Patents by Inventor Barry Markey
Barry Markey has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10521590Abstract: A detection dictionary system provides a framework for describing, detecting, and reporting anomalies across multiple operating environments each including multiple computing devices. An anomaly in an operating environment refers to one or more operations or activities in the operating environment that may be indicative of an attack on the operating environment by a malicious user or program. The framework includes guarantees, detections, properties, and detection instances. Guarantees are promises or assertions made to an entity (e.g., a business or other organization) that describes what the detection dictionary system will detect and alert on when a particular trend or anomaly is identified. A detection is a set of metadata describing how to fulfill a given guarantee. A property describes how to map the detection to a particular detection instance. A detection instance is a specific implementation of a detection as applied to a property.Type: GrantFiled: September 1, 2016Date of Patent: December 31, 2019Assignee: Microsoft Technology Licensing LLCInventors: Santosh Subbarayudu Kandala, Anna Maria Latuskiewicz, Barry Markey
-
Patent number: 10110622Abstract: Systems and methods for automated selection of payloads for use in a security scan of a web application by a security scanner are described herein. More specifically, the systems and methods test potential payloads for a security scan of a given web application on a test application with known security vulnerabilities, evaluate valid response returned by this test application, determine functionally equivalent responses, group payloads based the equivalence of their valid responses, and select one or more payloads from each created group for use in the security scan of the given web application.Type: GrantFiled: February 13, 2015Date of Patent: October 23, 2018Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Dragos Boia, Barry Markey, Donald Ankney, Viresh Ramdatmisier
-
Publication number: 20180063175Abstract: A detection dictionary system provides a framework for describing, detecting, and reporting anomalies across multiple operating environments each including multiple computing devices. An anomaly in an operating environment refers to one or more operations or activities in the operating environment that may be indicative of an attack on the operating environment by a malicious user or program. The framework includes guarantees, detections, properties, and detection instances. Guarantees are promises or assertions made to an entity (e.g., a business or other organization) that describes what the detection dictionary system will detect and alert on when a particular trend or anomaly is identified. A detection is a set of metadata describing how to fulfill a given guarantee. A property describes how to map the detection to a particular detection instance. A detection instance is a specific implementation of a detection as applied to a property.Type: ApplicationFiled: September 1, 2016Publication date: March 1, 2018Applicant: Microsoft Technology Licensing, LLCInventors: Santosh Subbarayudu Kandala, Anna Maria Latuskiewicz, Barry Markey
-
Patent number: 9906542Abstract: Various implementations provide an approach to control testing frequency based on behavior change detection. Behavior change detection is utilized, instead of a pre-defined patterns approach, to look at a system's behavior and detect any variances from what would otherwise be normal operating behavior. In at least some implementations, a behavior change detection system collects behavior from a service, such as an online service, and detects behavior changes, either permanent or transient, in the service. In this way, the changes may be used to compute a volatility score, which the system uses to control testing frequency of one or more services, such as URLs that are part of a particular service.Type: GrantFiled: March 30, 2015Date of Patent: February 27, 2018Assignee: Microsoft Technology Licensing, LLCInventors: Dragos D. Boia, Donald J. Ankney, Barry Markey, Jiong Qiu, Alisson A. S. Sol, Viresh Ramdatmisier, Eugene V. Bobukh
-
Patent number: 9853940Abstract: To protect network-based services, offering computer implemented functionality, from attacks, a passive web application firewall reactively identifies vulnerabilities, enabling such vulnerabilities to be quickly ameliorated, without intercepting communications or introducing other suboptimal aspects of traditional web application firewalls. Communications directed to the network-based services are logged and such logs are scanned for entries evidencing attacks, such as based on predetermined attack syntax. Further evaluation of the entries identified as evidencing attacks identifies a subset of those entries that correspond to likely successful attacks. Such further evaluation includes attacking the network-based service in an equivalent manner. Attacks that are found to be successful identify vulnerabilities, and a notification of such vulnerabilities is provided to facilitate amelioration of such vulnerabilities.Type: GrantFiled: September 24, 2015Date of Patent: December 26, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Robert C. Fruth, Viresh Ramdatmisier, Barry Markey, Robert Fish, Erik Tayler, Dragos Boia, Donald Ankney
-
Patent number: 9720814Abstract: Template identification techniques for control of testing are described. In one or more implementations, a method is described to control testing of one or more services by one or more computing devices using inferred template identification. Templates are inferred, by the one or more computing devices, that are likely used for documents for respective services of a service provider that are available via corresponding universal resource locators (URLs) to form an inferred dataset. Overlaps are identified by the one or computing devices in the inferred dataset to cluster services together that have likely used corresponding templates. Testing is controlled by the one or more computing devices of the one or more services based at least in part on the clusters.Type: GrantFiled: May 22, 2015Date of Patent: August 1, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Dragos D. Boia, Viresh Ramdatmisier, Jiong Qiu, Barry Markey, Alisson A. S. Sol, Donald J. Ankney, Eugene V. Bobukh, Robert D. Fish
-
Patent number: 9619648Abstract: A behavior change detection system collects behavior from a service, such as an online service, and detects behavior changes, either permanent or transient, in the service. Machine learning hierarchical (agglomerative) clustering techniques are utilized to compute deviations between clustered data sets representing an “answer” that the service presents to a series of requests.Type: GrantFiled: October 20, 2014Date of Patent: April 11, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Alisson Augusto Souza Sol, Dragos D. Boia, Barry Markey, Robert D. Fish, Donald J. Ankney, Viresh Ramdatmisier
-
Publication number: 20170093795Abstract: To protect network-based services, offering computer implemented functionality, from attacks, a passive web application firewall reactively identifies vulnerabilities, enabling such vulnerabilities to be quickly ameliorated, without intercepting communications or introducing other suboptimal aspects of traditional web application firewalls. Communications directed to the network-based services are logged and such logs are scanned for entries evidencing attacks, such as based on predetermined attack syntax. Further evaluation of the entries identified as evidencing attacks identifies a subset of those entries that correspond to likely successful attacks. Such further evaluation includes attacking the network-based service in an equivalent manner. Attacks that are found to be successful identify vulnerabilities, and a notification of such vulnerabilities is provided to facilitate amelioration of such vulnerabilities.Type: ApplicationFiled: September 24, 2015Publication date: March 30, 2017Inventors: Robert C. Fruth, Viresh Ramdatmisier, Barry Markey, Robert Fish, Erik Tayler, Dragos Boia, Donald Ankney
-
Publication number: 20160342500Abstract: Template identification techniques for control of testing are described. In one or more implementations, a method is described to control testing of one or more services by one or more computing devices using inferred template identification. Templates are inferred, by the one or more computing devices, that are likely used for documents for respective services of a service provider that are available via corresponding universal resource locators (URLs) to form an inferred dataset. Overlaps are identified by the one or computing devices in the inferred dataset to cluster services together that have likely used corresponding templates. Testing is controlled by the one or more computing devices of the one or more services based at least in part on the clusters.Type: ApplicationFiled: May 22, 2015Publication date: November 24, 2016Inventors: Dragos D. Boia, Viresh Ramdatmisier, Jiong Qiu, Barry Markey, Alisson A. S. Sol, Donald J. Ankney, Eugene V. Bobukh, Robert D. Fish
-
Patent number: 9485263Abstract: Various embodiments provide an approach to classifying security events based on the concept of behavior change detection or “volatility.” Behavior change detection is utilized, in place of a pre-defined patterns approach, to look at a system's behavior and detect any variances from what would otherwise be normal operating behavior. In operation, machine learning techniques are utilized as an event classification mechanism which facilitates implementation scalability. The machine learning techniques are iterative and continue to learn over time. Operational scalability issues are addressed by using the computed volatility of the events in a time series as input for a classifier. During a learning process (i.e., the machine learning process), the system identifies relevant features that are affected by security incidents. When in operation, the system evaluates those features in real-time and provides a probability that an incident is about to occur.Type: GrantFiled: July 16, 2014Date of Patent: November 1, 2016Assignee: Microsoft Technology Licensing, LLCInventors: Alisson Augusto Souza Sol, Barry Markey, Robert D. Fish, Donald J. Ankney, Dragos D. Boia, Viresh Ramdatmisier
-
Publication number: 20160294856Abstract: Various implementations provide an approach to control of testing frequency based on the concept of behavior change detection or “volatility.” Behavior change detection is utilized, in place of a pre-defined patterns approach, to look at a system's behavior and detect any variances from what would otherwise be normal operating behavior. In at least some implementations, a behavior change detection system collects behavior from a service, such as an online service, and detects behavior changes, either permanent or transient, in the service. In this way, the changes may be used to compute a volatility score that describes an amount of change in the behaviors. The changes in behavior as reflected by the volatility scores are then usable to control a testing frequency of the services, such as URLs that are part of the service. This may be performed dynamically to reflect ongoing changes in volatility.Type: ApplicationFiled: March 30, 2015Publication date: October 6, 2016Inventors: Dragos D. Boia, Donald J. Ankney, Barry Markey, Jiong Qiu, Alisson A. S. Sol, Viresh Ramdatmisier, Eugene V. Bobukh
-
Publication number: 20160241582Abstract: Systems and methods for automated selection of payloads for use in a security scan of a web application by a security scanner are described herein. More specifically, the systems and methods test potential payloads for a security scan of a given web application on a test application with known security vulnerabilities, evaluate valid response returned by this test application, determine functionally equivalent responses, group payloads based the equivalence of their valid responses, and select one or more payloads from each created group for use in the security scan of the given web application.Type: ApplicationFiled: February 13, 2015Publication date: August 18, 2016Applicant: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Dragos Boia, Barry Markey, Donald Ankney, Viresh Ramdatmisier
-
Publication number: 20160021124Abstract: Various embodiments provide an approach to classifying security events based on the concept of behavior change detection or “volatility.” Behavior change detection is utilized, in place of a pre-defined patterns approach, to look at a system's behavior and detect any variances from what would otherwise be normal operating behavior. In operation, machine learning techniques are utilized as an event classification mechanism which facilitates implementation scalability. The machine learning techniques are iterative and continue to learn over time. Operational scalability issues are addressed by using the computed volatility of the events in a time series as input for a classifier. During a learning process (i.e., the machine learning process), the system identifies relevant features that are affected by security incidents. When in operation, the system evaluates those features in real-time and provides a probability that an incident is about to occur.Type: ApplicationFiled: July 16, 2014Publication date: January 21, 2016Inventors: Alisson Augusto Souza Sol, Barry Markey, Robert D. Fish, Donald J. Ankney, Dragos D. Boia, Viresh Ramdatmisier
-
Publication number: 20160019387Abstract: A behavior change detection system collects behavior from a service, such as an online service, and detects behavior changes, either permanent or transient, in the service. Machine learning hierarchical (agglomerative) clustering techniques are utilized to compute deviations between clustered data sets representing an “answer” that the service presents to a series of requests.Type: ApplicationFiled: October 20, 2014Publication date: January 21, 2016Inventors: Alisson Augusto Souza Sol, Dragos D. Boia, Barry Markey, Robert D. Fish, Donald J. Ankney, Viresh Ramdatmisier