公开(公告)号：EP3123669A1

公开(公告)日：2017-02-01

申请号：EP15770097.2

申请日：2015-03-24

Applicant: NEC Laboratories America, Inc.

Inventor： ZHANG, Hui ,  LUMEZANU, Cristian ,  RHEE, Junghwan ,  ARORA, Nipun ,  XU, Qiang ,  JIANG, Guofei

IPC: H04L12/26 ,  H04L12/937

CPC classification number: H04L45/02 ,  H04L43/12 ,  H04L45/64 ,  H04L45/70

Abstract: A computer implemented method for network monitoring includes providing network packet event characterization and analysis for network monitoring that includes supporting summarization and characterization of network packet traces collected across multiple processing elements of different types in a virtual network, including a trace slicing to organize individual packet events into path-based trace slices, a trace characterization to extract at least 2 types of feature matrix describing those trace slices, and a trace analysis to cluster, rank and query packet traces based on metrics of the feature matrix.

Abstract translation: 一种用于网络监测的计算机实现方法包括为网络监测提供网络分组事件表征和分析，其包括支持在虚拟网络中跨越不同类型的多个处理元件收集的网络分组跟踪的摘要和表征，包括用于组织各个分组事件的跟踪分片 基于路径的跟踪片，跟踪表征，以提取描述这些跟踪片段的至少2种类型的特征矩阵，以及基于特征矩阵的度量的集群，排序和查询分组跟踪的跟踪分析。

公开(公告)号：EP3085030A1

公开(公告)日：2016-10-26

申请号：EP14873041.9

申请日：2014-12-17

Applicant: NEC Laboratories America, Inc.

Inventor： ZHANG, Hui ,  ARZANI, Behnaz ,  IVANCIC, Franjo ,  RHEE, Junghwan ,  ARORA, Nipun ,  JIANG, Guofei

IPC: H04L12/701 ,  H04L12/841

Abstract: Methods and systems for finding a packet's routing path in a network includes intercepting control messages sent by a controller to one or more switches in a software defined network (SDN). A state of the SDN at a requested time is emulated and one or more possible routing paths through the emulated SDN is identified by replaying the intercepted control messages to one or more emulated switches in the emulated SDN. The one or more possible routing paths correspond to a requested packet injected into the SDN at the requested time.

Abstract translation: 用于在网络中查找分组的路由路径的方法和系统包括将由控制器发送的控制消息拦截到软件定义网络（SDN）中的一个或多个交换机。 仿真所请求时间的SDN的状态，并且通过在被仿真的SDN中重放截取的控制消息给一个或多个仿真开关来识别通过仿真SDN的一个或多个可能的路由路径。 一个或多个可能的路由路径对应于在所请求的时间被注入到SDN中的请求的分组。

公开(公告)号：EP2850791A1

公开(公告)日：2015-03-25

申请号：EP13843750.4

申请日：2013-09-30

Applicant: NEC Laboratories America, Inc.

Inventor： LUMEZANU, Cristian ,  YU, Curtis ,  SINGH, Vishal Kumar ,  ZHANG, Yueping ,  JIANG, Guofei

IPC: H04L12/813 ,  H04L12/24

CPC classification number: H04L41/12 ,  H04L43/0876 ,  H04L43/10 ,  Y02D30/30

Abstract: A method implemented in a network apparatus used in a network is disclosed. The method includes sensing network topology and network utilization, receiving a request from an application, deciding path setup requirement using network state information obtained from the network topology and the network utilization, and translating the path setup requirement into a rule to be installed. Other methods, apparatuses, and systems also are disclosed.

公开(公告)号：EP2524308A2

公开(公告)日：2012-11-21

申请号：EP11733402.9

申请日：2011-01-13

Applicant: NEC Laboratories America, Inc.

Inventor： GU, Yu ,  PAN, Ke ,  SINGH, Atul ,  JIANG, Guofei

IPC: G06F9/44 ,  G06F15/16

CPC classification number: G06F11/3495 ,  G06F11/3414 ,  G06F11/3419 ,  G06F2201/865

Abstract: A method and system for predicting the performance of a multi-tier computer software system operating on a distributed computer system, sends client requests to one or more tiers of software components of the multi-tier computer software system in a time selective manner; collects traffic traces among all the one or more tiers of the software components of the multi-tier computer software system; collects CPU time at the software components of the multi-tier computer software system; infers performance data of the multi-tier computer software system from the collected traffic traces; and determines disk input/output waiting time from the inferred performance data.

公开(公告)号：EP3215975A1

公开(公告)日：2017-09-13

申请号：EP15858083.7

申请日：2015-11-05

Applicant: NEC Laboratories America, Inc.

Inventor： LI, Zhichun ,  XIAO, Xusheng ,  WU, Zhenyu ,  ZONG, Bo ,  JIANG, Guofei

IPC: G06F21/50 ,  G06F17/30 ,  G06F17/00

CPC classification number: G06F17/30958 ,  G06F21/552

Abstract: A method and system for constructing behavior queries in temporal graphs using discriminative sub-trace mining. The method includes generating system data logs to provide temporal graphs, wherein the temporal graphs include a first temporal graph corresponding to a target behavior and a second temporal graph corresponding to a set of background behaviors, generating temporal graph patterns for each of the first and second temporal graphs to determine whether a pattern exists between a first temporal graph pattern and a second temporal graph pattern, wherein the pattern between the temporal graph patterns is a non-repetitive graph pattern, pruning the pattern between the first and second temporal graph patterns to provide a discriminative temporal graph, and generating behavior queries based on the discriminative temporal graph.

Abstract translation: 一种使用有差别的子轨迹挖掘在时间图中构建行为查询的方法和系统。 该方法包括生成系统数据日志以提供时间图，其中时间图包括对应于目标行为的第一时间图和对应于一组背景行为的第二时间图，针对第一和第二中的每一个生成时间图模式 时间图以确定在第一时间图模式和第二时间图模式之间是否存在模式，其中所述时间图模式之间的模式是非重复图模式，在第一和第二时间图模式之间修剪所述模式以提供 区分性时间图，以及基于区分性时间图生成行为查询。

公开(公告)号：EP3143546A1

公开(公告)日：2017-03-22

申请号：EP15792336.8

申请日：2015-05-15

Applicant: NEC Laboratories America, Inc.

Inventor： QIAN, Zhiyun ,  WANG, Jun ,  LI, Zhichun ,  WU, Zhenyu ,  RHEE, Junghwan ,  NING, Xia ,  JIANG, Guofei

IPC: G06F21/50 ,  G06F11/30

CPC classification number: H04L63/1425 ,  G06F11/30 ,  G06F21/50 ,  G06F21/552 ,  G06F21/554 ,  G06N99/005 ,  H04L63/1441

Abstract: Methods and systems for process constraint include collecting system call information for a process. It is detected whether the process is idle based on the system call information and then whether the process is repeating using autocorrelation to determine whether the process issues system calls in a periodic fashion. The process is constrained if it is idle or repeating to limit an attack surface presented by the process.

Abstract translation: 过程约束的方法和系统包括收集进程的系统调用信息。 基于系统调用信息检测进程是否空闲，然后检查进程是否使用自相关重复以确定进程是否以周期性方式发出系统调用。 如果空闲或重复限制进程所呈现的攻击面，则该进程受到约束。

公开(公告)号：EP3042477A1

公开(公告)日：2016-07-13

申请号：EP14841805.6

申请日：2014-06-13

Applicant: NEC Laboratories America, Inc.

Inventor： LUMEZANU, Cristian ,  YU, Curtis ,  SHARMA, Abhishek ,  JIANG, Guofei ,  XU, Qiang

IPC: H04L12/801 ,  H04L12/931 ,  H04L12/26

CPC classification number: H04L43/106 ,  H04L43/0852

Abstract: In a software defined network having switches including first and last switches and intermediate switches, wherein a default routing path exists between the first and last switches, a system and method are provided for computing path latency. The method includes inserting a respective monitoring rule(s) in each switch, mandating for each switch, forwarding a received rule matching packet to a next switch, and further mandating for the first switch and the last switch, sending a PacketIn message to a controller. The method includes inserting, in each switch, a respective monitoring probe(s) matching the respective monitoring rule(s) in a same switch to initiate mandates specified by the respective monitoring rule(s) in the same switch responsive to an arrival of the packet thereat. The method includes time-stamping the PacketIn messages to generate PacketIn timestamps, aggregating the PacketIn timestamps, and estimating the path latency from an aggregation of PacketIn timestamps.

公开(公告)号：EP2742426A1

公开(公告)日：2014-06-18

申请号：EP12837600.1

申请日：2012-06-29

Applicant: NEC Laboratories America, Inc.

Inventor： CHEN, Haifeng ,  JIANG, Guofei

IPC: G06F9/46 ,  G06F9/44

CPC classification number: G06F9/4856

Abstract: Systems and methods are disclosed to schedule virtual machine (VM) migrations by analyzing VM migration behavior; building a simulation tool to predict time for multiple migrations under different links conditions and VM characteristics; determing a predetermined bandwidth sharing policy for each network link; applying a bin-packing technique to organize bandwidth resources from all network links, and allocating the links to different migration tasks.

公开(公告)号：EP2567316A2

公开(公告)日：2013-03-13

申请号：EP11778318.3

申请日：2011-05-05

Applicant: NEC Laboratories America, Inc.

Inventor： DING, Min ,  SINGH, Vishal ,  ZHANG, Yueping ,  JIANG, Guofei

IPC: G06F9/44 ,  G06F15/16

CPC classification number: G06F9/54 ,  G06F11/3006 ,  G06F11/302 ,  G06F11/3051 ,  H04L41/046 ,  H04L43/0876 ,  H04L43/12

Abstract: A method and a system are disclosed for determining application dependency paths in a data center. The method and the system captures application traffic volume data on the servers with switches and monitoring agents; generates an application traffic matrix of all the components of the applications based on the application traffic volume data; estimates the number of the applications in the data center from the traffic matrix with a Rank Estimation via Singular Value Decomposition or Power Factorization Residue Errors process; and decomposes the traffic matrix into a first matrix and a second matrix with a non-negative matrix factorization process using the estimated number of applications. The first matrix represents a set of the components belonging to each of the applications and the second matrix represents the amount of traffic generated by each application over time. Any noise in the first and second matrices is removed with a concurrent volumes ratios based correlation process.

公开(公告)号：EP2524322A2

公开(公告)日：2012-11-21

申请号：EP10842450.8

申请日：2010-12-06

Applicant: NEC Laboratories America, Inc.

Inventor： CHEN, Haifeng ,  JIANG, Guofei ,  YOSHIHIRA, Kenji ,  SAXENA, Akhilesh

IPC: G06F17/00 ,  G06F17/10 ,  G06F15/16

CPC classification number: G06F9/5066 ,  Y02D10/22 ,  Y02D10/36

Abstract: A method and apparatus for consolidating a plurality of applications into one or more servers. The method and apparatus organizes consolidation constraints representing preferences about placing applications into the one or more servers, and allocates the applications into the one or more servers in a manner that maximally satisfies the consolidation constraints.