-
公开(公告)号:US11468262B2
公开(公告)日:2022-10-11
申请号:US16169184
申请日:2018-10-24
发明人: Wei Cheng , Haifeng Chen , Kenji Yoshihira , Wenchao Yu
摘要: Methods and systems for embedding a network in a latent space include generating a representation of an input network graph in the latent space using an autoencoder model and generating a representation of a set of noise samples in the latent space using a generator model. A discriminator model discriminates between the representation of the input network graph and the representation of the set of noise samples. The autoencoder model, the generator model, and the discriminator model are jointly trained by minimizing a joint loss function that includes parameters for each model. A final representation of the input network graph is generated using the trained autoencoder model.
-
公开(公告)号:US10367838B2
公开(公告)日:2019-07-30
申请号:US15425335
申请日:2017-02-06
发明人: Zhengzhang Chen , LuAn Tang , Guofei Jiang , Kenji Yoshihira , Haifeng Chen
摘要: Methods and systems for detecting anomalous network activity include determining whether a network event exists within an existing topology graph and port graph. A connection probability for the network event is determined if the network does not exist within the existing topology graph and port graph. The network event is identified as abnormal if the connection probability is below a threshold.
-
公开(公告)号:US10289841B2
公开(公告)日:2019-05-14
申请号:US15725974
申请日:2017-10-05
发明人: LuAn Tang , Hengtong Zhang , Zhengzhang Chen , Bo Zong , Zhichun Li , Guofei Jiang , Kenji Yoshihira
摘要: Methods and systems for detecting anomalous events include detecting anomalous events in monitored system data. An event correlation graph is generated based on the monitored system data that characterizes the tendency of processes to access system targets. Kill chains are generated that connect malicious events over a span of time from the event correlation graph that characterize events in an attack path over time by sorting events according to a maliciousness value and determining at least one sub-graph within the event correlation graph with an above-threshold maliciousness rank. A security management action is performed based on the kill chains.
-
4.发明申请公开(公告)号:US20170308427A1
公开(公告)日:2017-10-26
申请号:US15490499
申请日:2017-04-18
发明人: Wei Cheng , Kenji Yoshihira , Haifeng Chen , Guofei Jiang
IPC分类号: G06F11/07
CPC分类号: G06F11/0793 , G06F11/0709 , G06F11/079 , H04L41/064
摘要: Methods are provided for both single modal and multimodal fault diagnosis. In a method, a fault fingerprint is constructed based on a fault event using an invariant model. A similarity matrix between the fault fingerprint and one or more historical representative fingerprints are derived using dynamic time warping and at least one convolution. A feature vector in a feature subspace for the fault fingerprint is generated. The feature vector includes at least one status of at least one system component during the fault event. A corrective action correlated to the fault fingerprint is determined. The corrective action is initiated on a hardware device to mitigate expected harm to at least one item selected from the group consisting of the hardware device, another hardware device related to the hardware device, and a person related to the hardware device.
-
公开(公告)号:US20170016354A1
公开(公告)日:2017-01-19
申请号:US15211191
申请日:2016-07-15
发明人: Kai Zhang , Haifeng Chen , Kenji Yoshihira , Guofei Jiang
CPC分类号: F01K13/02 , F01K13/003 , G05B13/048
摘要: Systems and methods are provided for optimizing system output in production systems, comprising. The method includes separating, by a processor, one or more initial input variables into a plurality of output variables, the output variables including environmental variables and system response variables. The method also includes building, using the processor, a nonparametric estimation that determines a relationship between one or more initial control variables and the system response variables, and estimating a global input-output mapping function, using the determined relationship, and a range of the environmental variables. The method further includes generating one or more optimal control variables from the initial control variables by maximizing the input-output mapping function and the range of the environmental variables. The method additionally includes incorporating one or more of the optimal control variables into a production system to increase production output of the production system.
摘要翻译: 提供了用于优化生产系统中的系统输出的系统和方法,包括。 该方法包括将处理器将一个或多个初始输入变量分离成多个输出变量,输出变量包括环境变量和系统响应变量。 该方法还包括使用处理器构建非参数估计,其确定一个或多个初始控制变量与系统响应变量之间的关系,以及使用所确定的关系估计全局输入 - 输出映射函数,以及范围的 环境变量。 该方法还包括通过最大化输入 - 输出映射函数和环境变量的范围从初始控制变量产生一个或多个最优控制变量。 该方法还包括将一个或多个最佳控制变量并入到生产系统中以增加生产系统的生产输出。
-
6.发明授权公开(公告)号:US09026855B2
公开(公告)日:2015-05-05
申请号:US13950523
申请日:2013-07-25
发明人: Abhishek Sharma , Haifeng Chen , Min Ding , Kenji Yoshihira , Guofei Jiang
CPC分类号: G06F11/0751 , G06F11/0709 , G06F11/079 , H04L41/064 , H04L41/0677 , H04L43/0817
摘要: A computer implemented method for temporal ranking in invariant networks includes considering an invariant network and a set of broken invariants in the invariant network, assuming, for each time point inside a window W, that each metric with broken invariants is affected by a fault at that time point, computing an expected pattern for each invariant of a metric with assumed fault, said pattern indicative of time points at which an invariant will be broken given that its associated metric was affected by a fault at time t, comparing the expected pattern with the pattern observed over the time window W; and determining a temporal score based on a match from the prior comparing.
摘要翻译: 用于不变网络中的时间排序的计算机实现方法包括考虑不变网络中的不变网络和一组破坏的不变量,假设对于窗口W内的每个时间点,具有破坏不变量的每个度量受到该故障的影响 时间点,计算具有假定故障的度量的每个不变量的预期模式,所述模式指示在时间t处其相关联度量受到故障影响时不变量将被破坏的时间点,将预期模式与 在时间窗口W上观察到的图案; 以及基于来自所述先前比较的匹配来确定时间分数。
-
7.发明申请Blackbox Memory Monitoring with a Calling Context Memory Map and Semantic Extraction 有权Blackbox内存监控与调用上下文存储器映射和语义提取公开(公告)号:US20140068351A1
公开(公告)日:2014-03-06
申请号:US14012000
申请日:2013-08-28
发明人: Junghwan Rhee , Hui Zhang , Nipun Arora , Guofei Jiang , Kenji Yoshihira
IPC分类号: G06F11/30
CPC分类号: G06F11/3034 , G06F11/073 , G06F11/079 , G06F11/30 , G06F11/3037 , G06F11/3051 , G06F11/3476 , G06F11/3604 , G06F11/3636 , G06F2201/865
摘要: A computer implemented method provides efficient monitoring and analysis of a program's memory objects in the operation stage. The invention can visualize and analyze a monitored program's data status with improved semantic information without requiring source code at runtime. The invention can provide higher quality of system management, performance debugging, and root-cause error analysis of enterprise software in the production stage.
摘要翻译: 计算机实现的方法在操作阶段提供对程序的存储器对象的有效监视和分析。 本发明可以使用改进的语义信息可视化和分析被监视程序的数据状态,而不需要运行时的源代码。 本发明可以在生产阶段提供更高质量的系统管理,性能调试和企业软件的根本原因误差分析。
-
公开(公告)号:US10929722B2
公开(公告)日:2021-02-23
申请号:US15981087
申请日:2018-05-16
发明人: Wei Cheng , Haifeng Chen , Kenji Yoshihira
IPC分类号: G06K9/62 , G06K9/00 , G06F16/901
摘要: A computer-implemented method, system, and computer program product are provided for anomaly detection system in streaming networks. The method includes receiving, by a processor, a plurality of vertices and edges from a streaming graph. The method also includes generating, by the processor, graph codes for the plurality of vertices and edges. The method additionally includes determining, by the processor, edge codes in real-time responsive to the graph codes. The method further includes identifying, by the processor, an anomaly based on a distance between edge codes and all current cluster centers. The method also includes controlling an operation of a processor-based machine to change a state of the processor-based machine, responsive to the anomaly.
-
公开(公告)号:US10476749B2
公开(公告)日:2019-11-12
申请号:US15477603
申请日:2017-04-03
发明人: Kenji Yoshihira , Zhichun Li , Zhengzhang Chen , Haifeng Chen , Guofei Jiang , LuAn Tang
摘要: Methods and systems for reporting anomalous events include intra-host clustering a set of alerts based on a process graph that models states of process-level events in a network. Hidden relationship clustering is performed on the intra-host clustered alerts based on hidden relationships between alerts in respective clusters. Inter-host clustering is performed on the hidden relationship clustered alerts based on a topology graph that models source and destination relationships between connection events in the network. Inter-host clustered alerts that exceed a threshold level of trustworthiness are reported.
-
公开(公告)号:US10161269B2
公开(公告)日:2018-12-25
申请号:US15211191
申请日:2016-07-15
发明人: Kai Zhang , Haifeng Chen , Kenji Yoshihira , Guofei Jiang
摘要: Systems and methods are provided for optimizing system output in production systems, comprising. The method includes separating, by a processor, one or more initial input variables into a plurality of output variables, the output variables including environmental variables and system response variables. The method also includes building, using the processor, a nonparametric estimation that determines a relationship between one or more initial control variables and the system response variables, and estimating a global input-output mapping function, using the determined relationship, and a range of the environmental variables. The method further includes generating one or more optimal control variables from the initial control variables by maximizing the input-output mapping function and the range of the environmental variables. The method additionally includes incorporating one or more of the optimal control variables into a production system to increase production output of the production system.
-
-
-
-
-
-
-
-
-
搜索结果
47 条记录 (耗时 0.023 秒)
