-
公开(公告)号:US10289471B2
公开(公告)日:2019-05-14
申请号:US15420949
申请日:2017-01-31
发明人: Wei Cheng , Kai Zhang , Haifeng Chen , Guofei Jiang
摘要: A method is provided for root cause anomaly detection in an invariant network having a plurality of nodes that generate time series data. The method includes modeling anomaly propagation in the network. The method includes reconstructing broken invariant links in an invariant graph based on causal anomaly ranking vectors. Each broken invariant link involves a respective node pair formed from the plurality of nodes such that one of the nodes in the respective node pair has an anomaly. Each causal anomaly ranking vector is for indicating a respective node anomaly status for a given one of the plurality of nodes when paired. The method includes calculating a sparse penalty of the casual anomaly ranking vectors to obtain a set of time-dependent anomaly rankings. The method includes performing temporal smoothing of the set of rankings, and controlling an anomaly-initiating one of the plurality of nodes based on the set of rankings.
-
公开(公告)号:US20190121969A1
公开(公告)日:2019-04-25
申请号:US16161564
申请日:2018-10-16
发明人: LuAn Tang , Zhengzhang Chen , Zhichun Li , Zhenyu Wu , Jumpei Kamimura , Haifeng Chen
摘要: A computer-implemented method for implementing alert interpretation in enterprise security systems is presented. The computer-implemented method includes employing a plurality of sensors to monitor streaming data from a plurality of computing devices, generating alerts based on the monitored streaming data, automatically analyzing the alerts, in real-time, by using a graph-based alert interpretation engine employing process-star graph models, retrieving a cause of the alerts, an aftermath of the alerts, and baselines for the alert interpretation, and integrating the cause of the alerts, the aftermath of the alerts, and the baselines to output an alert interpretation graph to a user interface of a user device.
-
公开(公告)号:US20180365291A1
公开(公告)日:2018-12-20
申请号:US15983404
申请日:2018-05-18
发明人: Haifeng Chen , Youfu Li , Daeki Cho , Bo Zong , Nipun Arora , Cristian Lumezanu
IPC分类号: G06F17/30
摘要: Systems and methods for optimizing query execution to improve query processing by a computer are provided. A query is analyzed and translated into a logical plan. A runtime query optimizer is applied to the logical plan to identify a physical plan including operators for execution. The logical plan is translated into the physical plan. Execution of the query is scheduled according to the physical plan.
-
54.发明申请公开(公告)号:US20180054085A1
公开(公告)日:2018-02-22
申请号:US15680796
申请日:2017-08-18
发明人: Tan Yan , Dongjin Song , Haifeng Chen , Guofei Jiang , Tingyang Xu
CPC分类号: H02J13/0006 , G05B17/02 , G06F17/142 , G06F17/16 , G06F17/18 , G06K9/00563 , G06K9/6244 , G06K9/6267 , G06N7/08 , G06N20/00
摘要: A power generator system with anomaly detection and methods for detecting anomalies include a power generator that includes one or more physical components configured to provide electrical power. Sensors are configured to make measurements of a state of respective physical components, outputting respective time series of said measurements. A monitoring system includes a fitting module configured to determine a predictive model for each pair of a set of time series, an anomaly detection module configured to compare new values of each pair of time series to values predicted by the respective predictive model to determine if the respective predictive model is broken and to determine a number of broken predictive model, and an alert module configured to generate an anomaly alert if the number of broken predictive models exceeds a threshold.
-
公开(公告)号:US20180034836A1
公开(公告)日:2018-02-01
申请号:US15729030
申请日:2017-10-10
发明人: Zhengzhang Chen , LuAn Tang , Ying Lin , Zhichun Li , Haifeng Chen , Guofei Jiang
IPC分类号: H04L29/06
CPC分类号: H04L63/1416 , G06F21/554 , H04L41/12 , H04L41/142 , H04L41/145 , H04L63/1425
摘要: Methods and systems for detecting security intrusions include detecting alerts in monitored system data. Temporal dependencies are determined between the alerts based on a prefix tree formed from the detected alerts. Content dependencies between the alerts are determined based on a distance between alerts in a graph representation of the detected alerts. The alerts are ranked based on an optimization problem that includes the temporal dependencies and the content dependencies. A security management action is performed based on the ranked alerts.
-
56.发明申请公开(公告)号:US20170308427A1
公开(公告)日:2017-10-26
申请号:US15490499
申请日:2017-04-18
发明人: Wei Cheng , Kenji Yoshihira , Haifeng Chen , Guofei Jiang
IPC分类号: G06F11/07
CPC分类号: G06F11/0793 , G06F11/0709 , G06F11/079 , H04L41/064
摘要: Methods are provided for both single modal and multimodal fault diagnosis. In a method, a fault fingerprint is constructed based on a fault event using an invariant model. A similarity matrix between the fault fingerprint and one or more historical representative fingerprints are derived using dynamic time warping and at least one convolution. A feature vector in a feature subspace for the fault fingerprint is generated. The feature vector includes at least one status of at least one system component during the fault event. A corrective action correlated to the fault fingerprint is determined. The corrective action is initiated on a hardware device to mitigate expected harm to at least one item selected from the group consisting of the hardware device, another hardware device related to the hardware device, and a person related to the hardware device.
-
公开(公告)号:US20170302516A1
公开(公告)日:2017-10-19
申请号:US15427654
申请日:2017-02-08
发明人: LuAn Tang , Zhengzhang Chen , Kai Zhang , Haifeng Chen , Zhichun Li
CPC分类号: H04L41/145 , H04L41/0672 , H04L41/0813
摘要: A system and method are provided. The system includes a processor. The processor is configured to receive a plurality of events from network devices, the plurality of events including entities that are involved in the plurality of events. The processor is further configured to embed the entities into a common latent space based on co-occurrence of the entities in the plurality of events and model respective pairs of the entities for compatibility according to the embedding of the entities to form a pairwise interaction for the respective pairs of the entities. The processor is additionally configured to weigh the pairwise interaction of different ones of the respective pairs of the entities based on one or more compatibility criterion to generate a probability of an occurrence of an anomaly and alter the configuration of one or more of the network devices based on the probability of the occurrence of the anomaly.
-
公开(公告)号:US20170016354A1
公开(公告)日:2017-01-19
申请号:US15211191
申请日:2016-07-15
发明人: Kai Zhang , Haifeng Chen , Kenji Yoshihira , Guofei Jiang
CPC分类号: F01K13/02 , F01K13/003 , G05B13/048
摘要: Systems and methods are provided for optimizing system output in production systems, comprising. The method includes separating, by a processor, one or more initial input variables into a plurality of output variables, the output variables including environmental variables and system response variables. The method also includes building, using the processor, a nonparametric estimation that determines a relationship between one or more initial control variables and the system response variables, and estimating a global input-output mapping function, using the determined relationship, and a range of the environmental variables. The method further includes generating one or more optimal control variables from the initial control variables by maximizing the input-output mapping function and the range of the environmental variables. The method additionally includes incorporating one or more of the optimal control variables into a production system to increase production output of the production system.
摘要翻译: 提供了用于优化生产系统中的系统输出的系统和方法,包括。 该方法包括将处理器将一个或多个初始输入变量分离成多个输出变量,输出变量包括环境变量和系统响应变量。 该方法还包括使用处理器构建非参数估计,其确定一个或多个初始控制变量与系统响应变量之间的关系,以及使用所确定的关系估计全局输入 - 输出映射函数,以及范围的 环境变量。 该方法还包括通过最大化输入 - 输出映射函数和环境变量的范围从初始控制变量产生一个或多个最优控制变量。 该方法还包括将一个或多个最佳控制变量并入到生产系统中以增加生产系统的生产输出。
-
公开(公告)号:US20160308725A1
公开(公告)日:2016-10-20
申请号:US15098861
申请日:2016-04-14
发明人: LuAn Tang , Zhengzhang Chen , Ting Chen , Guofei Jiang , Fengyuan Xu , Haifeng Chen
CPC分类号: H04L41/12 , H04L41/142 , H04L41/145 , H04L63/0421 , H04L63/1425
摘要: Methods and systems for detecting anomalous communications include simulating a network graph based on community and role labels of each node in the network graph based on one or more linking rules. The community and role labels of each node are adjusted based on differences between the simulated network graph and a true network graph. The simulation and adjustment are repeated until the simulated network graph converges to the true network graph to determine a final set of community and role labels. It is determined whether a network communication is anomalous based on the final set of community and role labels.
摘要翻译: 用于检测异常通信的方法和系统包括基于一个或多个链接规则来模拟网络图中基于社区和每个节点的角色标签的网络图。 基于模拟网络图和真实网络图之间的差异来调整每个节点的社区和角色标签。 重复模拟和调整,直到模拟网络图收敛到真实的网络图,以确定最终的一组社区和角色标签。 基于社区和角色标签的最终集确定网络通信是否是异常的。
-
公开(公告)号:US20160161374A1
公开(公告)日:2016-06-09
申请号:US14961519
申请日:2015-12-07
发明人: Tan Yan , Guofei Jiang , Haifeng Chen , Kai Zhang
IPC分类号: G01M99/00
CPC分类号: G07C3/00 , G05B23/0232 , G05B23/0283
摘要: Systems and methods for managing components of physical systems, including decomposing raw time series by extracting an aging trend and a fluctuation term from the time series using an objective function of an optimization problem, the objective function minimizing reconstruction error and ensuring flatness of the fluctuation term over time. The optimization problem is transformed into a Quadratic Programming (QP) formulation including a monotonicity constraint and a non-negativity constraint, the constraints being merged together to reduce computational costs. An aging score and a confidence score are generated for the extracted aging trend to determine a severeness of aging for one or more components of the physical system, and the aging score and confidence score are fused to provide a fused ranking for the extracted aging trend for predicting future failures of the components.
摘要翻译: 用于管理物理系统组件的系统和方法,包括通过使用优化问题的目标函数从时间序列中提取老化趋势和波动项来分解原始时间序列,目标函数最小化重建误差并确保波动项的平坦度 随着时间的推移。 优化问题被转换成二次规划(QP)公式,包括单调约束和非负性约束,将约束合并在一起以降低计算成本。 对于提取的老化趋势产生老化评分和置信度分数,以确定物理系统的一个或多个组分的老化度,并且老化得分和置信度得分被融合,以提供提取的老化趋势的融合排名 预测组件的未来故障。
-
-
-
-
-
-
-
-
-
搜索结果
334 条记录 (耗时 0.021 秒)
