-
公开(公告)号:US11275832B2
公开(公告)日:2022-03-15
申请号:US16781366
申请日:2020-02-04
Applicant: NEC Laboratories America, Inc.
Inventor: Ding Li , Kangkook Jee , Zhichun Li , Zhengzhang Chen , Xiao Yu
Abstract: Methods and systems for security monitoring and response include assigning an anomaly score to each of a plurality of event paths that are stored in a first memory. Events that are cold, events that are older than a threshold, and events that are not part of a top-k anomalous path are identified. The identified events are evicted from the first memory to a second memory. A threat associated with events in the first memory is identified. A security action is performed responsive to the identified threat.
-
公开(公告)号:US10853487B2
公开(公告)日:2020-12-01
申请号:US16039993
申请日:2018-07-19
Applicant: NEC Laboratories America, Inc. , NEC Corporation
Inventor: Junghwan Rhee , Zhenyu Wu , Lauri Korts-Parn , Kangkook Jee , Zhichun Li , Omid Setayeshfar
Abstract: Systems and methods are disclosed for securing an enterprise environment by detecting suspicious software. A global program lineage graph is constructed. Construction of the global program lineage graph includes creating a node for each version of a program having been installed on a set of user machines. Additionally, at least two nodes are linked with a directional edge. For each version of the program, a prevalence number of the set of user machines on which each version of the program had been installed is determined; and the prevalence number is recorded to the metadata associated with the respective node. Anomalous behavior is identified based on structures formed by the at least two nodes and associated directional edge in the global program lineage graph. An alarm is displayed on a graphical user interface for each suspicious software based on the identified anomalous behavior.
-
公开(公告)号:US10733149B2
公开(公告)日:2020-08-04
申请号:US15979512
申请日:2018-05-15
Applicant: NEC Laboratories America, Inc.
Inventor: Ding Li , Kangkook Jee , Zhichun Li , Mu Zhang , Zhenyu Wu
IPC: G06F17/00 , G06F7/00 , G06F16/174 , G06F3/06 , G06K9/62 , G06F16/25 , G06F16/22 , G06F16/2455 , G06F21/62 , G06F16/901 , G06F21/55
Abstract: Systems and methods for data reduction including organizing data of an event stream into a file access table concurrently with receiving the event stream, the data including independent features and dependent features. A frequent pattern tree (FP-Tree) is built including nodes corresponding to the dependent features according to a frequency of occurrence of the dependent features relative to the independent features. Each single path in the FP-Tree is merged into a special node corresponding to segments of dependent features to produce a reduced FP-Tree. All path combinations in the reduced FP-Tree are identified. A compressible file access template (CFAT) is generated corresponding to each of the path combinations. The data of the event stream is compressed with the CFATs to reduce the dependent features to special events representing the dependent features.
-
公开(公告)号:US10572661B2
公开(公告)日:2020-02-25
申请号:US15652796
申请日:2017-07-18
Applicant: NEC Laboratories America, Inc.
Inventor: Zhenyu Wu , Jungwhan Rhee , Yuseok Jeon , Zhichun Li , Kangkook Jee , Guofei Jiang
Abstract: Methods and systems for security analysis include determining whether a process has an origin internal to a system or external to the system using a processor based on monitored behavior events associated with the process. A security analysis is performed on only processes that have an external origin to determine if any of the processes having an external origin represent a security threat. A security action is performed if a process having an external origin is determined to represent a security threat.
-
公开(公告)号:US20180336218A1
公开(公告)日:2018-11-22
申请号:US15979514
申请日:2018-05-15
Applicant: NEC Laboratories America, Inc.
Inventor: Ding Li , Kangkook Jee , Zhichun Li , Mu Zhang , Zhenyu Wu
Abstract: Systems and methods for mining and compressing commercial data including a network of point of sale devices to log commercial activity data including independent commercial events and corresponding dependent features. A middleware system is in communication with the network of point of sale devices to continuously collect and compress a stream of the commercial activity data and concurrently store the compressed commercial activity data. Compressing the stream includes a file access table corresponding to the commercial activity data, producing compressible file access templates (CFATs) according to frequent patterns of commercial activity data using the file access table, and replacing dependent feature sequences with a matching compressible file access template. A database is in communication with the middleware system to store the compressed commercial data. A commercial pattern analysis system is in communication with the database to determine patterns in commercial activities across the network of point of sale devices.
-
Patent Agency Ranking
6.发明授权公开(公告)号:US10929539B2
公开(公告)日:2021-02-23
申请号:US16040086
申请日:2018-07-19
Applicant: NEC Laboratories America, Inc. , NEC Corporation
Inventor: Jungwhan Rhee , Zhenyu Wu , Lauri Korts-Parn , Kangkook Jee , Zhichun Li , Omid Setayeshfar
Abstract: Systems and methods are disclosed for enhancing cybersecurity in a computer system by detecting safeness levels of executables. An installation lineage of an executable is identified in which entities forming the installation lineage include at least an installer of the monitored executable, and a network address from which the executable is retrieved. Each entity of the entities forming the installation lineage is individually analyzed using at least one safeness analysis. Results of the at least one safeness analysis of each entity are inherited by other entities in the lineage of the executable. A backtrace result for the executable is determined based on the inherited safeness evaluation of the executable. A total safeness of the executable, based on at least the backtrace result, is evaluated against a set of thresholds to detect a safeness level of the executable. The safeness level of the executable is output on a display screen.
-
公开(公告)号:US20200257794A1
公开(公告)日:2020-08-13
申请号:US16787610
申请日:2020-02-11
Applicant: NEC Laboratories America, Inc.
Inventor: Chung Hwan Kim , Junghwan Rhee , Kangkook Jee , Zhichun Li , Adil Ahmad , Haifeng Chen
Abstract: Systems and methods for implementing a system architecture to support a trusted execution environment (TEE) with computational acceleration are provided. The method includes establishing a first trusted channel between a user application stored on an enclave and a graphics processing unit (GPU) driver loaded on a hypervisor. Establishing the first trusted channel includes leveraging page permissions in an extended page table (EPT) to isolate the first trusted channel between the enclave and the GPU driver in a physical memory of an operating system (OS). The method further includes establishing a second trusted channel between the GPU driver and a GPU device. The method also includes launching a unified TEE that includes the enclave and the hypervisor with execution of application code of the user application.
-
公开(公告)号:US20200184070A1
公开(公告)日:2020-06-11
申请号:US16693710
申请日:2019-11-25
Applicant: NEC Laboratories America, Inc.
Inventor: Chung Hwan Kim , Junghwan Rhee , Kangkook Jee , Zhichun Li
Abstract: A method for implementing confidential machine learning with program compartmentalization includes implementing a development stage to design an ML program, including annotating source code of the ML program to generate an ML program annotation, performing program analysis based on the development stage, including compiling the source code of the ML program based on the ML program annotation, inserting binary code based on the program analysis, including inserting run-time code into a confidential part of the ML program and a non-confidential part of the ML program, and generating an ML model by executing the ML program with the inserted binary code to protect the confidentiality of the ML model and the ML program from attack.
-
公开(公告)号:US20180054445A1
公开(公告)日:2018-02-22
申请号:US15623538
申请日:2017-06-15
Applicant: NEC Laboratories America, Inc.
Inventor: Junghwan Rhee , Yuseok Jeon , Zhichun Li , Kangkook Jee , Zhenyu Wu , Guofei Jiang
IPC: H04L29/06
CPC classification number: H04L63/1425 , G06F21/55 , G06F21/606 , G06F2221/2141 , G06F2221/2145 , H04L63/1433
Abstract: A computer-implemented method for performing privilege flow analysis is presented. The computer-implemented method includes monitoring at least one program operating system (OS) event handled by a program, generating a privilege flow graph, determining an inferred program behavior context, and generating, based on a combination of the privilege flow graph and the inferred program behavior context, an inferred behavior context-aware privilege flow graph to distinguish different roles of processes and/or threads within the program.
-
公开(公告)号:US20170244620A1
公开(公告)日:2017-08-24
申请号:US15416346
申请日:2017-01-26
Applicant: NEC Laboratories America, Inc.
Inventor: Zhenyu Wu , Zhichun Li , Jungwhan Rhee , Fengyuan Xu , Guofei Jiang , Kangkook Jee , Xusheng Xiao , Zhang Xu
CPC classification number: H04L63/1425 , G06F21/55 , G06F21/552 , H04L63/1416
Abstract: Methods and systems for dependency tracking include identifying a hot process that generates bursts of events with interleaved dependencies. Events related to the hot process are aggregated according to a process-centric dependency approximation that ignores dependencies between the events related to the hot process. Causality in a reduced event stream that comprises the aggregated events is tracked.
-
-
-
-
-
-
-
-
-
Search Results
34
records
(took 0.015 seconds)
