中科微点-全球专利检索

  1. Login
  2. Sign Up

Search Results

40 records (took 0.024 seconds)

    Cloud security using multidimensional hierarchical model
    5.
    发明授权
    Cloud security using multidimensional hierarchical model 有权

    公开(公告)号:US11165791B2

    公开(公告)日:2021-11-02

    申请号:US16351962

    申请日:2019-03-13

    Applicant: Microsoft Technology Licensing, LLC

    Inventor: Andrey Karpovsky Ron Matchoro Haim Saadia Ben Danan Yotam Livny Naama Kraus Roy Levin Tamer Salman

    IPC: H04L29/06 H04L12/911 H04L29/08

    Abstract: Generally discussed herein are devices, systems, and methods for computer or other network device security. A method can include identifying a profile associated with event data regarding an operation performed on a cloud resource, determining whether the event data is associated with anomalous customer interaction with the cloud resource, in response to determining the event data is associated with anomalous customer interaction, identifying whether another cloud resource of the cloud resources with a lower granularity profile that is associated with the profile of the cloud resource has previously been determined to be a target of an anomalous operation, and providing a single alert to a client device indicating the anomalous behavior on the cloud resource in response to determining both the event data is associated with anomalous customer interaction and the another cloud resource is determined to be the target of the anomalous operation.

    SIMILARITY BASED APPROACH FOR CLUSTERING AND ACCELERATING MULTIPLE INCIDENTS INVESTIGATION
    6.
    发明申请
    SIMILARITY BASED APPROACH FOR CLUSTERING AND ACCELERATING MULTIPLE INCIDENTS INVESTIGATION 审中-公开

    公开(公告)号:US20200057953A1

    公开(公告)日:2020-02-20

    申请号:US16105189

    申请日:2018-08-20

    Applicant: Microsoft Technology Licensing, LLC

    Inventor: Yotam Livny Roy Levin Ram Haim Pliskin Ben Kliger Mathias Abraham Marc Scherman Moshe Israel Michael Zeev Bargury

    IPC: G06N5/04 G06N99/00

    Abstract: Systems, methods, and apparatuses are provided for clustering incidents in a computing environment. An incident notification relating to an event (e.g., a potential cyberthreat or any other alert) in the computing environment is received and a set of features may be generated based on the incident notification. The set of features may be provided as an input to a machine-learning engine to identify a similar incident notification in the computing environment. The similar incident notification may include a resolved incident notification or an unresolved incident notification. An action to resolve the incident notification may be received, and the received action may thereby be executed. In some implementations, in addition to resolving the received incident notification, the action may be executed to resolve a similar unresolved incident notification identified by the machine-learning engine.

    Detecting a missing security alert using a machine learning model
    7.
    发明授权
    Detecting a missing security alert using a machine learning model 有权

    公开(公告)号:US11991191B2

    公开(公告)日:2024-05-21

    申请号:US17742688

    申请日:2022-05-12

    Applicant: Microsoft Technology Licensing, LLC

    Inventor: Roy Levin Mathias A. M. Scherman

    IPC: H04L9/40

    CPC classification number: H04L63/1416 H04L63/1466

    Abstract: Methods, systems, and apparatuses are provided for detecting a missing security alert by receiving an alert sequence generated by a network security provider, applying the received alert sequence to a security incident model, receiving an indication from the security incident model that the received alert sequence corresponds to a security incident defined by a predetermined sequence of alerts that includes at least one alert missing from the received alert sequence, and generating a notification to the network security provider that indicates at least one of the security incident or the missing alert(s). In addition, the security incident model may be generated by providing a set of historical alerts and a set of historical security incidents to a machine learning algorithm to generate the security incident model.

    Anomalous action security assessor
    8.
    发明授权
    Anomalous action security assessor 有权

    公开(公告)号:US11856015B2

    公开(公告)日:2023-12-26

    申请号:US17357546

    申请日:2021-06-24

    Applicant: Microsoft Technology Licensing, LLC

    Inventor: Roy Levin Andrey Karpovsky

    IPC: H04L29/06 H04L9/40

    CPC classification number: H04L63/1425 H04L63/102 H04L63/1416 H04L63/1483 H04L63/20

    Abstract: An anomalous action security assessor is disclosed. An anomaly is received from a set of anomalies. A series of linked queries associated with the anomaly is presented to the user. The series of linked queries includes a base query and a subquery. The base query tests an attribute of the anomaly and resolves to a plurality of outcomes of the base query. The subquery is associated with an outcome of the plurality of outcomes of the base query. The series of linked queries finally resolve to one of tag the anomaly and dismiss the anomaly. A security alert is issued if the series of linked queries finally resolves to tag the anomaly.

    Threat detection using cloud resource management logs
    9.
    发明授权
    Threat detection using cloud resource management logs 有权

    公开(公告)号:US11716340B2

    公开(公告)日:2023-08-01

    申请号:US17333534

    申请日:2021-05-28

    Applicant: Microsoft Technology Licensing, LLC

    Inventor: Roy Levin Ram Haim Pliskin Johnathan Samuel Simon

    IPC: H04L9/40 H04L67/50 H04L67/10

    CPC classification number: H04L63/1425 H04L67/10 H04L67/535

    Abstract: Generally discussed herein are devices, systems, and methods for improving cloud resource security. A method can include obtaining a cloud resource management log that details actions performed by users of cloud resources in a cloud portal, the actions including entries comprising at least two of a user identification (ID) of a user of the users, an operation of operations performed on the cloud resource, a uniform resource identifier (URI) of a cloud resource of the cloud resources that is a target of the operation, or a time the operation was performed. The method can include determining a respective score for each action in the cloud resource management log, comparing the respective score to a specified criterion, and providing an indication of anomalous action in response to determining the respective score satisfies the specified criterion.

    Malicious cloud-based resource allocation detection
    10.
    发明授权
    Malicious cloud-based resource allocation detection 有权

    公开(公告)号:US11159567B2

    公开(公告)日:2021-10-26

    申请号:US16101398

    申请日:2018-08-11

    Applicant: Microsoft Technology Licensing, LLC

    Inventor: Ram Haim Pliskin Roy Levin

    IPC: H04L29/06 G06F9/455 G06F9/50 G06K9/62 G06N20/00

    Abstract: Methods, systems, and computer program products are described herein for detecting malicious cloud-based resource allocations. Such detection may be achieved using machine learning-based techniques that analyze sequences of cloud-based resource allocations to determine whether such sequences are performed with a malicious intent. For instance, a sequence classification model may be generated by training a machine learning-based algorithm on both resource allocation sequences that are known to be used for malicious purposes and resource allocation sequences that are known to be used for non-malicious or benign purposes. Using these sequences, the machine learning-based algorithm learns what constitutes a malicious resource allocation sequence and generates the sequence classification model. The sequence classification model is used to classify any sequence of resource allocation operations performed via a valid user's cloud services subscription provided thereto as being a malicious sequence or a non-malicious sequence.

Patent Agency Ranking