公开(公告)号：US20180063188A1

公开(公告)日：2018-03-01

申请号：US15253586

申请日：2016-08-31

Applicant: Microsoft Technology Licensing, LLC

Inventor： Omer Karin ,  Royi Ronen ,  Hani Neuvirth ,  Roey Vilnai

IPC: H04L29/06 ,  G06F17/30 ,  G06N99/00

CPC classification number: H04L63/1458 ,  G06F17/30598 ,  G06F17/30705 ,  G06N99/005 ,  H04L63/1425 ,  H04L63/1466 ,  H04L2463/144

Abstract: Use machine learning to train a classifier to classify entities to increase confidence with respect to an entity being part of a distributed denial of service attack. The method includes training a classifier to use a first classification method, to identify probabilities that entities from a set of entities are performing denial of service attacks. The method further includes identifying a subset of entities meeting a threshold probability of performing a denial of service attack. The method further includes using a second classification method, identifying similarity of entities in the subset of entities. The method further includes based on the similarity, classifying individual entities.

公开(公告)号：US12008500B2

公开(公告)日：2024-06-11

申请号：US17808454

申请日：2022-06-23

Applicant: Microsoft Technology Licensing, LLC

Inventor： Alexander Ostrikov ,  Royi Ronen ,  Ashwini Kumar Dalai ,  Pooja Bhalla ,  Atul Agarwal ,  Greeshma Singh

IPC: G06Q10/0631 ,  G06Q10/0633

CPC classification number: G06Q10/06316 ,  G06Q10/0633

Abstract: A next operation in a workflow corresponding to a subject matter is automatically generated. A subject matter data record is received, including one or more historical operations previously executed in the workflow and a workflow template including one or more dynamic workflow nodes. At least one next operation is programmatically generated from the one or more dynamic workflow nodes based on the one or more historical operations previously executed in the workflow, wherein the at least one next operation is parameterized based on content in the subject matter data record. The at least one programmatically generated next operation is output into the workflow for execution.

公开(公告)号：US11031003B2

公开(公告)日：2021-06-08

申请号：US15990405

申请日：2018-05-25

Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor： Abedelkader Asi ,  Liron Izhaki-Allerhand ,  Ran Mizrachi ,  Royi Ronen ,  Ohad Jassin

IPC: G10L15/22 ,  G10L15/06 ,  G10L15/16 ,  G10L15/18 ,  G06F40/44

Abstract: Technology is disclosed for providing dynamic identification and extraction or tagging of contextually-coherent text blocks from an electronic document. In an embodiment, an electronic document may be parsed into a plurality of content tokens that each corresponds to a portion of the electronic document, such as a sentence or a paragraph. Employing a sliding window approach, a number of token groups are independently analyzed, where each group of tokens has a different number of tokens included therein. Each token group is analyzed to determine confidence scores for various determinable contexts based on content included in the token set. The confidence scores can then be processed for each token group to determine an entropy score for the token group. In this way, one of the analyzed token groups can be selected as a representative text block that corresponds to one of the plurality of determinable contexts. A corresponding portion of the electronic document can be tagged with a corresponding context determined based on the analyzed content included therein, and provided for output.

公开(公告)号：US10902288B2

公开(公告)日：2021-01-26

申请号：US15977517

申请日：2018-05-11

Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC

Inventor： Oron Nir ,  Royi Ronen ,  Ohad Jassin ,  Milan M. Gada ,  Mor Geva Pipek

IPC: G06K9/62 ,  G06K9/00

Abstract: Aspects of the technology described herein improve an object recognition system by specifying a type of picture that would improve the accuracy of the object recognition system if used to retrain the object recognition system. The technology described herein can take the form of an improvement model that improves an object recognition model by suggesting the types of training images that would improve the object recognition model's performance. For example, the improvement model could suggest that a picture of a person smiling be used to retrain the object recognition system. Once trained, the improvement model can be used to estimate a performance score for an image recognition model given the set characteristics of a set of training of images. The improvement model can then select a feature of an image, which if added to the training set, would cause a meaningful increase in the recognition system's performance.

公开(公告)号：US10771492B2

公开(公告)日：2020-09-08

申请号：US15273604

申请日：2016-09-22

Applicant: Microsoft Technology Licensing, LLC.

Inventor： Efim Hudis ,  Michal Braverman-Blumenstyk ,  Daniel Alon ,  Hani Hana Neuvirth ,  Royi Ronen ,  Yuri Gurevich

IPC: H04L29/06 ,  G06F16/901 ,  G06F21/57

Abstract: Systems and methods for analyzing security alerts within an enterprise are provided. An enterprise graph is generated based on information such as operational intelligence regarding the enterprise. The enterprise graph identifies relationships between entities of the enterprise and a plurality of security alerts are produced by a plurality of security components of the enterprise. One or more significant relationships are identified between two or more of the plurality of security alerts based on a strength of a relationship identified in the enterprise graph. A significant relationship is utilized to identify a potential security incident between two or more of the security alerts.

公开(公告)号：US20190394240A1

公开(公告)日：2019-12-26

申请号：US16014892

申请日：2018-06-21

Applicant: Microsoft Technology Licensing, LLC

Inventor： Moshe Israel ,  Ben Kliger ,  Royi Ronen

IPC: H04L29/06

Abstract: Methods, systems, and media are shown for reducing the vulnerability of user accounts to attack that involve creating a rule for a user account that includes a permitted parameter corresponding to a user account activity property, monitoring the account activity of the user account. If it is determined that account activity property is inconsistent with the permitted parameter, then the user account is disabled. An example of a permitted parameter is a permitted time period, such as a start time, an end time, a recurrence definition, a days of the week definition, a start date, an end date, and a number of occurrences definition. Other examples are a physical parameter, such as a permitted geographic location, device, or network, or a permitted usage parameter, such as a permitted application, data access, or domain.

公开(公告)号：US10397256B2

公开(公告)日：2019-08-27

申请号：US15365008

申请日：2016-11-30

Applicant: Microsoft Technology Licensing, LLC

Inventor： Ori Kashi ,  Philip Newman ,  Daniel Alon ,  Elad Yom-Tov ,  Hani Neuvirth ,  Royi Ronen

IPC: H04L29/06 ,  G06N20/00 ,  G06N7/00 ,  H04L12/58 ,  H04L29/08

Abstract: In an example embodiment, a computer-implemented method comprises obtaining labels from messages associated with an email service provider, wherein the labels indicate for each message IP how many spam and non-spam messages have been received; obtaining network data features from a cloud service provider; providing the labels and network data features to a machine learning application; generating a prediction model representing an algorithm for determining whether a particular set of network data features are spam or not; applying the prediction model to network data features for an unlabeled message; and generating an output of the prediction model indicating a likelihood that the unlabeled message is spam.

公开(公告)号：US10320817B2

公开(公告)日：2019-06-11

申请号：US15352714

申请日：2016-11-16

Applicant: Microsoft Technology Licensing, LLC

Inventor： Hani Neuvirth-Telem ,  Elad Yom-Tov ,  Royi Ronen ,  Daniel Alon Hilevich

IPC: G06F21/50 ,  H04L29/06 ,  G06F16/951 ,  H04L29/08 ,  G06F21/57

Abstract: A system for detecting an attack by a virtual or physical machine on one or more auto-generated websites is provided. The system includes a processor, a memory, and an application. The application is stored in the memory and includes instructions, which are executable by the processor. The instructions are configured to: access an index of a search engine server computer and determine uniform resource locators (URLs) of auto-generated websites, where the auto-generated websites include the one or more auto-generated websites; and access Internet protocol (IP) address-URL entries stored in a domain name system server computer. The instructions are also configured to: determine a first feature based on the URLs of the auto-generated websites and the IP address-URL entries; collect header data of packets transmitted to or received from the virtual or physical machine; determine a second feature based on the first feature and the header data; based on the second feature, generate a value indicative of whether the first virtual or physical machine has attacked the one or more auto-generated websites; and perform a countermeasure based on the value.

公开(公告)号：US10176263B2

公开(公告)日：2019-01-08

申请号：US14865087

申请日：2015-09-25

Applicant: Microsoft Technology Licensing, LLC

Inventor： Neta Haiby-Weiss ,  Amir Pinchas ,  Hanan Lavy ,  Yitzhak Tzahi Weisfeld ,  Yair Snir ,  Royi Ronen

IPC: G06F17/30 ,  G06Q50/00

Abstract: Data from social networking applications and other applications that can be used to communicate are combined for a user to generate a graph of the various relationships that the user has with other users in the social networking applications and other applications. In addition, the behaviors of each user with respect to communicating through the various social networking applications and other applications are monitored to generate task data that describes user preferences for communicating using each social networking application or other application for different tasks. At a later time, when a user is looking to connect with another user for an indicated task such as networking, the graph can be used to recommend paths to other users in the various social networking applications and other applications, and the generated task data can be used to rank the recommended paths based on the indicated task.

公开(公告)号：US20180046957A1

公开(公告)日：2018-02-15

申请号：US15232440

申请日：2016-08-09

Applicant: Microsoft Technology Licensing, LLC

Inventor： Ronen Yaari ,  Ola Lavi ,  Royi Ronen ,  Eyal Itah

IPC: G06Q10/06 ,  G06Q10/10 ,  G06N5/02 ,  H04L29/06

CPC classification number: G06Q10/0639 ,  G06N5/022 ,  G06Q10/06398 ,  G06Q10/109 ,  G06Q10/1095 ,  H04L65/403

Abstract: Technologies are provided for determining effectiveness of online meetings and providing actionable recommendations and insights based, in part, on a determined effectiveness of the online meetings. According to one embodiment, a measurement of the effectiveness, with respect to meeting participants of proposed, future meetings is predicted, and based on this, aspects of the proposed future meetings are optimized to maximize their effectiveness. Another embodiment relates to optimizing current online meetings as they occur. The ongoing meetings are monitored and data associated with the meetings is analyzed to provide recommendations and insights to meeting presenters and participants in real-time, or near real-time.