Patents by Inventor Sandeep N Bhatt
Sandeep N Bhatt has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11310247Abstract: A machine-readable medium may store instructions executable by a processing resource to access log data of an enterprise and extract time-series data of an enterprise entity from the log data. The time-series data may include measured feature values of a set of selected features over a series of time periods. The instructions may be further executable to train a predictive model specific to the enterprise entity using the time-series data, wherein the predictive model is to generate, for a particular time period, a predicted feature value for each of the selected features; access actual feature values of the enterprise entity for the particular time period; apply first-level deviation criteria to the actual feature value and the predicted feature value of each selected feature to identify deviant features of the enterprise entity; and apply second-level deviation criteria to the identified deviant features to identify the enterprise entity as behaving abnormally.Type: GrantFiled: December 21, 2016Date of Patent: April 19, 2022Assignee: Micro Focus LLCInventors: Pratyusa K Manadhata, Sandeep N Bhatt, Tomas Sander
-
Patent number: 10728264Abstract: A technique includes receiving data identifying behavior anomalies that are exhibited by entities that are associated with a computer system. The technique includes associating the behavior anomalies with contexts based at least in part on threat intelligence to provide modified anomalies. The threat intelligence associates the contexts with indicators of potential breach. The technique includes characterizing the behavior anomaly identification based at least in part on the threat intelligence. The characterization includes applying machine learning to features of the modified anomalies to classify the identified behavior anomalies.Type: GrantFiled: February 15, 2017Date of Patent: July 28, 2020Assignee: Micro Focus LLCInventors: Sandeep N. Bhatt, Pratyusa K. Manadhata, Tomas Sander
-
Patent number: 10686817Abstract: Examples determine a number of hosts, within an enterprise, which are resolving a particular domain. Based on the number of hosts within the enterprise resolving the particular domain, the examples identify whether the particular domain is benign.Type: GrantFiled: September 21, 2015Date of Patent: June 16, 2020Assignee: Hewlett Packard Enterprise Development LPInventors: Prasad V. Rao, Sandeep N. Bhatt, William G. Horne, Pratyusa K. Manadhata, Miranda Jane Felicity Mowbray
-
Publication number: 20180255083Abstract: Examples determine a number of hosts, within an enterprise, which are resolving a particular domain. Based on the number of hosts within the enterprise resolving the particular domain, the examples identify whether the particular domain is benign.Type: ApplicationFiled: September 21, 2015Publication date: September 6, 2018Inventors: Prasad V. Rao, Sandeep N. Bhatt, William G. Home, Pratyusa K. Manadhata, Miranda Jane Felicity Mowbray
-
Publication number: 20180234445Abstract: A technique includes receiving data identifying behavior anomalies that are exhibited by entities that are associated with a computer system. The technique includes associating the behavior anomalies with contexts based at least in part on threat intelligence to provide modified anomalies. The threat intelligence associates the contexts with indicators of potential breach. The technique includes characterizing the behavior anomaly identification based at least in part on the threat intelligence. The characterization includes applying machine learning to features of the modified anomalies to classify the identified behavior anomalies.Type: ApplicationFiled: February 15, 2017Publication date: August 16, 2018Inventors: Sandeep N. Bhatt, Pratyusa K. Manadhata, Tomas Sander
-
Publication number: 20180176241Abstract: A machine-readable medium may store instructions executable by a processing resource to access log data of an enterprise and extract time-series data of an enterprise entity from the log data. The time-series data may include measured feature values of a set of selected features over a series of time periods. The instructions may be further executable to train a predictive model specific to the enterprise entity using the time-series data, wherein the predictive model is to generate, for a particular time period, a predicted feature value for each of the selected features; access actual feature values of the enterprise entity for the particular time period; apply first-level deviation criteria to the actual feature value and the predicted feature value of each selected feature to identify deviant features of the enterprise entity; and apply second-level deviation criteria to the identified deviant features to identify the enterprise entity as behaving abnormally.Type: ApplicationFiled: December 21, 2016Publication date: June 21, 2018Inventors: Pratyusa K Manadhata, Sandeep N Bhatt, Tomas Sander
-
Patent number: 9456001Abstract: Systems, methods, and machine-readable and executable instructions are provided for attack notification. Attack notification can include receiving security-related data from a number of computing devices that are associated with a number of entities through a communication link and analyzing a first portion of the security-related data that is associated with a first entity from the number of entities to determine whether the first entity has experienced an attack. Attack notification can include analyzing a second portion of the security-related data that is associated with a second entity from the number of entities and the first portion of the security-related data that is associated with the first entity to determine whether the second entity is experiencing the attack. Attack notification can include notifying, through the communication link, the second entity that the second entity is experiencing the attack if it is determined that the second entity is experiencing the attack.Type: GrantFiled: January 31, 2013Date of Patent: September 27, 2016Assignee: Hewlett Packard Enterprise Development LPInventors: Sandeep N. Bhatt, Tomas Sander, Anurag Singla
-
Patent number: 9275348Abstract: Identifying participants for collaboration in a threat exchange community can include receiving security data from a plurality of participants at a threat exchange server within the threat exchange community; and in response to receiving from a first participant from the plurality of participants security data associated with a security occurrence, identifying at the threat exchange server the first participant and a second participant from the plurality of participants for collaboration based on characteristics of the first participant and the second participant.Type: GrantFiled: January 31, 2013Date of Patent: March 1, 2016Assignee: Hewlett Packard Enterprise Development LPInventors: Sandeep N. Bhatt, William G. Horne, Daniel L. Moor, Suranjan Pramanik, Tomas Sander
-
Patent number: 9253038Abstract: Instances of router models and filter models respectively are populated with configuration data from routers and filters in a network. A route advertising graph is derived from the router model instances. The route advertising graph indicates propagation of routes between the ones of the real-world devices serving as routers according to routing protocols implemented by the ones of the real-world devices serving as routers. Consolidated routing data is determined for the ones of the real-world devices serving as routers. In this process, the propagation of routes indicated by the route advertising graph is iterated to stability. For a destination node in the network, a respective route graph indicating available paths to the destination node from each source node in the network is constructed from the consolidated routing data. Services between each source node and the destination node are classified based on a full traversal of the route advertising graph.Type: GrantFiled: August 4, 2009Date of Patent: February 2, 2016Assignee: Hewlett-Packard Development Company, L.P.Inventors: Sandeep N Bhatt, Prasad V Rao, Cat Okita
-
Publication number: 20160014041Abstract: In one implementation, a resource reference classification system includes a selection engine and a classification engine. The selection engine is to access a plurality of resource request records based on resource requests intercepted from a plurality of clients, and to select resource request records from the plurality of resource request records intercepted from a client from the plurality of clients. Each resource request record from the plurality of resource request records includes a resource reference. The classification engine is to identify, independent of the client, a root resource reference and a plurality of child resource references of the root resource reference from the resource request records.Type: ApplicationFiled: February 28, 2013Publication date: January 14, 2016Inventors: Pratyusa K Manadhata, Sandeep N Bhatt, William G Home, Prasad V Rao
-
Patent number: 9143517Abstract: Threat exchange information protection can include receiving security information from a number of participants of a threat exchange community, wherein a portion of the received security information is encoded with pseudonyms by each of the number of participants, analyzing the security information collectively from the number of participants, wherein the portion of the received security information remains encoded, and sending analysis results to each of the number of participants, wherein the analysis results include information relating to the portion.Type: GrantFiled: January 31, 2013Date of Patent: September 22, 2015Assignee: Hewlett-Packard Development Company, L.P.Inventors: William G. Horne, Daniel L. Moor, Richard D. Austin, Tomas Sander, Prasad V. Rao, Sandeep N. Bhatt
-
Publication number: 20140215607Abstract: Threat exchange information protection can include receiving security information from a number of participants of a threat exchange community, wherein a portion of the received security information is encoded with pseudonyms by each of the number of participants, analyzing the security information collectively from the number of participants, wherein the portion of the received security information remains encoded, and sending analysis results to each of the number of participants, wherein the analysis results include information relating to the portion.Type: ApplicationFiled: January 31, 2013Publication date: July 31, 2014Applicant: Hewlett-Packard Development Company, L.P.Inventors: William G. Horne, Daniel L. Moor, Richard D. Austin, Tomas Sander, Prasad V. Rao, Sandeep N. Bhatt
-
Publication number: 20140215616Abstract: Systems, methods, and machine-readable and executable instructions are provided for attack notification. Attack notification can include receiving security-related data from a number of computing devices that are associated with a number of entities through a communication link and analyzing a first portion of the security-related data that is associated with a first entity from the number of entities to determine whether the first entity has experienced an attack. Attack notification can include analyzing a second portion of the security-related data that is associated with a second entity from the number of entities and the first portion of the security-related data that is associated with the first entity to determine whether the second entity is experiencing the attack. Attack notification can include notifying, through the communication link, the second entity that the second entity is experiencing the attack if it is determined that the second entity is experiencing the attack.Type: ApplicationFiled: January 31, 2013Publication date: July 31, 2014Applicant: Hewlett-Packard Development Company, L.P.Inventors: Sandeep N. Bhatt, Tomas Sander, Anurag Singla
-
Publication number: 20140214938Abstract: Identifying participants for collaboration in a threat exchange community can include receiving security data from a plurality of participants at a threat exchange server within the threat exchange community; and in response to receiving from a first participant from the plurality of participants security data associated with a security occurrence, identifying at the threat exchange server the first participant and a second participant from the plurality of participants for collaboration based on characteristics of the first participant and the second participant.Type: ApplicationFiled: January 31, 2013Publication date: July 31, 2014Applicant: Hewlett-Packard Development Company, L.P.Inventors: Sandeep N. Bhatt, William G. Horne, Daniel I. Moor, Suranjan Pramanik, Tomas Sander
-
Patent number: 8345974Abstract: An image is segmented into image regions. Each of the image regions is represented by a respective vertex. A graph of the vertices interconnected by edges, each of which has a respective edge weight value, is built. The graph is partitioned into respective disjoint subgraphs based on the edge weight values. The partitioning of one or more of the subgraphs into respective subgraphs is repeated. A partition tree data structure that describes a partitioning hierarchy of parent-child relationships between the subgraphs is produced.Type: GrantFiled: July 14, 2009Date of Patent: January 1, 2013Assignee: Hewlett-Packard Development Company, L.P.Inventors: Ruth Bergman, Sandeep N Bhatt, Renato Keshet
-
Publication number: 20110252479Abstract: A method for analyzing risk to a system, the method being carried out by a computer having a processor and system memory, includes the steps of inputting data representing multiple threat objectives that comprise the risk, calculating a residual risk for each threat objective in view of a plurality of control mechanisms, and generating output representing an overall residual risk to the system that is a combination of the residual risks.Type: ApplicationFiled: April 8, 2010Publication date: October 13, 2011Inventors: Yolanta Beresnevichiene, Sandeep N. Bhatt, William G. Horne, Tari Schreider
-
Publication number: 20110142051Abstract: Instances of router models and filter models respectively are populated with configuration data from routers and filters in a network (20). A route advertising graph is derived from the router model instances (21). The route advertising graph indicates propagation of routes between the ones of the real-world devices serving as routers according to routing protocols implemented by the ones of the real-world devices serving as routers. Consolidated routing data is determined for the ones of the real-world devices serving as routers (21). In this process, the propagation of routes indicated by the route advertising graph is iterated to stability. For a destination node in the network, a respective route graph indicating available paths to the destination node from each source node in the network is constructed from the consolidated routing data (22). Services between each source node and the destination node are classified based on a full traversal of the route advertising graph (23).Type: ApplicationFiled: August 4, 2009Publication date: June 16, 2011Inventors: Sandeep N. Bhatt, Prasad V. Rao, Cat Okita
-
Publication number: 20110013837Abstract: An image is segmented into image regions. Each of the image regions is represented by a respective vertex. A graph of the vertices interconnected by edges, each of which has a respective edge weight value, is built. The graph is partitioned into respective disjoint subgraphs based on the edge weight values. The partitioning of one or more of the subgraphs into respective subgraphs is repeated. A partition tree data structure that describes a partitioning hierarchy of parent-child relationships between the subgraphs is produced.Type: ApplicationFiled: July 14, 2009Publication date: January 20, 2011Inventors: Ruth Bergman, Sandeep N. Bhatt, Renato Keshet