公开(公告)号：US20160283531A1

公开(公告)日：2016-09-29

申请号：US15063157

申请日：2016-03-07

Applicant: NEC Laboratories America, Inc.

Inventor： Xusheng Xiao ,  Zhichun Li ,  Zhenyu Wu ,  Fengyuan Xu ,  Guofei Jiang

IPC: G06F17/30

CPC classification number: G06F16/24568

Abstract: A data stream system includes one or more monitored machines generating real-time data stream that describes system activities of the monitored machines; a data stream management module receiving the real-time data stream; and a data stream archiving module coupled to the data stream management module, the data stream archiving module including a data stream receiver and a data stream inserter.

Abstract translation: 数据流系统包括生成实时数据流的一个或多个监视的机器，其描述被监视机器的系统活动; 接收实时数据流的数据流管理模块; 以及耦合到数据流管理模块的数据流存档模块，数据流存档模块包括数据流接收器和数据流插入器。

公开(公告)号：US20160282821A1

公开(公告)日：2016-09-29

申请号：US15079820

申请日：2016-03-24

Applicant: NEC Laboratories America, Inc.

Inventor： Haifeng Chen ,  Tan Yan ,  Guofei Jiang

IPC: G05B13/04 ,  G06F17/18

CPC classification number: G05B13/041 ,  G06F17/18

Abstract: Systems and methods for managing one or more physical systems, including determining system behavior switching based on time series data from one or more sensors in the system. Time series is divided into a plurality of segments, and each of the segments represents a system behavior. A fitness model is generated for each of the segments to determine whether to select each of the segments as invariants, and an ensemble of local relationship models are built for each of the time series for each invariant to identify local behavior switching points over time. The identified local behavior switching points of each invariant are aggregated by aligning the local switching points of all invariant segments, computing a density distribution of the aligned switching points, and extracting local maximas of the density distribution to determine the global switching points. System operations are controlled based on the determined system behavior switching.

Abstract translation: 用于管理一个或多个物理系统的系统和方法，包括基于系统中一个或多个传感器的时间序列数据确定系统行为切换。 时间序列分为多个段，每个段表示系统行为。 为每个段生成适应度模型，以确定是否选择每个段作为不变量，并为每个不变量的每个时间序列构建一个局部关系模型的集合，以识别随时间推移的局部行为切换点。 通过对齐所有不变段的局部切换点，计算对齐的切换点的密度分布，以及提取密度分布的局部最大值来确定全局切换点来聚合每个不变量的识别的局部行为切换点。 系统操作根据所确定的系统行为切换进行控制。

公开(公告)号：US20160132679A1

公开(公告)日：2016-05-12

申请号：US14939366

申请日：2015-11-12

Applicant: NEC Laboratories America, Inc.

Inventor： Zhichun Li ,  Xusheng Xiao ,  Zhenyu Wu ,  Jianjun Huang ,  Guofei Jiang

IPC: G06F21/55 ,  G06F17/27

CPC classification number: G06F21/6245 ,  G06F21/577

Abstract: A system and method for detecting sensitive user input leakages in software applications, such as applications created for smartphone platforms. The system and method are configured to parse user interface layout files of the software application to identify input fields and obtain information concerning the input fields. Input fields that contain sensitive information are identified and a list of sensitive input fields, such as contextual IDs, is generated. The sensitive information fields are identified by reviewing the attributes, hints and/or text labels of the user interface layout file. A taint analysis is performed using the list of sensitive input fields and a sink dataset in order to detect information leaks in the sensitive input fields.

Abstract translation: 用于检测软件应用程序中敏感的用户输入漏洞的系统和方法，例如为智能手机平台创建的应用程序。 系统和方法被配置为解析软件应用的用户界面布局文件以识别输入字段并获得关于输入字段的信息。 识别包含敏感信息的输入字段，并生成敏感输入字段（如上下文ID）的列表。 通过查看用户界面布局文件的属性，提示和/或文本标签来标识敏感信息字段。 使用敏感输入字段和接收器数据集列表执行污染分析，以便检测敏感输入字段中的信息泄漏。

公开(公告)号：US20160086097A1

公开(公告)日：2016-03-24

申请号：US14846093

申请日：2015-09-04

Applicant: NEC Laboratories America, Inc.

Inventor： Hui Zhang ,  Jianwu Xu ,  Guofei Jiang ,  Kenji Yoshihira ,  Pallavi Joshi

IPC: G06N99/00 ,  G06N5/04

CPC classification number: G06N99/005

Abstract: A method and system are provided. The method includes performing, by a logs-to-time-series converter, a logs-to-time-series conversion by transforming a plurality of heterogeneous logs into a set of time series. Each of the heterogeneous logs includes a time stamp and text portion with one or more fields. The method further includes performing, by a time-series-to-sequential-pattern converter, a time-series-to-sequential-pattern conversion by mining invariant relationships between the set of time series, and discovering sequential message patterns and association rules in the plurality of heterogeneous logs using the invariant relationships. The method also includes executing, by a processor, a set of log management applications, based on the sequential message patterns and the association rules.

Abstract translation: 提供了一种方法和系统。 该方法包括：通过日志到时间序列转换器，通过将多个异构日志转换为一组时间序列来进行日志到时间序列转换。 每个异类日志包括具有一个或多个字段的时间戳和文本部分。 该方法还包括通过时间序列到顺序模式转换器，通过在时间序列集合之间挖掘不变关系，并且发现顺序消息模式和关联规则来执行时间序列到顺序模式转换 使用不变关系的多个异类日志。 该方法还包括基于顺序消息模式和关联规则由处理器执行一组日志管理应用程序。

公开(公告)号：US20160034687A1

公开(公告)日：2016-02-04

申请号：US14812634

申请日：2015-07-29

Applicant: NEC Laboratories America, Inc.

Inventor： Junghwan Rhee ,  Yangchun Fu ,  Zhenyu Wu ,  Hui Zhang ,  Zhichun Li ,  Guofei Jiang

IPC: G06F21/52 ,  G06F11/07 ,  G06F21/60

CPC classification number: G06F21/52 ,  G06F21/554 ,  G06F21/60 ,  G06F2221/033

Abstract: Systems and methods for detection and prevention of Return-Oriented-Programming (ROP) attacks in one or more applications, including an attack detection device and a stack inspection device for performing stack inspection to detect ROP gadgets in a stack. The stack inspection includes stack walking from a stack frame at a top of the stack toward a bottom of the stack to detect one or more failure conditions, determining whether a valid stack frame and return code address is present; and determining a failure condition type if no valid stack frame and return code is present, with Type III failure conditions indicating an ROP attack. The ROP attack is contained using a containment device, and the ROP gadgets detected in the stack during the ROP attack are analyzed using an attack analysis device.

Abstract translation: 一种或多种应用中用于检测和预防面向对象编程（ROP）攻击的系统和方法，包括攻击检测设备和堆栈检测设备，用于执行堆栈检测以检测堆栈中的ROP小部件。 堆栈检查包括从堆叠顶部的堆叠框架朝向堆叠的底部行进的堆栈以检测一个或多个故障条件，确定是否存在有效堆栈帧和返回代码地址; 并且如果不存在有效的堆栈帧和返回码，则确定故障条件类型，其中III型故障条件指示ROP攻击。 使用遏制设备包含ROP攻击，并且使用攻击分析设备来分析ROP攻击期间在堆栈中检测到的ROP小部件。

公开(公告)号：US20160012334A1

公开(公告)日：2016-01-14

申请号：US14794487

申请日：2015-07-08

Applicant: NEC Laboratories America, Inc.

Inventor： Xia Ning ,  Guofei Jiang ,  Xiao Bian

IPC: G06N5/02 ,  G06F17/27 ,  G06K9/62

CPC classification number: G06K9/6244 ,  G06F17/14 ,  G06K9/00369 ,  G06K9/62 ,  G06K9/6219 ,  G06K9/6255 ,  G06N99/005 ,  H03M7/30 ,  H03M7/3062 ,  H03M7/3082 ,  H03M7/3088

Abstract: A system, method and computer program product for hierarchical sparse dictionary learning (“HiSDL”) to construct a learned dictionary regularized by an a priori over-complete dictionary, includes providing at least one a priori over-complete dictionary for regularization, performing sparse coding of the at least one a priori over-complete dictionary to provide a sparse coded dictionary, using a processor, updating the sparse coded dictionary with regularization using at least one auxiliary variable to provide a learned dictionary, determining whether the learned dictionary converges to an input data set, and outputting the learned dictionary regularized by the at least one a priori over-complete dictionary when the learned dictionary converges to the input data set. The system and method includes, when the learned dictionary lacks convergence, repeating the steps of performing sparse coding, updating the sparse coded dictionary, and determining whether the learned dictionary converges to the input data set.

Abstract translation: 一种用于分层稀疏字典学习（“HiSDL”）的系统，方法和计算机程序产品，用于构建由先验过完整字典正规化的学习字典，包括提供至少一个用于正则化的先验过完整字典，执行稀疏编码 的所述至少一个先验过完整字典以提供稀疏编码字典，使用处理器，使用至少一个辅助变量更新所述稀疏编码字典，以提供学习字典，确定所学习的辞典是否收敛到输入 数据集，并且当学习的词典收敛到输入数据集时，输出由所述至少一个先验过完整词典正规化的学习辞典。 该系统和方法包括：当学习词典缺少收敛时，重复进行稀疏编码，更新稀疏编码词典，确定学习词典是否收敛到输入数据集的步骤。

公开(公告)号：US20150180755A1

公开(公告)日：2015-06-25

申请号：US14575013

申请日：2014-12-18

Applicant: NEC Laboratories America, Inc.

Inventor： Hui Zhang ,  Junghwan Rhee ,  Nipun Arora ,  Cristian Lumezanu ,  Guofei Jiang

IPC: H04L12/26

CPC classification number: H04L41/0631 ,  H04L41/069 ,  H04L41/14 ,  H04L43/0858

Abstract: A computer implemented method for network monitoring includes providing network packet event characterization and analysis for network monitoring that includes supporting summarization and characterization of network packet traces collected across multiple processing elements of different types in a virtual network, including a trace slicing to organize individual packet events into path-based trace slices, a trace characterization to extract at least 2 types of feature matrix describing those trace slices, and a trace analysis to cluster, rank and query packet traces based on metrics of the feature matrix.

Abstract translation: 一种用于网络监测的计算机实现方法包括为网络监测提供网络分组事件表征和分析，其包括支持在虚拟网络中跨越不同类型的多个处理元件收集的网络分组跟踪的概括和表征，包括用于组织各个分组事件的跟踪分片 基于路径的跟踪切片，提取描述这些跟踪切片的至少2种类型的特征矩阵的跟踪表征，以及基于特征矩阵的度量的集群，排序和查询分组跟踪的跟踪分析。

公开(公告)号：US20150106794A1

公开(公告)日：2015-04-16

申请号：US14512653

申请日：2014-10-13

Applicant: NEC Laboratories America, Inc.

Inventor： Junghwan Rhee ,  Hui Zhang ,  Nipun Arora ,  Guofei Jiang ,  Chung Hwan Kim

IPC: G06F11/36 ,  G06F9/44

CPC classification number: G06F11/3636 ,  G06F11/3419

Abstract: Methods and systems for performance inference include inferring an internal application status based on a unified call stack trace that includes both user and kernel information by inferring user function instances. A calling context encoding is generated that includes information regarding function calling paths. Application performance is analyzed based on the encoded calling contexts. The analysis includes performing a top-down latency breakdown and ranking calling contexts according to how costly each function calling path is.

Abstract translation: 用于性能推理的方法和系统包括通过推断用户功能实例来推断基于包括用户和内核信息的统一调用堆栈跟踪的内部应用程序状态。 生成包含有关函数调用路径的信息的调用上下文编码。 基于编码的呼叫上下文来分析应用性能。 分析包括根据每个功能调用路径的代价昂贵地执行自上而下的延迟故障和排序呼叫上下文。

公开(公告)号：US20150094959A1

公开(公告)日：2015-04-02

申请号：US14503549

申请日：2014-10-01

Applicant: NEC Laboratories America, Inc.

Inventor： Xia Ning ,  Guofei Jiang ,  Haifeng Chen ,  Kenji Yoshihira

IPC: G01V99/00

CPC classification number: G01V99/005

Abstract: A method and system are provided for heterogeneous log analysis. The method includes performing hierarchical log clustering on heterogeneous logs to generate a log cluster hierarchy for the heterogeneous logs. The method further includes performing, by a log pattern recognizer device having a processor, log pattern recognition on the log cluster hierarchy to generate log pattern representations. The method also includes performing log field analysis on the log pattern representations to generate log field statistics. The method additionally includes performing log indexing on the log pattern representations to generate log indexes.

Abstract translation: 提供了一种用于异构对数分析的方法和系统。 该方法包括在异构日志上执行分层日志聚类，以生成异类日志的日志群集层次结构。 该方法还包括通过具有处理器的日志模式识别器装置执行日志簇层级上的日志模式识别以产生日志模式表示。 该方法还包括对日志模式表示执行日志字段分析以生成日志字段统计。 该方法还包括对日志模式表示执行日志索引以生成日志索引。

公开(公告)号：US08976661B2

公开(公告)日：2015-03-10

申请号：US13736146

申请日：2013-01-08

Applicant: NEC Laboratories America, Inc.

Inventor： Cristian Lumezanu ,  Guofei Jiang ,  Yueping Zhang ,  Vishal Singh ,  Ye Wang

IPC: H04L12/26 ,  H04L12/801 ,  H04L12/891

CPC classification number: H04L47/12 ,  H04L43/026 ,  H04L43/16 ,  H04L47/2441 ,  H04L47/41 ,  H04L63/1425 ,  Y02D50/30

Abstract: A device used in a network is disclosed. The device includes a network monitor to monitor a network state and to collect statistics for flows going through the network, a flow aggregation unit to aggregate flows into clusters and identify flows that can cause a network problem, and an adaptive control unit to adaptively regulate the identified flow according to network feedback. Other methods and systems also are disclosed.

Abstract translation: 公开了一种在网络中使用的设备。 该设备包括网络监视器，用于监控网络状态并收集通过网络的流量的统计信息;流量聚合单元，用于将流聚集成群集，识别可能导致网络问题的流;以及自适应控制单元， 根据网络反馈确定流量。 还公开了其它方法和系统。