-
公开(公告)号:US20240354184A1
公开(公告)日:2024-10-24
申请号:US18594487
申请日:2024-03-04
发明人: Peng Yuan , LuAn Tang , Haifeng Chen , Yuncong Chen , Zhengzhang Chen , Motoyuki Sato
IPC分类号: G06F11/07
CPC分类号: G06F11/079 , G06F11/0736 , G06F11/0793
摘要: Systems and methods are provided for incident analysis in Cyber-Physical Systems (CPS) using a Temporal Graph-based Incident Analysis System (TGIAS) and/or Transition Based Categorical Anomaly Detection (TCAD). Dynamically gathered multimodal data from a distributed network of sensors across the CPS are preprocessed to identify abnormal sensor readings indicative of potential incidents, and a multi-layered incident timeline graph, representing abnormal sensor readings, relationships to specific CPS components, and temporal sequencing of events is constructed. Severity scores are calculated, and severity rankings are assigned to identified anomalies based on a composite index including impact on CPS operation, comparison with historical incident data, and predictive risk assessments. Probable root causes of incidents and pathways for anomaly propagation through the CPS are identified using causal interference and the incident timeline graph to detect underlying vulnerabilities and predict future system weaknesses. Recommended actions are generated and executed for incident resolution and system optimization.
-
公开(公告)号:US20240303149A1
公开(公告)日:2024-09-12
申请号:US18599322
申请日:2024-03-08
发明人: Yuncong Chen , Haifeng Chen , LuAn Tang , Zhengzhang Chen
CPC分类号: G06F11/079 , G06F11/0721 , G16H50/30
摘要: Methods and systems for anomaly detection include encoding a time series with a time series encoder and encoding an event sequence with an event sequence encoder. A latent code is generated from outputs of the time series encoder and the event sequence encoder. The time series is reconstructed from the latent code using a time series decoder. The event sequence is reconstructed from the latent code using an event sequence decoder. An anomaly score is determined based on a reconstruction loss of the reconstructed time series and a reconstruction loss of the reconstructed event sequence. An action is performed responsive to the anomaly score.
-
3.发明公开公开(公告)号:US20240134736A1
公开(公告)日:2024-04-25
申请号:US18493374
申请日:2023-10-23
发明人: Yuncong Chen , LuAn Tang , Yanchi Liu , Zhengzhang Chen , Haifeng Chen
IPC分类号: G06F11/07
CPC分类号: G06F11/079 , G06F11/0709 , G06F11/0793 , G16H50/20
摘要: Methods and systems for anomaly detection include encoding a multivariate time series and a multi-type event sequence using respective transformers and an aggregation network to generate a feature vector. Anomaly detection is performed using the feature vector to identify an anomaly within a system. A corrective action is performed responsive to the anomaly to correct or mitigate an effect of the anomaly. The detected anomaly can be used in a healthcare context to support decision making by medical professionals with respect to the treatment of a patient. The encoding may include machine learning models to implement the transformers and the aggregation network using deep learning.
-
公开(公告)号:US20220111836A1
公开(公告)日:2022-04-14
申请号:US17493323
申请日:2021-10-04
发明人: LuAn Tang , Wei Cheng , Haifeng Chen , Zhengzhang Chen , Yuxiang Ren
摘要: A method for vehicle fault detection is provided. The method includes training, by a cloud module controlled by a processor device, an entity-shared modular and a shared modular connection controller. The entity-shared modular stores common knowledge for a transfer scope, and is formed from a set of sub-networks which are dynamically assembled for different target entities of a vehicle by the shared modular connection controller. The method further includes training, by an edge module controlled by another processor device, an entity-specific decoder and an entity-specific connection controller. The entity-specific decoder is for filtering entity-specific information from the common knowledge in the entity-shared modular by dynamically assembling the set of sub-networks in a manner decided by the entity specific connection controller.
-
公开(公告)号:US20220067535A1
公开(公告)日:2022-03-03
申请号:US17465054
申请日:2021-09-02
发明人: LuAn Tang , Wei Cheng , Haifeng Chen , Yuji Kobayashi
摘要: Methods and systems for training and deploying a neural network mode include training a modular encoder model using training data collected from heterogeneous system types. The modular encoder model includes layers of neural network blocks and a selectively enabled connections between neural network blocks of adjacent layers. Each neural network block includes neural network layers. The modular encoder model is deployed to a system corresponding to one of the heterogeneous system types.
-
公开(公告)号:US11169865B2
公开(公告)日:2021-11-09
申请号:US16562755
申请日:2019-09-06
发明人: Haifeng Chen , Bo Zong , Wei Cheng , LuAn Tang , Jingchao Ni
摘要: Systems and methods for implementing heterogeneous feature integration for device behavior analysis (HFIDBA) are provided. The method includes representing each of multiple devices as a sequence of vectors for communications and as a separate vector for a device profile. The method also includes extracting static features, temporal features, and deep embedded features from the sequence of vectors to represent behavior of each device. The method further includes determining, by a processor device, a status of a device based on vector representations of each of the multiple devices.
-
公开(公告)号:US10915626B2
公开(公告)日:2021-02-09
申请号:US16161769
申请日:2018-10-16
发明人: LuAn Tang , Zhengzhang Chen , Zhichun Li , Zhenyu Wu , Jumpei Kamimura , Haifeng Chen
摘要: A computer-implemented method for implementing alert interpretation in enterprise security systems is presented. The computer-implemented method includes employing a plurality of sensors to monitor streaming data from a plurality of computing devices, generating alerts based on the monitored streaming data, and employing an alert interpretation module to interpret the alerts in real-time, the alert interpretation module including a process-star graph constructor for retrieving relationships from the streaming data to construct process-star graph models and an alert cause detector for analyzing the alerts based on the process-star graph models to determine an entity that causes an alert.
-
公开(公告)号:US20200092316A1
公开(公告)日:2020-03-19
申请号:US16565746
申请日:2019-09-10
发明人: LuAn Tang , Jingchao Ni , Wei Cheng , Haifeng chen , Dongjin Song , Bo Zong , Wenchao Yu
IPC分类号: H04L29/06 , G06K9/62 , G06F16/901
摘要: Systems and methods for implementing dynamic graph analysis (DGA) to detect anomalous network traffic are provided. The method includes processing communications and profile data associated with multiple devices to determine dynamic graphs. The method includes generating features to model temporal behaviors of network traffic generated by the multiple devices based on the dynamic graphs. The method also includes formulating a list of prediction results for sources of the anomalous network traffic from the multiple devices based on the temporal behaviors.
-
公开(公告)号:US20200019858A1
公开(公告)日:2020-01-16
申请号:US16508512
申请日:2019-07-11
发明人: Shuchu Han , LuAn Tang , Haifeng Chen
摘要: Methods and systems for optimizing performance of a cyber-physical system include training a machine learning model, according to sensor data from the cyber-physical system, to generate one or more parameters for controllable sensors in the cyber-physical system that optimize a performance indicator. New sensor data is collected from the cyber-physical system. One or more parameters for the controllable sensors are generated using the trained machine learning module and the new sensor data. The one or more parameters are applied to the controllable sensors to optimize the performance of the cyber-physical system.
-
公开(公告)号:US10476749B2
公开(公告)日:2019-11-12
申请号:US15477603
申请日:2017-04-03
发明人: Kenji Yoshihira , Zhichun Li , Zhengzhang Chen , Haifeng Chen , Guofei Jiang , LuAn Tang
摘要: Methods and systems for reporting anomalous events include intra-host clustering a set of alerts based on a process graph that models states of process-level events in a network. Hidden relationship clustering is performed on the intra-host clustered alerts based on hidden relationships between alerts in respective clusters. Inter-host clustering is performed on the hidden relationship clustered alerts based on a topology graph that models source and destination relationships between connection events in the network. Inter-host clustered alerts that exceed a threshold level of trustworthiness are reported.
-
-
-
-
-
-
-
-
-
搜索结果
82 条记录 (耗时 0.027 秒)
