公开(公告)号：WO2018093807A1

公开(公告)日：2018-05-24

申请号：PCT/US2017/061664

申请日：2017-11-15

Applicant: NEC LABORATORIES AMERICA, INC

Inventor： ZONG, Bo ,  TANG, LuAn ,  SONG, Qi ,  DEBNATH, Biplob ,  ZHANG, Hui ,  JIANG, Guofei

IPC: G06N3/08 ,  G06F11/34

Abstract: A method is provided that includes transforming training data into a neural network based learning model using a set of temporal graphs derived from the training data. The method includes performing model learning on the learning model by automatically adjusting learning model parameters based on the set of the temporal graphs to minimize differences between a predetermined ground-truth ranking list and a learning model output ranking list. The method includes transforming testing data into a neural network based inference model using another set of temporal graphs derived from the testing data. The method includes performing model inference by applying the inference and learning models to test data to extract context features for alerts in the test data and calculate a ranking list for the alerts based on the extracted context features. Top-ranked alerts are identified as critical alerts. Each alert represents an anomaly in the test data.

公开(公告)号：WO2018039446A1

公开(公告)日：2018-03-01

申请号：PCT/US2017/048406

申请日：2017-08-24

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： XU, Jianwu ,  DEBNATH, Biplob ,  ZONG, Bo ,  ZHANG, Hui ,  JIANG, Guofei ,  GE, Hancheng

IPC: G06F11/34

CPC classification number: G06N5/047 ,  G06F17/16 ,  G06F17/20 ,  G06F17/2282 ,  G06F17/277 ,  G06N7/00

Abstract: A heterogeneous log pattern editing recommendation system and computer- implemented method are provided. The system (600) has a processor (605) configured to identify, from heterogeneous logs, patterns including variable fields and constant fields. The processor (605) is also configured to extract a category feature, a cardinality feature, and a before-after n-gram feature by tokenizing the variable fields in the identified patterns. The processor (605) is additionally configured to generate target similarity scores between target fields to be potentially edited and other fields from among the variable fields in the heterogeneous logs using pattern editing operations based on the extracted category feature, the extracted cardinality feature, and the extracted before-after n-gram feature. The processor (605) is further configured to recommend, to a user, log pattern edits for at least one of the target fields based on the target similarity scores between the target fields in the heterogeneous logs.

Abstract translation: 提供了异构日志模式编辑推荐系统和计算机实现的方法。 系统（600）具有配置成从异构日志中识别包括可变字段和常量字段的模式的处理器（605）。 处理器（605）还被配置为通过对所识别的模式中的变量字段进行标记来提取类别特征，基数特征以及之前后的n元特征。 处理器（605）另外被配置为使用基于提取的类别特征，提取的基数特征和基于所提取的类别特征的模式编辑操作，从而在可能编辑的目标字段与异构日志中的可变字段之中的其他字段之间生成目标相似度分数 在n-gram特征前后提取。 处理器（605）还被配置为基于异构日志中的目标字段之间的目标相似度分数向用户推荐至少一个目标字段的日志模式编辑。

公开(公告)号：WO2016073765A1

公开(公告)日：2016-05-12

申请号：PCT/US2015/059306

申请日：2015-11-05

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： LI, Zhichun ,  XIAO, Xusheng ,  WU, Zhenyu ,  ZONG, Bo ,  JIANG, Guofei

IPC: G06F21/50 ,  G06F17/30 ,  G06F17/00

CPC classification number: G06F17/30958 ,  G06F21/552

Abstract: A method and system for constructing behavior queries in temporal graphs using discriminative sub-trace mining. The method (100) includes generating system data logs to provide temporal graphs (102), wherein the temporal graphs include a first temporal graph corresponding to a target behavior and a second temporal graph corresponding to a set of background behaviors (102), generating temporal graph patterns for each of the first and second temporal graphs to determine whether a pattern exists between a first temporal graph pattern and a second temporal graph pattern, wherein the pattern between the temporal graph patterns is a non-repetitive graph pattern (104), pruning the pattern between the first and second temporal graph patterns to provide a discriminative temporal graph (106), and generating behavior queries based on the discriminative temporal graph (110).

Abstract translation: 使用区分性子跟踪挖掘在时间图中构建行为查询的方法和系统。 方法（100）包括生成系统数据日志以提供时间图（102），其中时间图包括对应于目标行为的第一时间图和对应于一组背景行为（102）的第二时间图，产生时间 用于确定在第一时间图形图案和第二时间图形图案之间是否存在图案的第一和第二时间图形的图形图案，其中时间图形图案之间的图案是非重复图形图案（104），修剪 所述第一和第二时间图形图案之间的图案提供鉴别时间图（106），以及基于所述辨别性时间图（110）生成行为查询。

公开(公告)号：EP3215975A1

公开(公告)日：2017-09-13

申请号：EP15858083.7

申请日：2015-11-05

Applicant: NEC Laboratories America, Inc.

Inventor： LI, Zhichun ,  XIAO, Xusheng ,  WU, Zhenyu ,  ZONG, Bo ,  JIANG, Guofei

IPC: G06F21/50 ,  G06F17/30 ,  G06F17/00

CPC classification number: G06F17/30958 ,  G06F21/552

Abstract: A method and system for constructing behavior queries in temporal graphs using discriminative sub-trace mining. The method includes generating system data logs to provide temporal graphs, wherein the temporal graphs include a first temporal graph corresponding to a target behavior and a second temporal graph corresponding to a set of background behaviors, generating temporal graph patterns for each of the first and second temporal graphs to determine whether a pattern exists between a first temporal graph pattern and a second temporal graph pattern, wherein the pattern between the temporal graph patterns is a non-repetitive graph pattern, pruning the pattern between the first and second temporal graph patterns to provide a discriminative temporal graph, and generating behavior queries based on the discriminative temporal graph.

Abstract translation: 一种使用有差别的子轨迹挖掘在时间图中构建行为查询的方法和系统。 该方法包括生成系统数据日志以提供时间图，其中时间图包括对应于目标行为的第一时间图和对应于一组背景行为的第二时间图，针对第一和第二中的每一个生成时间图模式 时间图以确定在第一时间图模式和第二时间图模式之间是否存在模式，其中所述时间图模式之间的模式是非重复图模式，在第一和第二时间图模式之间修剪所述模式以提供 区分性时间图，以及基于区分性时间图生成行为查询。