公开(公告)号：US09092568B2

公开(公告)日：2015-07-28

申请号：US13873610

申请日：2013-04-30

Applicant: NEC Laboratories America, Inc.

Inventor： Junghwan Rhee ,  Hui Zhang ,  Nipun Arora ,  Guofei Jiang ,  Kenji Yoshihira ,  Myoungku Song

IPC: G06F9/44 ,  G06F11/36

CPC classification number: G06F11/3636 ,  G06F11/3604

Abstract: A system for automatically instrumenting and tracing an application program and related software components achieves a correlated tracing of the program execution. It includes tracing of endpoints that are the set of functions in the program execution path that the developers are interested. The tracing endpoints and related events become the total set of functions to be traced in the program (called instrument points). This invention automatically analyzes the program and generates such instrumentation points to enable correlated tracing. The generated set of instrumentation points addresses common questions that developers ask when they use monitoring tools.

Abstract translation: 用于自动测试和跟踪应用程序和相关软件组件的系统实现了程序执行的相关跟踪。 它包括跟踪开发人员感兴趣的程序执行路径中的一组函数的端点。 跟踪终点和相关事件成为程序中要追踪的功能的总数（称为仪器点）。 本发明自动分析程序并生成这样的仪器点以实现相关跟踪。 生成的仪器仪表组解决了开发人员在使用监控工具时所要求的常见问题。

公开(公告)号：US09075912B2

公开(公告)日：2015-07-07

申请号：US13850562

申请日：2013-03-26

Applicant: NEC Laboratories America, Inc.

Inventor： Jungwhan Rhee ,  Guofei Jiang ,  Kenji Yoshihira ,  Hui Zhang

IPC: G06F11/00 ,  G06F11/36 ,  G06F11/34

CPC classification number: G06F11/3636 ,  G06F11/34 ,  G06F11/3466 ,  G06F2201/86 ,  G06F2201/865

Abstract: A method includes generating a normal trace in a training stage for the monitored software systems and a monitored trace in the deployment stage for anomaly detection, applying resource transfer functions to traces to convert them to resource features, and system call categorization to traces to convert them to program behavior features, performing anomaly detection in a global scope using the derived resource features and program behavior features, in case the system finds no anomaly, generating no anomaly report, in case the anomaly is found, including the result in an anomaly report; and performing conditional anomaly detection.

Abstract translation: 一种方法包括在受监视的软件系统的训练阶段生成正常轨迹，以及在部署阶段中用于异常检测的受监控轨迹，将资源传递函数应用到轨迹以将其转换为资源特征，以及将系统调用分类到跟踪以转换它们 程序行为特征，使用导出的资源特征和程序行为特征在全局范围内执行异常检测，以防系统发现异常情况，发现异常报告，包括异常报告中的结果; 并执行条件异常检测。

公开(公告)号：US20140229921A1

公开(公告)日：2014-08-14

申请号：US14168375

申请日：2014-01-30

Applicant: NEC Laboratories America, Inc.

Inventor： Nipun Arora ,  Hui Zhang ,  Junghwan Rhee ,  Guofei Jiang ,  Kenji Yoshihira

IPC: G06F11/36

CPC classification number: G06F11/3644 ,  G06F11/3636

Abstract: This invention provides a new mechanism for “Hot-Tracing” using a novel placeholder mechanism and binary rewriting techniques, which leverages existing compiler flags in order to enable light-weight and highly flexible dynamic instrumentation. Broadly, I-Probe can be divided in 2 distinct workflows—1. Pre-processing (ColdPatch), and 2. Hot Tracing. The first phase is a pre-processing mechanism to prepare the binary for phase 2. The second phase is the actual hot-tracing mechanism, which allows users to dynamically instrument functions (more specifically symbols) of their choice.

Abstract translation: 本发明提供了一种使用新型占位符机制和二进制重写技术的“热追踪”的新机制，其利用现有的编译器标志以便实现轻量级和高度灵活的动态仪器。 普遍来说，I-Probe可以分为两个不同的工作流程 - 1。 预处理（ColdPatch）和2.热追踪。 第一阶段是为阶段2准备二进制的预处理机制。第二阶段是实际的热追踪机制，允许用户动态地对其选择的功能（更具体地说是符号）进行仪器仪表功能。

公开(公告)号：US20140115403A1

公开(公告)日：2014-04-24

申请号：US13850562

申请日：2013-03-26

Applicant: NEC Laboratories America, Inc.

Inventor： Jungwhan Rhee ,  Guofei Jiang ,  Kenji Yoshihira ,  Hui Zhang

IPC: G06F11/36

CPC classification number: G06F11/3636 ,  G06F11/34 ,  G06F11/3466 ,  G06F2201/86 ,  G06F2201/865

Abstract: A method includes generating a normal trace in a training stage for the monitored software systems and a monitored trace in the deployment stage for anomaly detection, applying resource transfer functions to traces to convert them to resource features, and system call categorization to traces to convert them to program behavior features, performing anomaly detection in a global scope using the derived resource features and program behavior features, in case the system finds no anomaly, generating no anomaly report, in case the anomaly is found, including the result in an anomaly report; and performing conditional anomaly detection.

Abstract translation: 一种方法包括在受监视的软件系统的训练阶段生成正常轨迹，以及在部署阶段中用于异常检测的受监控轨迹，将资源传递函数应用到轨迹以将其转换为资源特征，以及将系统调用分类到跟踪以转换它们 程序行为特征，使用导出的资源特征和程序行为特征在全局范围内执行异常检测，以防系统发现异常情况，发现异常报告，包括异常报告中的结果; 并执行条件异常检测。

公开(公告)号：US10990616B2

公开(公告)日：2021-04-27

申请号：US15351452

申请日：2016-11-15

Applicant: NEC Laboratories America, Inc.

Inventor： Biplob Debnath ,  Jianwu Xu ,  Hui Zhang ,  Guofei Jiang ,  Hossein Hamooni

IPC: G06F11/34 ,  G06F16/31 ,  G06F17/40 ,  G06K9/46

Abstract: Systems and methods are disclosed for parsing logs from arbitrary or unknown systems or applications by capturing heterogeneous logs from the arbitrary or unknown systems or applications; generating one pattern for every unique log message; building a pattern hierarchy tree by grouping patterns based on similarity metrics, and for every group it generates one pattern by combing all constituting patterns of that group; and selecting a set of patterns from the pattern hierarchy tree.

公开(公告)号：US10929763B2

公开(公告)日：2021-02-23

申请号：US15684293

申请日：2017-08-23

Applicant: NEC Laboratories America, Inc.

Inventor： Jianwu Xu ,  Biplob Debnath ,  Bo Zong ,  Hui Zhang ,  Guofei Jiang ,  Hancheng Ge

IPC: G06N5/04 ,  G06F17/16 ,  G06N7/00 ,  G06F40/00 ,  G06F40/16 ,  G06F40/284

Abstract: A heterogeneous log pattern editing recommendation system and computer-implemented method are provided. The system has a processor configured to identify, from heterogeneous logs, patterns including variable fields and constant fields. The processor is also configured to extract a category feature, a cardinality feature, and a before-after n-gram feature by tokenizing the variable fields in the identified patterns. The processor is additionally configured to generate target similarity scores between target fields to be potentially edited and other fields from among the variable fields in the heterogeneous logs using pattern editing operations based on the extracted category feature, the extracted cardinality feature, and the extracted before-after n-gram feature. The processor is further configured to recommend, to a user, log pattern edits for at least one of the target fields based on the target similarity scores between the target fields in the heterogeneous logs.

公开(公告)号：US10678625B2

公开(公告)日：2020-06-09

申请号：US16033278

申请日：2018-07-12

Applicant: NEC Laboratories America, Inc.

Inventor： Pranay Anchuri ,  Jianwu Xu ,  Hui Zhang

IPC: G06F11/00 ,  G06F11/07

Abstract: Systems and methods for automatically generating failure signatures in a computer system for performing computer system fault diagnosis are provided. The method includes receiving log data, converting each log in the log data into a collection of log pattern sequences including one or more log pattern sequences corresponding to one or more respective failure categories associated with the computer system, generating a collection of seed patterns by computing a global set of patterns from the collection of log pattern sequences, and extracting the collection of seed patterns from the global set of patterns, generating a log pattern grammar representation for each of the one or more log pattern sequences, generating a failure signature for each of the one or more failure categories based on the log pattern grammar representation and the collection of seed patterns, and employing the failure signatures to perform computer system fault diagnosis on new log data.

公开(公告)号：US10409669B2

公开(公告)日：2019-09-10

申请号：US15810960

申请日：2017-11-13

Applicant: NEC Laboratories America, Inc.

Inventor： Bo Zong ,  LuAn Tang ,  Qi Song ,  Biplob Debnath ,  Hui Zhang ,  Guofei Jiang

IPC: G06F11/07 ,  G06F11/34 ,  G06N3/08 ,  G06N5/04 ,  G06N5/02

Abstract: A method is provided that includes transforming training data into a neural network based learning model using a set of temporal graphs derived from the training data. The method includes performing model learning on the learning model by automatically adjusting learning model parameters based on the set of the temporal graphs to minimize differences between a predetermined ground-truth ranking list and a learning model output ranking list. The method includes transforming testing data into a neural network based inference model using another set of temporal graphs derived from the testing data. The method includes performing model inference by applying the inference and learning models to test data to extract context features for alerts in the test data and calculate a ranking list for the alerts based on the extracted context features. Top-ranked alerts are identified as critical alerts. Each alert represents an anomaly in the test data.

公开(公告)号：US10333805B2

公开(公告)日：2019-06-25

申请号：US15956392

申请日：2018-04-18

Applicant: NEC Laboratories America, Inc.

Inventor： Biplob Debnath ,  Hui Zhang

IPC: G06F17/27 ,  H04L12/26 ,  H04W4/38 ,  G06K9/72 ,  G06K9/62 ,  G06F16/31 ,  H04W4/70

Abstract: A computer-implemented method for generating patterns from a set of heterogeneous log messages is presented. The method includes collecting the set of heterogenous log messages from arbitrary or unknown systems or applications or sensors or instruments, splitting the log messages into tokens based on a set of delimiters, identifying datatypes of the tokens, identifying a log structure of the log messages by generating pattern-signatures of all the tokens and the datatypes based on predefined pattern settings, generating a pattern for each of the log structures and enabling users to edit the pattern for each of the log structures based on user requirements.

公开(公告)号：US20190163552A1

公开(公告)日：2019-05-30

申请号：US16200950

申请日：2018-11-27

Applicant: NEC Laboratories America, Inc.

Inventor： Jianwu Xu ,  Hui Zhang ,  Haifeng Chen ,  Tanay Kumar Saha

IPC: G06F11/07 ,  G06N20/10

Abstract: Systems and methods for contextual event sequence analysis of system failure that analyzes heterogeneous system event record logs are disclosed. The disclosure relates to analyzing event sequences for system failure in ICT and other computerized systems and determining their causes and propagation chains.