公开(公告)号：US11463472B2

公开(公告)日：2022-10-04

申请号：US16653259

申请日：2019-10-15

Applicant: NEC Laboratories America, Inc.

Inventor： Zhengzhang Chen ,  Ding Li ,  Zhichun Li ,  Shen Wang

IPC: H04L29/06 ,  H04L9/40 ,  G06K9/62 ,  G06F16/901 ,  G06N3/04

Abstract: A method for detecting malicious program behavior includes performing program verification based on system activity data, analyzing unverified program data identified from the program verification to detect abnormal events, including analyzing host-level events to detect abnormal host-level events by learning a program representation as a graph embedding through an attentional architecture based on an invariant graph between different system entities, generating detection results based on the analysis, and performing at least one corrective action based on the detection results.

公开(公告)号：US20210067549A1

公开(公告)日：2021-03-04

申请号：US17004752

申请日：2020-08-27

Applicant: NEC Laboratories America, Inc.

Inventor： Zhengzhang Chen ,  Jiaping Gui ,  Haifeng Chen ,  Junghwan Rhee ,  Shen Wang

IPC: H04L29/06 ,  G06N3/08

Abstract: Methods and systems for detecting and responding to an intrusion in a computer network include generating an adversarial training data set that includes original samples and adversarial samples, by perturbing one or more of the original samples with an integrated gradient attack to generate the adversarial samples. The original and adversarial samples are encoded to generate respective original and adversarial graph representations, based on node neighborhood aggregation. A graph-based neural network is trained to detect anomalous activity in a computer network, using the adversarial training data set. A security action is performed responsive to the detected anomalous activity.

公开(公告)号：US11606389B2

公开(公告)日：2023-03-14

申请号：US17004752

申请日：2020-08-27

Applicant: NEC Laboratories America, Inc.

Inventor： Zhengzhang Chen ,  Jiaping Gui ,  Haifeng Chen ,  Junghwan Rhee ,  Shen Wang

IPC: H04L29/06 ,  H04L9/40 ,  G06N3/08

Abstract: Methods and systems for detecting and responding to an intrusion in a computer network include generating an adversarial training data set that includes original samples and adversarial samples, by perturbing one or more of the original samples with an integrated gradient attack to generate the adversarial samples. The original and adversarial samples are encoded to generate respective original and adversarial graph representations, based on node neighborhood aggregation. A graph-based neural network is trained to detect anomalous activity in a computer network, using the adversarial training data set. A security action is performed responsive to the detected anomalous activity.