Patents by Inventor Daniel Alon
Daniel Alon has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230071347Abstract: A recommendation system for recommending a target feature value for a target feature for a target deployment is provided. The recommendation system, for each of a plurality of deployments, collects feature values for the features of that deployment. The recommendation system then generates a model for recommending a target feature value for the target feature based on the collected feature values of the features for the deployments. The recommendation system applies the model to the features of the target deployment to identify a target feature value for the target feature. The recommendation system then provides the identified target feature value as a recommendation for the target feature for the target deployment.Type: ApplicationFiled: November 14, 2022Publication date: March 9, 2023Inventors: Efim HUDIS, Hani-Hana NEUVIRTH, Daniel ALON, Royi RONEN, Yair TOR, Gilad Michael ELYASHAR
-
Patent number: 11533240Abstract: A recommendation system for recommending a target feature value for a target feature for a target deployment is provided. The recommendation system, for each of a plurality of deployments, collects feature values for the features of that deployment. The recommendation system then generates a model for recommending a target feature value for the target feature based on the collected feature values of the features for the deployments. The recommendation system applies the model to the features of the target deployment to identify a target feature value for the target feature. The recommendation system then provides the identified target feature value as a recommendation for the target feature for the target deployment.Type: GrantFiled: May 16, 2016Date of Patent: December 20, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Efim Hudis, Hani-Hana Neuvirth, Daniel Alon, Royi Ronen, Yair Tor, Gilad Michael Elyashar
-
Patent number: 10771492Abstract: Systems and methods for analyzing security alerts within an enterprise are provided. An enterprise graph is generated based on information such as operational intelligence regarding the enterprise. The enterprise graph identifies relationships between entities of the enterprise and a plurality of security alerts are produced by a plurality of security components of the enterprise. One or more significant relationships are identified between two or more of the plurality of security alerts based on a strength of a relationship identified in the enterprise graph. A significant relationship is utilized to identify a potential security incident between two or more of the security alerts.Type: GrantFiled: September 22, 2016Date of Patent: September 8, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Efim Hudis, Michal Braverman-Blumenstyk, Daniel Alon, Hani Hana Neuvirth, Royi Ronen, Yuri Gurevich
-
Patent number: 10534925Abstract: Controlling device security includes obtaining a set of device activity data indicating current device activity on a device and a set of user activity data indicating a current activity state of one or more legitimate users of the device. It is determined whether the indicated current activity state of the users indicates that a legitimate user is in an active state on the device, or that none of the legitimate users is in an active state on the device. A statistical fit of the indicated current device activity on the device, with the indicated current activity state of the one or more legitimate users, is determined, by a comparison with at least one of the models that are generated via supervised learning. A security alert action may be initiated, based on a result of the determination of the statistical fit indicating a compromised state of the device.Type: GrantFiled: October 5, 2016Date of Patent: January 14, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Moshe Israel, Royi Ronen, Daniel Alon, Tomer Teller, Hanan Shteingart
-
Patent number: 10402244Abstract: A system for identifying abnormal resource usage in a data center is provided. In some embodiments, the system employs a prediction model for each of a plurality of resources and an abnormal resource usage criterion. For each of a plurality of resources of the data center, the system retrieves current resource usage data for a current time and past resource usage data for that resource. The system then extracts features from the past resource usage data for that resource, predicts using the prediction model for that resource usage data for the current time based on the extracted features, and determines an error between the predicted resource usage data and the current resource usage data. After determining the error data for the resources, the system determines whether errors satisfy the abnormal resource usage criterion. If so, the system indicates that an abnormal resource usage has occurred.Type: GrantFiled: December 20, 2016Date of Patent: September 3, 2019Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC.Inventors: Hani Neuvirth-Telem, Amit Hilbuch, Shay Baruch Nahum, Yehuda Finkelstein, Daniel Alon, Elad Yom-Tov
-
Patent number: 10397256Abstract: In an example embodiment, a computer-implemented method comprises obtaining labels from messages associated with an email service provider, wherein the labels indicate for each message IP how many spam and non-spam messages have been received; obtaining network data features from a cloud service provider; providing the labels and network data features to a machine learning application; generating a prediction model representing an algorithm for determining whether a particular set of network data features are spam or not; applying the prediction model to network data features for an unlabeled message; and generating an output of the prediction model indicating a likelihood that the unlabeled message is spam.Type: GrantFiled: November 30, 2016Date of Patent: August 27, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Ori Kashi, Philip Newman, Daniel Alon, Elad Yom-Tov, Hani Neuvirth, Royi Ronen
-
Patent number: 10320817Abstract: A system for detecting an attack by a virtual or physical machine on one or more auto-generated websites is provided. The system includes a processor, a memory, and an application. The application is stored in the memory and includes instructions, which are executable by the processor. The instructions are configured to: access an index of a search engine server computer and determine uniform resource locators (URLs) of auto-generated websites, where the auto-generated websites include the one or more auto-generated websites; and access Internet protocol (IP) address-URL entries stored in a domain name system server computer.Type: GrantFiled: November 16, 2016Date of Patent: June 11, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Hani Neuvirth-Telem, Elad Yom-Tov, Royi Ronen, Daniel Alon Hilevich
-
Publication number: 20180139215Abstract: A system for detecting an attack by a virtual or physical machine on one or more auto-generated websites is provided. The system includes a processor, a memory, and an application. The application is stored in the memory and includes instructions, which are executable by the processor. The instructions are configured to: access an index of a search engine server computer and determine uniform resource locators (URLs) of auto-generated websites, where the auto-generated websites include the one or more auto-generated websites; and access Internet protocol (IP) address-URL entries stored in a domain name system server computer.Type: ApplicationFiled: November 16, 2016Publication date: May 17, 2018Inventors: Hani Neuvirth-Telem, Elad Yom-Tov, Royi Ronen, Daniel Alon Hilevich
-
Publication number: 20180096157Abstract: Controlling device security includes obtaining a set of device activity data indicating current device activity on a device and a set of user activity data indicating a current activity state of one or more legitimate users of the device. It is determined whether the indicated current activity state of the users indicates that a legitimate user is in an active state on the device, or that none of the legitimate users is in an active state on the device. A statistical fit of the indicated current device activity on the device, with the indicated current activity state of the one or more legitimate users, is determined, by a comparison with at least one of the models that are generated via supervised learning. A security alert action may be initiated, based on a result of the determination of the statistical fit indicating a compromised state of the device.Type: ApplicationFiled: October 5, 2016Publication date: April 5, 2018Applicant: Microsoft Technology Licensing, LLCInventors: Moshe Israel, Royi Ronen, Daniel Alon, Tomer Teller, Hanan Shteingart
-
Publication number: 20180084001Abstract: Systems and methods for analyzing security alerts within an enterprise are provided. An enterprise graph is generated based on information such as operational intelligence regarding the enterprise. The enterprise graph identifies relationships between entities of the enterprise and a plurality of security alerts are produced by a plurality of security components of the enterprise. One or more significant relationships are identified between two or more of the plurality of security alerts based on a strength of a relationship identified in the enterprise graph. A significant relationship is utilized to identify a potential security incident between two or more of the security alerts.Type: ApplicationFiled: September 22, 2016Publication date: March 22, 2018Applicant: Microsoft Technology Licensing, LLC.Inventors: Efim Hudis, Michal Braverman-Blumenstyk, Daniel Alon, Hani Hana Neuvirth, Royi Ronen, Yuri Gurevich
-
Publication number: 20170359362Abstract: In an example embodiment, a computer-implemented method comprises obtaining labels from messages associated with an email service provider, wherein the labels indicate for each message IP how many spam and non-spam messages have been received; obtaining network data features from a cloud service provider; providing the labels and network data features to a machine learning application; generating a prediction model representing an algorithm for determining whether a particular set of network data features are spam or not; applying the prediction model to network data features for an unlabeled message; and generating an output of the prediction model indicating a likelihood that the unlabeled message is spam.Type: ApplicationFiled: November 30, 2016Publication date: December 14, 2017Applicant: Microsoft Technology Licensing, LLCInventors: Ori Kashi, Philip Newman, Daniel Alon, Elad Yom-Tov, Hani Neuvirth, Royi Ronen
-
Publication number: 20170207980Abstract: A recommendation system for recommending a target feature value for a target feature for a target deployment is provided. The recommendation system, for each of a plurality of deployments, collects feature values for the features of that deployment. The recommendation system then generates a model for recommending a target feature value for the target feature based on the collected feature values of the features for the deployments. The recommendation system applies the model to the features of the target deployment to identify a target feature value for the target feature. The recommendation system then provides the identified target feature value as a recommendation for the target feature for the target deployment.Type: ApplicationFiled: May 16, 2016Publication date: July 20, 2017Inventors: Efim Hudis, Hani-Hana Neuvirth, Daniel Alon, Royi Ronen, Yair Tor, Gilad Michael Elyashar
-
Publication number: 20170161127Abstract: A system for identifying abnormal resource usage in a data center is provided. In some embodiments, the system employs a prediction model for each of a plurality of resources and an abnormal resource usage criterion. For each of a plurality of resources of the data center, the system retrieves current resource usage data for a current time and past resource usage data for that resource. The system then extracts features from the past resource usage data for that resource, predicts using the prediction model for that resource usage data for the current time based on the extracted features, and determines an error between the predicted resource usage data and the current resource usage data. After determining the error data for the resources, the system determines whether errors satisfy the abnormal resource usage criterion. If so, the system indicates that an abnormal resource usage has occurred.Type: ApplicationFiled: December 20, 2016Publication date: June 8, 2017Inventors: Hani Neuvirth-Telem, Amit Hilbuch, Shay Baruch Nahum, Yehuda Finkelstein, Daniel Alon, Elad Yom-Tov
-
Patent number: 9665460Abstract: A system for identifying abnormal resource usage in a data center is provided. In some embodiments, the system employs a prediction model for each of a plurality of resources and an abnormal resource usage criterion. For each of a plurality of resources of the data center, the system retrieves current resource usage data for a current time and past resource usage data for that resource. The system then extracts features from the past resource usage data for that resource, predicts using the prediction model for that resource usage data for the current time based on the extracted features, and determines an error between the predicted resource usage data and the current resource usage data. After determining the error data for the resources, the system determines whether errors satisfy the abnormal resource usage criterion. If so, the system indicates that an abnormal resource usage has occurred.Type: GrantFiled: May 26, 2015Date of Patent: May 30, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Hani Neuvirth-Telem, Amit Hilbuch, Shay Baruch Nahum, Yehuda Finkelstein, Daniel Alon, Elad Yom-Tov
-
Publication number: 20160350198Abstract: A system for identifying abnormal resource usage in a data center is provided. In some embodiments, the system employs a prediction model for each of a plurality of resources and an abnormal resource usage criterion. For each of a plurality of resources of the data center, the system retrieves current resource usage data for a current time and past resource usage data for that resource. The system then extracts features from the past resource usage data for that resource, predicts using the prediction model for that resource usage data for the current time based on the extracted features, and determines an error between the predicted resource usage data and the current resource usage data. After determining the error data for the resources, the system determines whether errors satisfy the abnormal resource usage criterion. If so, the system indicates that an abnormal resource usage has occurred.Type: ApplicationFiled: May 26, 2015Publication date: December 1, 2016Inventors: Hani Neuvirth-Telem, Amit Hilbuch, Shay Baruch Nahum, Yehuda Finkelstein, Daniel Alon, Elad Yom-Tov
-
Patent number: 9111079Abstract: Embodiments of the invention make the issuance of trustworthy device claims available to client devices as a service, so that a client device to which device claims are issued may use the device claims in relation to an attempt to access a network application. The service may conduct an assessment of the device's characteristics and/or state, characterize the results of this assessment in device claims, and issue the device claims to the device. The service may be accessible to a client device from outside administrative boundaries of an entity that makes a network application accessible, and thus may be useful to entities making network applications accessible in business-to-consumer (B2C) and business-to-business (B2B) topologies, such as over the publicly accessible Internet.Type: GrantFiled: January 27, 2011Date of Patent: August 18, 2015Assignee: Microsoft Technology Licensing, LLCInventors: Eugene (John) Neystadt, Daniel Alon, Yair Tor, Mark Novak, Khaja E. Ahmed, Yoav Yassour
-
Patent number: 8528069Abstract: Embodiments of the invention enable a client device to procure trustworthy device claims describing one or more attributes of the client device, have those device claims included in a data structure having a format suitable for processing by an application, and use the data structure which includes the device claims in connection with a request to access the application. The application may use the device claims to drive any of numerous types of application functionality, such as security-related and/or other functionality.Type: GrantFiled: January 27, 2011Date of Patent: September 3, 2013Assignee: Microsoft CorporationInventors: Mark Novak, Yair Tor, Eugene Neystadt, Yoav Yassour, Alexey Efron, Amos Ortal, Daniel Alon, Ran Didi
-
Publication number: 20120303827Abstract: A policy enforcement system may use device location as a parameter for granting or denying access to a resource. An access policy may include location parameters that may permit or deny access to the resource based on the physical location of the device. In some cases, the location may be authenticated by a server that may verify the device's location. The access policy may grant or deny full or partial access to the resource, which may be a data resource, such as a file, database, URL, or other information, an application resource, or a physical resource such as a network or a peripheral device. The policy enforcement system may use the device location for regulatory compliance, restricting access to sensitive information, or as a primary or secondary condition for limiting access to a resource.Type: ApplicationFiled: May 24, 2011Publication date: November 29, 2012Applicant: MICROSOFT CORPORATIONInventors: Eugene (John) NEYSTADT, Daniel ALON, Daniel ROSE, Elan LEVY
-
Publication number: 20120084851Abstract: Embodiments of the invention make the issuance of trustworthy device claims available to client devices as a service, so that a client device to which device claims are issues may use the device claims in relation to an attempt to access a network application. The service may conduct an assessment of the device's characteristics and/or state, characterize the results of this assessment in device claims, and issue the device claims to the device. The service may be accessible to a client device from outside administrative boundaries of an entity that makes a network application accessible, and thus may be useful to entities making network applications accessible in business-to-consumer (B2C) and business-to-business (B2B) topologies, such as over the publicly accessible Internet.Type: ApplicationFiled: January 27, 2011Publication date: April 5, 2012Applicant: Microsoft CorporationInventors: Eugene (John) Neystadt, Daniel Alon, Yair Tor, Mark Novak, Khaja E. Ahmed, Yoav Yassour
-
Publication number: 20120084850Abstract: Embodiments of the invention enable a client device to procure trustworthy device claims describing one or more attributes of the client device, have those device claims included in a data structure having a format suitable for processing by an application, and use the data structure which includes the device claims in connection with a request to access the application. The application may use the device claims to drive any of numerous types of application functionality, such as security-related and/or other functionality.Type: ApplicationFiled: January 27, 2011Publication date: April 5, 2012Applicant: Microsoft CorporationInventors: Mark Novak, Yair Tor, Eugene (John) Neystadt, Yoav Yassour, Alexey Efron, Amos Ortal, Daniel Alon, Ran Didi