公开(公告)号：US10887344B2

公开(公告)日：2021-01-05

申请号：US16101815

申请日：2018-08-13

Applicant: NEC Laboratories America, Inc.

Inventor： Cristian Lumezanu ,  Nipun Arora ,  Haifeng Chen ,  Bo Zong ,  Daeki Cho ,  Mingda Li

IPC: H04L29/00 ,  H04L29/06 ,  H04L12/733 ,  H04L12/26 ,  H04L12/741 ,  G06N20/00 ,  H04L12/751 ,  H04L12/893 ,  G06K9/62 ,  G06N3/08

Abstract: Endpoint security systems and methods include a distance estimation module configured to calculate a travel distance between a source Internet Protocol (IP) address and an IP address for a target network endpoint system from a received packet received by the target network endpoint system based on time-to-live (TTL) information from the received packet. A machine learning model is configured to estimate an expected travel distance between the source IP address and the target network endpoint system IP address based on a sparse set of known source/target distances. A spoof detection module is configured to determine that the received packet has a spoofed source IP address based on a comparison between the calculated travel distance and the expected travel distance. A security module is configured to perform a security action at the target network endpoint system responsive to the determination that the received packet has a spoofed source IP address.

公开(公告)号：US20200064822A1

公开(公告)日：2020-02-27

申请号：US16549146

申请日：2019-08-23

Applicant: NEC Laboratories America, Inc.

Inventor： Dongjin Song ,  Yuncong Chen ,  Cristian Lumezanu ,  Haifeng Chen ,  Chuxu Zhang

IPC: G05B23/02 ,  G06N3/04

Abstract: Methods and systems for anomaly detection and correction include generating original signature matrices that represent a state of a system of multiple time series. The original signature matrices are encoded using convolutional neural networks. Temporal patterns in the encoded signature matrices are modeled using convolutional long-short term memory neural networks for each respective convolutional neural network. The modeled signature matrices using deconvolutional neural networks. An occurrence of an anomaly is determined using a loss function based on a difference between the decoded signature matrices and the original signature matrices. A corrective action is performed responsive to the determination of the occurrence of the anomaly.

公开(公告)号：US20190098050A1

公开(公告)日：2019-03-28

申请号：US16101834

申请日：2018-08-13

Applicant: NEC Laboratories America, Inc.

Inventor： Cristian Lumezanu ,  Nipun Arora ,  Haifeng Chen ,  Bo Zong ,  Daeki Cho ,  Mingda Li

IPC: H04L29/06 ,  H04L12/733 ,  H04L12/741 ,  H04L12/26 ,  G06F15/18

Abstract: Endpoint security systems and methods include a distance estimation module configured to calculate a travel distance between a source Internet Protocol (IP) address and an IP address for a target network endpoint system from a received packet received by a network gateway system based on time-to-live (TTL) information from the received packet. A machine learning model is configured to estimate an expected travel distance between the source IP address and the target network endpoint system IP address based on a sparse set of known source/target distances. A spoof detection module is configured to determine that the received packet has a spoofed source IP address based on a comparison between the calculated travel distance and the expected travel distance. A security module is configured to perform a security action at the network gateway system responsive to the determination that the received packet has a spoofed source IP address.

公开(公告)号：US09654372B2

公开(公告)日：2017-05-16

申请号：US14300843

申请日：2014-06-10

Applicant: NEC Laboratories America, Inc.

Inventor： Cristian Lumezanu ,  Curtis Yu ,  Abhishek Sharma ,  Guofei Jiang ,  Qiang Xu

IPC: H04L12/26

CPC classification number: H04L43/106 ,  H04L43/0852

Abstract: In a software defined network having switches including first and last switches and intermediate switches, wherein a default routing path exists between the first and last switches, a system and method are provided for computing path latency. The method includes inserting a respective monitoring rule(s) in each switch, mandating for each switch, forwarding a received rule matching packet to a next switch, and further mandating for the first switch and the last switch, sending a PacketIn message to a controller. The method includes inserting, in each switch, a respective monitoring probe(s) matching the respective monitoring rule(s) in a same switch to initiate mandates specified by the respective monitoring rule(s) in the same switch responsive to an arrival of the packet thereat. The method includes time-stamping the PacketIn messages to generate PacketIn timestamps, aggregating the PacketIn timestamps, and estimating the path latency from an aggregation of PacketIn timestamps.

公开(公告)号：US20170118100A1

公开(公告)日：2017-04-27

申请号：US15264706

申请日：2016-09-14

Applicant: NEC Laboratories America, Inc.

Inventor： Qiang Xu ,  Cristian Lumezanu ,  Cheng Jin ,  Hyun-Wook Baek ,  Guofei Jiang

IPC: H04L12/26 ,  H04L12/815 ,  H04L12/707 ,  H04L12/741 ,  H04L12/721

CPC classification number: H04L43/0882 ,  H04L41/0823 ,  H04L41/14 ,  H04L43/0823 ,  H04L45/22 ,  H04L45/54 ,  H04L45/70 ,  H04L47/22

Abstract: Methods and systems for network management include performing path regression to determine an end-to-end path across physical links for each data flow in a network. A per-flow utilization of each physical link in the network is estimated based on the determined end-to-end paths. A management action is performed in the network based on the estimated per-flow utilization.

公开(公告)号：US09602338B2

公开(公告)日：2017-03-21

申请号：US14575013

申请日：2014-12-18

Applicant: NEC Laboratories America, Inc.

Inventor： Hui Zhang ,  Junghwan Rhee ,  Nipun Arora ,  Cristian Lumezanu ,  Guofei Jiang

IPC: H04L12/26 ,  H04L12/24

CPC classification number: H04L41/0631 ,  H04L41/069 ,  H04L41/14 ,  H04L43/0858

Abstract: A computer implemented method for network monitoring includes providing network packet event characterization and analysis for network monitoring that includes supporting summarization and characterization of network packet traces collected across multiple processing elements of different types in a virtual network, including a trace slicing to organize individual packet events into path-based trace slices, a trace characterization to extract at least 2 types of feature matrix describing those trace slices, and a trace analysis to cluster, rank and query packet traces based on metrics of the feature matrix.

公开(公告)号：US09413646B2

公开(公告)日：2016-08-09

申请号：US14831570

申请日：2015-08-20

Applicant: NEC Laboratories America, Inc.

Inventor： Cristian Lumezanu ,  Cheng Jin ,  Hui Zhang ,  Abhishek Sharma ,  Qiang Xu ,  Nipun Arora ,  Guofei Jiang

IPC: H04L12/28 ,  H04L12/753 ,  H04L12/721 ,  H04L12/46

CPC classification number: H04L45/48 ,  H04L12/462 ,  H04L45/14 ,  H04L45/16 ,  H04L45/18 ,  H04L45/64

Abstract: Systems and methods for controlling legacy switch routing in one or more hybrid networks of interconnected computers and switches, including generating a network underlay for the one or more hybrid networks by generating a minimum spanning tree (MST) and a forwarding graph (FWG) over a physical network topology of the one or more hybrid networks, determining an optimal path between hosts on the FWG by optimizing an initial path with a minimum cost mapping, and adjusting the initial path to enforce the optimal path by generating and installing special packets in one or more programmable switches to trigger installation of forwarding rules for one or more legacy switches.

Abstract translation: 用于控制互连计算机和交换机的一个或多个混合网络中的传统交换机路由的系统和方法，包括通过在一个或多个混合网络上生成最小生成树（MST）和转发图（FWG）来生成用于所述一个或多个混合网络的网络底层 一个或多个混合网络的物理网络拓扑，通过利用最小成本映射优化初始路径来确定FWG上的主机之间的最佳路径，以及通过在一个或多个混合网络中生成和安装专用分组来调整初始路径以实施最佳路径 更多的可编程开关来触发一个或多个传统交换机的转发规则的安装。

公开(公告)号：US20160057054A1

公开(公告)日：2016-02-25

申请号：US14831570

申请日：2015-08-20

Applicant: NEC Laboratories America, Inc.

Inventor： Cristian Lumezanu ,  Cheng Jin ,  Hui Zhang ,  Abhishek Sharma ,  Qiang Xu ,  Nipun Arora ,  Guofei Jiang

IPC: H04L12/753 ,  H04L12/44 ,  H04L12/721 ,  H04L12/24

CPC classification number: H04L45/48 ,  H04L12/462 ,  H04L45/14 ,  H04L45/16 ,  H04L45/18 ,  H04L45/64

Abstract: Systems and methods for controlling legacy switch routing in one or more hybrid networks of interconnected computers and switches, including generating a network underlay for the one or more hybrid networks by generating a minimum spanning tree (MST) and a forwarding graph (FWG) over a physical network topology of the one or more hybrid networks, determining an optimal path between hosts on the FWG by optimizing an initial path with a minimum cost mapping, and adjusting the initial path to enforce the optimal path by generating and installing special packets in one or more programmable switches to trigger installation of forwarding rules for one or more legacy switches.

Abstract translation: 用于控制互连计算机和交换机的一个或多个混合网络中的传统交换机路由的系统和方法，包括通过在一个或多个混合网络上生成最小生成树（MST）和转发图（FWG）来生成用于所述一个或多个混合网络的网络底层 一个或多个混合网络的物理网络拓扑，通过利用最小成本映射优化初始路径来确定FWG上的主机之间的最佳路径，以及通过在一个或多个混合网络中生成和安装专用分组来调整初始路径以实施最佳路径 更多的可编程开关来触发一个或多个传统交换机的转发规则的安装。

公开(公告)号：US20150281076A1

公开(公告)日：2015-10-01

申请号：US14665069

申请日：2015-03-23

Applicant: NEC Laboratories America, Inc.

Inventor： Hui Zhang ,  Cristian Lumezanu ,  Junghwan Rhee ,  Nipun Arora ,  Qiang Xu ,  Guofei Jiang

IPC: H04L12/741 ,  H04L12/721 ,  H04L12/801 ,  H04L12/947

CPC classification number: H04L45/02 ,  H04L43/12 ,  H04L45/64 ,  H04L45/70

Abstract: A computer implemented method for network monitoring includes providing network packet event characterization and analysis for network monitoring that includes supporting summarization and characterization of network packet traces collected across multiple processing elements of different types in a virtual network, including a trace slicing to organize individual packet events into path-based trace slices, a trace characterization to extract at least 2 types of feature matrix describing those trace slices, and a trace analysis to cluster, rank and query packet traces based on metrics of the feature matrix.

Abstract translation: 一种用于网络监测的计算机实现方法包括为网络监测提供网络分组事件表征和分析，其包括支持在虚拟网络中跨越不同类型的多个处理元件收集的网络分组跟踪的概括和表征，包括用于组织各个分组事件的跟踪分片 基于路径的跟踪切片，提取描述这些跟踪切片的至少2种类型的特征矩阵的跟踪表征，以及基于特征矩阵的度量的集群，排序和查询分组跟踪的跟踪分析。

公开(公告)号：US20150043382A1

公开(公告)日：2015-02-12

申请号：US14453054

申请日：2014-08-06

Applicant: NEC Laboratories America, Inc.

Inventor： Nipun Arora ,  Hui Zhang ,  Cristian Lumezanu ,  Junghwan Rhee ,  Guofei Jiang ,  Hui Lu

IPC: H04L12/24 ,  H04L12/46

CPC classification number: H04L41/082 ,  H04L12/4675 ,  H04L41/0226 ,  H04L41/0803 ,  H04L41/12 ,  H04L41/20

Abstract: Method and systems for controlling a hybrid network having software-defined network (SDN) switches and legacy switches include initializing a hybrid network topology by retrieving information on a physical and virtual infrastructure of the hybrid network; generating a path between two nodes on the hybrid network based on the physical and virtual infrastructure of the hybrid network; generating a virtual local area network by issuing remote procedure call instructions to legacy switches in accordance with a network configuration request; and generating an SDN network slice by issuing SDN commands to SDN switches in accordance with the network configuration request.

Abstract translation: 用于控制具有软件定义网络（SDN）交换机和传统交换机的混合网络的方法和系统包括通过检索混合网络的物理和虚拟基础设施上的信息来初始化混合网络拓扑; 基于混合网络的物理和虚拟基础设施，在混合网络上生成两个节点之间的路径; 通过根据网络配置请求向传统交换机发出远程过程呼叫指令来产生虚拟局域网; 以及根据网络配置请求向SDN交换机发出SDN命令来生成SDN网络切片。