-
公开(公告)号:US20190095313A1
公开(公告)日:2019-03-28
申请号:US16037354
申请日:2018-07-17
Applicant: NEC Laboratories America, Inc.
Inventor: Jianwu Xu , Hui Zhang , Haifeng Chen , Bin Nie
Abstract: Methods and systems for system maintenance include identifying patterns in heterogeneous logs. Predictive features are extracted from a set of input logs based on the identified patterns. It is determined that the predictive features indicate a future system failure using a first model. A second model is trained, based on a target sample from the predictive features and based on weights associated with a distance between the target sample and a set of samples from the predictive features, to identify one or more parameters of the second model associated with the future system failure. A system maintenance action is performed in accordance with the identified one or more parameters.
-
公开(公告)号:US20180270262A1
公开(公告)日:2018-09-20
申请号:US15889733
申请日:2018-02-06
Applicant: NEC Laboratories America, Inc.
Abstract: A method for implementing automatic and scalable log pattern learning in security log analysis is provided. The method includes collecting security logs generated by a computer system. An incremental learning process is implemented to generate a set of log patterns from the collected security logs. The collected security logs are parsed using the set of log patterns.
-
公开(公告)号:US09904780B2
公开(公告)日:2018-02-27
申请号:US14812634
申请日:2015-07-29
Applicant: NEC Laboratories America, Inc.
Inventor: Junghwan Rhee , Yangchun Fu , Zhenyu Wu , Hui Zhang , Zhichun Li , Guofei Jiang
CPC classification number: G06F21/52 , G06F21/554 , G06F21/60 , G06F2221/033
Abstract: Systems and methods for detection and prevention of Return-Oriented-Programming (ROP) attacks in one or more applications, including an attack detection device and a stack inspection device for performing stack inspection to detect ROP gadgets in a stack. The stack inspection includes stack walking from a stack frame at a top of the stack toward a bottom of the stack to detect one or more failure conditions, determining whether a valid stack frame and return code address is present; and determining a failure condition type if no valid stack frame and return code is present, with Type III failure conditions indicating an ROP attack. The ROP attack is contained using a containment device, and the ROP gadgets detected in the stack during the ROP attack are analyzed using an attack analysis device.
-
公开(公告)号:US20170279840A1
公开(公告)日:2017-09-28
申请号:US15429849
申请日:2017-02-10
Applicant: NEC Laboratories America, Inc.
Inventor: Hui Zhang , Guofei Jiang
IPC: H04L29/06
CPC classification number: H04L63/1425
Abstract: A system, program, and method for anomaly detection in heterogeneous logs. The system having a processor configured to identify pattern fields comprised of a plurality of event identifiers. The processor is further configured to generate an automata model by profiling event behaviors of the plurality of event sequences, the plurality of event sequences grouped in the automata model by combinations of one or more pattern fields and one or more event identifiers from among the plurality of event identifiers, wherein for a given combination, the one or more event identifiers therein must be respectively comprised in a same one of the one or more pattern fields with which it is combined. The processor is additionally configured to detect an anomaly in one of the plurality of event sequences using the automata model. The processor is also configured to control an anomaly-initiating one of the network devices based on the anomaly.
-
公开(公告)号:US20170278007A1
公开(公告)日:2017-09-28
申请号:US15375291
申请日:2016-12-12
Applicant: NEC Laboratories America, Inc.
Inventor: Pranay Anchuri , Hui Zhang , Guofei Jiang
Abstract: A computer-implemented method provides an early warning of an impending failure in a monitored system. The method includes performing, by a processor, an offline model learning process that generates a model of expected log rates in the monitored system from historical log data. The model represents a normal behavior of the monitored system. The method further includes performing an online detection process that detects the impending failure in the monitored system prior to an actual occurrence thereof based on (i) the model of expected log rates and (ii) observed log rates. The method also includes displaying, by a display device based on (i) the model of expected log rates and (ii) observed log rates in the monitored system, information relating to the impending failure prior to the actual occurrence of the impending failure. The online detection process identifies short term and long term failures and long term failures.
-
Patent Agency Ranking
公开(公告)号:US09736064B2
公开(公告)日:2017-08-15
申请号:US14571778
申请日:2014-12-16
Applicant: NEC Laboratories America, Inc.
Inventor: Hui Zhang , Behnaz Arzani , Franjo Ivancic , Junghwan Rhee , Nipun Arora , Guofei Jiang
IPC: H04L12/717 , H04L12/701 , H04L12/841
CPC classification number: H04L45/42 , H04L41/12 , H04L41/145 , H04L43/0864 , H04L43/106 , H04L45/00 , H04L45/64 , H04L47/283
Abstract: Methods and systems for finding a packet's routing path in a network includes intercepting control messages sent by a controller to one or more switches in a software defined network (SDN). A state of the SDN at a requested time is emulated and one or more possible routing paths through the emulated SDN is identified by replaying the intercepted control messages to one or more emulated switches in the emulated SDN. The one or more possible routing paths correspond to a requested packet injected into the SDN at the requested time.
-
公开(公告)号:US20170139806A1
公开(公告)日:2017-05-18
申请号:US15352546
申请日:2016-11-15
Applicant: NEC Laboratories America, Inc.
Inventor: Jianwu Xu , Biplob Debnath , Hui Zhang , Guofei Jiang , Nipun Arora
IPC: G06F11/36
CPC classification number: G06F11/3612 , G06F11/0706 , G06F11/0766 , G06F11/3636
Abstract: Systems and methods are disclosed for handling log data from one or more applications, sensors or instruments by receiving heterogeneous logs from arbitrary/unknown systems or applications; generating regular expression patterns from the heterogeneous log sources using machine learning and extracting a log pattern therefrom; generating models and profiles from training logs based on different conditions and updating a global model database storing all models generated over time; tokenizing raw log messages from one or more applications, sensors or instruments running a production system; transforming incoming tokenized streams are into data-objects for anomaly detection and forwarding of log messages to various anomaly detectors; and generating an anomaly alert from the one or more applications, sensors or instruments running a production system.
-
公开(公告)号:US09602338B2
公开(公告)日:2017-03-21
申请号:US14575013
申请日:2014-12-18
Applicant: NEC Laboratories America, Inc.
Inventor: Hui Zhang , Junghwan Rhee , Nipun Arora , Cristian Lumezanu , Guofei Jiang
CPC classification number: H04L41/0631 , H04L41/069 , H04L41/14 , H04L43/0858
Abstract: A computer implemented method for network monitoring includes providing network packet event characterization and analysis for network monitoring that includes supporting summarization and characterization of network packet traces collected across multiple processing elements of different types in a virtual network, including a trace slicing to organize individual packet events into path-based trace slices, a trace characterization to extract at least 2 types of feature matrix describing those trace slices, and a trace analysis to cluster, rank and query packet traces based on metrics of the feature matrix.
-
公开(公告)号:US09413646B2
公开(公告)日:2016-08-09
申请号:US14831570
申请日:2015-08-20
Applicant: NEC Laboratories America, Inc.
Inventor: Cristian Lumezanu , Cheng Jin , Hui Zhang , Abhishek Sharma , Qiang Xu , Nipun Arora , Guofei Jiang
IPC: H04L12/28 , H04L12/753 , H04L12/721 , H04L12/46
Abstract: Systems and methods for controlling legacy switch routing in one or more hybrid networks of interconnected computers and switches, including generating a network underlay for the one or more hybrid networks by generating a minimum spanning tree (MST) and a forwarding graph (FWG) over a physical network topology of the one or more hybrid networks, determining an optimal path between hosts on the FWG by optimizing an initial path with a minimum cost mapping, and adjusting the initial path to enforce the optimal path by generating and installing special packets in one or more programmable switches to trigger installation of forwarding rules for one or more legacy switches.
Abstract translation: 用于控制互连计算机和交换机的一个或多个混合网络中的传统交换机路由的系统和方法,包括通过在一个或多个混合网络上生成最小生成树(MST)和转发图(FWG)来生成用于所述一个或多个混合网络的网络底层 一个或多个混合网络的物理网络拓扑,通过利用最小成本映射优化初始路径来确定FWG上的主机之间的最佳路径,以及通过在一个或多个混合网络中生成和安装专用分组来调整初始路径以实施最佳路径 更多的可编程开关来触发一个或多个传统交换机的转发规则的安装。
-
90.发明授权Transparent performance inference of whole software layers and context-sensitive performance debugging 有权整个软件层的透明性能推断和上下文敏感的性能调试公开(公告)号:US09367428B2
公开(公告)日:2016-06-14
申请号:US14512653
申请日:2014-10-13
Applicant: NEC Laboratories America, Inc.
Inventor: Junghwan Rhee , Hui Zhang , Nipun Arora , Guofei Jiang , Chung Hwan Kim
CPC classification number: G06F11/3636 , G06F11/3419
Abstract: Methods and systems for performance inference include inferring an internal application status based on a unified call stack trace that includes both user and kernel information by inferring user function instances. A calling context encoding is generated that includes information regarding function calling paths. Application performance is analyzed based on the encoded calling contexts. The analysis includes performing a top-down latency breakdown and ranking calling contexts according to how costly each function calling path is.
Abstract translation: 用于性能推理的方法和系统包括通过推断用户功能实例来推断基于包括用户和内核信息的统一调用堆栈跟踪的内部应用程序状态。 生成包含有关函数调用路径的信息的调用上下文编码。 基于编码的呼叫上下文来分析应用性能。 分析包括根据每个功能调用路径的代价昂贵地执行自上而下的延迟故障和排序呼叫上下文。
-
-
-
-
-
-
-
-
-
Search Results
97
records
(took 0.034 seconds)
