Abstract: A computer-implemented method for ordinal prediction is provided. The method includes encoding time series data with a temporal encoder to obtain latent space representations. The method includes optimizing the temporal encoder using semi-supervised learning to distinguish different classes in the labeled space using labeled data, and augment the latent space representations using unlabeled training data, to obtain semi-supervised representations. The method further includes discarding a linear layer after the temporal encoder and fixing the temporal encoder. The method also includes training k?1 binary classifiers on top of the semi-supervised representations to obtain k?1 binary predictions. The method additionally includes identifying and correcting inconsistent ones of the k?1 binary predictions by matching the inconsistent ones to consistent ones of the k?1 binary predictions. The method further includes aggregating the k?1 binary predictions to obtain an ordinal prediction.

Abstract: Methods and systems for anomaly detection include determining whether a system is in a stable state or a dynamic state based on input data from one or more sensors in the system, using reconstruction errors from a respective stable model and dynamic model. It is determined that the input data represents anomalous operation of the system, responsive to a determination that the system is in a stable state, using the reconstruction errors. A corrective operation is performed on the system responsive to a determination that the input data represents anomalous operation of the system.

Abstract: Systems and methods for defect detection for vehicle operations, including collecting a multiple modality input data stream from a plurality of different types of vehicle sensors, extracting one or more features from the input data stream using a grid-based feature extractor, and retrieving spatial attributes of objects positioned in any of a plurality of cells of the grid-based feature extractor. One or more anomalies are detected based on residual scores generated by each of cross attention-based anomaly detection and time-series-based anomaly detection. One or more defects are identified based on a generated overall defect score determined by integrating the residual scores for the cross attention-based anomaly detection and the time-series based anomaly detection being above a predetermined defect score threshold. Operation of the vehicle is controlled based on the one or more defects identified.

Abstract: A method for employing a unified semi-supervised deep learning (DL) framework for turbulence forecasting is presented. The method includes extracting historical and forecasted weather features of a spatial region, calculating turbulence indexes to fill feature cubes, each feature cube representing a grid-based 3D region, and building an encoder-decoder framework based on convolutional long short-term memory (ConvLSTM) to model spatio-temporal correlations or patterns causing turbulence. The method further includes employing a dual label guessing component to dynamically integrate complementary signals from a turbulence forecasting network and a turbulence detection network to generate pseudo-labels, reweighing the generated pseudo-labels by a heuristic label quality detector based on KL-Divergence, applying a hybrid loss function to predict turbulence conditions, and generating a turbulence dataset including the predicted turbulence conditions.

Abstract: A computer-implemented method for multi-model representation learning is provided. The method includes encoding, by a trained time series (TS) encoder, an input TS segment into a TS-shared latent representation and a TS-private latent representation. The method further includes generating, by a trained text generator, a natural language text that explains the input TS segment, responsive to the TS-shared latent representation, the TS-private latent representation, and a text-private latent representation.

Abstract: Systems and methods for data fusion and analysis of vehicle sensor data, including receiving a multiple modality input data stream from a plurality of different types of vehicle sensors, determining latent features by extracting modality-specific features from the input data stream, and aligning a distribution of the latent features of different modalities by feature-level data fusion. Classification probabilities can be determined for the latent features using a fused modality scene classifier. A tree-organized neural network can be trained to determine path probabilities and issue driving pattern judgments, with the tree-organized neural network including a soft tree model and a hard decision leaf. One or more driving pattern judgments can be issued based on a probability of possible driving patterns derived from the modality-specific features.

Abstract: Systems and methods for predicting road conditions and traffic volume is provided. The method includes generating a graph of one or more road regions including a plurality of road intersections and a plurality of road segments, wherein the road intersections are represented as nodes and the road segments are represented as edges. The method can also include embedding the nodes from the graph into a node space, translating the edges of the graph into nodes of a line graph, and embedding the nodes of the line graph into the node space. The method can also include aligning the nodes from the line graph with the nodes from the graph, and optimizing the alignment, outputting a set of node and edge representations that predicts the traffic flow for each of the road segments and road intersections based on the optimized alignment of the nodes.

Abstract: Methods and systems for detecting and responding to an intrusion in a computer network include generating an adversarial training data set that includes original samples and adversarial samples, by perturbing one or more of the original samples with an integrated gradient attack to generate the adversarial samples. The original and adversarial samples are encoded to generate respective original and adversarial graph representations, based on node neighborhood aggregation. A graph-based neural network is trained to detect anomalous activity in a computer network, using the adversarial training data set. A security action is performed responsive to the detected anomalous activity.

Abstract: A computer-implemented method for ordinal classification of input data is provided. The method includes learning, by an encoder neural network, compact neural representations of the input data. The method further includes freezing the encoder neural network for downstream tasks. The method also includes training, by a hardware processor, K?1 ordinal classifiers on top of the compact neural representations to obtained trained K?1 ordinal classifiers. The method additionally includes generating, by the hardware processor, a predicted ordinal label by aggregating the trained K?1 ordinal classifiers.

Abstract: A method is provided for training a hierarchical graph neural network. The method includes using a time series generated by each of a plurality of nodes to train a graph neural network to generate a causal graph, and identifying interdependent causal networks that depict hierarchical causal links from low-level nodes to high-level nodes to the system key performance indicator (KPI). The method further includes simulating causal relations between entities by aggregating embeddings from neighbors in each layer, and generating output embeddings for entity metrics prediction and between-level aggregation.

Abstract: A computer-implemented method for graph structure based anomaly detection on a dynamic graph is provided. The method includes detecting anomalous edges in the dynamic graph by learning graph structure changes in the dynamic graph with respect to target edges to be evaluated in a given time window repeatedly applied to the dynamic graph. The target edges correspond to particular different timestamps. The method further includes predicting a category of each of the target edges as being one of anomalous and non-anomalous based on the graph structure changes. The method also includes controlling a hardware based device to avoid an impending failure responsive to the category of at least one of the target edges.

Abstract: Methods and systems for detecting and responding to an anomaly include determining a first system-level performance prediction using system-level statistics. A second system-level performance prediction is determined using system-level statistics and service-level statistics. The first prediction to the second prediction are compared to identify a discrepancy. It is determined that a service corresponding to the service-level statistics is a cause of a detected failure in a distributed computing system. An action directed to the service is performed responsive to the detected failure.

Abstract: A method for detecting malicious program behavior includes performing program verification based on system activity data, analyzing unverified program data identified from the program verification to detect abnormal events, including analyzing host-level events to detect abnormal host-level events by learning a program representation as a graph embedding through an attentional architecture based on an invariant graph between different system entities, generating detection results based on the analysis, and performing at least one corrective action based on the detection results.

Abstract: A method for employing a deep unsupervised generative approach for disentangled factor learning is presented. The method includes decomposing, via an individual factor disentanglement component, latent variables into independent factors having different semantic meaning, enriching, via a group segment disentanglement component, group-level semantic meaning of sequential data by grouping the sequential data into a batch of segments, and generating hierarchical semantic concepts as interpretable and disentangled representations of time series data.

Abstract: A method for vehicle fault detection is provided. The method includes training, by a cloud module controlled by a processor device, an entity-shared modular and a shared modular connection controller. The entity-shared modular stores common knowledge for a transfer scope, and is formed from a set of sub-networks which are dynamically assembled for different target entities of a vehicle by the shared modular connection controller. The method further includes training, by an edge module controlled by another processor device, an entity-specific decoder and an entity-specific connection controller. The entity-specific decoder is for filtering entity-specific information from the common knowledge in the entity-shared modular by dynamically assembling the set of sub-networks in a manner decided by the entity specific connection controller.

Abstract: A method for system metric prediction and influential events identification by concurrently employing metric logs and event logs is presented. The method includes concurrently modeling multivariate metric series and individual events in event series by a multi-stream recurrent neural network (RNN) to improve prediction of future metrics, where the multi-stream RNN includes a series of RNNs, one RNN for each metric and one RNN for each event sequence and modeling causality relations between the multivariate metric series and the individual events in the event series by employing an attention mechanism to identify target events most responsible for fluctuations of one or more target metrics.

Abstract: A computer-implemented method for implementing protocol-independent anomaly detection within an industrial control system (ICS) includes implementing a detection stage, including performing byte filtering using a byte filtering model based on at least one new network packet associated with the ICS, performing horizontal detection to determine whether a horizontal constraint anomaly exists in the at least one network packet based on the byte filtering and a horizontal model, including analyzing constraints across different bytes of the at least one new network packet, performing message clustering based on the horizontal detection to generate first cluster information, and performing vertical detection to determine whether a vertical anomaly exists based on the first cluster information and a vertical model, including analyzing a temporal pattern of each byte of the at least one new network packet.

Abstract: A method for early warning is provided. The method clusters normal historical data of normal cars into groups based on the car subsystem to which they belong. The method extracts (i) features based on group membership and (ii) feature correlations based on correlation graphs formed from the groups. The method trains an Auto-Encoder and Auto Decoder (AE&AD) model based on the features and the feature correlations to reconstruct the normal historical data with minimum reconstruction errors. The method reconstructs, using the trained AE&AD model, historical data of specific car fault types with reconstruction errors, normalizes the reconstruction errors, and selects features of the car faults with a top k large errors as fault signatures. The method reconstructs streaming data of monitored cars using the trained AE&AD model to determine streaming reconstruction errors, comparing the streaming reconstruction errors with the fault signatures to predict and provide alerts for impending known faults.

Abstract: Methods and systems for security monitoring and response include assigning an anomaly score to each of a plurality of event paths that are stored in a first memory. Events that are cold, events that are older than a threshold, and events that are not part of a top-k anomalous path are identified. The identified events are evicted from the first memory to a second memory. A threat associated with events in the first memory is identified. A security action is performed responsive to the identified threat.

Abstract: A method for employing meta-learning based feature disentanglement to extract transferrable knowledge in an unsupervised setting is presented. The method includes identifying how to transfer prior knowledge data from a plurality of source domains to one or more target domains, extracting domain dependence features and domain agnostic features from the prior knowledge data, via a disentangle meta-controller, by discovering factors of variation within the prior knowledge data received from a data stream, and obtaining an evaluation for a downstream task, via a child network, to obtain an optimal child model and a feature disentangle strategy.