公开(公告)号：WO2015153178A1

公开(公告)日：2015-10-08

申请号：PCT/US2015/022116

申请日：2015-03-24

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： ARORA, Nipun ,  RHEE, Junghwan ,  ZHANG, Hui ,  JIANG, Guofei

IPC: G06F9/30 ,  G06F9/445

CPC classification number: G06F11/3466

Abstract: The present invention enables capturing API level calls using a combination of dynamic instrumentation and library overriding. The invention allows event level tracing of API function calls and returns, and is able to generate an execution trace. The instrumentation is lightweight and relies on dynamic library/shared library linking mechanisms in most operating systems. Hence we need no source code modification or binary injection. The tool can be used to capture parameter values, and return values, which can be used to correlate traces across API function calls to generate transaction flow logic.

Abstract translation: 本发明可以使用动态检测和库重写的组合捕获API级别调用。 本发明允许API函数调用和返回的事件级别跟踪，并且能够生成执行跟踪。 该仪器是轻量级的，并且依赖于大多数操作系统中的动态库/共享库链接机制。 因此，我们不需要源代码修改或二进制注入。 该工具可用于捕获参数值和返回值，可用于将API函数调用之间的跟踪相关联，以生成事务流逻辑。

公开(公告)号：WO2015057617A1

公开(公告)日：2015-04-23

申请号：PCT/US2014/060358

申请日：2014-10-14

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： RHEE, Junqhwan ,  ZHANG, Hui ,  ARORA, Nipun ,  JIANG, Guofei ,  KIM, Chung Hwan

IPC: G06F11/36

CPC classification number: G06F11/3636 ,  G06F11/3419

Abstract: Methods and systems for performance inference include inferring an internal application status based on a unified call stack trace that includes both user and kernel information by inferring user function instances. A calling context encoding is generated that includes information regarding function calling paths. The analysis includes performing a top-down latency breakdown and ranking calling contexts according to how costly each function calling path is.

Abstract translation: 用于性能推理的方法和系统包括通过推断用户功能实例来推断基于包括用户和内核信息的统一调用堆栈跟踪的内部应用程序状态。 生成包含有关函数调用路径的信息的调用上下文编码。 分析包括根据每个功能调用路径的代价昂贵地执行自上而下的延迟故障和排序呼叫上下文。

公开(公告)号：WO2013112288A1

公开(公告)日：2013-08-01

申请号：PCT/US2013/020795

申请日：2013-01-09

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： LUMEZANU, Cristian ,  JIANG, Guofei ,  ZHANG, Yueping ,  SINGH, Vishal ,  AREFIN, Ahsan

IPC: G06F11/36 ,  G06F9/44

CPC classification number: G06F11/3476 ,  G06F11/0793 ,  G06F11/3006 ,  G06F11/3017 ,  G06F11/302 ,  G06F11/3055 ,  H04L41/142 ,  H04L41/145 ,  H04L43/04

Abstract: A debugging system used for a data center in a network is disclosed. The system includes a monitoring engine to monitor network traffic by collecting traffic information from a network controller, a modeling engine to model an application signature, an infrastructure signature, and a task signature using a monitored log, a debugging engine to detect a change in the application signature between a working status and a non-working status using a reference log and a problem log, and to validate the change using the task signature, and a providing unit to provide toubleshooting information, wherein an unknown change in the application signature is correlated to a known problem class by considering a dependency to a change in the infrastructure signature. Other methods and systems also are disclosed.

Abstract translation: 公开了一种用于网络中的数据中心的调试系统。 该系统包括监视引擎，通过从网络控制器收集交通信息，建模引擎来模拟应用签名，基础设施签名和使用监控日志的任务签名来监视网络流量;调试引擎，用于检测网络流量的变化 使用参考日志和问题日志在工作状态和非工作状态之间的应用签名，以及使用所述任务签名来验证所述改变;以及提供单元，用于提供故障排除信息，其中所述应用签名中的未知变化被相关 通过考虑对基础设施签名的改变的依赖性来解决已知的问题类。 还公开了其它方法和系统。

公开(公告)号：WO2011088261A2

公开(公告)日：2011-07-21

申请号：PCT/US2011/021206

申请日：2011-01-13

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： ZHANG, Hui ,  SU, Ya-Yunn ,  JIANG, Guofei ,  YOSHIHIRA, Kenji

CPC classification number: G06F1/3206 ,  G06F9/5077 ,  G06F9/5094 ,  Y02D10/22 ,  Y02D10/36

Abstract: A method and system for coordinating energy management in a virtualized data center including a plurality of physical servers and a plurality of virtual machines (VMs), includes analyzing status information about the virtualized data center; determining server utilization target settings for server consolidation from the analyzed status information; and executing the server consolidation according to the determined server utilization target settings. Server consolidation can be executed by determining an effective size of each of the VMs and placing the VMs on the servers in a selective manner using an independent workload VM placement process, a correlation-aware VM placement process, or a migration-cost and correlation-aware VM placement process.

Abstract translation: 一种用于协调包括多个物理服务器和多个虚拟机（VM）的虚拟化数据中心中的能量管理的方法和系统，包括分析关于虚拟化数据中心的状态信息; 从分析的状态信息确定服务器整合的服务器利用目标设置; 并根据确定的服务器利用目标设置执行服务器合并。 可以通过确定每个虚拟机的有效大小并使用独立的工作负载VM放置过程，相关感知的VM放置过程或迁移成本和相关性 - 以选择性方式将VM放置在服务器上来执行服务器整合。 意识到VM放置过程。

公开(公告)号：WO2010118011A3

公开(公告)日：2010-10-14

申请号：PCT/US2010/030079

申请日：2010-04-06

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： CHEN, Haifeng ,  JIANG, Guofei ,  YOSHIHIRA, Kenji ,  SAXENA, Akhliesh

IPC: G06F11/07 ,  G06F11/28 ,  G06F11/34

Abstract: A method system for diagnosing a detected failure in a computer system, compares a failure signature of the detected failure to an archived failure signature contained in a database to determine if the archived failure signature matches the failure signature of the detected failure. If the archived failure signature matches the failure signature of the detected failure, an archived solution is applied to the computer system that resolves the detected failure, the archived solution corresponding to a solution used to resolve a previously detected computer system failure corresponding to the archived failure signature in the database that matches the detected failure.

公开(公告)号：WO2009142832A2

公开(公告)日：2009-11-26

申请号：PCT/US2009/039606

申请日：2009-04-06

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： JIANG, Guofei ,  CHEN, Haifeng ,  YOSHIHIRA, Kenji

IPC: G06F11/30 ,  G06F9/44 ,  G06F21/00

CPC classification number: H04L43/16 ,  G06F11/0709 ,  G06F11/0781 ,  G06F21/552 ,  H04L41/0681 ,  H04L41/16

Abstract: A system and method for prioritizing alerts includes extracting invariants to determine a stable set of models for determining relationships among monitored system data. Equivalent thresholds for a plurality of rules are computed using an invariant network developed by extracting the invariants. For a given time window, a set of alerts are received from a system being monitored. A measurement value of the alerts is compared with a vector of equivalent thresholds, and the set of alerts is ranked.

Abstract translation: 用于优先化警报的系统和方法包括提取不变量以确定用于确定被监视的系统数据之间的关系的稳​​定的模型集合。 使用通过提取不变量开发的不变网络来计算多个规则的等效阈值。 对于给定的时间窗口，从被监视的系统接收到一组警报。 将警报的测量值与等效阈值的向量进行比较，并将该组警报排序。

公开(公告)号：WO2018111355A1

公开(公告)日：2018-06-21

申请号：PCT/US2017/047285

申请日：2017-08-17

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： DEBNATH, Biplob ,  ZHANG, Hui ,  ARORA, Nipun ,  XU, Jianwu ,  JIANG, Guofei ,  ZONG, Bo

IPC: G05B23/02

Abstract: A computer-implemented method executed on a processor (214) for automatically analyzing log contents received via a network (803) and detecting content-level anomalies is presented. The computer-implemented method includes building a statistical model (103) based on contents of a set of training logs and detecting, based on the set of training logs, content-level anomalies (106) for a set of testing logs. The method further includes maintaining an index and metadata, generating attributes for fields, editing model capability to incorporate user domain knowledge, detecting anomalies using field attributes, and improving anomaly quality by using user feedback (107).

公开(公告)号：WO2017177012A1

公开(公告)日：2017-10-12

申请号：PCT/US2017/026370

申请日：2017-04-06

Applicant: NEC LABORATORIES AMERICA, INC

Inventor： XU, Jianwu ,  ZHANG, Ke ,  ZHANG, Hui ,  MIN, Renqiang ,  JIANG, Guofei

IPC: G06F11/34 ,  G06F11/00 ,  G06N3/02

Abstract: Methods for system failure prediction include clustering log files according to structural log patterns. Feature representations of the log files are determined based on the log clusters. A likelihood of a system failure is determined based on the feature representations using a neural network. An automatic system control action is performed if the likelihood of system failure exceeds a threshold.

Abstract translation:

系统故障预测的方法包括根据结构日志模式对日志文件进行聚类。 日志文件的功能表示是根据日志群集确定的。 基于使用神经网络的特征表示来确定系统故障的可能性。 如果系统故障的可能性超过阈值，则执行自动系统控制动作。

公开(公告)号：WO2017176673A1

公开(公告)日：2017-10-12

申请号：PCT/US2017/025843

申请日：2017-04-04

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： TANG, LuAn ,  CHEN, Zhengzhang ,  JIANG, Guofei ,  LI, Zhichun ,  CHEN, Haifeng ,  YOSHIHIRA, Kenji

IPC: H04L29/06 ,  H04L12/26

Abstract: Methods and systems for reporting anomalous events include building a process graph that models states of process-level events in a network. A topology graph is built that models source and destination relationships between connection events in the network. A set of alerts is clustered based on the process graph and the topology graph. Clustered alerts that exceed a threshold level of trustworthiness are reported.

Abstract translation: 用于报告异常事件的方法和系统包括构建对网络中的过程级事件的状态建模的过程图。 建立一个拓扑图，模拟网络中连接事件之间的源和目标关系。 基于过程图和拓扑图来聚集一组警报。 报告超过可信赖阈值级别的群集警报。

公开(公告)号：WO2017165018A1

公开(公告)日：2017-09-28

申请号：PCT/US2017/017869

申请日：2017-02-15

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： ZHANG, Hui ,  JIANG, Guofei

IPC: G06F11/30

CPC classification number: H04L63/1425

Abstract: A system, program, and method for detecting anomalies in heterogeneous logs. The system having a processor configured to identify pattern fields comprised of a plurality of event identifiers. The processor is further configured to generate an automata model by profiling event behaviors of the plurality of event sequences, the plurality of event sequences grouped in the automata model by combinations of one or more pattern fields and one or more event identifiers from among the plurality of event identifiers, wherein for a given combination, the one or more event identifiers therein must be respectively comprised in a same one of the one or more pattern fields with which it is combined. The processor is also configured to detect an anomaly in one of the plurality of event sequences using the automata model. The processor is additionally configured to control an anomaly-initiating one of the network devices based on the anomaly.

Abstract translation: 用于检测异构日志中的异常的系统，程序和方法

该系统具有配置成识别由多个事件标识符组成的模式字段的处理器。 所述处理器进一步被配置为通过分析所述多个事件序列的事件行为来生成自动机模型，所述多个事件序列通过一个或多个模式字段与所述多个事件序列中的一个或多个事件标识符的组合来分组在自动机模型中 事件标识符，其中对于给定组合，其中的一个或多个事件标识符必须分别包含在与其组合的一个或多个模式字段中的相同一个模式字段中。 处理器还被配置成使用自动机模型来检测多个事件序列之一中的异常。 处理器还被配置为基于异常控制异常发起的网络设备中的一个。