公开(公告)号：US11606389B2

公开(公告)日：2023-03-14

申请号：US17004752

申请日：2020-08-27

Applicant: NEC Laboratories America, Inc.

Inventor： Zhengzhang Chen ,  Jiaping Gui ,  Haifeng Chen ,  Junghwan Rhee ,  Shen Wang

IPC: H04L29/06 ,  H04L9/40 ,  G06N3/08

Abstract: Methods and systems for detecting and responding to an intrusion in a computer network include generating an adversarial training data set that includes original samples and adversarial samples, by perturbing one or more of the original samples with an integrated gradient attack to generate the adversarial samples. The original and adversarial samples are encoded to generate respective original and adversarial graph representations, based on node neighborhood aggregation. A graph-based neural network is trained to detect anomalous activity in a computer network, using the adversarial training data set. A security action is performed responsive to the detected anomalous activity.

公开(公告)号：US20220067521A1

公开(公告)日：2022-03-03

申请号：US17464148

申请日：2021-09-01

Applicant: NEC Laboratories America, Inc.

Inventor： Zhengzhang Chen ,  Haifeng Chen ,  Liang Tong

IPC: G06N3/08 ,  G06K9/00 ,  G06K9/20 ,  G06K9/62

Abstract: Methods and systems for enhancing a neural network include detecting an occlusion in an input image using a trained occlusion detection neural network. The detected occlusion is replaced in the input image with a neutral occlusion to prevent the detected occlusion from frustrating facial recognition to generate a modified input image. Facial recognition is performed on the modified input image using a trained facial recognition neural network.

公开(公告)号：US20210255363A1

公开(公告)日：2021-08-19

申请号：US17165515

申请日：2021-02-02

Applicant: NEC Laboratories America, Inc.

Inventor： Yanchi Liu ,  Jingchao Ni ,  Bo Zong ,  Haifeng Chen ,  Zhengzhang Chen ,  Wei Cheng ,  Denghui Zhang

IPC: G01W1/00 ,  G06N3/04 ,  G06N3/08

Abstract: A method for employing a unified semi-supervised deep learning (DL) framework for turbulence forecasting is presented. The method includes extracting historical and forecasted weather features of a spatial region, calculating turbulence indexes to fill feature cubes, each feature cube representing a grid-based 3D region, and building an encoder-decoder framework based on convolutional long short-term memory (ConvLSTM) to model spatio-temporal correlations or patterns causing turbulence. The method further includes employing a dual label guessing component to dynamically integrate complementary signals from a turbulence forecasting network and a turbulence detection network to generate pseudo-labels, reweighing the generated pseudo-labels by a heuristic label quality detector based on KL-Divergence, applying a hybrid loss function to predict turbulence conditions, and generating a turbulence dataset including the predicted turbulence conditions.

公开(公告)号：US11030308B2

公开(公告)日：2021-06-08

申请号：US16006164

申请日：2018-06-12

Applicant: NEC Laboratories America, Inc.

Inventor： Ding Li ,  Kangkook Jee ,  Zhengzhang Chen ,  LuAn Tang ,  Zhichun Li

IPC: G06F21/55 ,  G06F9/48 ,  G06F16/2455 ,  G06F16/248

Abstract: A method and system are provided for improving threat detection in a computer system by performing an inter-application dependency analysis on events of the computer system. The method includes receiving, by a processor operatively coupled to a memory, a Tracking Description Language (TDL) query including general constraints, a tracking declaration and an output specification, parsing, by the processor, the TDL query using a language parser, executing, by the processor, a tracking analysis based on the parsed TDL query, generating, by the processor, a tracking graph by cleaning a result of the tracking analysis, and outputting, by the processor and via an interface, query results based on the tracking graph.

公开(公告)号：US10476754B2

公开(公告)日：2019-11-12

申请号：US15902432

申请日：2018-02-22

Applicant: NEC Laboratories America, Inc.

Inventor： Zhengzhang Chen ,  LuAn Tang ,  Zhichun Li ,  Cheng Cao

IPC: H04L12/24 ,  H04L29/06 ,  G06F21/55 ,  H04L12/26

Abstract: Methods and systems for detecting host community include modeling a target host's behavior based on historical events recorded at the target host. One or more original peer hosts having behavior similar to the target host's behavior are found by determining a distance in a latent space that embeds the historical events between events of the target host and events of the one or more original peer hosts. A security management action is performed based on behavior of the target host and the determined one or more original peer hosts.

公开(公告)号：US20190342330A1

公开(公告)日：2019-11-07

申请号：US16379024

申请日：2019-04-09

Applicant: NEC Laboratories America, Inc.

Inventor： Zhenyu Wu ,  Yue Li ,  Junghwan Rhee ,  Kangkook Jee ,  Zichun Li ,  Jumpei Kamimura ,  LuAn Tang ,  Zhengzhang Chen

IPC: H04L29/06 ,  G06F11/34 ,  G06F16/901

Abstract: A method for ransomware detection and prevention includes receiving an event stream associated with one or more computer system events, generating user-added-value knowledge data for one or more digital assets by modeling digital asset interactions based on the event stream, including accumulating user-added-values of each of the one or more digital assets, and detecting ransomware behavior based at least in part on the user-added-value knowledge, including analyzing destruction of the user-added values for the one or more digital assets.

公开(公告)号：US20190050561A1

公开(公告)日：2019-02-14

申请号：US16006164

申请日：2018-06-12

Applicant: NEC Laboratories America, Inc.

Inventor： Ding Li ,  Kangkook Jee ,  Zhengzhang Chen ,  LuAn Tang ,  Zhichun Li

IPC: G06F21/55 ,  G06F17/30 ,  G06F9/48

Abstract: A method and system are provided for improving threat detection in a computer system by performing an inter-application dependency analysis on events of the computer system. The method includes receiving, by a processor operatively coupled to a memory, a Tracking Description Language (TDL) query including general constraints, a tracking declaration and an output specification, parsing, by the processor, the TDL query using a language parser, executing, by the processor, a tracking analysis based on the parsed TDL query, generating, by the processor, a tracking graph by cleaning a result of the tracking analysis, and outputting, by the processor and via an interface, query results based on the tracking graph.

公开(公告)号：US20180183824A1

公开(公告)日：2018-06-28

申请号：US15902318

申请日：2018-02-22

Applicant: NEC Laboratories America, Inc.

Inventor： Zhengzhang Chen ,  LuAn Tang ,  Zhichun Li ,  Cheng Cao

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  G06F21/554 ,  H04L63/1416 ,  H04L63/1433

Abstract: Systems and methods for determining a risk level of a host in a network include modeling a target host's behavior based on historical events recorded at the target host. One or more original peer hosts having behavior similar to the target host's behavior are determined. An anomaly score for the target host is determined based on how the target host's behavior changes relative to behavior of the one or more original peer hosts over time. A security management action is performed based on the anomaly score.

公开(公告)号：US20180183681A1

公开(公告)日：2018-06-28

申请号：US15902432

申请日：2018-02-22

Applicant: NEC Laboratories America, Inc.

Inventor： Zhengzhang Chen ,  LuAn Tang ,  Zhichun Li ,  Cheng Cao

IPC: H04L12/24 ,  G06F21/55 ,  H04L12/26 ,  H04L29/06

CPC classification number: H04L41/145 ,  G06F21/554 ,  H04L41/046 ,  H04L41/142 ,  H04L43/08 ,  H04L63/1416 ,  H04L63/1441

Abstract: Methods and systems for detecting host community include modeling a target host's behavior based on historical events recorded at the target host. One or more original peer hosts having behavior similar to the target host's behavior are found by determining a distance in a latent space that embeds the historical events between events of the target host and events of the one or more original peer hosts. A security management action is performed based on behavior of the target host and the determined one or more original peer hosts.

公开(公告)号：US20170288979A1

公开(公告)日：2017-10-05

申请号：US15477625

申请日：2017-04-03

Applicant: nec laboratories america, inc.

Inventor： Kenji Yoshihira ,  Zhichun Li ,  Zhengzhang Chen ,  Haifeng Chen ,  Guofei Jiang ,  LuAn Tang

IPC: H04L12/24 ,  H04L12/26

CPC classification number: H04L41/145 ,  H04L41/12 ,  H04L41/142 ,  H04L43/045 ,  H04L63/1425

Abstract: Methods and systems for reporting anomalous events include building a process graph that models states of process-level events in a network. A topology graph is built that models source and destination relationships between connection events in the network. A set of alerts is clustered based on the process graph and the topology graph. Clustered alerts that exceed a threshold level of trustworthiness are reported.