公开(公告)号：US11323465B2

公开(公告)日：2022-05-03

申请号：US16562805

申请日：2019-09-06

Applicant: NEC Laboratories America, Inc.

Inventor： Wei Cheng ,  LuAn Tang ,  Haifeng Chen ,  Bo Zong ,  Jingchao Ni

IPC: G06N3/08 ,  H04L29/06

Abstract: Systems and methods for implementing sequence data based temporal behavior analysis (SDTBA) to extract features for characterizing temporal behavior of network traffic are provided. The method includes extracting communication and profile data associated with one or more devices to determine sequences of data associated with the devices. The method includes generating temporal features to model anomalous network traffic. The method also includes inputting, into an anomaly detection process for anomalous network traffic, the temporal features and the sequences of data associated with the devices and formulating a list of prediction results of anomalous network traffic associated with the devices.

公开(公告)号：US11221617B2

公开(公告)日：2022-01-11

申请号：US16653033

申请日：2019-10-15

Applicant: NEC Laboratories America, Inc.

Inventor： Wenchao Yu ,  Jingchao Ni ,  Bo Zong ,  Wei Cheng ,  Haifeng Chen ,  LuAn Tang

IPC: G05B23/02 ,  G06N20/10 ,  G06F16/901 ,  G06K9/62 ,  G06F17/18

Abstract: Systems and methods for predicting system device failure are provided. The method includes performing graph-based predictive maintenance (GBPM) to determine a trained ensemble classification model for detecting maintenance ready components that includes extracted node features and graph features. The method includes constructing, based on testing data and the trained ensemble classification model, an attributed temporal graph and the extracted node features and graph features. The method further includes concatenating the extracted node features and graph features. The method also includes determining, based on the trained ensemble classification model, a list of prediction results of components that are to be scheduled for component maintenance.

公开(公告)号：US11030308B2

公开(公告)日：2021-06-08

申请号：US16006164

申请日：2018-06-12

Applicant: NEC Laboratories America, Inc.

Inventor： Ding Li ,  Kangkook Jee ,  Zhengzhang Chen ,  LuAn Tang ,  Zhichun Li

IPC: G06F21/55 ,  G06F9/48 ,  G06F16/2455 ,  G06F16/248

Abstract: A method and system are provided for improving threat detection in a computer system by performing an inter-application dependency analysis on events of the computer system. The method includes receiving, by a processor operatively coupled to a memory, a Tracking Description Language (TDL) query including general constraints, a tracking declaration and an output specification, parsing, by the processor, the TDL query using a language parser, executing, by the processor, a tracking analysis based on the parsed TDL query, generating, by the processor, a tracking graph by cleaning a result of the tracking analysis, and outputting, by the processor and via an interface, query results based on the tracking graph.

公开(公告)号：US20210064999A1

公开(公告)日：2021-03-04

申请号：US17003112

申请日：2020-08-26

Applicant: NEC Laboratories America, Inc.

Inventor： Yanchi Liu ,  Wei Cheng ,  Bo Zong ,  LuAn Tang ,  Haifeng Chen ,  Denghui Zhang

IPC: G06N3/08 ,  G06N3/04

Abstract: Methods and systems for allocating network resources responsive to network traffic include modeling spatial correlations between fine spatial granularity traffic and coarse spatial granularity traffic for different sites and regions to determine spatial feature vectors for one or more sites in a network. Temporal correlations at a fine spatial granularity are modeled across multiple temporal scales, based on the spatial feature vectors. Temporal correlations at a coarse spatial granularity are modeled across multiple temporal scales, based on the spatial feature vectors. A traffic flow prediction is determined for the one or more sites in the network, based on the temporal correlations at the fine spatial granularity and the temporal correlations at the coarse spatial granularity. Network resources are provisioned at the one or more sites in accordance with the traffic flow prediction.

公开(公告)号：US10671029B2

公开(公告)日：2020-06-02

申请号：US16009822

申请日：2018-06-15

Applicant: NEC Laboratories America, Inc.

Inventor： Tan Yan ,  Haifeng Chen ,  LuAn Tang

IPC: G05B13/02 ,  B01D53/30 ,  G05B13/04

Abstract: A computer-implemented method, system, and computer program product are provided for anomaly detection. The method includes receiving, by a processor, sensor data from a plurality of sensors in a system. The method also includes generating, by the processor, a relationship model based on the sensor data. The method additionally includes updating, by the processor, the relationship model with new sensor data. The method further includes identifying, by the processor, an anomaly based on a fused single-variant time series fitness score in the relationship model. The method also includes controlling an operation of a processor-based machine to change a state of the processor-based machine, responsive to the anomaly.

公开(公告)号：US20200089556A1

公开(公告)日：2020-03-19

申请号：US16562755

申请日：2019-09-06

Applicant: NEC Laboratories America, Inc.

Inventor： Haifeng Chen ,  Bo Zong ,  Wei Cheng ,  LuAn Tang ,  Jingchao Ni

IPC: G06F11/07 ,  G06K9/62 ,  G06N20/10 ,  G06N3/08

Abstract: Systems and methods for implementing heterogeneous feature integration for device behavior analysis (HFIDBA) are provided. The method includes representing each of multiple devices as a sequence of vectors for communications and as a separate vector for a device profile. The method also includes extracting static features, temporal features, and deep embedded features from the sequence of vectors to represent behavior of each device. The method further includes determining, by a processor device, a status of a device based on vector representations of each of the multiple devices.

公开(公告)号：US10476754B2

公开(公告)日：2019-11-12

申请号：US15902432

申请日：2018-02-22

Applicant: NEC Laboratories America, Inc.

Inventor： Zhengzhang Chen ,  LuAn Tang ,  Zhichun Li ,  Cheng Cao

IPC: H04L12/24 ,  H04L29/06 ,  G06F21/55 ,  H04L12/26

Abstract: Methods and systems for detecting host community include modeling a target host's behavior based on historical events recorded at the target host. One or more original peer hosts having behavior similar to the target host's behavior are found by determining a distance in a latent space that embeds the historical events between events of the target host and events of the one or more original peer hosts. A security management action is performed based on behavior of the target host and the determined one or more original peer hosts.

公开(公告)号：US20190342330A1

公开(公告)日：2019-11-07

申请号：US16379024

申请日：2019-04-09

Applicant: NEC Laboratories America, Inc.

Inventor： Zhenyu Wu ,  Yue Li ,  Junghwan Rhee ,  Kangkook Jee ,  Zichun Li ,  Jumpei Kamimura ,  LuAn Tang ,  Zhengzhang Chen

IPC: H04L29/06 ,  G06F11/34 ,  G06F16/901

Abstract: A method for ransomware detection and prevention includes receiving an event stream associated with one or more computer system events, generating user-added-value knowledge data for one or more digital assets by modeling digital asset interactions based on the event stream, including accumulating user-added-values of each of the one or more digital assets, and detecting ransomware behavior based at least in part on the user-added-value knowledge, including analyzing destruction of the user-added values for the one or more digital assets.

公开(公告)号：US20190050561A1

公开(公告)日：2019-02-14

申请号：US16006164

申请日：2018-06-12

Applicant: NEC Laboratories America, Inc.

Inventor： Ding Li ,  Kangkook Jee ,  Zhengzhang Chen ,  LuAn Tang ,  Zhichun Li

IPC: G06F21/55 ,  G06F17/30 ,  G06F9/48

Abstract: A method and system are provided for improving threat detection in a computer system by performing an inter-application dependency analysis on events of the computer system. The method includes receiving, by a processor operatively coupled to a memory, a Tracking Description Language (TDL) query including general constraints, a tracking declaration and an output specification, parsing, by the processor, the TDL query using a language parser, executing, by the processor, a tracking analysis based on the parsed TDL query, generating, by the processor, a tracking graph by cleaning a result of the tracking analysis, and outputting, by the processor and via an interface, query results based on the tracking graph.

公开(公告)号：US20180183824A1

公开(公告)日：2018-06-28

申请号：US15902318

申请日：2018-02-22

Applicant: NEC Laboratories America, Inc.

Inventor： Zhengzhang Chen ,  LuAn Tang ,  Zhichun Li ,  Cheng Cao

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  G06F21/554 ,  H04L63/1416 ,  H04L63/1433

Abstract: Systems and methods for determining a risk level of a host in a network include modeling a target host's behavior based on historical events recorded at the target host. One or more original peer hosts having behavior similar to the target host's behavior are determined. An anomaly score for the target host is determined based on how the target host's behavior changes relative to behavior of the one or more original peer hosts over time. A security management action is performed based on the anomaly score.