公开(公告)号：WO2018213061A3

公开(公告)日：2018-11-22

申请号：PCT/US2018/031559

申请日：2018-05-08

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： ZHANG, Mu ,  JEE, Kangkook ,  LI, Zhichun ,  LI, Ding ,  WU, Zhenyu ,  RHEE, Junghwan

IPC: G06F21/50 ,  H04L29/06

Abstract: A method and system are provided for causality analysis of Operating System-level (OS-level) events in heterogeneous enterprise hosts. The method includes storing (720F), by the processor, the OS-level events in a priority queue in a prioritized order based on priority scores determined from event rareness scores and event fanout scores for the OS-level events. The method includes processing (720G), by the processor, the OS-level events stored in the priority queue in the prioritized order to provide a set of potentially anomalous ones of the OS-level events within a set amount of time. The method includes generating (720G), by the processor, a dependency graph showing causal dependencies of at least the set of potentially anomalous ones of the OS-level events, based on results of the causality dependency analysis. The method includes initiating (730), by the processor, an action to improve a functioning of the hosts responsive to the dependency graph or information derived therefrom.

公开(公告)号：WO2018039424A1

公开(公告)日：2018-03-01

申请号：PCT/US2017/048360

申请日：2017-08-24

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： XIAO, Xusheng ,  LI, Zhichun ,  ZHANG, Mu ,  JIANG, Guofei ,  GUI, Jiaping

IPC: G06F17/30

CPC classification number: G06F16/24532 ,  G06F16/22 ,  G06F16/245 ,  G06F16/24535 ,  G06F16/24545 ,  G06F21/57 ,  G06F21/6227 ,  G06F2221/034

Abstract: Methods for querying a database and database systems include optimizing (304) a database query for parallel execution using spatial and temporal information relating to elements in the database, the optimized database query being split into sub-queries with sub-queries being divided spatially according to host and temporally according to time window. The sub-queries are executed (306) in parallel. The results of the database query are outputted (310) progressively.

Abstract translation: 用于查询数据库和数据库系统的方法包括使用与数据库中的元素相关的空间和时间信息优化（304）用于并行执行的数据库查询，优化的数据库查询被拆分为子查询 子查询根据主机在时间上按照时间窗口进行空间划分。 子查询并行执行（306）。 数据库查询的结果逐步输出（310）。

公开(公告)号：WO2018213425A1

公开(公告)日：2018-11-22

申请号：PCT/US2018/032938

申请日：2018-05-16

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： LI, Ding ,  JEE, Kangkook ,  LI, Zhichun ,  ZHANG, Mu ,  WU, Zhenyu

IPC: G06F21/60 ,  G06F21/62

CPC classification number: G06F16/1744 ,  G06F3/0643 ,  G06F16/2246 ,  G06F16/2272 ,  G06F16/24568 ,  G06F16/25 ,  G06F16/258 ,  G06F16/9027 ,  G06F21/552 ,  G06F21/6218 ,  G06F2216/03 ,  G06F2221/2143 ,  G06K9/6219

Abstract: Systems and methods for data reduction including organizing (701) data of an event stream into a file access table concurrently with receiving the event stream, the data including independent features and dependent features. A frequent pattern tree (FP-Tree) is built (702) including nodes corresponding to the dependent features according to a frequency of occurrence of the dependent features relative to the independent features. Each single path in the FP-Tree is merged (703) into a special node corresponding to segments of dependent features to produce a reduced FP-Tree. All path combinations in the reduced FP-Tree are identified (704). A compressible file access template (CFAT) is generated (705) corresponding to each of the path combinations. The data of the event stream is compressed (706) with the CFATs to reduce the dependent features to special events representing the dependent features.

公开(公告)号：WO2018213061A2

公开(公告)日：2018-11-22

申请号：PCT/US2018/031559

申请日：2018-05-08

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： ZHANG, Mu ,  JEE, Kangkook ,  LI, Zhichun ,  LI, Ding ,  WU, Zhenyu ,  RHEE, Junghwan

CPC classification number: G06F21/554 ,  G06F2221/034

Abstract: A method and system are provided for causality analysis of Operating System-level (OS-level) events in heterogeneous enterprise hosts. The method includes storing (720F), by the processor, the OS-level events in a priority queue in a prioritized order based on priority scores determined from event rareness scores and event fanout scores for the OS-level events. The method includes processing (720G), by the processor, the OS-level events stored in the priority queue in the prioritized order to provide a set of potentially anomalous ones of the OS-level events within a set amount of time. The method includes generating (720G), by the processor, a dependency graph showing causal dependencies of at least the set of potentially anomalous ones of the OS-level events, based on results of the causality dependency analysis. The method includes initiating (730), by the processor, an action to improve a functioning of the hosts responsive to the dependency graph or information derived therefrom.