公开(公告)号：US20250036764A1

公开(公告)日：2025-01-30

申请号：US18688419

申请日：2021-09-17

Applicant: NEC Corporation

Inventor： Shohei HIRUTA ,  Satoshi IKEDA

IPC: G06F21/56 ,  G06F21/55

Abstract: An attack analysis support apparatus includes: an acquiring unit that acquires a predicate indicating a type of an attack included in an observation indicating a trace of the attack, or an observation type indicating a type of the observation corresponding to the predicate; a noise condition generating unit that generates a noise condition by, with use of selection information that is included in conversion information associated with the predicate or the observation type and is for selecting conversion target data included in log management information for managing a log, selecting conversion target data from the log management information, and converting the selected conversion target data based on conversion method information included in the conversion information; and a noise information generating unit that generates noise information to be used for determination of whether or not the observation is noise, in accordance with the noise condition generated for the log management information.

公开(公告)号：US20210049274A1

公开(公告)日：2021-02-18

申请号：US16964414

申请日：2018-03-15

Applicant: NEC Corporation

Inventor： Satoshi IKEDA

IPC: G06F21/56 ,  G06F21/54 ,  G06K9/62

Abstract: A search in threat hunting can be efficiently performed. An analysis device includes a model generation unit and a display unit. The model generation unit generate a model of outputting information relating to an operation to be performed on an element, based on learning data including an operation performed on a displayed element, and a display history of an element up until the displayed element is displayed. The display unit displays an element, and information acquired from the model and relating to an operation to be performed on the element.

公开(公告)号：US20170329964A1

公开(公告)日：2017-11-16

申请号：US15532588

申请日：2015-12-08

Applicant: NEC Corporation

Inventor： Satoshi IKEDA

IPC: G06F21/55 ,  H04L29/06

CPC classification number: G06F21/55 ,  G06F21/552 ,  H04L63/029 ,  H04L63/1425

Abstract: The present invention provides an output device, etc., with which it is possible to present an alert indicating an abnormality of network to an operator in such a manner that the operator can determine the alert more efficiently. An output device is provided with a presentation unit which, when a first alert is notified in response to detection of an abnormality in a communication network to be monitored, presents similarity information representing similarity obtained on the basis of first information included in communication information that has caused the first alert and second information included in communication information related to one or a second alerts.

公开(公告)号：US20230216872A1

公开(公告)日：2023-07-06

申请号：US17928009

申请日：2020-05-29

Applicant: NEC Corporation

Inventor： Satoshi IKEDA

IPC: H04L9/40 ,  H04L43/04

CPC classification number: H04L63/1425 ,  H04L43/04

Abstract: A information processing apparatus 10, includes: an extraction unit 11 configured to obtain communication history information classified based on a communication source, a communication destination, and a communication date/time; and a generation unit 12 configured to generate sample data to be used in metric learning by adding a label to data generated by associating the classified communication history information, the communication source, the communication destination, and the communication date/time.

公开(公告)号：US20220269786A1

公开(公告)日：2022-08-25

申请号：US17632839

申请日：2019-08-09

Applicant: NEC Corporation

Inventor： Satoshi IKEDA

IPC: G06F21/56 ,  G06F16/901 ,  G06F16/903

Abstract: An information processing apparatus (10) according to an aspect of the present invention includes a similarity determination unit (13) configured to determine a degree of similarity between first and second queries used for detection of behavior of malware, and an integration unit (14) configured to perform integration of the first and second queries according to a determination result from the similarity determination unit (13). The similarity determination unit (13) determines the degree of similarity between the first and second queries by using a first graph structure corresponding to the first query and a second graph structure corresponding to the second query. The integration unit (14) performs integration of the first and second queries by extracting a common part between the first graph structure and the second graph structure.

公开(公告)号：US20220147658A1

公开(公告)日：2022-05-12

申请号：US17431841

申请日：2019-02-22

Applicant: NEC Corporation

Inventor： Satoshi IKEDA

IPC: G06F21/64 ,  G06F16/22

Abstract: An anomaly detection apparatus according to an embodiment of the present disclosure includes: a global tree structure creation unit configured to create a global tree structure for dividing a plurality of data pieces into a plurality of groups, a local tree structure creation unit configured to create a local tree structure for further dividing the data pieces divided into the plurality of groups for each of the plurality of groups, and a score calculation unit configured to calculate a score indicating an anomaly level of the plurality of data pieces using a depth from a root node to a leaf node of the local tree structure.

公开(公告)号：US20200184072A1

公开(公告)日：2020-06-11

申请号：US16624667

申请日：2017-06-23

Applicant: NEC Corporation

Inventor： Satoshi IKEDA

IPC: G06F21/56 ,  G06N20/00 ,  G06N5/04 ,  G06N5/02

Abstract: Provided is an analysis device including: feature extraction means configured to be able to, by use of a first feature value extracted from a first log entry being a log entry in which information indicating an action of a software program is recorded and a second feature value being different from the first feature value and being extracted from one or more second log entries being log entries, generate feature information related to the first log entry; and analysis model generation means configured to, by use of learning data including one or more sets of the feature information related to the first log entry and importance level information indicating an importance level assigned to the first log entry, generate an analysis model capable of determining an importance level related to another log entry.

公开(公告)号：US20170085586A1

公开(公告)日：2017-03-23

申请号：US15312041

申请日：2015-05-18

Applicant: NEC Corporation

Inventor： Satoshi IKEDA

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  G06F13/00 ,  G06F21/316 ,  G06F21/44 ,  G06F21/552 ,  G06F21/554 ,  G06F21/6254 ,  H04L63/145 ,  H04L63/1491

Abstract: An information processing device of the present invention includes: a degree-of-possibility calculation unit that calculates, based on a history of communication between a client and a server, the history including at least an identifier of the server, an identifier of the client, and a user agent character string included in a request header sent from the client, a degree of possibility that indicates a degree of certainty of a practical user agent permitted to operate as a portion of the client, with respect to each user agent that relates to the user agent character string; and a disguise information notification unit that outputs, based on the basis of the degree of possibility, disguise information that is information regarding communication performed by a fake user agent impersonating the practical user agent.

公开(公告)号：US20220147630A1

公开(公告)日：2022-05-12

申请号：US17433313

申请日：2019-02-26

Applicant: NEC corporation

Inventor： Satoshi IKEDA

IPC: G06F21/56

Abstract: An information processing apparatus according to the present disclosure includes an event index generation unit configured to generate an event index using event information output from a terminal and a search condition generation unit configured to generate a search condition for extracting the terminal exhibiting a specific behavior using a dynamic analysis result generated based on events occured during an operation of malware and the event index. The search condition generation unit is configured to generate the search condition by reflecting an occurrence tendency of the event included in the dynamic analysis result in the terminal.

公开(公告)号：US20220129764A1

公开(公告)日：2022-04-28

申请号：US17431263

申请日：2019-02-22

Applicant: NEC Corporation

Inventor： Satoshi IKEDA

IPC: G06N5/00 ,  G06K9/62

Abstract: An anomaly detection apparatus according to the present disclosure includes a binary tree structure creation unit, a score calculation unit, and a learning unit. The binary tree structure creation unit creates a binary tree structure using a plurality of data pieces. The score calculation unit calculates a score using a node evaluation value for a node feature vector, the node feature vector being a feature of each node passing from a root node to a leaf node of the binary tree structure. The learning unit learns a node evaluation model for calculating the node evaluation value for the node feature vector of the each node of the binary tree structure.