-
公开(公告)号:US11184359B2
公开(公告)日:2021-11-23
申请号:US16059393
申请日:2018-08-09
Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC
Inventor: Ben Kliger , Yotam Livny , Ram Haim Pliskin , Roy Levin , Mathias Abraham Marc Scherman , Moshe Israel , Michael Zeev Bargury
Abstract: Methods, systems, and media are shown for generating access control rules for computer resources involving collecting historical access data for user accesses to a computer resource and separating the historical access data into a training data set and a validation data set. An access control rule is generated for the computer resource based on the properties of the user accesses to the computer resource in the training data set. The rule is validated against the validation data set to determine whether the rule produces a denial rate level is below a threshold when the rule is applied to the validation data set. If the rule is valid, then it is provided to an administrative interface so that an administrator can select the rule for application to incoming user requests.
-
公开(公告)号:US11089024B2
公开(公告)日:2021-08-10
申请号:US15917315
申请日:2018-03-09
Applicant: Microsoft Technology Licensing, LLC
Inventor: Dotan Patrich , Ram Haim Pliskin , Tomer Koren , Moshe Israel , Hani Hana Neuvirth , Josef Weizman
IPC: H04L29/06 , G06F16/955
Abstract: Systems, methods, and apparatuses are provided for restricting access to a web resource. Website access information is obtained by monitoring accesses to a plurality of websites for each access, which may include a network identifier of an access requestor, a website identifier, and an access time for each request. Based on at least the website access information, it may be determined that a particular access requestor has accessed a number of different websites in a given time period. As a result, the particular access requestor may be classified as a web robot. A request to permit access to a web resource is received by the particular access requestor. In response to receiving the request to permit access to the web resource, the particular access requestor is prevented from accessing the web resource and/or a notification is generated that the particular access requestor is attempting to access the web resource.
-
公开(公告)号:US11012476B2
公开(公告)日:2021-05-18
申请号:US16196184
申请日:2018-11-20
Applicant: MICROSOFT TECHNOLOGY LICENSING, LLC
Inventor: Moshe Israel , Shira Itzhaki , Yotam Livny
Abstract: Techniques are provided to automatically generate and apply policy rules for IoT devices. Historical data associated with IoT behaviors is obtained, where the historical data describes the file systems and behavior trends for multiple different IoT devices. Groups of the IoT devices are generated by grouping together devices identified as being common with one another based on similarities between their identified behaviors. Policies are then automatically generated for each group, corresponding to the detected behavior trends. Each policy determines how to subsequently monitor any device categorized as belonging to that policy's group and also how to respond when a device is operating abnormally. After a device is characterized as belonging to a group, that device is monitored to determine whether it conforms with the group's policy. Optionally, mitigation operations may be performed when the device is non-conforming.
-
公开(公告)号:US10944791B2
公开(公告)日:2021-03-09
申请号:US16113196
申请日:2018-08-27
Applicant: Microsoft Technology Licensing, LLC
Inventor: Yotam Livny , Mathias Abraham Marc Scherman , Moshe Israel , Ben Kliger , Ram Haim Pliskin , Roy Levin , Michael Zeev Bargury
Abstract: A system for predicting vulnerability of network resources is provided. The system can calculate an initial vulnerability score for each of the network resources and use the initial vulnerability scores along with activity data of the network resources to train a vulnerability model. After training, the vulnerability model can predict the vulnerability of the network resources based on new activity data collected from the network resources. Based on the predicted vulnerability, vulnerable network resources can be identified. Further analysis can be performed by comparing the activities of the vulnerable network resources and other network resources to identify activity patterns unique to the vulnerable network resources as attack patterns. Based on the attack patterns, one or more actions can be taken to increase the security of the vulnerable network resources to avoid further vulnerability.
-
公开(公告)号:US20190394240A1
公开(公告)日:2019-12-26
申请号:US16014892
申请日:2018-06-21
Applicant: Microsoft Technology Licensing, LLC
Inventor: Moshe Israel , Ben Kliger , Royi Ronen
IPC: H04L29/06
Abstract: Methods, systems, and media are shown for reducing the vulnerability of user accounts to attack that involve creating a rule for a user account that includes a permitted parameter corresponding to a user account activity property, monitoring the account activity of the user account. If it is determined that account activity property is inconsistent with the permitted parameter, then the user account is disabled. An example of a permitted parameter is a permitted time period, such as a start time, an end time, a recurrence definition, a days of the week definition, a start date, an end date, and a number of occurrences definition. Other examples are a physical parameter, such as a permitted geographic location, device, or network, or a permitted usage parameter, such as a permitted application, data access, or domain.
-
Patent Agency Ranking
公开(公告)号:US20190007415A1
公开(公告)日:2019-01-03
申请号:US15637410
申请日:2017-06-29
Applicant: Microsoft Technology Licensing, LLC
Inventor: Ben Kliger , Efim Hudis , Moshe Israel , Steven J. Lieberman , Mark Wahl
IPC: H04L29/06
Abstract: An access configuration for an access control manager is generated. Access data including users, resources, and actions the users performed on the resources is received into a matrix. Clusters of the matrix are formed to produce ranges of the users and ranges of the resources having selected permission levels based on the actions. Administrator-modifiable security groups are created based on the ranges of users and administrator-modifiable resources groups based on the ranges of resources.
-
公开(公告)号:US12105802B2
公开(公告)日:2024-10-01
申请号:US17888949
申请日:2022-08-16
Applicant: Microsoft Technology Licensing, LLC
Inventor: Nadav Wolfin , Moshe Israel , Liran Englender , Benyamin Farshteindiker , Elizabeta Mash Levin , Lior Becker , Josef Weizman
CPC classification number: G06F21/566 , G06F11/301 , G06F11/302 , G06F11/3495 , G06F21/53 , G06F2221/033
Abstract: Generally discussed herein are devices, systems, and methods for secure container operation. A behavior profile of normal container operation can be generated, such as by using crowd sourced data. A container monitor can provide container actions of an application in a deployed container. The container action can be compared to a behavior profile that indicates normal behavior of the container. A communication can in response to the container actions being inconsistent with the normal behavior of the behavior profile. The container can be halted to stop the abnormal behavior.
-
公开(公告)号:US20230376399A1
公开(公告)日:2023-11-23
申请号:US17748784
申请日:2022-05-19
Applicant: Microsoft Technology Licensing, LLC
Inventor: Shany Klein Antman , Ely Abramovitch , Hani Hana Neuvirth , Diana Attar-Sityon , Moshe Israel
CPC classification number: G06F11/3079 , G06F11/3075 , G06K9/6215 , G06F9/547
Abstract: According to examples, an apparatus may include a processor and a memory on which are stored machine-readable instructions that, when executed by the processor, may cause the processor to receive event data for a subject incident. The processor may filter a set of candidate incidents to identify a first predefined number of candidate incidents. The first predefined number of candidate incidents may be filtered based on a respective first similarity score assigned to each of the candidate incidents. The processor may assign a respective second similarity score to each of the identified first predefined number of candidate incidents. The second similarity score may be based on common property values between the subject incident and respective candidate incidents. The processor may identify and output a second predefined number of candidate incidents among the first predefined number of candidate incidents based on the assigned second similarity score.
-
公开(公告)号:US11580037B2
公开(公告)日:2023-02-14
申请号:US16907026
申请日:2020-06-19
Applicant: Microsoft Technology Licensing, LLC
Inventor: Naama Kraus , Moshe Israel , Tamer Salman , Moshe Shalala , Rotem Lurie , Avihai Dvir
Abstract: According to examples, an apparatus may include a memory on which is stored machine-readable instructions that may cause a processor to determine, for each of a plurality of members in a group, a respective least privilege level for a resource and determine, based on the determined respective least privilege levels, a privilege level to be assigned to the group for the resource. The instructions may also cause the processor to assign the determined privilege level to the group for the resource and apply the assigned privilege level to the members of the group for the resource.
-
公开(公告)号:US11509647B2
公开(公告)日:2022-11-22
申请号:US16259520
申请日:2019-01-28
Applicant: Microsoft Technology Licensing, LLC
Inventor: Shira Itzhaki , Moshe Israel
Abstract: According to examples, an apparatus may include a processor and a non-transitory computer readable medium on which is stored machine readable instructions that may cause the processor to access a hashed credential associated with a user or a device, access hashed versions of a plurality of commonly used credentials, determine whether the hashed credential matches a hashed version of a commonly used credential of the plurality of commonly used credentials, and based on a determination that the hashed credential matches a hashed version of a commonly used credential, perform at least one of a reporting or a blocking operation.
-
-
-
-
-
-
-
-
-
Search Results
51
records
(took 0.022 seconds)
