公开(公告)号：US20140108314A1

公开(公告)日：2014-04-17

申请号：US14050945

申请日：2013-10-10

Applicant: NEC Laboratories America, Inc.

Inventor： Haifeng Chen ,  Min Ding ,  Bin Liu ,  Abhishek Sharma ,  Kenji Yoshihira ,  Guofei Jiang

IPC: G06N99/00

CPC classification number: G06N99/005 ,  G06F11/3055 ,  G06F11/3072 ,  G06F17/18 ,  G06N5/048

Abstract: A system and method for analysis of complex systems which includes determining model parameters based on time series data, further including profiling a plurality of types of data properties to discover complex data properties and dependencies; classifying the data dependencies into predetermined categories for analysis; and generating a plurality of models based on the discovered properties and dependencies. The system and method may analyze, using a processor, the generated models based on a fitness score determined for each model to generate a status report for each model; integrate the status reports for each model to determine an anomaly score for the generated models; and generate an alarm when the anomaly score exceeds a predefined threshold.

Abstract translation: 一种用于分析复杂系统的系统和方法，包括基于时间序列数据确定模型参数，还包括分析多种类型的数据属性以发现复杂数据属性和依赖性; 将数据依赖关系分类为预定类别进行分析; 以及基于所发现的属性和依赖关系生成多个模型。 系统和方法可以基于为每个模型确定的适应度分数来使用处理器分析生成的模型，以生成每个模型的状态报告; 整合每个模型的状态报告，以确定生成的模型的异常得分; 并且当异常得分超过预定阈值时产生报警。

公开(公告)号：US20130219223A1

公开(公告)日：2013-08-22

申请号：US13738004

申请日：2013-01-10

Applicant: NEC Laboratories America, Inc.

Inventor： Guofei Jiang ,  Min Ding ,  Yong Ge

IPC: G06F11/07

CPC classification number: G06F11/079 ,  G06F11/3457 ,  G06F19/24

Abstract: A method for metric ranking in invariant networks includes, given an invariant network and a set of broken invariants, two ranking processes are used to determine and rank the anomaly scores of each monitoring metrics in large-scale systems. Operators can follow the rank to investigate the root-cause in problem investigation. In a first ranking process, given a node/metric, the method determines multiple scores by integrating information from immediate neighbors to decide the anomaly score for metric ranking. In a second ranking process, given a node/metric, an iteration process is used to recursively integrate the information from immediate neighbors at each round to determine its anomaly score for metric ranking.

Abstract translation: 在不变网络中的度量排序的方法包括给定不变网络和一组破坏的不变量，使用两个排序过程来确定和排列大型系统中每个监测度量的异常分数。 运营商可以按照排名调查问题调查的根本原因。 在第一排序过程中，给定节点/度量，该方法通过集成来自直接邻居的信息来确定度量排名的异常得分来确定多个分数。 在第二个排序过程中，给定一个节点/度量，迭代过程被用来递归地整合来自每个轮次的直接邻居的信息，以确定其针对度量排名的异常得分。

公开(公告)号：US20130185438A1

公开(公告)日：2013-07-18

申请号：US13740229

申请日：2013-01-13

Applicant: NEC Laboratories America, Inc.

Inventor： Cristian Lumezanu ,  Guofei Jiang ,  Kai Chen ,  Yueping Zhang ,  Vishal Singh

IPC: H04L12/56

CPC classification number: H04L45/302 ,  H04L12/4641 ,  H04L41/084 ,  H04L41/0896 ,  H04L45/306 ,  H04L47/70

Abstract: A method for policy-aware mapping of an enterprise virtual tenant network includes receiving inputs from a hosting network and tenants, translating resource demand and policies of the tenants into a network topology and bandwidth demand on each link in the network; pre-arranging a physical resource of a physical topology for clustering servers on the network to form an allocation unit before a VTN allocation; allocating resources of the hosting network to satisfy demand of the tenants in response to a VTN demand request; and conducting a policy aware VTN mapping for enumerating all feasibly resource mappings, bounded by a predetermined counter for outputting optimal mapping with policy-compliant routing paths in the hosting network.

Abstract translation: 一种用于企业虚拟租户网络的策略感知映射的方法包括从主机网络和租户接收输入，将租户的资源需求和策略转换为网络中每个链路上的网络拓扑和带宽需求; 预先布置物理拓扑的物理资源，用于网络上的聚类服务器，以在VTN分配之前形成分配单元; 分配主机网络的资源以满足VTN需求请求响应租户的需求; 以及执行策略感知VTN映射，用于枚举所有可行的资源映射，其由预定计数器限定，用于在主机网络中输出具有策略兼容路由路径的最佳映射。

公开(公告)号：US10929674B2

公开(公告)日：2021-02-23

申请号：US15688094

申请日：2017-08-28

Applicant: NEC Laboratories America, Inc.

Inventor： Dongjin Song ,  Haifeng Chen ,  Guofei Jiang ,  Yao Qin

IPC: G06N20/00 ,  G06K9/00 ,  G06F17/18 ,  G08B31/00 ,  G06N3/04 ,  G06N3/08 ,  G06K9/62 ,  G08B23/00 ,  G06Q10/06 ,  G06N3/02 ,  G06F16/242

Abstract: Systems and methods for time series prediction are described. The systems and methods include encoding driving series into encoded hidden states, the encoding including adaptively prioritizing driving series at each timestamp using input attention, the driving series including data sequences collected from sensors. The systems and methods further includes decoding the encoded hidden states to generate a predicting model, the decoding including adaptively prioritizing encoded hidden states using temporal attention. The systems and methods further include generating predictions of future events using the predicting model based on the data sequences. The systems and methods further include generating signals for initiating an action to devices based on the predictions.

公开(公告)号：US10885027B2

公开(公告)日：2021-01-05

申请号：US15684273

申请日：2017-08-23

Applicant: NEC Laboratories America, Inc.

Inventor： Xusheng Xiao ,  Zhichun Li ,  Mu Zhang ,  Guofei Jiang ,  Jiaping Gui

IPC: G06F16/2453 ,  G06F21/62 ,  G06F16/245 ,  G06F21/57 ,  G06F16/22

Abstract: Methods for querying a database and database systems include optimizing a database query for parallel execution using spatial and temporal information relating to elements in the database, the optimized database query being split into sub-queries with sub-queries being divided spatially according to host and temporally according to time window. The sub-queries are executed in parallel. The results of the database query are outputted progressively.

公开(公告)号：US10831750B2

公开(公告)日：2020-11-10

申请号：US15684325

申请日：2017-08-23

Applicant: NEC Laboratories America, Inc.

Inventor： Xusheng Xiao ,  Zhichun Li ,  Mu Zhang ,  Guofei Jiang ,  Jiaping Gui ,  Ding Li

IPC: G06F7/00 ,  G06F16/2453 ,  G06F21/62 ,  G06F16/245 ,  G06F21/57 ,  G06F16/22

Abstract: Automated security systems and methods include a set monitored systems, each having one or more corresponding monitors configured to record system state information. A progressive software behavioral query language (PROBEQL) database is configured to store the system state information from the monitored systems. A query optimizing module is configured to optimize a database query for parallel execution using spatial and temporal information relating to elements in the PROBEQL database. The optimized database query is split into sub-queries with sub-queries being divided spatially according to host and temporally according to time window. A parallel execution module is configured to execute the sub-queries on the PROBEQL database in parallel. A results module is configured to output progressive results of the database query. A security control system is configured to perform a security control action in accordance with the progressive results.

公开(公告)号：US10572661B2

公开(公告)日：2020-02-25

申请号：US15652796

申请日：2017-07-18

Applicant: NEC Laboratories America, Inc.

Inventor： Zhenyu Wu ,  Jungwhan Rhee ,  Yuseok Jeon ,  Zhichun Li ,  Kangkook Jee ,  Guofei Jiang

IPC: G06F12/14 ,  G06F21/55 ,  G06F21/56 ,  G06F21/57

Abstract: Methods and systems for security analysis include determining whether a process has an origin internal to a system or external to the system using a processor based on monitored behavior events associated with the process. A security analysis is performed on only processes that have an external origin to determine if any of the processes having an external origin represent a security threat. A security action is performed if a process having an external origin is determined to represent a security threat.

公开(公告)号：US10476749B2

公开(公告)日：2019-11-12

申请号：US15477603

申请日：2017-04-03

Applicant: nec laboratories america, inc.

Inventor： Kenji Yoshihira ,  Zhichun Li ,  Zhengzhang Chen ,  Haifeng Chen ,  Guofei Jiang ,  LuAn Tang

IPC: H04L12/24 ,  H04L29/06 ,  G06F21/55

Abstract: Methods and systems for reporting anomalous events include intra-host clustering a set of alerts based on a process graph that models states of process-level events in a network. Hidden relationship clustering is performed on the intra-host clustered alerts based on hidden relationships between alerts in respective clusters. Inter-host clustering is performed on the hidden relationship clustered alerts based on a topology graph that models source and destination relationships between connection events in the network. Inter-host clustered alerts that exceed a threshold level of trustworthiness are reported.

公开(公告)号：US10403056B2

公开(公告)日：2019-09-03

申请号：US14961519

申请日：2015-12-07

Applicant: NEC Laboratories America, Inc.

Inventor： Tan Yan ,  Guofei Jiang ,  Haifeng Chen ,  Kai Zhang

IPC: G01M99/00 ,  G07C3/00 ,  G05B23/02

Abstract: Systems and methods for managing components of physical systems, including decomposing raw time series by extracting an aging trend and a fluctuation term from the time series using an objective function of an optimization problem, the objective function minimizing reconstruction error and ensuring flatness of the fluctuation term over time. The optimization problem is transformed into a Quadratic Programming (QP) formulation including a monotonicity constraint and a non-negativity constraint, the constraints being merged together to reduce computational costs. An aging score and a confidence score are generated for the extracted aging trend to determine a severeness of aging for one or more components of the physical system, and the aging score and confidence score are fused to provide a fused ranking for the extracted aging trend for predicting future failures of the components.

公开(公告)号：US10235231B2

公开(公告)日：2019-03-19

申请号：US15351449

申请日：2016-11-15

Applicant: NEC Laboratories America, Inc.

Inventor： Kai Zhang ,  Jianwu Xu ,  Hui Zhang ,  Guofei Jiang

IPC: G06N5/04 ,  G06N7/00 ,  G06F11/07 ,  G06F11/34

Abstract: An exemplary method for detecting one or more anomalies in a system includes building a temporal causality graph describing functional relationship among local components in normal period; applying the causality graph as a propagation template to predict a system status by iteratively applying current system event signatures; and detecting the one or more anomalies of the system by examining related patterns on the template causality graph that specifies normal system behaviors. The system can align event patterns on the causality graph to determine an anomaly score.