公开(公告)号：WO2017176673A1

公开(公告)日：2017-10-12

申请号：PCT/US2017/025843

申请日：2017-04-04

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： TANG, LuAn ,  CHEN, Zhengzhang ,  JIANG, Guofei ,  LI, Zhichun ,  CHEN, Haifeng ,  YOSHIHIRA, Kenji

IPC: H04L29/06 ,  H04L12/26

Abstract: Methods and systems for reporting anomalous events include building a process graph that models states of process-level events in a network. A topology graph is built that models source and destination relationships between connection events in the network. A set of alerts is clustered based on the process graph and the topology graph. Clustered alerts that exceed a threshold level of trustworthiness are reported.

Abstract translation: 用于报告异常事件的方法和系统包括构建对网络中的过程级事件的状态建模的过程图。 建立一个拓扑图，模拟网络中连接事件之间的源和目标关系。 基于过程图和拓扑图来聚集一组警报。 报告超过可信赖阈值级别的群集警报。

公开(公告)号：WO2009058412A1

公开(公告)日：2009-05-07

申请号：PCT/US2008/055896

申请日：2008-03-05

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： CHEN, Haifeng ,  JIANG, Guofei ,  YOSHIHIRA, Kenji ,  ZHANG, Hui ,  MENG, Xiaoqiao

IPC: G06F17/00 ,  G06F19/00

CPC classification number: G06F9/44505 ,  G06F11/3409 ,  G06F11/3447 ,  G06F11/3452 ,  G06F2201/885

Abstract: A system and method for optimizing system performance includes applying (160) sampling based optimization to identify optimal configurations of a computing system by selecting (162) a number of configuration samples and evaluating (166) system performance based on the samples. Based on feedback of evaluated samples, a location of an optimal configuration is inferred (170). Additional samples are generated (176) towards the location of the inferred optimal configuration to further optimize a system configuration.

Abstract translation: 用于优化系统性能的系统和方法包括通过基于样本选择（162）多个配置样本和评估（166）系统性能来应用（160）基于抽样的优化来识别计算系统的最佳配置。 基于评估样本的反馈，推断最佳配置的位置（170）。 生成附加样本（176）朝向推断的最佳配置的位置，以进一步优化系统配置。

公开(公告)号：WO2018213552A1

公开(公告)日：2018-11-22

申请号：PCT/US2018/033149

申请日：2018-05-17

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： CHENG, Wei ,  CHEN, Haifeng ,  YOSHIHIRA, Kenji

IPC: H04L29/06 ,  H04L12/26

CPC classification number: G06K9/6272 ,  G06F16/9024 ,  G06K9/00523 ,  G06K9/00536 ,  G06K9/6284

Abstract: A computer-implemented method, system, and computer program product are provided for anomaly detection system in streaming networks. The method includes receiving (810), by a processor, a plurality of vertices and edges from a streaming graph. The method also includes generating (820), by the processor, graph codes for the plurality of vertices and edges. The method additionally includes determining (830), by the processor, edge codes in real-time responsive to the graph codes. The method further includes identifying (840), by the processor, an anomaly based on a distance between edge codes and all current cluster centers. The method also includes controlling (850) an operation of a processor-based machine to change a state of the processor-based machine, responsive to the anomaly.

公开(公告)号：WO2008045709A1

公开(公告)日：2008-04-17

申请号：PCT/US2007/080057

申请日：2007-10-01

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： JIANG, Guofei ,  CHEN, Haifeng, E. ,  YOSHIHIRA, Kenji

IPC: G06F13/368

CPC classification number: H04L43/16 ,  H04L41/145

Abstract: Disclosed is a method and apparatus for performing capacity planning and resource optimization in a distributed system. In particular, the capacity needs of individual components (e.g., server, operating system, CPU, application software, memory, networking device, storage device, etc.) in a distributed system can±>e analyzed using relationships between measurements collected from the distributed system. These relationships, called invariants, do not change over time. From these measurements, a network of invariants are determined. The network of invariants characterize the relationships between the measurements. The capacity need of at least one component in the distributed system can be determined from the network of invariants.

Abstract translation: 公开了一种在分布式系统中执行容量规划和资源优化的方法和装置。 特别地，分布式系统中的各个组件（例如，服务器，操作系统，CPU，应用软件，存储器，网络设备，存储设备等）的容量需求可以使用从分布式系统收集的测量之间的关系进行分析 系统。 这些关系，称为不变量，不会随时间而变化。 从这些测量中，确定不变量网络。 不变量网络表征测量之间的关系。 可以从不变量网络确定分布式系统中至少一个组件的容量需求。

公开(公告)号：WO2017176676A1

公开(公告)日：2017-10-12

申请号：PCT/US2017/025846

申请日：2017-04-04

Applicant: NEC LABORATORIES AMERICA, INC

Inventor： TANG, LuAn ,  CHEN, Zhengzhang ,  JIANG, Guofei ,  LI, Zhichun ,  CHEN, Haifeng ,  YOSHIHIRA, Kenji

IPC: H04L29/06 ,  H04L12/26

Abstract: Methods and systems for reporting anomalous events include intra-host clustering a set of alerts based on a process graph that models states of process-level events in a network. Hidden relationship clustering is performed on the intra-host clustered alerts based on hidden relationships between alerts in respective clusters. Inter-host clustering is performed on the hidden relationship clustered alerts based on a topology graph that models source and destination relationships between connection events in the network. Inter-host clustered alerts that exceed a threshold level of trustworthiness are reported.

Abstract translation: 用于报告异常事件的方法和系统包括基于对网络中的过程级事件的状态建模的过程图的主机内集群化一组警报。 基于各个群集中警报之间的隐藏关系，在主机内群集警报上执行隐藏关系群集。 基于模拟网络中的连接事件之间的源和目标关系的拓扑图，在隐藏关系群集警报上执行主机间群集。 报告超过可信赖阈值水平的主机间群集警报。

公开(公告)号：WO2007089285A2

公开(公告)日：2007-08-09

申请号：PCT/US2006/035889

申请日：2006-09-14

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： JIANG, Guofei ,  CHEN, Haifeng ,  UNGUREANU, Cristian ,  YOSHIHIRA, Kenji

IPC: G06F11/30

CPC classification number: G06F11/008

Abstract: A method and system that automatically derives models between monitored quantities under non-faulty conditions so that subsequent faults can be detected as deviations from the derived models. The invention identifies unusual conditions for fault detection and isolation that is absent in rule-based systems.

Abstract translation: 在非故障条件下，在监测量之间自动导出模型的方法和系统，以便随后的故障可以被检测为与衍生模型的偏差。 本发明确定了在基于规则的系统中不存在的用于故障检测和隔离的异常情况。

公开(公告)号：WO2017160409A1

公开(公告)日：2017-09-21

申请号：PCT/US2017/015294

申请日：2017-01-27

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： TANG, LuAn ,  CHEN, Zhengzhang ,  CHEN, Haifeng ,  YOSHIHIRA, Kenji ,  JIANG, Guofei

IPC: H04L12/26

CPC classification number: H04L43/10 ,  G06F11/3438 ,  H04L41/12 ,  H04L41/16 ,  H04L41/22 ,  H04L41/28 ,  H04L43/06 ,  H04L43/0811 ,  H04L67/22

Abstract: A computer-implemented method for real-time detecting of abnormal network connections is presented. The computer-implemented method includes collecting network connection events from at least one agent connected to a network, recording, via a topology graph, normal states of network connections among hosts in the network, and recording, via a port graph, relationships established between host and destination ports of all network connections.

Abstract translation: 给出了用于实时检测异常网络连接的计算机实现的方法。 该计算机实现的方法包括：从连接到网络的至少一个代理收集网络连接事件，经由拓扑图记录网络中主机之间的网络连接的正常状态，并且经由端口图记录在主机之间建立的关系 和所有网络连接的目标端口。

公开(公告)号：WO2016048652A1

公开(公告)日：2016-03-31

申请号：PCT/US2015/048967

申请日：2015-09-08

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： ZHANG, Hui ,  XU, Jianwu ,  GUOFEI, Jiang ,  YOSHIHIRA, Kenji

IPC: G06F11/34 ,  G06F11/30

CPC classification number: G06N99/005

Abstract: A method and system are provided. The method includes performing (320), by a logs-to-time-series converter, a logs-to-time-series conversion by transforming a plurality of heterogeneous logs into a set of time series. Each of the heterogeneous logs includes a time stamp and text portion with one or more fields. The method further includes performing (330), by a time-series-to-sequential-pattern converter, a time-series-to-sequential-pattern conversion by mining invariant relationships between the set of time series, and discovering sequential message patterns and association rules in the plurality of heterogeneous logs using the invariant relationships. The method also includes executing (340), by a processor, a set of log management applications, based on the sequential message patterns and the association rules.

Abstract translation: 提供了一种方法和系统。 该方法包括：通过日志到时间序列转换器，通过将多个异构日志变换为一组时间序列来执行（320）日志到时间序列转换。 每个异类日志包括具有一个或多个字段的时间戳和文本部分。 该方法还包括通过时间序列顺序模式转换器对时间序列到序列模式转换执行（330），该时间序列到序列模式转换通过挖掘该组时间序列之间的不变关系，并且发现顺序消息模式和 使用不变关系在多个异构日志中的关联规则。 该方法还包括基于顺序消息模式和关联规则，由处理器执行（340）一组日志管理应用程序。

公开(公告)号：WO2011088261A2

公开(公告)日：2011-07-21

申请号：PCT/US2011/021206

申请日：2011-01-13

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： ZHANG, Hui ,  SU, Ya-Yunn ,  JIANG, Guofei ,  YOSHIHIRA, Kenji

CPC classification number: G06F1/3206 ,  G06F9/5077 ,  G06F9/5094 ,  Y02D10/22 ,  Y02D10/36

Abstract: A method and system for coordinating energy management in a virtualized data center including a plurality of physical servers and a plurality of virtual machines (VMs), includes analyzing status information about the virtualized data center; determining server utilization target settings for server consolidation from the analyzed status information; and executing the server consolidation according to the determined server utilization target settings. Server consolidation can be executed by determining an effective size of each of the VMs and placing the VMs on the servers in a selective manner using an independent workload VM placement process, a correlation-aware VM placement process, or a migration-cost and correlation-aware VM placement process.

Abstract translation: 一种用于协调包括多个物理服务器和多个虚拟机（VM）的虚拟化数据中心中的能量管理的方法和系统，包括分析关于虚拟化数据中心的状态信息; 从分析的状态信息确定服务器整合的服务器利用目标设置; 并根据确定的服务器利用目标设置执行服务器合并。 可以通过确定每个虚拟机的有效大小并使用独立的工作负载VM放置过程，相关感知的VM放置过程或迁移成本和相关性 - 以选择性方式将VM放置在服务器上来执行服务器整合。 意识到VM放置过程。

公开(公告)号：WO2010118011A3

公开(公告)日：2010-10-14

申请号：PCT/US2010/030079

申请日：2010-04-06

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： CHEN, Haifeng ,  JIANG, Guofei ,  YOSHIHIRA, Kenji ,  SAXENA, Akhliesh

IPC: G06F11/07 ,  G06F11/28 ,  G06F11/34

Abstract: A method system for diagnosing a detected failure in a computer system, compares a failure signature of the detected failure to an archived failure signature contained in a database to determine if the archived failure signature matches the failure signature of the detected failure. If the archived failure signature matches the failure signature of the detected failure, an archived solution is applied to the computer system that resolves the detected failure, the archived solution corresponding to a solution used to resolve a previously detected computer system failure corresponding to the archived failure signature in the database that matches the detected failure.