs. The method additionally includes generating, by the processor-device, latent representation vectors for each of the plurality of log syntactic patterns. The method further includes predicting, by the processor-device, an anomaly from the clustered latent representation vectors. The method also includes controlling an operation of a processor-based machine to react in accordance with the anomaly.

公开(公告)号：US10474642B2

公开(公告)日：2019-11-12

申请号：US15659131

申请日：2017-07-25

Applicant: NEC Laboratories America, Inc.

Inventor： Jianwu Xu ,  Biplob Debnath ,  Hui Zhang ,  Guofei Jiang

IPC: G06F17/00 ,  G06F16/178

Abstract: Methods and systems for log management include pre-processing heterogeneous logs and performing a log management action on the pre-processed plurality of heterogeneous logs. Pre-processing the logs includes performing a fixed tokenization of the heterogeneous logs based on a predefined set of symbols, performing a flexible tokenization of the heterogeneous logs based on a user-defined set of rules, converting timestamps in the heterogeneous logs to a single target timestamp format, and performing structural log tokenization of the heterogeneous logs based on user-defined structural information.