公开(公告)号：US20190098048A1

公开(公告)日：2019-03-28

申请号：US16101794

申请日：2018-08-13

Applicant: NEC Laboratories America, Inc.

Inventor： Cristian Lumezanu ,  Nipun Arora ,  Haifeng Chen ,  Bo Zong ,  Daeki Cho ,  Mingda Li

IPC: H04L29/06 ,  H04L12/733 ,  H04L12/741 ,  H04L12/26 ,  G06N3/08 ,  G06K9/62

Abstract: Methods and systems for mitigating a spoofing-based attack include calculating a travel distance between a source Internet Protocol (IP) address and a target IP address from a received packet based on time-to-live information from the received packet. An expected travel distance between the source IP address and the target IP address is estimated based on a sparse set of known source/target distances. It is determined that the received packet has a spoofed source IP address based on a comparison between the calculated travel distance and the expected travel distance. A security action is performed responsive to the determination that the received packet has a spoofed source IP address.

公开(公告)号：US20180174065A1

公开(公告)日：2018-06-21

申请号：US15678751

申请日：2017-08-16

Applicant: NEC Laboratories America, Inc.

Inventor： Biplob Debnath ,  Hui Zhang ,  Jianwu Xu ,  Nipun Arora ,  Guofei Jiang ,  Bo Zong

IPC: G06N7/00 ,  G06N99/00

CPC classification number: G06N7/00 ,  G06F11/00 ,  G06N20/00

Abstract: A computer-implemented method for automatically analyzing log contents received via a network and detecting content-level anomalies is presented. The computer-implemented method includes building a statistical model based on contents of a set of training logs and detecting, based on the set of training logs, content-level anomalies for a set of testing logs. The method further includes maintaining an index and metadata, generating attributes for fields, editing model capability to incorporate user domain knowledge, detecting anomalies using field attributes, and improving anomaly quality by using user feedback.

公开(公告)号：US09471461B2

公开(公告)日：2016-10-18

申请号：US14227481

申请日：2014-03-27

Applicant: NEC Laboratories America, Inc.

Inventor： Jungwhan Rhee ,  Hui Zhang ,  Nipun Arora ,  Guofei Jiang ,  Qiang Zeng

IPC: G06F9/44 ,  G06F11/34

CPC classification number: G06F11/3466 ,  G06F2201/865

Abstract: A computer implemented method for maintaining a program's calling context correct even when a monitoring of the program goes out of a scope of a program analysis by validating function call transitions and recovering partial paths before and after the violation of the program's control flow. The method includes detecting a violation of control flow invariants in the software system including validating a source and destination of a function call in the software system, interpreting a pre-violation partial path responsive to a failure of the validating, and interpreting a post violation path after a violation of program flow.

Abstract translation: 即使当程序的监视超出程序分析的范围时，通过验证功能调用转换并在违反程序的控制流程之前和之后恢复部分路径，用于维护程序的调用上下文的计算机实现的方法也是正确的。 该方法包括检测软件系统中的控制流不变量的违反，包括验证软件系统中的函数调用的源和目的地，响应于验证失败解释预先违反部分路径，以及解释后违反路径 违反程序流程后。

公开(公告)号：US20150180755A1

公开(公告)日：2015-06-25

申请号：US14575013

申请日：2014-12-18

Applicant: NEC Laboratories America, Inc.

Inventor： Hui Zhang ,  Junghwan Rhee ,  Nipun Arora ,  Cristian Lumezanu ,  Guofei Jiang

IPC: H04L12/26

CPC classification number: H04L41/0631 ,  H04L41/069 ,  H04L41/14 ,  H04L43/0858

Abstract: A computer implemented method for network monitoring includes providing network packet event characterization and analysis for network monitoring that includes supporting summarization and characterization of network packet traces collected across multiple processing elements of different types in a virtual network, including a trace slicing to organize individual packet events into path-based trace slices, a trace characterization to extract at least 2 types of feature matrix describing those trace slices, and a trace analysis to cluster, rank and query packet traces based on metrics of the feature matrix.

Abstract translation: 一种用于网络监测的计算机实现方法包括为网络监测提供网络分组事件表征和分析，其包括支持在虚拟网络中跨越不同类型的多个处理元件收集的网络分组跟踪的概括和表征，包括用于组织各个分组事件的跟踪分片 基于路径的跟踪切片，提取描述这些跟踪切片的至少2种类型的特征矩阵的跟踪表征，以及基于特征矩阵的度量的集群，排序和查询分组跟踪的跟踪分析。

公开(公告)号：US20150106794A1

公开(公告)日：2015-04-16

申请号：US14512653

申请日：2014-10-13

Applicant: NEC Laboratories America, Inc.

Inventor： Junghwan Rhee ,  Hui Zhang ,  Nipun Arora ,  Guofei Jiang ,  Chung Hwan Kim

IPC: G06F11/36 ,  G06F9/44

CPC classification number: G06F11/3636 ,  G06F11/3419

Abstract: Methods and systems for performance inference include inferring an internal application status based on a unified call stack trace that includes both user and kernel information by inferring user function instances. A calling context encoding is generated that includes information regarding function calling paths. Application performance is analyzed based on the encoded calling contexts. The analysis includes performing a top-down latency breakdown and ranking calling contexts according to how costly each function calling path is.

Abstract translation: 用于性能推理的方法和系统包括通过推断用户功能实例来推断基于包括用户和内核信息的统一调用堆栈跟踪的内部应用程序状态。 生成包含有关函数调用路径的信息的调用上下文编码。 基于编码的呼叫上下文来分析应用性能。 分析包括根据每个功能调用路径的代价昂贵地执行自上而下的延迟故障和排序呼叫上下文。

公开(公告)号：US10911488B2

公开(公告)日：2021-02-02

申请号：US16101794

申请日：2018-08-13

Applicant: NEC Laboratories America, Inc.

Inventor： Cristian Lumezanu ,  Nipun Arora ,  Haifeng Chen ,  Bo Zong ,  Daeki Cho ,  Mingda Li

IPC: G06F11/00 ,  H04L29/06 ,  H04L12/733 ,  H04L12/26 ,  H04L12/741 ,  G06N20/00 ,  H04L12/751 ,  H04L12/893 ,  G06K9/62 ,  G06N3/08

Abstract: Methods and systems for mitigating a spoofing-based attack include calculating a travel distance between a source Internet Protocol (IP) address and a target IP address from a received packet based on time-to-live information from the received packet. An expected travel distance between the source IP address and the target IP address is estimated based on a sparse set of known source/target distances. It is determined that the received packet has a spoofed source IP address based on a comparison between the calculated travel distance and the expected travel distance. A security action is performed responsive to the determination that the received packet has a spoofed source IP address.

公开(公告)号：US20180365291A1

公开(公告)日：2018-12-20

申请号：US15983404

申请日：2018-05-18

Applicant: NEC Laboratories America, Inc.

Inventor： Haifeng Chen ,  Youfu Li ,  Daeki Cho ,  Bo Zong ,  Nipun Arora ,  Cristian Lumezanu

IPC: G06F17/30

Abstract: Systems and methods for optimizing query execution to improve query processing by a computer are provided. A query is analyzed and translated into a logical plan. A runtime query optimizer is applied to the logical plan to identify a physical plan including operators for execution. The logical plan is translated into the physical plan. Execution of the query is scheduled according to the physical plan.

公开(公告)号：US09535814B2

公开(公告)日：2017-01-03

申请号：US14665519

申请日：2015-03-23

Applicant: NEC Laboratories America, Inc.

Inventor： Nipun Arora ,  Junghwan Rhee ,  Hui Zhang ,  Guofei Jiang

IPC: G06F9/44 ,  G06F11/34

CPC classification number: G06F11/3466

Abstract: The present invention enables capturing API level calls using a combination of dynamic instrumentation and library overriding. The invention allows event level tracing of API function calls and returns, and is able to generate an execution trace. The instrumentation is lightweight and relies on dynamic library/shared library linking mechanisms in most operating systems. Hence we need no source code modification or binary injection. The tool can be used to capture parameter values, and return values, which can be used to correlate traces across API function calls to generate transaction flow logic.

Abstract translation: 本发明可以使用动态检测和库重写的组合捕获API级别调用。 本发明允许API函数调用和返回的事件级别跟踪，并且能够生成执行跟踪。 该仪器是轻量级的，并且依赖于大多数操作系统中的动态库/共享库链接机制。 因此，我们不需要源代码修改或二进制注入。 该工具可用于捕获参数值和返回值，可用于将API函数调用之间的跟踪相关联，以生成事务流逻辑。

公开(公告)号：US20140298300A1

公开(公告)日：2014-10-02

申请号：US14227481

申请日：2014-03-27

Applicant: NEC Laboratories America, Inc.

Inventor： Jungwhan Rhee ,  Hui Zhang ,  Nipun Arora ,  Guofei Jiang ,  Qiang Zeng

IPC: G06F11/34

CPC classification number: G06F11/3466 ,  G06F2201/865

Abstract: A computer implemented method for maintaining a program's calling context correct even when a monitoring of the program goes out of a scope of a program analysis by validating function call transitions and recovering partial paths before and after the violation of the program's control flow. The method includes detecting a violation of control flow invariants in the software system including validating a source and destination of a function call in the software system, interpreting a pre-violation partial path responsive to a failure of the validating, and interpreting a post violation path after a violation of program flow.

Abstract translation: 即使当程序的监视超出程序分析的范围时，通过验证功能调用转换并在违反程序的控制流程之前和之后恢复部分路径，用于维护程序的调用上下文的计算机实现的方法也是正确的。 该方法包括检测软件系统中的控制流不变量的违反，包括验证软件系统中的函数调用的源和目的地，响应于验证失败解释预先违反部分路径，以及解释后违反路径 违反程序流程后。

公开(公告)号：US20140068351A1

公开(公告)日：2014-03-06

申请号：US14012000

申请日：2013-08-28

Applicant: NEC Laboratories America, Inc.

Inventor： Junghwan Rhee ,  Hui Zhang ,  Nipun Arora ,  Guofei Jiang ,  Kenji Yoshihira

IPC: G06F11/30

CPC classification number: G06F11/3034 ,  G06F11/073 ,  G06F11/079 ,  G06F11/30 ,  G06F11/3037 ,  G06F11/3051 ,  G06F11/3476 ,  G06F11/3604 ,  G06F11/3636 ,  G06F2201/865

Abstract: A computer implemented method provides efficient monitoring and analysis of a program's memory objects in the operation stage. The invention can visualize and analyze a monitored program's data status with improved semantic information without requiring source code at runtime. The invention can provide higher quality of system management, performance debugging, and root-cause error analysis of enterprise software in the production stage.

Abstract translation: 计算机实现的方法在操作阶段提供对程序的存储器对象的有效监视和分析。 本发明可以使用改进的语义信息可视化和分析被监视程序的数据状态，而不需要运行时的源代码。 本发明可以在生产阶段提供更高质量的系统管理，性能调试和企业软件的根本原因误差分析。