-
公开(公告)号:US11522881B2
公开(公告)日:2022-12-06
申请号:US16992395
申请日:2020-08-13
Applicant: NEC Laboratories America, Inc.
Inventor: Zhengzhang Chen , Jiaping Gui , Haifeng Chen , Lei Cai
Abstract: A computer-implemented method for graph structure based anomaly detection on a dynamic graph is provided. The method includes detecting anomalous edges in the dynamic graph by learning graph structure changes in the dynamic graph with respect to target edges to be evaluated in a given time window repeatedly applied to the dynamic graph. The target edges correspond to particular different timestamps. The method further includes predicting a category of each of the target edges as being one of anomalous and non-anomalous based on the graph structure changes. The method also includes controlling a hardware based device to avoid an impending failure responsive to the category of at least one of the target edges.
-
公开(公告)号:US11463472B2
公开(公告)日:2022-10-04
申请号:US16653259
申请日:2019-10-15
Applicant: NEC Laboratories America, Inc.
Inventor: Zhengzhang Chen , Ding Li , Zhichun Li , Shen Wang
IPC: H04L29/06 , H04L9/40 , G06K9/62 , G06F16/901 , G06N3/04
Abstract: A method for detecting malicious program behavior includes performing program verification based on system activity data, analyzing unverified program data identified from the program verification to detect abnormal events, including analyzing host-level events to detect abnormal host-level events by learning a program representation as a graph embedding through an attentional architecture based on an invariant graph between different system entities, generating detection results based on the analysis, and performing at least one corrective action based on the detection results.
-
公开(公告)号:US20220111836A1
公开(公告)日:2022-04-14
申请号:US17493323
申请日:2021-10-04
Applicant: NEC Laboratories America, Inc.
Inventor: LuAn Tang , Wei Cheng , Haifeng Chen , Zhengzhang Chen , Yuxiang Ren
Abstract: A method for vehicle fault detection is provided. The method includes training, by a cloud module controlled by a processor device, an entity-shared modular and a shared modular connection controller. The entity-shared modular stores common knowledge for a transfer scope, and is formed from a set of sub-networks which are dynamically assembled for different target entities of a vehicle by the shared modular connection controller. The method further includes training, by an edge module controlled by another processor device, an entity-specific decoder and an entity-specific connection controller. The entity-specific decoder is for filtering entity-specific information from the common knowledge in the entity-shared modular by dynamically assembling the set of sub-networks in a manner decided by the entity specific connection controller.
-
公开(公告)号:US11275832B2
公开(公告)日:2022-03-15
申请号:US16781366
申请日:2020-02-04
Applicant: NEC Laboratories America, Inc.
Inventor: Ding Li , Kangkook Jee , Zhichun Li , Zhengzhang Chen , Xiao Yu
Abstract: Methods and systems for security monitoring and response include assigning an anomaly score to each of a plurality of event paths that are stored in a first memory. Events that are cold, events that are older than a threshold, and events that are not part of a top-k anomalous path are identified. The identified events are evicted from the first memory to a second memory. A threat associated with events in the first memory is identified. A security action is performed responsive to the identified threat.
-
55.发明申请公开(公告)号:US20210248462A1
公开(公告)日:2021-08-12
申请号:US17158466
申请日:2021-01-26
Applicant: NEC Laboratories America, Inc.
Inventor: Jingchao Ni , Zhengzhang Chen , Wei Cheng , Bo Zong , Haifeng Chen
Abstract: A method interprets a convolutional sequence model. The method converts an input data sequence having input segments into output features. The method clusters the input segments into clusters using respective resolution-controllable class prototypes allocated to each of classes. Each respective class prototype includes a respective output feature subset characterizing a respective associated class. The method calculates, using the clusters, similarity scores that indicate a similarity of an output feature to a respective class prototypes responsive to distances between the output feature and the respective class prototypes. The method concatenates the similarity scores to obtain a similarity vector. The method performs a prediction and prediction support operation that provides a value of prediction and an interpretation for the value responsive to the input segments and similarity vector. The interpretation for the value of prediction is provided using only non-negative weights and lacking a weight bias in the fully connected layer.
-
Patent Agency Ranking
公开(公告)号:US10915626B2
公开(公告)日:2021-02-09
申请号:US16161769
申请日:2018-10-16
Applicant: NEC Laboratories America, Inc.
Inventor: LuAn Tang , Zhengzhang Chen , Zhichun Li , Zhenyu Wu , Jumpei Kamimura , Haifeng Chen
Abstract: A computer-implemented method for implementing alert interpretation in enterprise security systems is presented. The computer-implemented method includes employing a plurality of sensors to monitor streaming data from a plurality of computing devices, generating alerts based on the monitored streaming data, and employing an alert interpretation module to interpret the alerts in real-time, the alert interpretation module including a process-star graph constructor for retrieving relationships from the streaming data to construct process-star graph models and an alert cause detector for analyzing the alerts based on the process-star graph models to determine an entity that causes an alert.
-
公开(公告)号:US10476749B2
公开(公告)日:2019-11-12
申请号:US15477603
申请日:2017-04-03
Applicant: nec laboratories america, inc.
Inventor: Kenji Yoshihira , Zhichun Li , Zhengzhang Chen , Haifeng Chen , Guofei Jiang , LuAn Tang
Abstract: Methods and systems for reporting anomalous events include intra-host clustering a set of alerts based on a process graph that models states of process-level events in a network. Hidden relationship clustering is performed on the intra-host clustered alerts based on hidden relationships between alerts in respective clusters. Inter-host clustering is performed on the hidden relationship clustered alerts based on a topology graph that models source and destination relationships between connection events in the network. Inter-host clustered alerts that exceed a threshold level of trustworthiness are reported.
-
公开(公告)号:US20190121971A1
公开(公告)日:2019-04-25
申请号:US16161769
申请日:2018-10-16
Applicant: NEC Laboratories America, Inc.
Inventor: LuAn Tang , Zhengzhang Chen , Zhichun Li , Zhenyu Wu , Jumpei Kamimura , Haifeng Chen
Abstract: A computer-implemented method for implementing alert interpretation in enterprise security systems is presented. The computer-implemented method includes employing a plurality of sensors to monitor streaming data from a plurality of computing devices, generating alerts based on the monitored streaming data, and employing an alert interpretation module to interpret the alerts in real-time, the alert interpretation module including a process-star graph constructor for retrieving relationships from the streaming data to construct process-star graph models and an alert cause detector for analyzing the alerts based on the process-star graph models to determine an entity that causes an alert.
-
公开(公告)号:US20190121970A1
公开(公告)日:2019-04-25
申请号:US16161701
申请日:2018-10-16
Applicant: NEC Laboratories America, Inc.
Inventor: LuAn Tang , Zhengzhang Chen , Zhichun Li , Zhenyu Wu , Jumpei Kamimura , Haifeng Chen
Abstract: A computer-implemented method for implementing alert interpretation in enterprise security systems is presented. The computer-implemented method includes employing a plurality of sensors to monitor streaming data from a plurality of computing devices, generating alerts based on the monitored streaming data, employing an alert interpretation module to interpret the alerts in real-time, matching problematic entities to the streaming data, retrieving following events, and generating an aftermath graph on a visualization component.
-
公开(公告)号:US20160358104A1
公开(公告)日:2016-12-08
申请号:US15160280
申请日:2016-05-20
Applicant: NEC Laboratories America, Inc.
Inventor: Kai Zhang , Zhengzhang Chen , Haifeng Chen , Guofei Jiang
Abstract: Systems and methods are provided for acquiring data from an input signal using multitask regression. The method includes: receiving the input signal, the input signal including data that includes a plurality of features; determining at least two computational tasks to analyze within the input signal; regularizing all of the at least two tasks using shared adaptive weights; performing a multitask regression on the input signal to create a solution path for all of the at least two tasks, wherein the multitask regression includes updating a model coefficient and a regularization weight together under an equality norm constraint until convergence is reached, and updating the model coefficient and regularization weight together under an updated equality norm constraint that has a greater l1-penalty than the previous equality norm constraint until convergence is reached; selecting a sparse model from the solution path; constructing an image using the sparse model; and displaying the image.
Abstract translation: 提供了系统和方法,用于使用多任务回归从输入信号中获取数据。 所述方法包括:接收所述输入信号,所述输入信号包括包括多个特征的数据; 确定在输入信号内分析的至少两个计算任务; 使用共享自适应权重对所有至少两个任务进行规则化; 对输入信号执行多任务回归,以创建用于所有至少两个任务的解决路径,其中所述多任务回归包括在等式范数约束下一起更新模型系数和正则化权重直到达到收敛,并且更新所述模型 系数和正则化权重在更新的等式规范约束下一起,其具有比先前的等式范数约束更大的l1惩罚,直到达到收敛; 从解决路径中选择稀疏模型; 使用稀疏模型构建图像; 并显示图像。
-
-
-
-
-
-
-
-
-
Search Results
106
records
(took 0.026 seconds)
