-
公开(公告)号:US09489286B2
公开(公告)日:2016-11-08
申请号:US14168375
申请日:2014-01-30
发明人: Nipun Arora , Hui Zhang , Junghwan Rhee , Guofei Jiang , Kenji Yoshihira
CPC分类号: G06F11/3644 , G06F11/3636
摘要: This invention provides a new mechanism for “Hot-Tracing” using a novel placeholder mechanism and binary rewriting techniques, which leverages existing compiler flags in order to enable light-weight and highly flexible dynamic instrumentation. Broadly, I-Probe can be divided in 2 distinct workflows—1. Pre-processing (ColdPatch), and 2. Hot Tracing. The first phase is a pre-processing mechanism to prepare the binary for phase 2. The second phase is the actual hot-tracing mechanism, which allows users to dynamically instrument functions (more specifically symbols) of their choice.
摘要翻译: 本发明提供了一种使用新型占位符机制和二进制重写技术的“热追踪”的新机制,其利用现有的编译器标志以便实现轻量级和高度灵活的动态仪器。 普遍来说,I-Probe可以分为两个不同的工作流程 - 1。 预处理(ColdPatch)和2.热追踪。 第一阶段是为阶段2准备二进制的预处理机制。第二阶段是实际的热追踪机制,允许用户动态地对其选择的功能(更具体地说是符号)进行仪器仪表功能。
-
22.发明授权公开(公告)号:US09092568B2
公开(公告)日:2015-07-28
申请号:US13873610
申请日:2013-04-30
发明人: Junghwan Rhee , Hui Zhang , Nipun Arora , Guofei Jiang , Kenji Yoshihira , Myoungku Song
CPC分类号: G06F11/3636 , G06F11/3604
摘要: A system for automatically instrumenting and tracing an application program and related software components achieves a correlated tracing of the program execution. It includes tracing of endpoints that are the set of functions in the program execution path that the developers are interested. The tracing endpoints and related events become the total set of functions to be traced in the program (called instrument points). This invention automatically analyzes the program and generates such instrumentation points to enable correlated tracing. The generated set of instrumentation points addresses common questions that developers ask when they use monitoring tools.
摘要翻译: 用于自动测试和跟踪应用程序和相关软件组件的系统实现了程序执行的相关跟踪。 它包括跟踪开发人员感兴趣的程序执行路径中的一组函数的端点。 跟踪终点和相关事件成为程序中要追踪的功能的总数(称为仪器点)。 本发明自动分析程序并生成这样的仪器点以实现相关跟踪。 生成的仪器仪表组解决了开发人员在使用监控工具时所要求的常见问题。
-
23.发明授权Method and system for software system performance diagnosis with kernel event feature guidance 有权内核事件功能指导软件系统性能诊断方法与系统公开(公告)号:US09075912B2
公开(公告)日:2015-07-07
申请号:US13850562
申请日:2013-03-26
发明人: Jungwhan Rhee , Guofei Jiang , Kenji Yoshihira , Hui Zhang
CPC分类号: G06F11/3636 , G06F11/34 , G06F11/3466 , G06F2201/86 , G06F2201/865
摘要: A method includes generating a normal trace in a training stage for the monitored software systems and a monitored trace in the deployment stage for anomaly detection, applying resource transfer functions to traces to convert them to resource features, and system call categorization to traces to convert them to program behavior features, performing anomaly detection in a global scope using the derived resource features and program behavior features, in case the system finds no anomaly, generating no anomaly report, in case the anomaly is found, including the result in an anomaly report; and performing conditional anomaly detection.
摘要翻译: 一种方法包括在受监视的软件系统的训练阶段生成正常轨迹,以及在部署阶段中用于异常检测的受监控轨迹,将资源传递函数应用到轨迹以将其转换为资源特征,以及将系统调用分类到跟踪以转换它们 程序行为特征,使用导出的资源特征和程序行为特征在全局范围内执行异常检测,以防系统发现异常情况,发现异常报告,包括异常报告中的结果; 并执行条件异常检测。
-
公开(公告)号:US20140229921A1
公开(公告)日:2014-08-14
申请号:US14168375
申请日:2014-01-30
发明人: Nipun Arora , Hui Zhang , Junghwan Rhee , Guofei Jiang , Kenji Yoshihira
IPC分类号: G06F11/36
CPC分类号: G06F11/3644 , G06F11/3636
摘要: This invention provides a new mechanism for “Hot-Tracing” using a novel placeholder mechanism and binary rewriting techniques, which leverages existing compiler flags in order to enable light-weight and highly flexible dynamic instrumentation. Broadly, I-Probe can be divided in 2 distinct workflows—1. Pre-processing (ColdPatch), and 2. Hot Tracing. The first phase is a pre-processing mechanism to prepare the binary for phase 2. The second phase is the actual hot-tracing mechanism, which allows users to dynamically instrument functions (more specifically symbols) of their choice.
摘要翻译: 本发明提供了一种使用新型占位符机制和二进制重写技术的“热追踪”的新机制,其利用现有的编译器标志以便实现轻量级和高度灵活的动态仪器。 普遍来说,I-Probe可以分为两个不同的工作流程 - 1。 预处理(ColdPatch)和2.热追踪。 第一阶段是为阶段2准备二进制的预处理机制。第二阶段是实际的热追踪机制,允许用户动态地对其选择的功能(更具体地说是符号)进行仪器仪表功能。
-
25.发明申请Method and System for Software System Performance Diagnosis with Kernel Event Feature Guidance 有权内核事件功能指导软件系统性能诊断方法与系统公开(公告)号:US20140115403A1
公开(公告)日:2014-04-24
申请号:US13850562
申请日:2013-03-26
发明人: Jungwhan Rhee , Guofei Jiang , Kenji Yoshihira , Hui Zhang
IPC分类号: G06F11/36
CPC分类号: G06F11/3636 , G06F11/34 , G06F11/3466 , G06F2201/86 , G06F2201/865
摘要: A method includes generating a normal trace in a training stage for the monitored software systems and a monitored trace in the deployment stage for anomaly detection, applying resource transfer functions to traces to convert them to resource features, and system call categorization to traces to convert them to program behavior features, performing anomaly detection in a global scope using the derived resource features and program behavior features, in case the system finds no anomaly, generating no anomaly report, in case the anomaly is found, including the result in an anomaly report; and performing conditional anomaly detection.
摘要翻译: 一种方法包括在受监视的软件系统的训练阶段生成正常轨迹,以及在部署阶段中用于异常检测的受监控轨迹,将资源传递函数应用到轨迹以将其转换为资源特征,以及将系统调用分类到跟踪以转换它们 程序行为特征,使用导出的资源特征和程序行为特征在全局范围内执行异常检测,以防系统发现异常情况,发现异常报告,包括异常报告中的结果; 并执行条件异常检测。
-
26.发明申请INTEGRATED APPROACH TO MODEL TIME SERIES DYNAMICS IN COMPLEX PHYSICAL SYSTEMS 有权复杂物理系统中模型时间序列动力学的综合方法公开(公告)号:US20140108314A1
公开(公告)日:2014-04-17
申请号:US14050945
申请日:2013-10-10
发明人: Haifeng Chen , Min Ding , Bin Liu , Abhishek Sharma , Kenji Yoshihira , Guofei Jiang
IPC分类号: G06N99/00
CPC分类号: G06N99/005 , G06F11/3055 , G06F11/3072 , G06F17/18 , G06N5/048
摘要: A system and method for analysis of complex systems which includes determining model parameters based on time series data, further including profiling a plurality of types of data properties to discover complex data properties and dependencies; classifying the data dependencies into predetermined categories for analysis; and generating a plurality of models based on the discovered properties and dependencies. The system and method may analyze, using a processor, the generated models based on a fitness score determined for each model to generate a status report for each model; integrate the status reports for each model to determine an anomaly score for the generated models; and generate an alarm when the anomaly score exceeds a predefined threshold.
摘要翻译: 一种用于分析复杂系统的系统和方法,包括基于时间序列数据确定模型参数,还包括分析多种类型的数据属性以发现复杂数据属性和依赖性; 将数据依赖关系分类为预定类别进行分析; 以及基于所发现的属性和依赖关系生成多个模型。 系统和方法可以基于为每个模型确定的适应度分数来使用处理器分析生成的模型,以生成每个模型的状态报告; 整合每个模型的状态报告,以确定生成的模型的异常得分; 并且当异常得分超过预定阈值时产生报警。
-
公开(公告)号:US10914608B2
公开(公告)日:2021-02-09
申请号:US15653115
申请日:2017-07-18
发明人: Haifeng Chen , Kenji Yoshihira , Guofei Jiang
IPC分类号: G01D3/08 , G06N5/04 , G06K9/62 , G06F17/18 , G06F11/34 , G06K9/00 , G06F11/30 , G06F30/20 , G06N20/00 , G06N7/08
摘要: Systems and methods for anomaly detection in complex physical systems, including extracting features representative of a temporal evolution of the complex physical system, and analyzing the extracted features by deriving vector trajectories using sliding window segmentation of time series, applying a linear test to determine whether the vector trajectories are linear, and performing subspace decomposition on the vector trajectory based on the linear test. A system evolution model is generated from an ensemble of models, and a fitness score is determined by analyzing different data properties of the system based on specific data dependency relationships. An alarm is generated if the fitness score exceeds a predetermined number of threshold violations for the different data properties.
-
公开(公告)号:US20190130212A1
公开(公告)日:2019-05-02
申请号:US16169184
申请日:2018-10-24
发明人: Wei Cheng , Haifeng Chen , Kenji Yoshihira , Wenchao Yu
摘要: Methods and systems for embedding a network in a latent space include generating a representation of an input network graph in the latent space using an autoencoder model and generating a representation of a set of noise samples in the latent space using a generator model. A discriminator model discriminates between the representation of the input network graph and the representation of the set of noise samples. The autoencoder model, the generator model, and the discriminator model are jointly trained by minimizing a joint loss function that includes parameters for each model. A final representation of the input network graph is generated using the trained autoencoder model.
-
公开(公告)号:US10114148B2
公开(公告)日:2018-10-30
申请号:US14503549
申请日:2014-10-01
发明人: Xia Ning , Guofei Jiang , Haifeng Chen , Kenji Yoshihira
IPC分类号: G01V99/00
摘要: A method and system are provided for heterogeneous log analysis. The method includes performing hierarchical log clustering on heterogeneous logs to generate a log cluster hierarchy for the heterogeneous logs. The method further includes performing, by a log pattern recognizer device having a processor, log pattern recognition on the log cluster hierarchy to generate log pattern representations. The method also includes performing log field analysis on the log pattern representations to generate log field statistics. The method additionally includes performing log indexing on the log pattern representations to generate log indexes.
-
公开(公告)号:US20180048667A1
公开(公告)日:2018-02-15
申请号:US15725994
申请日:2017-10-05
发明人: LuAn Tang , Hengtong Zhang , Zhengzhang Chen , Bo Zong , Zhichun Li , Guofei Jiang , Kenji Yoshihira
CPC分类号: H04L63/1425 , G06F21/552 , G06F21/554 , G06F21/57 , H04L12/4625 , H04L41/12 , H04L41/142 , H04L41/145 , H04L63/1416 , H04L63/1441 , H04L63/145 , H04L63/20
摘要: Methods and systems for detecting anomalous events include detecting anomalous events in monitored system data. An event correlation graph is generated by determining a tendency for a first process to access a system target, including an innate tendency of the first process to access the system target, an influence of previous events from the first process, and an influence of processes other than the first process. Kill chains are generated from the event correlation graph that characterize events in an attack path over time. A security management action is performed based on the kill chains.
-
-
-
-
-
-
-
-
-
搜索结果
47 条记录 (耗时 0.017 秒)
