公开(公告)号：WO2020086355A1

公开(公告)日：2020-04-30

申请号：PCT/US2019/056498

申请日：2019-10-16

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： YU, Wenchao ,  NI, Jingchao ,  ZONG, Bo ,  CHENG, Wei ,  CHEN, Haifeng ,  TANG, LuAn

IPC: G06N3/08 ,  G06N3/04

Abstract: Systems and methods for predicting system device failure are provided. The method includes performing (740) graph-based predictive maintenance (GBPM) to determine a trained ensemble classification model for detecting maintenance ready components that includes extracted node features and graph features. The method includes constructing (750), based on testing data and the trained ensemble classification model, an attributed temporal graph and the extracted node features and graph features. The method further includes concatenating (760) the extracted node features and graph features. The method also includes determining (770), based on the trained ensemble classification model, a list of prediction results of components that are to be scheduled for component maintenance.

公开(公告)号：WO2020076444A1

公开(公告)日：2020-04-16

申请号：PCT/US2019/049907

申请日：2019-09-06

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： CHENG, Wei ,  TANG, LuAn ,  SONG, Dongjin ,  ZONG, Bo ,  CHEN, Haifeng ,  NI, Jingchao ,  YU, Wenchao

IPC: H04L29/06 ,  G06F21/55 ,  G06N3/08

Abstract: Systems and methods for predicting system device failure are provided. The method includes representing (610) device failure related data associated with the devices from a predetermined domain by temporal graphs for each of the devices. The method also includes extracting (620) vector representations based on temporal graph features from the temporal graphs that capture both temporal and structural correlation in the device failure related data. The method further includes predicting (650), based on the vector representations and device failure related metrics in the predetermined domain, one or more of the devices that is expected to fail within a predetermined time.

公开(公告)号：WO2020036850A1

公开(公告)日：2020-02-20

申请号：PCT/US2019/046112

申请日：2019-08-12

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： RHEE, Junghwan ,  TANG, LuAn ,  CHEN, Zhengzhang ,  KIM, Chung ,  LI, Zhichun ,  ZHOU, Ziqiao

IPC: G05B23/02 ,  G05B19/42 ,  G05B19/418

Abstract: A computer-implemented method for implementing protocol-independent anomaly detection within an industrial control system (ICS) includes implementing a detection stage (1400), including performing byte filtering using a byte filtering model based on at least one new network packet associated with the ICS (1430), performing horizontal detection to determine whether a horizontal constraint anomaly exists in the at least one network packet based on the byte filtering and a horizontal model (1440), including analyzing constraints across different bytes of the at least one new network packet, performing message clustering based on the horizontal detection to generate first cluster information (1450), and performing vertical detection to determine whether a vertical anomaly exists based on the first cluster information and a vertical model (1460), including analyzing a temporal pattern of each byte of the at least one new network packet.

公开(公告)号：WO2019084072A1

公开(公告)日：2019-05-02

申请号：PCT/US2018/057198

申请日：2018-10-24

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： TANG, LuAn ,  CHEN, Zhengzhang ,  LI, Zhichun ,  WU, Zhenyu ,  KAMIMURA, Jumpei ,  CHEN, Haifeng

IPC: G06F21/55 ,  G06F21/57

Abstract: A computer-implemented method for implementing alert interpretation in enterprise security systems is presented. The computer-implemented method includes employing a plurality of sensors to monitor streaming data from a plurality of computing devices, generating alerts based on the monitored streaming data, automatically analyzing the alerts, in real-time, by using a graph-based alert interpretation engine employing process-star graph models, retrieving a cause of the alerts, an aftermath of the alerts, and baselines for the alert interpretation, and integrating the cause of the alerts, the aftermath of the alerts, and the baselines to output an alert interpretation graph to a user interface of a user device.

公开(公告)号：WO2017176673A1

公开(公告)日：2017-10-12

申请号：PCT/US2017/025843

申请日：2017-04-04

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： TANG, LuAn ,  CHEN, Zhengzhang ,  JIANG, Guofei ,  LI, Zhichun ,  CHEN, Haifeng ,  YOSHIHIRA, Kenji

IPC: H04L29/06 ,  H04L12/26

Abstract: Methods and systems for reporting anomalous events include building a process graph that models states of process-level events in a network. A topology graph is built that models source and destination relationships between connection events in the network. A set of alerts is clustered based on the process graph and the topology graph. Clustered alerts that exceed a threshold level of trustworthiness are reported.

Abstract translation: 用于报告异常事件的方法和系统包括构建对网络中的过程级事件的状态建模的过程图。 建立一个拓扑图，模拟网络中连接事件之间的源和目标关系。 基于过程图和拓扑图来聚集一组警报。 报告超过可信赖阈值级别的群集警报。