公开(公告)号：US20210400068A1

公开(公告)日：2021-12-23

申请号：US17281342

申请日：2018-10-02

Applicant: NEC Corporation

Inventor： Daichi HASUMI ,  Satoshi IKEDA ,  Shigeyoshi SHIMA

IPC: H04L29/06

Abstract: Provided is a communication information integration system 1 in which a communication information integration apparatus 3 classifies collected first communication information for each terminal apparatus 4, generates summary information summarizing the classified communication information corresponding to the terminal 4, and transmits the generated summary information to the corresponding terminal apparatus 4, the terminal apparatus 4, upon receiving the summary information, extracts a difference between the first communication information and second communication information collected by the terminal apparatus 4, using the second communication information and the summary information, generates difference communication information based on the extracted difference, and transmits the generated difference communication information to the communication information integration apparatus 3, and the communication information integration apparatus 3, upon receiving the difference communication information from the terminal apparatus 4, integrates the difference communication information into the first communication information.

公开(公告)号：US20180181883A1

公开(公告)日：2018-06-28

申请号：US15735244

申请日：2016-06-15

Applicant: NEC Corporation

Inventor： Satoshi IKEDA

IPC: G06N99/00 ,  H04L29/06

CPC classification number: G06N20/00 ,  G06F11/30 ,  G06F11/327 ,  G06F21/55 ,  G06F2201/81 ,  H04L63/0227 ,  H04L63/1416 ,  H04L63/1425

Abstract: An information processing device according to the present invention includes: a dissimilarity calculator that calculates dissimilarity that is a distance between already received first alert information, and newly received second alert information; a machine learning generator that generates a classifier by applying machine learning to the first alert information, and determines a classification result by applying the classifier to the second alert information; and a determiner that sets the determination result and information indicating that presentation is unnecessary for the second alert information, when the determination result is false detection and the dissimilarity is less than a threshold value, and sets information indicating that presentation is necessary for the second alert information, when the determination result is true detection, or when the determination result is false detection and the dissimilarity is equal to or more than a threshold value.

公开(公告)号：US20180167407A1

公开(公告)日：2018-06-14

申请号：US15735256

申请日：2016-06-15

Applicant: NEC Corporation

Inventor： Satoshi IKEDA

IPC: H04L29/06 ,  H04L12/26 ,  H04L12/851

Abstract: An information processing device according to the present invention includes: a cluster analyzer that determines a cluster identifier indicating a cluster that is a result of classifying an alert, receives a classification result of the alert, and generates alert information that is information including the alert, the cluster identifier, and the classification result; a rule generator that calculates a number of occurrence times of a pattern that is a combination of information and includes the cluster identifier, extracts a frequent pattern, generates a classification rule used in setting of the classification result, and updates a previously generated old classification rule with a newly generated classification rule; and a rule applicator that sets the classification result included in the alert information.

公开(公告)号：US20170272457A1

公开(公告)日：2017-09-21

申请号：US15532171

申请日：2015-12-08

Applicant: NEC Corporation

Inventor： Satoshi IKEDA

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  G06F21/55 ,  G06F21/552 ,  H04L63/02

Abstract: The present invention provides an importance-level calculation device, etc., with which it is possible to present an alert indicating network abnormality to an operator so as to enable the operator to determine the alert more efficiently. An importance-level calculation device is provided with an importance-level calculation unit which, when a first alert is notified in response to detection of an abnormality in a communication network to be monitored, computes an importance level of the first alert, based on a characteristic that is included in communication information that has caused the first alert but is not included in communication information related to one or more second alerts having been notified prior to the first alert.

公开(公告)号：US20190319974A1

公开(公告)日：2019-10-17

申请号：US16345555

申请日：2017-10-20

Applicant: NEC CORPORATION

Inventor： Daichi HASUMI ,  Satoshi IKEDA ,  Shigeyoshi SHIMA

IPC: H04L29/06 ,  H04L12/727 ,  H04L12/725 ,  H04L12/721

Abstract: Provided is an incident effect range estimation device which estimates the range of the effect of an incident and shortens incident handling time. This incident effect range estimation device 10 is provided with an incident origin log acquisition unit 11 which acquires log information for the incident-originating device which is related to the occurrence of the incident, a communication destination log acquisition unit 12 which acquires, on the basis of the log information for the incident-originating device, log information for a communication destination device which is the communication destination of the incident-originating device, and an effect range estimation unit 13 which estimates the range of the effect of the incident on the basis of the communication destination device. The range of the effect of the incident can thereby be estimated automatically, and thus incident handling time can be shortened significantly.

公开(公告)号：US20180041531A1

公开(公告)日：2018-02-08

申请号：US15555214

申请日：2016-03-01

Applicant: NEC CORPORATION

Inventor： Satoshi IKEDA

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  G06F21/552 ,  H04L63/0236 ,  H04L63/108 ,  H04L63/1416 ,  H04L63/145 ,  H04L2463/144

Abstract: To provide a log analysis system which is capable of detecting unauthorized access, an analysis device, an analysis method and a storage medium on which an analysis program is stored, a client terminal communicates with an external communication device. A relay device relays communications between the external communication device and the client terminal, in accordance with a request from the client terminal. An analysis device analyzes the content of communications by the client terminal. Then, the client terminal stores program information indicating a program that handled communications with the external communication device. The relay device stores a relay log that indicates each request, made by the client terminal, to communicate with the external communication device. In addition, the analysis device compares the program information and the relay log.