公开(公告)号：US10883345B2

公开(公告)日：2021-01-05

申请号：US16034663

申请日：2018-07-13

Applicant: NEC Laboratories America, Inc.

Inventor： Jianwu Xu ,  Tanay Kumar Saha ,  Haifeng Chen ,  Hui Zhang

IPC: G06F16/45 ,  E21B43/08 ,  B01D29/21 ,  B01D39/20 ,  B01D29/11 ,  B01D29/33 ,  G06F16/22 ,  G06F16/28 ,  G06F16/26 ,  G06F7/08

Abstract: A method and system are provided for processing computer log messages for log visualization and log retrieval. The method includes collecting log messages from one or more computer system components, performing a log tokenization process on the log messages to generate tokens, transforming the tokens into log vectors associated with a metric space, performing dimensionality reduction on the metric space to project the metric space into a lower dimensional sub-space, storing similarity distances between respective pairs of the log vectors, and in response to receiving a query associated with a query log message for reducing operational inefficiencies of the one or more computer system components, employing the similarity distances to retrieve one or more similar log messages corresponding to the query log message for reducing the operational inefficiencies of the one or more computer system components.

公开(公告)号：US20190095417A1

公开(公告)日：2019-03-28

申请号：US16145580

申请日：2018-09-28

Applicant: NEC Laboratories America, Inc.

Inventor： Jianwu Xu ,  Hui Zhang ,  Haifeng Chen ,  Tanay Kumar Saha

IPC: G06F17/27

Abstract: A computer-implemented method, system, and computer program product are provided for content aware heterogeneous log pattern comparative analysis. The method includes receiving, by a processor-device, a plurality of heterogeneous logs. The method also includes extracting, by the processor-device, a plurality of log syntactic patterns from the plurality of heterogenous logs. The method additionally includes generating, by the processor-device, latent representation vectors for each of the plurality of log syntactic patterns. The method further includes predicting, by the processor-device, an anomaly from the clustered latent representation vectors. The method also includes controlling an operation of a processor-based machine to react in accordance with the anomaly.

公开(公告)号：US10235231B2

公开(公告)日：2019-03-19

申请号：US15351449

申请日：2016-11-15

Applicant: NEC Laboratories America, Inc.

Inventor： Kai Zhang ,  Jianwu Xu ,  Hui Zhang ,  Guofei Jiang

IPC: G06N5/04 ,  G06N7/00 ,  G06F11/07 ,  G06F11/34

Abstract: An exemplary method for detecting one or more anomalies in a system includes building a temporal causality graph describing functional relationship among local components in normal period; applying the causality graph as a propagation template to predict a system status by iteratively applying current system event signatures; and detecting the one or more anomalies of the system by examining related patterns on the template causality graph that specifies normal system behaviors. The system can align event patterns on the causality graph to determine an anomaly score.

公开(公告)号：US20190073406A1

公开(公告)日：2019-03-07

申请号：US16034663

申请日：2018-07-13

Applicant: NEC Laboratories America, Inc.

Inventor： Jianwu Xu ,  Tanay Kumar Saha ,  Haifeng Chen ,  Hui Zhang

IPC: G06F17/30 ,  G06F7/08

Abstract: A method and system are provided for processing computer log messages for log visualization and log retrieval. The method includes collecting log messages from one or more computer system components, performing a log tokenization process on the log messages to generate tokens, transforming the tokens into log vectors associated with a metric space, performing dimensionality reduction on the metric space to project the metric space into a lower dimensional sub-space, storing similarity distances between respective pairs of the log vectors, and in response to receiving a query associated with a query log message for reducing operational inefficiencies of the one or more computer system components, employing the similarity distances to retrieve one or more similar log messages corresponding to the query log message for reducing the operational inefficiencies of the one or more computer system components.

公开(公告)号：US20180309648A1

公开(公告)日：2018-10-25

申请号：US15956392

申请日：2018-04-18

Applicant: NEC Laboratories America, Inc.

Inventor： Biplob Debnath ,  Hui Zhang

IPC: H04L12/26 ,  H04W4/38 ,  G06F17/30 ,  G06F17/27 ,  G06K9/62 ,  G06K9/72

CPC classification number: H04L43/06 ,  G06F16/325 ,  G06F17/277 ,  G06K9/6253 ,  G06K9/726 ,  H04W4/38 ,  H04W4/70

Abstract: A computer-implemented method for generating patterns from a set of heterogeneous log messages is presented. The method includes collecting the set of heterogenous log messages from arbitrary or unknown systems or applications or sensors or instruments, splitting the log messages into tokens based on a set of delimiters, identifying datatypes of the tokens, identifying a log structure of the log messages by generating pattern-signatures of all the tokens and the datatypes based on predefined pattern settings, generating a pattern for each of the log structures and enabling users to edit the pattern for each of the log structures based on user requirements.

公开(公告)号：US20180174065A1

公开(公告)日：2018-06-21

申请号：US15678751

申请日：2017-08-16

Applicant: NEC Laboratories America, Inc.

Inventor： Biplob Debnath ,  Hui Zhang ,  Jianwu Xu ,  Nipun Arora ,  Guofei Jiang ,  Bo Zong

IPC: G06N7/00 ,  G06N99/00

CPC classification number: G06N7/00 ,  G06F11/00 ,  G06N20/00

Abstract: A computer-implemented method for automatically analyzing log contents received via a network and detecting content-level anomalies is presented. The computer-implemented method includes building a statistical model based on contents of a set of training logs and detecting, based on the set of training logs, content-level anomalies for a set of testing logs. The method further includes maintaining an index and metadata, generating attributes for fields, editing model capability to incorporate user domain knowledge, detecting anomalies using field attributes, and improving anomaly quality by using user feedback.

公开(公告)号：US20170235626A1

公开(公告)日：2017-08-17

申请号：US15351449

申请日：2016-11-15

Applicant: NEC Laboratories America, Inc.

Inventor： Kai Zhang ,  Jianwu Xu ,  Hui Zhang ,  Guofei Jiang

IPC: G06F11/07 ,  G06N7/00 ,  G06N5/04

CPC classification number: G06F11/0775 ,  G06F11/0709 ,  G06F11/0751 ,  G06F11/079 ,  G06F11/3452 ,  G06F2201/83 ,  G06F2201/86 ,  G06N5/04 ,  G06N7/00

Abstract: An exemplary method for detecting one or more anomalies in a system includes building a temporal causality graph describing functional relationship among local components in normal period; applying the causality graph as a propagation template to predict a system status by iteratively applying current system event signatures; and detecting the one or more anomalies of the system by examining related patterns on the template causality graph that specifies normal system behaviors. The system can aligning event patterns on the causality graph to determine an anomaly score.

公开(公告)号：US20170132523A1

公开(公告)日：2017-05-11

申请号：US15340255

申请日：2016-11-01

Applicant: NEC Laboratories America, Inc.

Inventor： Hui Zhang ,  Haifeng Chen ,  Jianwu Xu ,  Kenji Yoshihira ,  Guofei Jiang

IPC: G06N5/04 ,  G06N99/00

CPC classification number: G06N5/047 ,  G06N20/00

Abstract: Systems and methods are disclosed for detecting periodic event behaviors from machine generated logging by: capturing heterogeneous log messages, each log message including a time stamp and text content with one or more fields; recognizing log formats from log messages; transforming the text content into a set of time series data, one time series for each log format; during a training phase, analyzing the set of time series data and building a category model for each periodic event type in heterogeneous logs; and during live operation, applying the category model to a stream of time series data from live heterogeneous log messages and generating a flag on a time series data point violating the category model and generating an alarm report for the corresponding log message.

公开(公告)号：US20170132278A1

公开(公告)日：2017-05-11

申请号：US15340341

申请日：2016-11-01

Applicant: NEC Laboratories America, Inc.

Inventor： Junghwan Rhee ,  Jianwu Xu ,  Hui Zhang ,  Guofei Jiang

IPC: G06F17/30

CPC classification number: G06F16/2425 ,  G06F16/116 ,  G06F16/2455

Abstract: Systems and methods are disclosed for analyzing logs generated by a machine by analyzing a log and identifying one or more abstract landmark delimiters (ALDs) representing delimiters for log tokenization; from the log and ALDs, tokenizing the log and generating an increasingly tokenized format by separating the patterns with the ALD to form an intermediate tokenized log; iteratively repeating the tokenizing of the logs until a last intermediate tokenized log is processed as a final tokenized log; and applying the tokenized logs in applications.

公开(公告)号：US09471461B2

公开(公告)日：2016-10-18

申请号：US14227481

申请日：2014-03-27

Applicant: NEC Laboratories America, Inc.

Inventor： Jungwhan Rhee ,  Hui Zhang ,  Nipun Arora ,  Guofei Jiang ,  Qiang Zeng

IPC: G06F9/44 ,  G06F11/34

CPC classification number: G06F11/3466 ,  G06F2201/865

Abstract: A computer implemented method for maintaining a program's calling context correct even when a monitoring of the program goes out of a scope of a program analysis by validating function call transitions and recovering partial paths before and after the violation of the program's control flow. The method includes detecting a violation of control flow invariants in the software system including validating a source and destination of a function call in the software system, interpreting a pre-violation partial path responsive to a failure of the validating, and interpreting a post violation path after a violation of program flow.

Abstract translation: 即使当程序的监视超出程序分析的范围时，通过验证功能调用转换并在违反程序的控制流程之前和之后恢复部分路径，用于维护程序的调用上下文的计算机实现的方法也是正确的。 该方法包括检测软件系统中的控制流不变量的违反，包括验证软件系统中的函数调用的源和目的地，响应于验证失败解释预先违反部分路径，以及解释后违反路径 违反程序流程后。