公开(公告)号：US10915629B2

公开(公告)日：2021-02-09

申请号：US15802262

申请日：2017-11-02

Applicant: PAYPAL, INC.

Inventor： Michael Dymshits ,  David Tolpin ,  Eli Strajnik ,  Benjamin Hillel Myara ,  Liron Ben Kimon

IPC: G06F21/55 ,  G06F21/64 ,  G06F21/60 ,  G06F16/903

Abstract: Systems and methods for detecting data exfiltration using domain name system (DNS) queries include, in various embodiments, performing operations that include parsing a DNS query to determine whether that DNS query is likely to contain hidden data that is being exfiltrated from a system or network. Statistical methods can be used to analyze the DNS query to determine a likelihood whether each of a plurality of segments of the DNS query are indicative of data exfiltration methods. If one or multiple DNS queries are deemed suspicious based on the analysis, a security action on the DNS query can be performed, including sending an alert and/or blocking the DNS query from being forwarded.

公开(公告)号：US20190130100A1

公开(公告)日：2019-05-02

申请号：US15802262

申请日：2017-11-02

Applicant: PAYPAL, INC.

Inventor： Michael Dymshits ,  David Tolpin ,  Eli Strajnik ,  Benjamin Hillel Myara ,  Liron Ben Kimon

IPC: G06F21/55 ,  G06F21/60 ,  G06F21/64 ,  G06F17/30

Abstract: Systems and methods for detecting data exfiltration using domain name system (DNS) queries include, in various embodiments, performing operations that include parsing a DNS query to determine whether that DNS query is likely to contain hidden data that is being exfiltrated from a system or network. Statistical methods can be used to analyze the DNS query to determine a likelihood whether each of a plurality of segments of the DNS query are indicative of data exfiltration methods. If one or multiple DNS queries are deemed suspicious based on the analysis, a security action on the DNS query can be performed, including sending an alert and/or blocking the DNS query from being forwarded.

公开(公告)号：US20170032120A1

公开(公告)日：2017-02-02

申请号：US15230315

申请日：2016-08-05

Applicant: PAYPAL, INC.

Inventor： David Tolpin ,  Shlomi Boutnaru ,  Yuri Shafet

IPC: G06F21/53 ,  G06F21/56

CPC classification number: G06F21/53 ,  G06F21/564 ,  G06F21/566 ,  G06F21/567 ,  G06F2221/033 ,  G06F2221/2145 ,  H04L63/1416 ,  H04L63/145

Abstract: A system for discovering programming variants. The system analyzes system calls from executing a program to generate programming code or executable for a particular OS and/or CPU that would perform the same or similar actions as the program. The code that is generated is then mutated, augmented, and/or changed to create variations of the program which still functions and/or obtains the same objectives as the original code.

Abstract translation: 用于发现编程变体的系统。 该系统通过执行程序来分析系统调用以产生用于执行与该程序相同或类似动作的特定OS和/或CPU的编程代码或可执行程序。 然后生成的代码被突变，扩充和/或更改，以创建仍然起作用和/或获得与原始代码相同目标的程序的变体。

公开(公告)号：US11455517B2

公开(公告)日：2022-09-27

申请号：US15794832

申请日：2017-10-26

Applicant: PAYPAL, INC.

Inventor： David Tolpin ,  Amit Batzir ,  Nofar Betzalel ,  Michael Dymshits ,  Benjamin Hillel Myara ,  Liron Ben Kimon

IPC: G06N3/04 ,  G06N3/08

Abstract: Anomalies in a data set may be difficult to detect when individual items are not gross outliers from a population average. Disclosed is an anomaly detector that includes neural networks such as an auto-encoder and a discriminator. The auto-encoder and the discriminator may be trained on a training set that does not include anomalies. During training, an auto-encoder generates an internal representation from the training set, and reconstructs the training set from the internal representation. The training continues until data loss in the reconstructed training set is below a configurable threshold. The discriminator may be trained until the internal representation is constrained to a multivariable unit normal. Once trained, the auto-encoder and discriminator identify anomalies in the evaluation set. The identified anomalies in an evaluation set may be linked to transaction, security breach or population trends, but broadly, disclosed techniques can be used to identify anomalies in any suitable population.

公开(公告)号：US11087330B2

公开(公告)日：2021-08-10

申请号：US16889750

申请日：2020-06-01

Applicant: PayPal, Inc.

Inventor： David Tolpin

IPC: G06Q20/40 ,  G06F21/56 ,  G06N5/04 ,  G06K9/62 ,  G06N7/00 ,  G06Q20/38

Abstract: Aspects of the present disclosure involve a system and method for malware detection. The system and method introduce a probabilistic model that can observe user transaction data over a predetermined window of time. Then, using posterior probability, the system can determine whether multiple users where present during the window observed.

公开(公告)号：US20190108449A1

公开(公告)日：2019-04-11

申请号：US15726166

申请日：2017-10-05

Applicant: PAYPAL, INC.

Inventor： Raoul Christopher Johnson ,  Omri Moshe Lahav ,  Michael Dymshits ,  David Tolpin

IPC: G06N5/02 ,  G06F17/30 ,  G06N99/00

Abstract: Aspects of the present disclosure involve systems, methods, devices, and the like for generating compact tree representations applicable to machine learning. In one embodiment, a system is introduced that can retrieve a decision tree structure to generate a compact tree representation model. The compact tree representation model may come in the form of a matrix design to maintain the relationships expressed by the decision tree structure.

公开(公告)号：US20190095263A1

公开(公告)日：2019-03-28

申请号：US15719279

申请日：2017-09-28

Applicant: PayPal, Inc.

Inventor： Omri Moshe Lahav ,  Raoul Christopher Johnson ,  David Tolpin

IPC: G06F11/00 ,  G06F11/34 ,  G06F11/30

CPC classification number: G06F11/004 ,  G06F2201/82 ,  G06F2201/83 ,  G06Q20/405 ,  G07F9/026

Abstract: Computer system drift can occur when a computer system or a cluster of computer systems deviates from ideal and/or desired behavior. In a server farm, for example, many different machines may be identically configured to work in conjunction with each other to provide an electronic service (serving web pages, processing electronic payment transactions, etc.). Over time, however, one or more of these systems may drift from previous behavior. Early drift detection can be important, especially in large enterprises, to avoiding costly downtime. Changes in a computer's configuration files, network connections, and/or executable processes can indicate ongoing drift, but collecting this information at scale can be difficult. By using certain hashing and min-Hash techniques, however, drift detection can be streamlined and accomplished for large scale operations. Velocity of drift may also be tracked using a decay function.

公开(公告)号：US12079860B2

公开(公告)日：2024-09-03

申请号：US17409576

申请日：2021-08-23

Applicant: PayPal, Inc.

Inventor： Benjamin Hillel Myara ,  David Tolpin

IPC: G06Q30/00 ,  G06F40/30 ,  G06Q30/0204 ,  G06Q30/0251 ,  G06Q30/0601 ,  H04L9/40 ,  H04L67/02 ,  H04L67/14 ,  H04L67/145 ,  H04L67/50

CPC classification number: G06Q30/0641 ,  G06F40/30 ,  G06Q30/0204 ,  G06Q30/0251 ,  G06Q30/0601 ,  G06Q30/0633 ,  H04L63/14 ,  H04L63/1425 ,  H04L67/02 ,  H04L67/14 ,  H04L67/145 ,  H04L67/535

Abstract: Methods and systems for creating and analyzing low-dimensional representation of webpage sequences are described. Network traffic history data associated with a particular website is retrieved and a word embedding algorithm is applied to the network traffic history data to produce a low dimensional embedding. A prediction model is created based on the low-dimensional embedding. Browsing activity on the particular website is monitored. A set of sessions in the current browsing activity is flagged based on a result of applying the prediction model to the monitored browsing activity.

公开(公告)号：US20220058493A1

公开(公告)日：2022-02-24

申请号：US17361316

申请日：2021-06-28

Applicant: PAYPAL, INC.

Inventor： Raoul Christopher Johnson ,  Omri Moshe Lahav ,  Michael Dymshits ,  David Tolpin

IPC: G06N5/02 ,  G06N20/00 ,  G06F16/22

Abstract: Aspects of the present disclosure involve systems, methods, devices, and the like for generating compact tree representations applicable to machine learning. In one embodiment, a system is introduced that can retrieve a decision tree structure to generate a compact tree representation model. The compact tree representation model may come in the form of a matrix design to maintain the relationships expressed by the decision tree structure.

公开(公告)号：US20210383459A1

公开(公告)日：2021-12-09

申请号：US17409576

申请日：2021-08-23

Applicant: PayPal, Inc.

Inventor： Benjamin Hillel Myara ,  David Tolpin

IPC: G06Q30/06 ,  H04L29/06 ,  H04L29/08 ,  G06F40/30 ,  G06Q30/02

Abstract: Methods and systems for creating and analyzing low-dimensional representation of webpage sequences are described. Network traffic history data associated with a particular website is retrieved and a word embedding algorithm is applied to the network traffic history data to produce a low dimensional embedding. A prediction model is created based on the low-dimensional embedding. Browsing activity on the particular website is monitored. A set of sessions in the current browsing activity is flagged based on a result of applying the prediction model to the monitored browsing activity.