公开(公告)号：WO2019217023A1

公开(公告)日：2019-11-14

申请号：PCT/US2019/026695

申请日：2019-04-10

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： WU, Zhenyu ,  LI, Yue ,  RHEE, Junghwan ,  JEE, Kangkook ,  LI, Zhichun ,  KAMIMURA, Jumpei ,  TANG, LuAn ,  CHEN, Zhengzhang

IPC: G06F21/56 ,  H04L29/06

Abstract: A method for ransomware detection and prevention includes receiving an event stream associated with one or more computer system events, generating user-added-value knowledge data for one or more digital assets by modeling digital asset interactions based on the event stream, including accumulating user-added-values of each of the one or more digital assets, and detecting ransomware behavior based at least in part on the user-added-value knowledge, including analyzing destruction of the user-added values for the one or more digital assets.

公开(公告)号：WO2021225841A1

公开(公告)日：2021-11-11

申请号：PCT/US2021/029583

申请日：2021-04-28

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： TANG, LuAn ,  CHEN, Haifeng ,  CHENG, Wei ,  RHEE, Junghwan ,  KAMIMURA, Jumpei

IPC: G06N3/08 ,  G06N3/04 ,  G06N5/02

Abstract: Methods and systems for training a neural network model include processing (302) a set of normal state training data and a set of fault state training data to generate respective normal state inputs and fault state inputs that each include data features and sensor correlation graph information. A neural network model is trained (304), using the normal state inputs and the fault state inputs, to generate a fault score that provides a similarity of an input to the fault state training data and an anomaly score that provides a dissimilarity of the input to the normal state training data.

公开(公告)号：WO2019084072A1

公开(公告)日：2019-05-02

申请号：PCT/US2018/057198

申请日：2018-10-24

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： TANG, LuAn ,  CHEN, Zhengzhang ,  LI, Zhichun ,  WU, Zhenyu ,  KAMIMURA, Jumpei ,  CHEN, Haifeng

IPC: G06F21/55 ,  G06F21/57

Abstract: A computer-implemented method for implementing alert interpretation in enterprise security systems is presented. The computer-implemented method includes employing a plurality of sensors to monitor streaming data from a plurality of computing devices, generating alerts based on the monitored streaming data, automatically analyzing the alerts, in real-time, by using a graph-based alert interpretation engine employing process-star graph models, retrieving a cause of the alerts, an aftermath of the alerts, and baselines for the alert interpretation, and integrating the cause of the alerts, the aftermath of the alerts, and the baselines to output an alert interpretation graph to a user interface of a user device.