公开(公告)号：US20210248425A1

公开(公告)日：2021-08-12

申请号：US17155452

申请日：2021-01-22

Applicant: NEC Laboratories America, Inc.

Inventor： Bo Zong ,  Haifeng Chen ,  Lichen Wang

IPC: G06K9/62 ,  G06N3/08 ,  G06F40/30 ,  G06N5/00

Abstract: A method for implementing graph-based reinforced text representation learning (GRTR) is presented. The method includes, in a training phase, generating a dependency tree for training text data, training a GRTR agent by learning to navigate in the dependency tree and selectively collecting semantic information, learning GRTR agents, and storing, in a GRTR-specific memory, parameters of the learned GRTR agents. The method further includes, in a testing phase, generating a dependency tree for testing the text data, retrieving and evaluating the learned GRTR agents of the training phase to evaluate testing samples, making task-specific decisions for the testing samples, and reporting the task-specific decisions to a computing device operated by a user.

公开(公告)号：US11544377B2

公开(公告)日：2023-01-03

申请号：US17017048

申请日：2020-09-10

Applicant: NEC Laboratories America, Inc.

Inventor： Bo Zong ,  Haifeng Chen ,  Lichen Wang

IPC: G06F21/56 ,  G06V10/75 ,  G06K9/62 ,  G06N3/04

Abstract: Methods and systems for detecting abnormal application behavior include determining a vector representation of a first syscall graph that is generated by a first application, the vector representation including a representation of a distribution of subgraphs of the first syscall graph. The vector representation of the first syscall graph is compared to one or more second syscall graphs that are generated by respective second applications to determine respective similarity scores. It is determined that the first application is behaving abnormally based on the similarity scores, and a security action is performed responsive to the determination that the first application is behaving abnormally.

公开(公告)号：US20210089652A1

公开(公告)日：2021-03-25

申请号：US17017048

申请日：2020-09-10

Applicant: NEC Laboratories America, Inc.

Inventor： Bo Zong ,  Haifeng Chen ,  Lichen Wang

IPC: G06F21/56 ,  G06K9/62 ,  G06N3/04

Abstract: Methods and systems for detecting abnormal application behavior include determining a vector representation of a first syscall graph that is generated by a first application, the vector representation including a representation of a distribution of subgraphs of the first syscall graph. The vector representation of the first syscall graph is compared to one or more second syscall graphs that are generated by respective second applications to determine respective similarity scores. It is determined that the first application is behaving abnormally based on the similarity scores, and a security action is performed responsive to the determination that the first application is behaving abnormally.