公开(公告)号：US20230109729A1

公开(公告)日：2023-04-13

申请号：US17958597

申请日：2022-10-03

Applicant: NEC Laboratories America, Inc.

Inventor： Yuncong Chen ,  Zhengzhang Chen ,  Xuchao Zhang ,  Wenchao Yu ,  Haifeng Chen ,  LuAn Tang ,  Zexue He

IPC: G06N3/08 ,  G06F40/47 ,  G06F40/30

Abstract: A computer-implemented method for multi-model representation learning is provided. The method includes encoding, by a trained time series (TS) encoder, an input TS segment into a TS-shared latent representation and a TS-private latent representation. The method further includes generating, by a trained text generator, a natural language text that explains the input TS segment, responsive to the TS-shared latent representation, the TS-private latent representation, and a text-private latent representation.

公开(公告)号：US20220382614A1

公开(公告)日：2022-12-01

申请号：US17745134

申请日：2022-05-16

Applicant: NEC Laboratories America, Inc.

Inventor： Zhengzhang Chen ,  Haifeng Chen ,  Yuncong Chen

IPC: G06F11/07 ,  G06F11/34

Abstract: Methods and systems for detecting and responding to an anomaly include determining a first system-level performance prediction using system-level statistics. A second system-level performance prediction is determined using system-level statistics and service-level statistics. The first prediction to the second prediction are compared to identify a discrepancy. It is determined that a service corresponding to the service-level statistics is a cause of a detected failure in a distributed computing system. An action directed to the service is performed responsive to the detected failure.

公开(公告)号：US20220107878A1

公开(公告)日：2022-04-07

申请号：US17491632

申请日：2021-10-01

Applicant: NEC Laboratories America, Inc.

Inventor： Yuncong Chen ,  Zhengzhang Chen ,  Cristian Lumezanu ,  Masanao Natsumeda ,  Xiao Yu ,  Wei Cheng ,  Takehiko Mizoguchi ,  Haifeng Chen

IPC: G06F11/34 ,  G06N3/04 ,  G06N3/08

Abstract: A method for system metric prediction and influential events identification by concurrently employing metric logs and event logs is presented. The method includes concurrently modeling multivariate metric series and individual events in event series by a multi-stream recurrent neural network (RNN) to improve prediction of future metrics, where the multi-stream RNN includes a series of RNNs, one RNN for each metric and one RNN for each event sequence and modeling causality relations between the multivariate metric series and the individual events in the event series by employing an attention mechanism to identify target events most responsible for fluctuations of one or more target metrics.

公开(公告)号：US20220084335A1

公开(公告)日：2022-03-17

申请号：US17464056

申请日：2021-09-01

Applicant: NEC Laboratories America, Inc. ,  NEC Corporation

Inventor： LuAn Tang ,  Wei Cheng ,  Haifeng Chen ,  Yuji Kobayashi ,  Zhengzhang Chen

IPC: G07C5/08 ,  G06N3/04

Abstract: A method for early warning is provided. The method clusters normal historical data of normal cars into groups based on the car subsystem to which they belong. The method extracts (i) features based on group membership and (ii) feature correlations based on correlation graphs formed from the groups. The method trains an Auto-Encoder and Auto Decoder (AE&AD) model based on the features and the feature correlations to reconstruct the normal historical data with minimum reconstruction errors. The method reconstructs, using the trained AE&AD model, historical data of specific car fault types with reconstruction errors, normalizes the reconstruction errors, and selects features of the car faults with a top k large errors as fault signatures. The method reconstructs streaming data of monitored cars using the trained AE&AD model to determine streaming reconstruction errors, comparing the streaming reconstruction errors with the fault signatures to predict and provide alerts for impending known faults.

公开(公告)号：US11223649B2

公开(公告)日：2022-01-11

申请号：US16379024

申请日：2019-04-09

Applicant: NEC Laboratories America, Inc.

Inventor： Zhenyu Wu ,  Yue Li ,  Junghwan Rhee ,  Kangkook Jee ,  Zichun Li ,  Jumpei Kamimura ,  LuAn Tang ,  Zhengzhang Chen

IPC: H04L29/06 ,  G06F16/901 ,  G06F11/34

Abstract: A method for ransomware detection and prevention includes receiving an event stream associated with one or more computer system events, generating user-added-value knowledge data for one or more digital assets by modeling digital asset interactions based on the event stream, including accumulating user-added-values of each of the one or more digital assets, and detecting ransomware behavior based at least in part on the user-added-value knowledge, including analyzing destruction of the user-added values for the one or more digital assets.

公开(公告)号：US11194906B2

公开(公告)日：2021-12-07

申请号：US16507353

申请日：2019-07-10

Applicant: NEC Laboratories America, Inc.

Inventor： Ding Li ,  Kangkook Jee ,  Zhengzhang Chen ,  Zhichun Li ,  Wajih Ul Hassan

IPC: G06F21/55 ,  G06F21/56

Abstract: A method for implementing automated threat alert triage via data provenance includes receiving a set of alerts and security provenance data, separating true alert events within the set of alert events corresponding to malicious activity from false alert events within the set of alert events corresponding to benign activity based on an alert anomaly score assigned to the at least one alert event, and automatically generating a set of triaged alert events based on the separation.

公开(公告)号：US20210067527A1

公开(公告)日：2021-03-04

申请号：US16992395

申请日：2020-08-13

Applicant: NEC Laboratories America, Inc.

Inventor： Zhengzhang Chen ,  Jiaping Gui ,  Haifeng Chen ,  Lei Cai

IPC: H04L29/06 ,  G06N3/08

Abstract: A computer-implemented method for graph structure based anomaly detection on a dynamic graph is provided. The method includes detecting anomalous edges in the dynamic graph by learning graph structure changes in the dynamic graph with respect to target edges to be evaluated in a given time window repeatedly applied to the dynamic graph. The target edges correspond to particular different timestamps. The method further includes predicting a category of each of the target edges as being one of anomalous and non-anomalous based on the graph structure changes. The method also includes controlling a hardware based device to avoid an impending failure responsive to the category of at least one of the target edges.

公开(公告)号：US10885185B2

公开(公告)日：2021-01-05

申请号：US16161564

申请日：2018-10-16

Applicant: NEC Laboratories America, Inc.

Inventor： LuAn Tang ,  Zhengzhang Chen ,  Zhichun Li ,  Zhenyu Wu ,  Jumpei Kamimura ,  Haifeng Chen

IPC: H04L29/06 ,  G06F21/55 ,  H04L12/24 ,  G06F21/57

Abstract: A computer-implemented method for implementing alert interpretation in enterprise security systems is presented. The computer-implemented method includes employing a plurality of sensors to monitor streaming data from a plurality of computing devices, generating alerts based on the monitored streaming data, automatically analyzing the alerts, in real-time, by using a graph-based alert interpretation engine employing process-star graph models, retrieving a cause of the alerts, an aftermath of the alerts, and baselines for the alert interpretation, and integrating the cause of the alerts, the aftermath of the alerts, and the baselines to output an alert interpretation graph to a user interface of a user device.

公开(公告)号：US20200059484A1

公开(公告)日：2020-02-20

申请号：US16535521

申请日：2019-08-08

Applicant: NEC Laboratories America, Inc.

Inventor： Junghwan Rhee ,  LuAn Tang ,  Zhengzhang Chen ,  Chung Hwan Kim ,  Zhichun Li ,  Ziqiao Zhou

IPC: H04L29/06 ,  G05B19/418

Abstract: A computer-implemented method for implementing protocol-independent anomaly detection within an industrial control system (ICS) includes implementing a detection stage, including performing byte filtering using a byte filtering model based on at least one new network packet associated with the ICS, performing horizontal detection to determine whether a horizontal constraint anomaly exists in the at least one network packet based on the byte filtering and a horizontal model, including analyzing constraints across different bytes of the at least one new network packet, performing message clustering based on the horizontal detection to generate first cluster information, and performing vertical detection to determine whether a vertical anomaly exists based on the first cluster information and a vertical model, including analyzing a temporal pattern of each byte of the at least one new network packet.

公开(公告)号：US10367842B2

公开(公告)日：2019-07-30

申请号：US15902318

申请日：2018-02-22

Applicant: NEC Laboratories America, Inc.

Inventor： Zhengzhang Chen ,  LuAn Tang ,  Zhichun Li ,  Cheng Cao

IPC: H04L29/06 ,  G06F21/55

Abstract: Systems and methods for determining a risk level of a host in a network include modeling a target host's behavior based on historical events recorded at the target host. One or more original peer hosts having behavior similar to the target host's behavior are determined. An anomaly score for the target host is determined based on how the target host's behavior changes relative to behavior of the one or more original peer hosts over time. A security management action is performed based on the anomaly score.