Abstract: The technology described herein determines whether a candidate text is in a requested class by using a generative model that may not be trained on the requested class. The present technology may use of a model trained primarily in an unsupervised mode, without requiring a large number of manual user-input examples of a label class. The may produce a semantically rich positive example of label text from a candidate text and label. Likewise, the technology may produce from the candidate text and the label a semantically rich negative example of label text. The labeling service makes use of a generative model to produce a generative result, which estimates the likelihood that the label properly applies to the candidate text. In another aspect, the technology is directed toward a method for obtaining a semantically rich example that is similar to a candidate text.

Abstract: The filtering of activities generated by nodes of a network while interacting with a device may be performed by evaluating the desirability of the activities (e.g., a spam or not-spam determination of email messages sent by the node) and assigning a trust rating to the node. However, nodes are often identified by network address, and an operator of a node sending undesirable activities may reassign the network address of the node in order to avoid heavy filtering. Instead, nodes may be identified as being controlled by a network entity (e.g., an autonomous system identified in a border gateway protocol routing table.) The network entity is assigned a network entity trust rating based on the trust ratings of the nodes controlled thereby, and an appropriate level of activity filtering based on the network entity trust rating may be selected for subsequent activities received from all nodes controlled by the network entity.

Abstract: A system and method of managing unsolicited email sent to an email system over a network. Email messages are received at an message at an inbound mail transfer agent. A determination is made as to whether the email message is suspected to be an unsolicited suspect message. One or more queries for additional information on one or more characteristics of the message is initiated. Determinations are made based on replies to the queries before issuing a message accepted for delivery indication to a sending server.

Abstract: Network entities controlling a set of nodes may vary by trustworthiness, such as tolerance for nodes that send spam, distribute malware, or perform denial-of-service attacks. A device receiving such activities may identify a trust rating of the network entity and apply appropriately stringent filtering (such as spam evaluation) to activities received from nodes controlled by the network entity. However, a poor trust rating of a network entity may subject a legitimate node controlled by the network entity to inefficiently or unfairly stringent activity filtering. Instead, the device may evaluate the activities of a particular node, assign a trust rating to the node, and if the trust rating of the node is higher than the trust rating of the network entity, apply less stringent activity filtering to the activities of the node, thereby “rescuing” the node from the more stringent activity filtering applied to the other nodes of the network entity.

Abstract: The filtering of activities generated by nodes of a network while interacting with a device may be performed by evaluating the desirability of the activities (e.g., a spam or not-spam determination of email messages sent by the node) and assigning a trust rating to the node. However, nodes are often identified by network address, and an operator of a node sending undesirable activities may reassign the network address of the node in order to avoid heavy filtering. Instead, nodes may be identified as being controlled by a network entity (e.g., an autonomous system identified in a border gateway protocol routing table.) The network entity is assigned a network entity trust rating based on the trust ratings of the nodes controlled thereby, and an appropriate level of activity filtering based on the network entity trust rating may be selected for subsequent activities received from all nodes controlled by the network entity.

Abstract: Network entities controlling a set of nodes may vary by trustworthiness, such as tolerance for nodes that send spam, distribute malware, or perform denial-of-service attacks. A device receiving such activities may identify a trust rating of the network entity and apply appropriately stringent filtering (such as spam evaluation) to activities received from nodes controlled by the network entity. However, a poor trust rating of a network entity may subject a legitimate node controlled by the network entity to inefficiently or unfairly stringent activity filtering. Instead, the device may evaluate the activities of a particular node, assign a trust rating to the node, and if the trust rating of the node is higher than the trust rating of the network entity, apply less stringent activity filtering to the activities of the node, thereby “rescuing” the node from the more stringent activity filtering applied to the other nodes of the network entity.

Abstract: A system and method of managing unsolicited email sent to an email system over a network. Email messages are received at an message at an inbound mail transfer agent. A determination is made as to whether the email message is suspected to be an unsolicited suspect message. One or more queries for additional information on one or more characteristics of the message is initiated. Determinations are made based on replies to the queries before issuing a message accepted for delivery indication to a sending server.

Abstract: Compression and decompression of data such as a sequential list of executable instructions (e.g., program binaries) by uniformly applying a predictive model generated from one segment of the executable list as a common predictive starting point for the other segments of the executable list. This permits random access and decompression of any segment of the executable list once a first segment (or another reference segment) of the executable list has been decompressed. This means that when executing an executable list (e.g., an executable file), a particular segment(s) of the executable list may not need to be accessed and decompressed at all if there are no instructions in that particular segment(s) that are executed.

Abstract: Compressing program binaries with reduced compression ratios. One or several pre-processing acts are performed before performing compression using a local sequential correlation oriented compression technology such as PPM, or one of its variants or improvements. One pre-processing act splits the binaries into several substreams that have high local sequential correlation. Such splitting takes into consideration the correlation between common fields in different instructions as well as the correlation between different fields in the same instruction. Another pre-processing reschedules binary instructions to improve the degree of local sequential correlation without affecting dependencies between instructions. Yet another pre-processing act replaces common operation codes in the instruction with a symbols from a second alphabet, thereby distinguishing between operation codes that have a particular value, and other portions of the instruction that just happen to have the same value.

Abstract: Compressing program binaries with reduced compression ratios. One or several pre-processing acts are performed before performing compression using a local sequential correlation oriented compression technology such as PPM, or one of its variants or improvements. One pre-processing act splits the binaries into several substreams that have high local sequential correlation. Such splitting takes into consideration the correlation between common fields in different instructions as well as the correlation between different fields in the same instruction. Another pre-processing reschedules binary instructions to improve the degree of local sequential correlation without affecting dependencies between instructions. Yet another pre-processing act replaces common operation codes in the instruction with a symbols from a second alphabet, thereby distinguishing between operation codes that have a particular value, and other portions of the instruction that just happen to have the same value.

Abstract: Compressing program binaries with reduced compression ratios. One or several pre-processing acts are performed before performing compression using a local sequential correlation oriented compression technology such as PPM, or one of its variants or improvements. One pre-processing act splits the binaries into several substreams that have high local sequential correlation. Such splitting takes into consideration the correlation between common fields in different instructions as well as the correlation between different fields in the same instruction. Another pre-processing reschedules binary instructions to improve the degree of local sequential correlation without affecting dependencies between instructions. Yet another pre-processing act replaces common operation codes in the instruction with a symbols from a second alphabet, thereby distinguishing between operation codes that have a particular value, and other portions of the instruction that just happen to have the same value.

Abstract: Compression and decompression of data such as a sequential list of executable instructions (e.g., program binaries) by uniformly applying a predictive model generated from one segment of the executable list as a common predictive starting point for the other segments of the executable list. This permits random access and decompression of any segment of the executable list once a first segment (or another reference segment) of the executable list has been decompressed. This means that when executing an executable list (e.g., an executable file), a particular segment(s) of the executable list may not need to be accessed and decompressed at all if there are no instructions in that particular segment(s) that are executed.

Abstract: Compressing program binaries with reduced compression ratios. One or several pre-processing acts are performed before performing compression using a local sequential correlation oriented compression technology such as PPM, or one of its variants or improvements. One pre-processing act splits the binaries into several substreams that have high local sequential correlation. Such splitting takes into consideration the correlation between common fields in different instructions as well as the correlation between different fields in the same instruction. Another pre-processing reschedules binary instructions to improve the degree of local sequential correlation without affecting dependencies between instructions. Yet another pre-processing act replaces common operation codes in the instruction with a symbols from a second alphabet, thereby distinguishing between operation codes that have a particular value, and other portions of the instruction that just happen to have the same value.