公开(公告)号：WO2018175019A1

公开(公告)日：2018-09-27

申请号：PCT/US2018/018332

申请日：2018-02-15

Applicant: NEC LABORATORIES AMERICA, INC

Inventor： ZHANG, Hui ,  XU, Jianwu ,  DEBNATH, Biplob

IPC: G06N5/04 ,  G06N99/00 ,  G06F21/55

Abstract: Systems and methods for enabling automated log analysis with controllable resource requirements are provided. A training set for log pattern learning is generated based on heterogeneous logs generated by a computer system. An incremental learning process is implemented to generate a set of log patterns from the training set. The heterogeneous logs are parsed using the set of log patterns. A set of applications is applied to the parsed logs.

公开(公告)号：WO2018093807A1

公开(公告)日：2018-05-24

申请号：PCT/US2017/061664

申请日：2017-11-15

Applicant: NEC LABORATORIES AMERICA, INC

Inventor： ZONG, Bo ,  TANG, LuAn ,  SONG, Qi ,  DEBNATH, Biplob ,  ZHANG, Hui ,  JIANG, Guofei

IPC: G06N3/08 ,  G06F11/34

Abstract: A method is provided that includes transforming training data into a neural network based learning model using a set of temporal graphs derived from the training data. The method includes performing model learning on the learning model by automatically adjusting learning model parameters based on the set of the temporal graphs to minimize differences between a predetermined ground-truth ranking list and a learning model output ranking list. The method includes transforming testing data into a neural network based inference model using another set of temporal graphs derived from the testing data. The method includes performing model inference by applying the inference and learning models to test data to extract context features for alerts in the test data and calculate a ranking list for the alerts based on the extracted context features. Top-ranked alerts are identified as critical alerts. Each alert represents an anomaly in the test data.

公开(公告)号：WO2018039446A1

公开(公告)日：2018-03-01

申请号：PCT/US2017/048406

申请日：2017-08-24

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： XU, Jianwu ,  DEBNATH, Biplob ,  ZONG, Bo ,  ZHANG, Hui ,  JIANG, Guofei ,  GE, Hancheng

IPC: G06F11/34

CPC classification number: G06N5/047 ,  G06F17/16 ,  G06F17/20 ,  G06F17/2282 ,  G06F17/277 ,  G06N7/00

Abstract: A heterogeneous log pattern editing recommendation system and computer- implemented method are provided. The system (600) has a processor (605) configured to identify, from heterogeneous logs, patterns including variable fields and constant fields. The processor (605) is also configured to extract a category feature, a cardinality feature, and a before-after n-gram feature by tokenizing the variable fields in the identified patterns. The processor (605) is additionally configured to generate target similarity scores between target fields to be potentially edited and other fields from among the variable fields in the heterogeneous logs using pattern editing operations based on the extracted category feature, the extracted cardinality feature, and the extracted before-after n-gram feature. The processor (605) is further configured to recommend, to a user, log pattern edits for at least one of the target fields based on the target similarity scores between the target fields in the heterogeneous logs.

Abstract translation: 提供了异构日志模式编辑推荐系统和计算机实现的方法。 系统（600）具有配置成从异构日志中识别包括可变字段和常量字段的模式的处理器（605）。 处理器（605）还被配置为通过对所识别的模式中的变量字段进行标记来提取类别特征，基数特征以及之前后的n元特征。 处理器（605）另外被配置为使用基于提取的类别特征，提取的基数特征和基于所提取的类别特征的模式编辑操作，从而在可能编辑的目标字段与异构日志中的可变字段之中的其他字段之间生成目标相似度分数 在n-gram特征前后提取。 处理器（605）还被配置为基于异构日志中的目标字段之间的目标相似度分数向用户推荐至少一个目标字段的日志模式编辑。

公开(公告)号：WO2017087437A1

公开(公告)日：2017-05-26

申请号：PCT/US2016/062135

申请日：2016-11-16

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： DEBNATH, Biplob ,  XU, Jianwu ,  ZHANG, Hui ,  JIANG, Guofei ,  HAMOONI, Hossein

IPC: G06F11/34

CPC classification number: G06K9/4604 ,  G06F11/34 ,  G06F17/30625 ,  G06F17/40

Abstract: Systems and methods are disclosed for parsing logs from arbitrary or unknown systems or applications by capturing heterogeneous logs from the arbitrary or unknown systems or applications; generating one pattern for every unique log message; building a pattern hierarchy tree by grouping patterns based on similarity metrics, and for every group it generates one pattern by combing all constituting patterns of that group; and selecting a set of patterns from the pattern hierarchy tree.

Abstract translation: 公开了系统和方法，用于通过从任意或未知系统或应用程序捕获异构日志来解析来自任意或未知系统或应用程序的日志; 为每个唯一的日志消息生成一个模式; 通过基于相似性度量对模式进行分组来构建模式层次树，并且对于每个组，通过组合所有组成模式来生成一个模式; 并从模式层次树中选择一组模式。

公开(公告)号：WO2016032898A1

公开(公告)日：2016-03-03

申请号：PCT/US2015/046313

申请日：2015-08-21

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： LUMEZANU, Cristian ,  JIN, Cheng ,  ZHANG, Hui ,  SHARMA, Abhishek ,  XU, Qiang ,  ARORA, Nipun ,  JIANG, Guofei

IPC: H04L12/721 ,  H04L12/761 ,  H04L12/937 ,  H04L12/64

CPC classification number: H04L45/48 ,  H04L12/462 ,  H04L45/14 ,  H04L45/16 ,  H04L45/18 ,  H04L45/64

Abstract: Systems and methods for controlling legacy switch routing in one or more hybrid networks of interconnected computers and switches, including generating a network underlay (304) for the one or more hybrid networks by generating a minimum spanning tree (MST) (306) and a forwarding graph (FWG) (308) over a physical network topology of the one or more hybrid networks (400), determining an optimal path between hosts on the FWG by optimizing an initial path with a minimum cost mapping (312), and adjusting the initial path (310) to enforce the optimal path (314) by generating and installing special packets in one or more programmable switches to trigger installation of forwarding rules for one or more legacy switches (516).

Abstract translation: 用于控制互连计算机和交换机的一个或多个混合网络中的传统交换机路由的系统和方法，包括通过生成最小生成树（MST）（306）和转发来为所述一个或多个混合网络生成网络底层（304） 通过一个或多个混合网络（400）的物理网络拓扑图（FWG）（308），通过利用最小成本映射优化初始路径（312）来确定FWG上的主机之间的最佳路径，并且调整初始 路径（310），以通过在一个或多个可编程交换机中生成和安装特殊分组来触发一个或多个传统交换机（516）的转发规则的安装来强制实现最佳路径（314）。

公开(公告)号：WO2016029031A1

公开(公告)日：2016-02-25

申请号：PCT/US2015/046138

申请日：2015-08-20

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： XU, Qiang ,  LUMEZANU, Cristian ,  LIU, Zhuotao ,  ARORA, Nipun ,  SHARMA, Abhishek ,  ZHANG, Hui ,  JIANG, Guofei

IPC: H04L12/751 ,  G06F9/455

CPC classification number: H04L41/12 ,  G06F9/45533 ,  H04L41/083 ,  H04L43/087 ,  H04L45/02 ,  H04L45/121 ,  H04L45/123 ,  H04L45/124

Abstract: Systems and methods for decoupled searching and optimization for one or more data centers, including determining a network topology for one or more networks of interconnected computer systems embedded in the one or more data centers (304), searching for routing candidates based on a network topology determined (310), and updating (314) and applying (316) one or more objective functions to the routing candidates to determine an optimal routing candidate to satisfy embedding goals based on tenant requests, and to embed the optimal routing candidate in the one or more data centers (412).

Abstract translation: 一种用于一个或多个数据中心的去耦合搜索和优化的系统和方法，包括确定嵌入在一个或多个数据中心（304）中的互连计算机系统的一个或多个网络的网络拓扑，基于网络拓扑搜索路由选择 确定（310）并且更新（314）并且将（316）一个或多个目标函数应用于路由候选以基于租户请求来确定最佳路由选择以满足嵌入目标，并且将最佳路由候选嵌入在一个或 更多数据中心（412）。

公开(公告)号：WO2018231424A1

公开(公告)日：2018-12-20

申请号：PCT/US2018/033335

申请日：2018-05-18

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： DEBNATH, Biplob ,  ZHANG, Hui ,  KRUUS, Erik

IPC: G06F21/56 ,  G06F21/33

CPC classification number: G06F11/3476 ,  G06F11/0781 ,  G06F11/3072 ,  G06F11/3082 ,  G06F11/3608

Abstract: Systems and methods for implementing content-level anomaly detection for devices having limited memory are provided. At least one log content model is generated (130) based on training log content of training logs obtained from one or more sources associated with the computer system. The at least one log content model is transformed (140) into at least one modified log content model to limit memory usage. Anomaly detection is performed (170) for testing log content of testing logs obtained from one or more sources associated with the computer system based on the at least one modified log content model. In response to the anomaly detection identifying one or more anomalies associated with the testing log content, the one or more anomalies are output (170).

公开(公告)号：WO2018175021A1

公开(公告)日：2018-09-27

申请号：PCT/US2018/018339

申请日：2018-02-15

Applicant: NEC LABORATORIES AMERICA, INC

Inventor： ZHANG, Hui ,  XU, Jianwu ,  ZONG, Bo

IPC: G06F21/36 ,  G06F21/45 ,  G06K9/62

Abstract: A method for implementing automatic and scalable log pattern learning in security log analysis is provided. The method includes collecting security logs generated by a computer system. An incremental learning process is implemented to generate a set of log patterns from the collected security logs. The collected security logs are parsed using the set of log patterns.

公开(公告)号：WO2018175020A1

公开(公告)日：2018-09-27

申请号：PCT/US2018/018337

申请日：2018-02-15

Applicant: NEC LABORATORIES AMERICA, INC

Inventor： ZHANG, Hui ,  XU, Jianwu ,  ZONG, Bo

IPC: G06F21/36 ,  G06F21/45 ,  G06K9/62

Abstract: A security system using automatic and scalable log pattern learning in security log analysis is provided. The security system includes one or more management services configured to generate security logs, and a security log analysis service operatively coupled to the one or more management services. The security log analysis service is configured to collect the security logs generated by the one or more management services, implement an incremental learning process to generate a set of log patterns from the collected security logs, parse the collected security logs using the set of log patterns, and analyze the parsed security logs for one or more security applications.

公开(公告)号：WO2018106624A1

公开(公告)日：2018-06-14

申请号：PCT/US2017/064591

申请日：2017-12-05

Applicant: NEC LABORATORIES AMERICA, INC

Inventor： DEBNATH, Biplob ,  ZHANG, Hui ,  JIANG, Guofei

IPC: G06F17/30

Abstract: A computer-implemented method, computer program product, and computer processing system are provided. The method includes preprocessing, by a processor, a set of heterogeneous logs by splitting each of the logs into tokens to obtain preprocessed logs. Each of the logs in the set is associated with a timestamp and textual content in one or more fields. The method further includes generating, by the processor, a set of regular expressions from the preprocessed logs. The method also includes performing, by the processor, an unsupervised parsing operation by applying the regular expressions to the preprocessed logs to obtain a set of parsed logs and a set of unparsed logs, if any. The method additionally includes storing, by the processor, the set of parsed logs in a log analytics database and the set of unparsed logs in a debugging database.