Patents by Inventor Kenji Yoshihira

Kenji Yoshihira has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10367838
    Abstract: Methods and systems for detecting anomalous network activity include determining whether a network event exists within an existing topology graph and port graph. A connection probability for the network event is determined if the network does not exist within the existing topology graph and port graph. The network event is identified as abnormal if the connection probability is below a threshold.
    Type: Grant
    Filed: February 6, 2017
    Date of Patent: July 30, 2019
    Assignee: NEC CORPORATION
    Inventors: Zhengzhang Chen, LuAn Tang, Guofei Jiang, Kenji Yoshihira, Haifeng Chen
  • Patent number: 10333815
    Abstract: A computer-implemented method for real-time detecting of abnormal network connections is presented. The computer-implemented method includes collecting network connection events from at least one agent connected to a network, recording, via a topology graph, normal states of network connections among hosts in the network, and recording, via a port graph, relationships established between host and destination ports of all network connections.
    Type: Grant
    Filed: January 24, 2017
    Date of Patent: June 25, 2019
    Assignee: NEC Corporation
    Inventors: LuAn Tang, Zhengzhang Chen, Haifeng Chen, Kenji Yoshihira, Guofei Jiang
  • Patent number: 10298607
    Abstract: Methods and systems for detecting anomalous events include detecting anomalous events in monitored system data. An event correlation graph is generated by determining a tendency for a first process to access a system target, including an innate tendency of the first process to access the system target, an influence of previous events from the first process, and an influence of processes other than the first process. Kill chains are generated from the event correlation graph that characterize events in an attack path over time. A security management action is performed based on the kill chains.
    Type: Grant
    Filed: October 5, 2017
    Date of Patent: May 21, 2019
    Assignee: NEC Corporation
    Inventors: LuAn Tang, Hengtong Zhang, Zhengzhang Chen, Bo Zong, Zhichun Li, Guofei Jiang, Kenji Yoshihira
  • Patent number: 10296844
    Abstract: A method and system are provided. The method includes performing, by a logs-to-time-series converter, a logs-to-time-series conversion by transforming a plurality of heterogeneous logs into a set of time series. Each of the heterogeneous logs includes a time stamp and text portion with one or more fields. The method further includes performing, by a time-series-to-sequential-pattern converter, a time-series-to-sequential-pattern conversion by mining invariant relationships between the set of time series, and discovering sequential message patterns and association rules in the plurality of heterogeneous logs using the invariant relationships. The method also includes executing, by a processor, a set of log management applications, based on the sequential message patterns and the association rules.
    Type: Grant
    Filed: September 4, 2015
    Date of Patent: May 21, 2019
    Assignee: NEC Corporation
    Inventors: Hui Zhang, Jianwu Xu, Guofei Jiang, Kenji Yoshihira, Pallavi Joshi
  • Patent number: 10289478
    Abstract: Methods are provided for both single modal and multimodal fault diagnosis. In a method, a fault fingerprint is constructed based on a fault event using an invariant model. A similarity matrix between the fault fingerprint and one or more historical representative fingerprints are derived using dynamic time warping and at least one convolution. A feature vector in a feature subspace for the fault fingerprint is generated. The feature vector includes at least one status of at least one system component during the fault event. A corrective action correlated to the fault fingerprint is determined. The corrective action is initiated on a hardware device to mitigate expected harm to at least one item selected from the group consisting of the hardware device, another hardware device related to the hardware device, and a person related to the hardware device.
    Type: Grant
    Filed: April 18, 2017
    Date of Patent: May 14, 2019
    Assignee: NEC Corporation
    Inventors: Wei Cheng, Kenji Yoshihira, Haifeng Chen, Guofei Jiang
  • Patent number: 10289841
    Abstract: Methods and systems for detecting anomalous events include detecting anomalous events in monitored system data. An event correlation graph is generated based on the monitored system data that characterizes the tendency of processes to access system targets. Kill chains are generated that connect malicious events over a span of time from the event correlation graph that characterize events in an attack path over time by sorting events according to a maliciousness value and determining at least one sub-graph within the event correlation graph with an above-threshold maliciousness rank. A security management action is performed based on the kill chains.
    Type: Grant
    Filed: October 5, 2017
    Date of Patent: May 14, 2019
    Assignee: NEC Corporation
    Inventors: LuAn Tang, Hengtong Zhang, Zhengzhang Chen, Bo Zong, Zhichun Li, Guofei Jiang, Kenji Yoshihira
  • Publication number: 20190130212
    Abstract: Methods and systems for embedding a network in a latent space include generating a representation of an input network graph in the latent space using an autoencoder model and generating a representation of a set of noise samples in the latent space using a generator model. A discriminator model discriminates between the representation of the input network graph and the representation of the set of noise samples. The autoencoder model, the generator model, and the discriminator model are jointly trained by minimizing a joint loss function that includes parameters for each model. A final representation of the input network graph is generated using the trained autoencoder model.
    Type: Application
    Filed: October 24, 2018
    Publication date: May 2, 2019
    Inventors: Wei Cheng, Haifeng Chen, Kenji Yoshihira, Wenchao Yu
  • Patent number: 10161269
    Abstract: Systems and methods are provided for optimizing system output in production systems, comprising. The method includes separating, by a processor, one or more initial input variables into a plurality of output variables, the output variables including environmental variables and system response variables. The method also includes building, using the processor, a nonparametric estimation that determines a relationship between one or more initial control variables and the system response variables, and estimating a global input-output mapping function, using the determined relationship, and a range of the environmental variables. The method further includes generating one or more optimal control variables from the initial control variables by maximizing the input-output mapping function and the range of the environmental variables. The method additionally includes incorporating one or more of the optimal control variables into a production system to increase production output of the production system.
    Type: Grant
    Filed: July 15, 2016
    Date of Patent: December 25, 2018
    Assignee: NEC Corporation
    Inventors: Kai Zhang, Haifeng Chen, Kenji Yoshihira, Guofei Jiang
  • Publication number: 20180336437
    Abstract: A computer-implemented method, system, and computer program product are provided for a streaming graph display system with anomaly detection. The method includes receiving, by a processor, data or signals for creating a streaming graph. The method also includes creating, by the processor, a streaming graph from a plurality of vertices and edges in the data or the signals. The method additionally includes identifying, by the processor, an anomaly in the streaming graph based on a distance between edge codes and all current cluster centers determined by the plurality of vertices and edges. The method further includes controlling, by the processor, an operation of a processor-based machine to change a state of the processor-based machine, responsive to the anomaly. The method also includes displaying the streaming graph with the anomaly to a user.
    Type: Application
    Filed: May 16, 2018
    Publication date: November 22, 2018
    Inventors: Wei Cheng, Haifeng Chen, Kenji Yoshihira
  • Publication number: 20180336436
    Abstract: A computer-implemented method, system, and computer program product are provided for anomaly detection system in streaming networks. The method includes receiving, by a processor, a plurality of vertices and edges from a streaming graph. The method also includes generating, by the processor, graph codes for the plurality of vertices and edges. The method additionally includes determining, by the processor, edge codes in real-time responsive to the graph codes. The method further includes identifying, by the processor, an anomaly based on a distance between edge codes and all current cluster centers. The method also includes controlling an operation of a processor-based machine to change a state of the processor-based machine, responsive to the anomaly.
    Type: Application
    Filed: May 16, 2018
    Publication date: November 22, 2018
    Inventors: Wei Cheng, Haifeng Chen, Kenji Yoshihira
  • Patent number: 10114148
    Abstract: A method and system are provided for heterogeneous log analysis. The method includes performing hierarchical log clustering on heterogeneous logs to generate a log cluster hierarchy for the heterogeneous logs. The method further includes performing, by a log pattern recognizer device having a processor, log pattern recognition on the log cluster hierarchy to generate log pattern representations. The method also includes performing log field analysis on the log pattern representations to generate log field statistics. The method additionally includes performing log indexing on the log pattern representations to generate log indexes.
    Type: Grant
    Filed: October 1, 2014
    Date of Patent: October 30, 2018
    Assignee: NEC Corporation
    Inventors: Xia Ning, Guofei Jiang, Haifeng Chen, Kenji Yoshihira
  • Publication number: 20180299877
    Abstract: A method, computer program product, and a system is provided for power plant system fault diagnosis. The method includes detecting, using an invariant model, a fault event based on a broken pair-wise correlation. The method also includes constructing a fault signature based on the fault event. The method further includes generating a feature vector in a feature subspace for the fault signature, wherein said feature vector includes at least one status of at least one system component during the fault event. The method additionally includes determining a corrective action correlated to the fault signature, from among a plurality of candidate corrective actions associated with the one or more historical representative signature, based on a Jaccard similarity using the feature vector in the feature subspace. The method also includes initiating the corrective action on a hardware device to mitigate expected harm.
    Type: Application
    Filed: January 26, 2018
    Publication date: October 18, 2018
    Inventors: Wei Cheng, Haifeng Chen, Kenji Yoshihira
  • Publication number: 20180048667
    Abstract: Methods and systems for detecting anomalous events include detecting anomalous events in monitored system data. An event correlation graph is generated by determining a tendency for a first process to access a system target, including an innate tendency of the first process to access the system target, an influence of previous events from the first process, and an influence of processes other than the first process. Kill chains are generated from the event correlation graph that characterize events in an attack path over time. A security management action is performed based on the kill chains.
    Type: Application
    Filed: October 5, 2017
    Publication date: February 15, 2018
    Inventors: LuAn Tang, Hengtong Zhang, Zhengzhang Chen, Bo Zong, Zhichun Li, Guofei Jiang, Kenji Yoshihira
  • Publication number: 20180032724
    Abstract: Methods and systems for detecting anomalous events include detecting anomalous events in monitored system data. An event correlation graph is generated based on the monitored system data that characterizes the tendency of processes to access system targets. Kill chains are generated that connect malicious events over a span of time from the event correlation graph that characterize events in an attack path over time by sorting events according to a maliciousness value and determining at least one sub-graph within the event correlation graph with an above-threshold maliciousness rank. A security management action is performed based on the kill chains.
    Type: Application
    Filed: October 5, 2017
    Publication date: February 1, 2018
    Inventors: LuAn Tang, Hengtong Zhang, Zhengzhang Chen, Bo Zong, Zhichun Li, Guofei Jiang, Kenji Yoshihira
  • Publication number: 20170314961
    Abstract: Systems and methods for anomaly detection in complex physical systems, including extracting features representative of a temporal evolution of the complex physical system, and analyzing the extracted features by deriving vector trajectories using sliding window segmentation of time series, applying a linear test to determine whether the vector trajectories are linear, and performing subspace decomposition on the vector trajectory based on the linear test. A system evolution model is generated from an ensemble of models, and a fitness score is determined by analyzing different data properties of the system based on specific data dependency relationships. An alarm is generated if the fitness score exceeds a predetermined number of threshold violations for the different data properties.
    Type: Application
    Filed: July 18, 2017
    Publication date: November 2, 2017
    Inventors: Haifeng Chen, Kenji Yoshihira, Guofei Jiang
  • Publication number: 20170308427
    Abstract: Methods are provided for both single modal and multimodal fault diagnosis. In a method, a fault fingerprint is constructed based on a fault event using an invariant model. A similarity matrix between the fault fingerprint and one or more historical representative fingerprints are derived using dynamic time warping and at least one convolution. A feature vector in a feature subspace for the fault fingerprint is generated. The feature vector includes at least one status of at least one system component during the fault event. A corrective action correlated to the fault fingerprint is determined. The corrective action is initiated on a hardware device to mitigate expected harm to at least one item selected from the group consisting of the hardware device, another hardware device related to the hardware device, and a person related to the hardware device.
    Type: Application
    Filed: April 18, 2017
    Publication date: October 26, 2017
    Inventors: Wei Cheng, Kenji Yoshihira, Haifeng Chen, Guofei Jiang
  • Publication number: 20170288974
    Abstract: Methods and systems for reporting anomalous events include intra-host clustering a set of alerts based on a process graph that models states of process-level events in a network. Hidden relationship clustering is performed on the intra-host clustered alerts based on hidden relationships between alerts in respective clusters. Inter-host clustering is performed on the hidden relationship clustered alerts based on a topology graph that models source and destination relationships between connection events in the network. Inter-host clustered alerts that exceed a threshold level of trustworthiness are reported.
    Type: Application
    Filed: April 3, 2017
    Publication date: October 5, 2017
    Inventors: Kenji Yoshihira, Zhichun Li, Zhengzhang Chen, Haifeng Chen, Guofei Jiang, LuAn Tang
  • Publication number: 20170288979
    Abstract: Methods and systems for reporting anomalous events include building a process graph that models states of process-level events in a network. A topology graph is built that models source and destination relationships between connection events in the network. A set of alerts is clustered based on the process graph and the topology graph. Clustered alerts that exceed a threshold level of trustworthiness are reported.
    Type: Application
    Filed: April 3, 2017
    Publication date: October 5, 2017
    Inventors: Kenji Yoshihira, Zhichun Li, Zhengzhang Chen, Haifeng Chen, Guofei Jiang, LuAn Tang
  • Publication number: 20170272344
    Abstract: A computer-implemented method for real-time detecting of abnormal network connections is presented. The computer-implemented method includes collecting network connection events from at least one agent connected to a network, recording, via a topology graph, normal states of network connections among hosts in the network, and recording, via a port graph, relationships established between host and destination ports of all network connections.
    Type: Application
    Filed: January 24, 2017
    Publication date: September 21, 2017
    Inventors: LuAn Tang, Zhengzhang Chen, Haifeng Chen, Kenji Yoshihira, Guofei Jiang
  • Publication number: 20170149814
    Abstract: Methods and systems for detecting anomalous network activity include determining whether a network event exists within an existing topology graph and port graph. A connection probability for the network event is determined if the network does not exist within the existing topology graph and port graph. The network event is identified as abnormal if the connection probability is below a threshold.
    Type: Application
    Filed: February 6, 2017
    Publication date: May 25, 2017
    Inventors: Zhengzhang Chen, LuAn Tang, Guofei Jiang, Kenji Yoshihira, Haifeng Chen