Patent search ap:("NEC LABORATORIES AMERICA Page INC.") AND inv:"LI

31.

发明公开
METHOD AND SYSTEM FOR BEHAVIOR QUERY CONSTRUCTION IN TEMPORAL GRAPHS USING DISCRIMINATIVE SUB-TRACE MINING 审中-公开
Title translation: 使用判别式子轨迹挖掘在时间图上进行行为查询的方法和系统

公开(公告)号：EP3215975A1

公开(公告)日：2017-09-13

申请号：EP15858083.7

申请日：2015-11-05

Applicant: NEC Laboratories America, Inc.

Inventor： LI, Zhichun , XIAO, Xusheng , WU, Zhenyu , ZONG, Bo , JIANG, Guofei

IPC: G06F21/50 , G06F17/30 , G06F17/00

CPC classification number: G06F17/30958 , G06F21/552

Abstract: A method and system for constructing behavior queries in temporal graphs using discriminative sub-trace mining. The method includes generating system data logs to provide temporal graphs, wherein the temporal graphs include a first temporal graph corresponding to a target behavior and a second temporal graph corresponding to a set of background behaviors, generating temporal graph patterns for each of the first and second temporal graphs to determine whether a pattern exists between a first temporal graph pattern and a second temporal graph pattern, wherein the pattern between the temporal graph patterns is a non-repetitive graph pattern, pruning the pattern between the first and second temporal graph patterns to provide a discriminative temporal graph, and generating behavior queries based on the discriminative temporal graph.

Abstract translation: 一种使用有差别的子轨迹挖掘在时间图中构建行为查询的方法和系统。该方法包括生成系统数据日志以提供时间图，其中时间图包括对应于目标行为的第一时间图和对应于一组背景行为的第二时间图，针对第一和第二中的每一个生成时间图模式时间图以确定在第一时间图模式和第二时间图模式之间是否存在模式，其中所述时间图模式之间的模式是非重复图模式，在第一和第二时间图模式之间修剪所述模式以提供区分性时间图，以及基于区分性时间图生成行为查询。

32.

发明公开
DISCOVERING AND CONSTRAINING IDLE PROCESSES 审中-公开
Title translation: ENTDECKUNG UNDBESCHRÄNKUNGVON LEERLAUFPROZESSEN

公开(公告)号：EP3143546A1

公开(公告)日：2017-03-22

申请号：EP15792336.8

申请日：2015-05-15

Applicant: NEC Laboratories America, Inc.

Inventor： QIAN, Zhiyun , WANG, Jun , LI, Zhichun , WU, Zhenyu , RHEE, Junghwan , NING, Xia , JIANG, Guofei

IPC: G06F21/50 , G06F11/30

CPC classification number: H04L63/1425 , G06F11/30 , G06F21/50 , G06F21/552 , G06F21/554 , G06N99/005 , H04L63/1441

Abstract: Methods and systems for process constraint include collecting system call information for a process. It is detected whether the process is idle based on the system call information and then whether the process is repeating using autocorrelation to determine whether the process issues system calls in a periodic fashion. The process is constrained if it is idle or repeating to limit an attack surface presented by the process.

Abstract translation: 过程约束的方法和系统包括收集进程的系统调用信息。基于系统调用信息检测进程是否空闲，然后检查进程是否使用自相关重复以确定进程是否以周期性方式发出系统调用。如果空闲或重复限制进程所呈现的攻击面，则该进程受到约束。

Search Results

Country/Region

Patent validity

Application date

Publication (announcement) day

applicant

The country/region where the applicant is located

Inventor

IPC

IPC Department

IPC class

IPC subclass

IPC group

IPC team

Appearance classification