公开(公告)号：US20230376607A1

公开(公告)日：2023-11-23

申请号：US18034536

申请日：2020-11-19

Applicant: NEC CORPORATION

Inventor： Junpei KAMIMURA ,  Kazuhiko ISOYAMA ,  Yoshiakai SHKAE

IPC: G06F21/57

CPC classification number: G06F21/577 ,  G06F2221/033

Abstract: In order to determine whether or not there is a security risk, based on an actual data flow in a system to be analyzed, an analysis apparatus includes: a receiving unit configured to receive history information related to operation history of a program operating in a system to be analyzed; a generating unit configured to generate data flow information indicating a path of data exchanged in the system to be analyzed, based on the history information; and a risk determining unit configured to perform a risk determining process for determining whether or not there is a security risk in the data flow information, based on a preset determination condition.

公开(公告)号：US20200244688A1

公开(公告)日：2020-07-30

申请号：US16634964

申请日：2018-08-07

Applicant: NEC Corporation

Inventor： Etsuko ICHIHARA ,  Yoshiaki SAKAE ,  Shuichi KARINO ,  Hiroki TAGATO ,  Kazuhiko ISOYAMA ,  Yuji KOBAYASHI ,  Takayoshi ASAKURA

IPC: H04L29/06

Abstract: Disclosed are an information selection device and the like that make it possible to rapidly acquire information about an event of interest. An information selection device is configured to specify target log information among log information. The log information represents that a process is executed for a processing object in a target system and the target log information represents a processing object that may affect an abnormal process executed in the target system. The information selection device is configured to calculate a frequency of the target log information for each combination of the process with the processing object, calculate an abnormality degree of the target log information based on the calculated frequency and select relevant log information with having the abnormality degree satisfying a condition for determining abnormal log information among the target log information.

公开(公告)号：US20200057703A1

公开(公告)日：2020-02-20

申请号：US16487169

申请日：2018-02-19

Applicant: NEC CORPORATION

Inventor： Shuichi KARINO ,  Kazuhiko ISOYAMA ,  Yuji KOBAYYASHI ,  Yoshiaki SAKAE ,  Hiroki TAGATO ,  Masato YASUDA

IPC: G06F11/30 ,  G06F11/07 ,  G06F11/34

Abstract: Provided is an information processing device which is capable of suppressing a deterioration in accuracy of detecting an anomaly and accuracy of analyzing the anomaly, while suppressing an increase in an amount of data to be stored. The information processing system includes anomaly detection unit that collects event data indicating a predetermined event detected in a process of a device to be monitored, determines whether a predetermined index value related to the event exceeds a preset first threshold, and instructs enhanced monitoring of the device to be monitored and the process related to the event when the index value exceeds the first threshold, and collection instruction unit that determines an additional event being an event to be additionally monitored when the enhanced monitoring is instructed, and instructs the device to be monitored, which is subjected to the enhanced monitoring, to monitor the determined additional event.

公开(公告)号：US20170262145A1

公开(公告)日：2017-09-14

申请号：US15509783

申请日：2015-09-07

Applicant: NEC Corporation

Inventor： Kazuhiko ISOYAMA ,  Etsuko ICHIHARA ,  Junpei KAMIMURA ,  Yoshiaki SAKAE ,  Yuji KOBAYASHI ,  Takashi NOMURA ,  Koji KIDA

IPC: G06F3/0482 ,  G06F11/32

CPC classification number: G06F3/0482 ,  G06F11/30 ,  G06F11/32 ,  G06F11/324 ,  G06F21/00

Abstract: Disclosed are a display control device, etc., with which information is displayed according to a display mode having high visibility. Provided is a display control device (101), comprising: a first identification information creation unit (103) with which a plurality of communication bodies which are capable of communication are classified into a plurality of groups, said unit creating first identification information which represents at least a portion of the communication bodies which are included in one of the groups; a second identification information creation unit (104) which creates second identification information which collectively represents a group set which represents two or more groups of the plurality of groups; and a control unit (102) which, on the basis of the size of a region which is displayed in a display means, selects specified identification information from the first identification information or the second identification information, and controls to display, in the display means, device identification information which represents the communication bodies which are not included in the specified identification information and/or the group identification information which represents the groups which are not included in the specified identification information, along with the specified identification information.

公开(公告)号：US20230418720A1

公开(公告)日：2023-12-28

申请号：US18038082

申请日：2020-11-30

Applicant: NEC Corporation

Inventor： Kazuhiko ISOYAMA ,  Junpei KAMIMURA ,  Yoshiaki SAKAE

IPC: G06F11/30

CPC classification number: G06F11/3006

Abstract: A system monitoring apparatus comprising: a complementing unit that generates complemented node information by complementing, based on a complementing model trained using information collected in a testing system using a monitoring command and an agent, first node information collected in an operated system using the monitoring command; and



an estimating unit that estimates the probability of a link being present between nodes by inputting the complemented node information to a link estimating model trained using the information collected in the testing system using the monitoring command and the agent.

公开(公告)号：US20210342396A1

公开(公告)日：2021-11-04

申请号：US16980234

申请日：2018-03-14

Applicant: NEC Corporation

Inventor： Jun NISHIOKA ,  Yoshiaki SAKAE ,  Kazuhiko ISOYAMA ,  Etsuko ICHIHARA ,  Kosuke YOSHIDA

IPC: G06F16/901 ,  G06F16/33 ,  G06F16/31 ,  G06F16/28 ,  G06F3/0484

Abstract: To enable a user to easily recognize temporal order of elements included in a retrieval sentence, a retrieval sentence utilization device 10 includes: a retrieval sentence division unit 11 for dividing a retrieval sentence into a plurality of retrieval contents each of which includes an event; and a directed graph generation unit 12 for generating, from each of the retrieval contents, a subtree in which the event is an edge and a source of the event and an object of the event are nodes, and integrating a plurality of subtrees generated from the retrieval contents to generate a directed graph, wherein the directed graph generation unit 12 places the plurality of subtrees in the directed graph according to occurrence order of events corresponding to the plurality of subtrees.

公开(公告)号：US20210133068A1

公开(公告)日：2021-05-06

申请号：US17145949

申请日：2021-01-11

Applicant: NEC CORPORATION

Inventor： Shuichi KARINO ,  Kazuhiko ISOYAMA ,  Yuji KOBAYASHI ,  Yoshiaki SAKAE ,  Hiroki TAGATO ,  Masato YASUDA

IPC: G06F11/30 ,  G06F11/07 ,  G06F11/34

Abstract: Provided is an information processing device which is capable of suppressing a deterioration in accuracy of detecting an anomaly and accuracy of analyzing the anomaly, while suppressing an increase in an amount of data to be stored. The information processing system includes anomaly detection unit that collects event data indicating a predetermined event detected in a process of a device to be monitored, determines whether a predetermined index value related to the event exceeds a preset first threshold, and instructs enhanced monitoring of the device to be monitored and the process related to the event when the index value exceeds the first threshold, and collection instruction unit that determines an additional event being an event to be additionally monitored when the enhanced monitoring is instructed, and instructs the device to be monitored, which is subjected to the enhanced monitoring, to monitor the determined additional event.

公开(公告)号：US20200264962A1

公开(公告)日：2020-08-20

申请号：US16061403

申请日：2016-12-19

Applicant: NEC Corporation

Inventor： Etsuko ICHIHARA ,  Koji KIDA ,  Yoshiaki SAKAE ,  Kazuhiko ISOYAMA ,  Junpei KAMIMURA ,  Takashi NOMURA ,  Yuji KOBAYASHI

IPC: G06F11/32 ,  G06F11/30 ,  G06F11/34

Abstract: Provided is, for example, a display control apparatus that generates display information with which an event having occurred in an information processing system can be easily determined. This display control apparatus 101 comprises a display control unit 102 that, on the basis of device information indicating a device detected by a first information processing apparatus in an information processing system and communication information indicating communication executed between a second information processing apparatus in the information processing system and a third information processing apparatus in the information processing system: performs displaying on a display apparatus in a manner such that said device and said first information processing apparatus are associated with one another; and performs displaying on said display apparatus in a manner such that said second information processing apparatus and said third information processing apparatus are associated with one another.

公开(公告)号：US20170132060A1

公开(公告)日：2017-05-11

申请号：US15127354

申请日：2015-03-18

Applicant: NEC Corporation

Inventor： Takashi NOMURA ,  Koji KIDA ,  Junpei KAMIMURA ,  Yoshiaki SAKAE ,  Etsuko KATSUDA ,  Kazuhiko ISOYAMA ,  Kentaro YAMASAKI ,  Yuji KOBAYASHI

IPC: G06F11/07 ,  G06F11/34 ,  G06F11/30

Abstract: The present invention provides an information processing device that improves the detectability of system errors. This information processing device includes: a means that generates a state graph based on relationship change information indicating a change in the relationship between a plurality of elements included in a system, the state graph having the elements as the vertices thereof and the relationship between the elements as the sides thereof; a means that generates a normal model having the state graph as a set of conditions to be fulfilled during normal system operation, based on the relationship change information; and a means that detects system errors and outputs error information indicating detected errors, based on the state graph and the normal model.

公开(公告)号：US20220374528A1

公开(公告)日：2022-11-24

申请号：US17767127

申请日：2019-10-25

Applicant: NEC Corporation

Inventor： Kazuhiko ISOYAMA ,  Yoshiaki SAKAE ,  Jun NISHIOKA ,  Yuji KOBAYASHI

IPC: G06F21/57

Abstract: In order to provide an evaluation apparatus that appropriately evaluates a risk from continuous execution of an application without stopping execution of the application, an evaluation apparatus includes a first obtaining section, an evaluating section, and an output section. The first obtaining section is configured to obtain application information related to an application being executed on a server. The evaluating section is configured to evaluate a risk degree from continuous execution of the application on the server, based on the application information. The output section is configured to output an evaluation result of the risk degree.