公开(公告)号：US10511615B2

公开(公告)日：2019-12-17

申请号：US15587588

申请日：2017-05-05

Applicant: Microsoft Technology Licensing, LLC

Inventor： Royi Ronen ,  Hani Hana Neuvirth ,  Tomer Koren ,  Omer Karin

IPC: H04L29/06 ,  H04L12/26 ,  G06N20/00 ,  H04L29/08

Abstract: A system for detecting a non-targeted attack by a first machine on a second machine is provided. The system includes an application that includes instructions configured to: extract network data corresponding to traffic flow between the first and second machines, where the second machine is implemented in a cloud-based network; identify a first suspect external IP address based on the network data; calculate features for the first suspect external IP address, where the features include exploration type features and exploitation type features; train a classifier based on predetermined examples and the features to generate and update a model; classify the first suspect external IP address based on the model and at least some of the features; and perform a countermeasure if a classification provided from classifying the first suspect external IP address indicates that the first suspect external IP address is associated with a malicious attack on the second machine.

公开(公告)号：US20180084001A1

公开(公告)日：2018-03-22

申请号：US15273604

申请日：2016-09-22

Applicant: Microsoft Technology Licensing, LLC.

Inventor： Efim Hudis ,  Michal Braverman-Blumenstyk ,  Daniel Alon ,  Hani Hana Neuvirth ,  Royi Ronen ,  Yuri Gurevich

IPC: H04L29/06 ,  G06F17/30

CPC classification number: H04L63/1433 ,  G06F16/9024 ,  G06F21/577 ,  H04L63/14 ,  H04L63/1408

Abstract: Systems and methods for analyzing security alerts within an enterprise are provided. An enterprise graph is generated based on information such as operational intelligence regarding the enterprise. The enterprise graph identifies relationships between entities of the enterprise and a plurality of security alerts are produced by a plurality of security components of the enterprise. One or more significant relationships are identified between two or more of the plurality of security alerts based on a strength of a relationship identified in the enterprise graph. A significant relationship is utilized to identify a potential security incident between two or more of the security alerts.

公开(公告)号：US20170207980A1

公开(公告)日：2017-07-20

申请号：US15156182

申请日：2016-05-16

Applicant: Microsoft Technology Licensing, LLC

Inventor： Efim Hudis ,  Hani-Hana Neuvirth ,  Daniel Alon ,  Royi Ronen ,  Yair Tor ,  Gilad Michael Elyashar

IPC: H04L12/24 ,  H04L29/08

CPC classification number: H04L41/145 ,  G06F8/60 ,  G06Q30/0631 ,  H04L41/0803 ,  H04L67/34

Abstract: A recommendation system for recommending a target feature value for a target feature for a target deployment is provided. The recommendation system, for each of a plurality of deployments, collects feature values for the features of that deployment. The recommendation system then generates a model for recommending a target feature value for the target feature based on the collected feature values of the features for the deployments. The recommendation system applies the model to the features of the target deployment to identify a target feature value for the target feature. The recommendation system then provides the identified target feature value as a recommendation for the target feature for the target deployment.

公开(公告)号：US20170091332A1

公开(公告)日：2017-03-30

申请号：US14865087

申请日：2015-09-25

Applicant: Microsoft Technology Licensing, LLC

Inventor： Neta Haiby-Weiss ,  Amir Pinchas ,  Hanan Lavy ,  Yitzhak Tzahi Weisfeld ,  Yair Snir ,  Royi Ronen

IPC: G06F17/30 ,  H04L29/08 ,  H04L29/06

CPC classification number: G06F17/30867 ,  G06F17/30958 ,  G06Q50/00 ,  G06Q50/01

Abstract: Data from social networking applications and other applications that can be used to communicate are combined for a user to generate a graph of the various relationships that the user has with other users in the social networking applications and other applications. In addition, the behaviors of each user with respect to communicating through the various social networking applications and other applications are monitored to generate task data that describes user preferences for communicating using each social networking application or other application for different tasks. At a later time, when a user is looking to connect with another user for an indicated task such as networking, the graph can be used to recommend paths to other users in the various social networking applications and other applications, and the generated task data can be used to rank the recommended paths based on the indicated task.

公开(公告)号：US11533240B2

公开(公告)日：2022-12-20

申请号：US15156182

申请日：2016-05-16

Applicant: Microsoft Technology Licensing, LLC

Inventor： Efim Hudis ,  Hani-Hana Neuvirth ,  Daniel Alon ,  Royi Ronen ,  Yair Tor ,  Gilad Michael Elyashar

IPC: H04L41/14 ,  G06Q30/06 ,  G06F8/60 ,  H04L41/0803 ,  H04L67/00

Abstract: A recommendation system for recommending a target feature value for a target feature for a target deployment is provided. The recommendation system, for each of a plurality of deployments, collects feature values for the features of that deployment. The recommendation system then generates a model for recommending a target feature value for the target feature based on the collected feature values of the features for the deployments. The recommendation system applies the model to the features of the target deployment to identify a target feature value for the target feature. The recommendation system then provides the identified target feature value as a recommendation for the target feature for the target deployment.

公开(公告)号：US11501546B2

公开(公告)日：2022-11-15

申请号：US16940209

申请日：2020-07-27

Applicant: Microsoft Technology Licensing, LLC

Inventor： Royi Ronen ,  Ika Bar-Menachem ,  Ohad Jassin ,  Avner Levi ,  Olivier Nano ,  Oron Nir ,  Mor Geva Pipek ,  Ori Ziv

IPC: G06K9/00 ,  G06V30/148 ,  G06V20/40 ,  G06V20/62 ,  G06V10/75 ,  G06V30/10

Abstract: In various embodiments, methods and systems for implementing a media management system, for video data processing and adaptation data generation, are provided. At a high level, a video data processing engine relies on different types of video data properties and additional auxiliary data resources to perform video optical character recognition operations for recognizing characters in video data. In operation, video data is accessed to identify recognized characters. A video OCR operation to perform on the video data for character recognition is determined from video character processing and video auxiliary data processing. Video auxiliary data processing includes processing an auxiliary reference object; the auxiliary reference object is an indirect reference object that is a derived input element used as a factor in determining the recognized characters. The video data is processed based on the video OCR operation and based on processing the video data, at least one recognized character is communicated.

公开(公告)号：US20200342860A1

公开(公告)日：2020-10-29

申请号：US16397745

申请日：2019-04-29

Applicant: Microsoft Technology Licensing, LLC

Inventor： Yun-Cheng Ju ,  Ashwarya Poddar ,  Royi Ronen ,  Oron Nir ,  Ami Turgman ,  Andreas Stolcke ,  Edan Hauon

IPC: G10L15/22 ,  G10L15/26 ,  G10L21/028

Abstract: Methods for speaker role determination and scrubbing identifying information are performed by systems and devices. In speaker role determination, data from an audio or text file is divided into respective portions related to speaking parties. Characteristics classifying the portions of the data for speaking party roles are identified in the portions to generate data sets from the portions corresponding to the speaking party roles and to assign speaking party roles for the data sets. For scrubbing identifying information in data, audio data for speaking parties is processed using speech recognition to generate a text-based representation. Text associated with identifying information is determined based on a set of key words/phrases, and a portion of the text-based representation that includes a part of the text is identified. A segment of audio data that corresponds to the identified portion is replaced with different audio data, and the portion is replaced with different text.

公开(公告)号：US20200342138A1

公开(公告)日：2020-10-29

申请号：US16397738

申请日：2019-04-29

Applicant: Microsoft Technology Licensing, LLC

Inventor： Yun-Cheng Ju ,  Ashwarya Poddar ,  Royi Ronen ,  Oron Nir ,  Ami Turgman ,  Andreas Stolcke ,  Edan Hauon

IPC: G06F21/62 ,  G10L15/26 ,  G06F17/27 ,  G10L17/00

Abstract: Methods for speaker role determination and scrubbing identifying information are performed by systems and devices. In speaker role determination, data from an audio or text file is divided into respective portions related to speaking parties. Characteristics classifying the portions of the data for speaking party roles are identified in the portions to generate data sets from the portions corresponding to the speaking party roles and to assign speaking party roles for the data sets. For scrubbing identifying information in data, audio data for speaking parties is processed using speech recognition to generate a text-based representation. Text associated with identifying information is determined based on a set of key words/phrases, and a portion of the text-based representation that includes a part of the text is identified. A segment of audio data that corresponds to the identified portion is replaced with different audio data, and the portion is replaced with different text.

公开(公告)号：US10692012B2

公开(公告)日：2020-06-23

申请号：US15168059

申请日：2016-05-29

Applicant: Microsoft Technology Licensing, LLC

Inventor： Royi Ronen ,  Peiheng Hu ,  Lars Mohr

IPC: G06N20/00 ,  G06F21/50 ,  G06N5/04 ,  H04L29/06

Abstract: A computerized method of classifying network accessible storage transactions at network accessible storage. The method comprises obtaining an client predictive security model for anomaly or malfunctioning detection, the client predictive security model is dynamically created by an analysis of a plurality of client transactions made to access target data stored in an client computing device, monitoring a plurality of network accessible storage transactions made to access a replica of the target data when the replica is stored in an network accessible storage, and classifying at least some of the plurality of network accessible storage transactions based on the client predictive security model.

公开(公告)号：US10404738B2

公开(公告)日：2019-09-03

申请号：US15444110

申请日：2017-02-27

Applicant: Microsoft Technology Licensing, LLC

Inventor： Mathias Scherman ,  Tomer Teller ,  Hanan Shteingart ,  Royi Ronen

IPC: H04L29/06 ,  G06N20/00 ,  H04L29/12

Abstract: One embodiment illustrated herein includes a computer implemented method. The method includes acts for training an amplification attack detection system. The method includes obtaining a plurality of samples of IPFIX data. The method further includes using the IPFIX data to create a plurality of time-based, server samples on a per server basis such that each sample corresponds to a server and a period of time over which IPFIX data in the sample corresponds. The method further includes identifying a plurality of the server samples that are labeled positive for amplification attacks. The method further includes identifying a plurality of server samples that are labeled negative for amplification attacks. The method further includes automatically labeling at least some of the remaining server samples as positive or negative based on the previously identified labeled samples. The method further includes using the automatically labeled samples to train an amplification attack detection system.