Patents by Inventor Amin Hassanzadeh

Amin Hassanzadeh has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11907407
    Abstract: Implementations of the present disclosure include providing a graph representative of a network, a set of nodes representing respective assets, each edge representing one or more lateral paths between assets, the graph data including configurations affecting at least one impact that has an effect on an asset, determining multiple sets of fixes for configurations, each fix having a cost associated therewith, incorporating fix data of the sets of fixes into the graph, defining a set of fixes including one or more fixes from the multiple sets of fixes by defining an optimization problem that identifies one or more impacts that are to be nullified and executing resolving the optimization problem to define the set of fixes, each fix in the set of fixes being associated with a respective configuration in the graph, and scheduling performance of each fix in the set of fixes based on one or more operational constraints.
    Type: Grant
    Filed: December 15, 2021
    Date of Patent: February 20, 2024
    Assignee: Accenture Global Solutions Limited
    Inventors: Eitan Hadar, Amin Hassanzadeh, Anup Nayak
  • Patent number: 11838310
    Abstract: Implementations of the present disclosure include providing graph data defining a graph that is representative of an enterprise network, the graph including nodes and edges between nodes, each node representing an asset within the enterprise network, and each edge representing one or more lateral attack paths between assets in the enterprise network, determining, for each node, an incoming value based on attributes of a set of incoming edges and an outgoing value based on attributes of a set of outgoing edges, the attributes including a number of edges and semantic types of the edges, at least one cardinality value of each node being determined based on one or more of the incoming value and the outgoing value of the node, receiving input representative of filter parameters, generating a sub-graph based on attributes of the nodes and the filter parameters, and displaying, by the visualization platform, the sub-graph in a display.
    Type: Grant
    Filed: October 20, 2021
    Date of Patent: December 5, 2023
    Assignee: Accenture Global Solutions Limited
    Inventors: Eitan Hadar, Amin Hassanzadeh, Lisa O'Connor
  • Patent number: 11831675
    Abstract: Implementations are directed to receiving analytical attack graph (AAG) data representative of one or more AAGs, each AAG representing one or more lateral paths between configuration items within an enterprise network, calculating, for each configuration item in a set of configuration items, a process risk value for each impact in a set of impacts achievable within the configuration item, for a first impact, a first process risk value being calculated based on a multi-path formula in response to determining that multiple paths in the AAG lead to the first impact, and, for a second impact, a second process risk value being calculated based on a single-path formula in response to determining that a single path in the AAG leads to the second impact, and determining that at least one process risk value exceeds a threshold process risk value, and in response, adjusting one or more security controls within the enterprise network.
    Type: Grant
    Filed: October 26, 2020
    Date of Patent: November 28, 2023
    Assignee: Accenture Global Solutions Limited
    Inventors: Amin Hassanzadeh, Anup Nayak, MD Sharif Ullah
  • Patent number: 11822702
    Abstract: Implementations of the present disclosure include providing, by a security platform, graph data defining a graph that is representative of an enterprise network, the graph including nodes and edges between nodes, a set of nodes representing respective assets within the enterprise network, and a node representing a process executed within a system of the enterprise, each edge representing at least a portion of one or more lateral paths between assets in the enterprise network, determining, for each asset, a contribution value indicating a contribution of a respective asset to operation of the process, determining, for each asset, an impact value based on a total value of the process and a respective contribution value of the asset, and implementing one or more remediations based on a set of impact values determined for the assets, each remediation mitigating a cyber-security risk within the enterprise network.
    Type: Grant
    Filed: March 7, 2022
    Date of Patent: November 21, 2023
    Assignee: Accenture Global Solutions Limited
    Inventors: Eitan Hadar, Amin Hassanzadeh, Dani Grabois, Gil Fidel, Avraham Dayan
  • Publication number: 20230370254
    Abstract: Methods, systems and apparatus for implementing a secure quantum swap operation on a first and second qubit. In one aspect a method includes establishing, by a first party and with a second party, an agreement to use a secure swap protocol; performing the quantum swap operation, comprising, for each two-qubit gate included in the quantum swap operation: performing, by the first party and according to the secure swap protocol, a respective preceding quantum gate cipher on the first qubit; performing, by the first party and the second party, the two-qubit gate on the first qubit and the second qubit; and performing, by the first party and according to the secure swap protocol, a respective succeeding quantum gate cipher on the first qubit. The preceding and succeeding quantum gate ciphers comprise computational bases that anti-commute with a computational basis of the two-qubit gate across a second axis of the Bloch sphere.
    Type: Application
    Filed: May 13, 2022
    Publication date: November 16, 2023
    Inventors: Benjamin Glen McCarty, Amin Hassanzadeh
  • Patent number: 11811816
    Abstract: Implementations of the present disclosure include providing a graph that is representative of an enterprise network and includes nodes and edges, a set of nodes representing assets within the enterprise network, each edge representing a lateral movement path between assets, determining, for each asset, a contribution value indicating a contribution of an asset, determining lateral movements paths between a first asset and a second asset, providing a lateral movement path value representative of a difficulty in traversing a respective lateral movement path, identifying a set of remediations based on remediations defined for one or more vulnerabilities associated with issues identified for assets, each remediation mitigating a cyber-security risk within the enterprise network, and prioritizing the two or more remediations based on contribution values of assets, lateral movement path values of paths, and one of lateral movement complexity values of respective segments of paths and costs of respective remediation
    Type: Grant
    Filed: September 30, 2021
    Date of Patent: November 7, 2023
    Assignee: Accenture Global Solutions Limited
    Inventors: Eitan Hadar, Amin Hassanzadeh, Dani Grabois, Gil Fidel
  • Publication number: 20230289604
    Abstract: Aspects of the present disclosure provide systems, methods, and computer-readable storage media that support security-aware compression of machine learning (ML) and/or artificial intelligence (AI) models, such as for use by edge computing systems. Aspects described herein leverage cybersecurity threat models, particularly models of ML/AI-based threats, during iterative pruning to improve security of compressed ML models. To illustrate, iterative pruning may be performed on a pre-trained ML model until stop criteria are satisfied. This iterative pruning may include pruning an input ML model based on pruning heuristic(s) to generate a candidate ML model, testing the candidate ML model based on attack model(s) to generate risk assessment metrics, and updating the heuristic(s) based on the risk assessment metrics. If the risk assessment metrics fail to satisfy the stop criteria, the candidate ML model may be provided as input to a next iteration of the iterative pruning.
    Type: Application
    Filed: March 8, 2022
    Publication date: September 14, 2023
    Inventors: Matthew Chan, Amin Hassanzadeh
  • Publication number: 20230274003
    Abstract: A device may receive a machine learning model and training data utilized to train the machine learning model, and may perform a data veracity assessment of the training data to identify and remove poisoned data from the training data. The device may perform an adversarial assessment of the machine learning model to generate adversarial attacks and to provide defensive capabilities for the adversarial attacks, and may perform a membership inference assessment of the machine learning model to generate membership inference attacks and to provide secure training data as a defense for the membership inference attacks. The device may perform a model extraction assessment of the machine learning model to identify model extraction vulnerabilities and to provide a secure application programming interface as a defense to the model extraction vulnerabilities, and may perform actions based on results of one or more of the assessments.
    Type: Application
    Filed: February 28, 2022
    Publication date: August 31, 2023
    Inventors: Changwei LIU, Louis DIVALENTIN, Neil Hayden LIBERMAN, Amin HASSANZADEH, Benjamin Glen MCCARTY, Malek BEN SALEM
  • Patent number: 11722503
    Abstract: Embodiments of the present disclosure provide centralized and coordinate learning techniques for identifying malicious e-mails while maintaining privacy of the analyzed e-mails of different organizations. One or more models may be generated and configured to construct feature sets that may be used to characterize e-mails as malicious or safe. Feedback associated with one or more models trained by a first organization (and other organizations) may be shared with a modelling device to modify parameters of the one or more models, where the modified parameters are configured to improve identification of malicious e-mail threats. The feedback provided by the first organization may not include e-mails received by the first organization, thereby enabling the privacy of the e-mails received by the first organization to be maintained in an confidential manner even though the updated parameters may be shared with a second organization.
    Type: Grant
    Filed: May 5, 2020
    Date of Patent: August 8, 2023
    Assignee: Accenture Global Solutions Limited
    Inventors: Amin Hassanzadeh, Benjamin Glen McCarty
  • Publication number: 20230025754
    Abstract: Aspects of the present disclosure provide systems, methods, and computer-readable storage media that support secure training of machine learning (ML) models that preserves privacy in untrusted environments using distributed executable file packages. The executable file packages may include files, libraries, scripts, and the like that enable a cloud service provider configured to provide ML model training based on non-encrypted data to also support homomorphic encryption of data and ML model training with one or more clients, particularly for a diagnosis prediction model trained using medical data. Because the training is based on encrypted client data, private client data such as patient medical data may be used to train the diagnosis prediction model without exposing the client data to the cloud service provider or others. Using homomorphic encryption enables training of the diagnosis prediction model using encrypted data without requiring decryption prior to training.
    Type: Application
    Filed: July 22, 2021
    Publication date: January 26, 2023
    Inventors: Amin Hassanzadeh, Neil Hayden Liberman, Aolin Ding, Malek Ben Salem
  • Patent number: 11558196
    Abstract: Examples of privacy preserving authentication are provided. A system may obtain a first input from a user on a touchpad. The touchpad may include a sensor array with multiple force sensitive resistors. Further, the system may identify a set of sensor electrodes of the sensor array that may be actuated on receiving the first input. The system may further determine a region of interest on the touchpad. Furthermore, the system may construct various matrices indicative of position, pressure, and directional characteristics associated with the user input. Furthermore, the system may generate a feature vector based on processing the matrices through a neural network. Furthermore, the system may generate an encrypted feature vector based on encrypting the feature vector by using a private key of the user and a homomorphic encryption function. The system may further provide an authorized access to the user based on performing authentication of the user using the encrypted feature vector.
    Type: Grant
    Filed: December 7, 2020
    Date of Patent: January 17, 2023
    Assignee: ACCENTURE GLOBAL SOLUTIONS LIMITED
    Inventors: Amin Hassanzadeh, Aditi Maheshwari
  • Publication number: 20220414661
    Abstract: Aspects of the present disclosure provide systems, methods, and computer-readable storage media that support cooperative training of machine learning (ML) models that preserves privacy in untrusted environments using distributed executable file packages. The executable file packages may include files, libraries, scripts, and the like that enable a cloud service provider configured to provide server-side ML model training to also support cooperative ML model training with multiple clients, particularly for a fraud prediction model for financial transactions. Because the cooperative training includes the clients training respective ML models and the server aggregating the trained ML models, private client data such as financial transaction data may be used to train the fraud prediction model without exposing the client data to others. Such cooperative ML model training enables offloading of computing resource-intensive training from client devices to the server and may train a more robust fraud detection model.
    Type: Application
    Filed: June 23, 2021
    Publication date: December 29, 2022
    Inventors: Amin Hassanzadeh, Neil Hayden Liberman, Aolin Ding, Malek Ben Salem
  • Patent number: 11522882
    Abstract: Implementations are directed to methods for detecting and identifying advanced persistent threats (APTs) in networks, including receiving first domain activity data from a first network domain and second domain activity data from a second network domain, including multiple alerts from the respective first and second network domains and where each alert of the multiple alerts results from one or more detected events in the respective first or second network domains. A classification determined for each alert of the multiple alerts with respect to a cyber kill chain. A dependency is then determined for each of one or more pairs of alerts and a graphical visualization of the multiple alerts is generated, where the graphical visualization includes multiple nodes and edges between the nodes, each node corresponding to the cyber kill chain and representing at least one alert, and each edge representing a dependency between alerts.
    Type: Grant
    Filed: October 19, 2020
    Date of Patent: December 6, 2022
    Assignee: Accenture Global Solutions Limited
    Inventors: Amin Hassanzadeh, Azzedine Benameur, Robin Lynn Burkett, Apoorv Krishak, Chien An Chen, Nahid Farhady Ghalaty
  • Publication number: 20220300618
    Abstract: Aspects of the present disclosure provide systems, methods, and computer-readable storage media that support cooperative training of machine learning (ML) models that preserves privacy in untrusted environments. For example, a server (or cloud-based computing device(s)) may be configured to “split” an initial ML model into various partial ML models, some of which are provided to client devices for training based on client-specific data. Output data generated during the training at the client devices may be provided to the server for use in training corresponding server-side partial ML models. After training of the partial ML models is complete, the server may aggregate the trained partial ML models to construct an aggregate ML model for deployment to the client devices. Because the client data is not shared with other entities, privacy is maintained, and the splitting of the ML models enables offloading of computing resource-intensive training from client devices to the server.
    Type: Application
    Filed: March 15, 2022
    Publication date: September 22, 2022
    Inventors: Aolin Ding, Amin Hassanzadeh
  • Publication number: 20220188460
    Abstract: Implementations of the present disclosure include providing, by a security platform, graph data defining a graph that is representative of an enterprise network, the graph including nodes and edges between nodes, a set of nodes representing respective assets within the enterprise network, and a node representing a process executed within a system of the enterprise, each edge representing at least a portion of one or more lateral paths between assets in the enterprise network, determining, for each asset, a contribution value indicating a contribution of a respective asset to operation of the process, determining, for each asset, an impact value based on a total value of the process and a respective contribution value of the asset, and implementing one or more remediations based on a set of impact values determined for the assets, each remediation mitigating a cyber-security risk within the enterprise network.
    Type: Application
    Filed: March 7, 2022
    Publication date: June 16, 2022
    Inventors: Eitan Hadar, Amin Hassanzadeh, Dani Grabois, Gil Fidel, Avraham Dayan
  • Publication number: 20220182239
    Abstract: Examples of privacy preserving authentication are provided. A system may obtain a first input from a user on a touchpad. The touchpad may include a sensor array with multiple force sensitive resistors. Further, the system may identify a set of sensor electrodes of the sensor array that may be actuated on receiving the first input. The system may further determine a region of interest on the touchpad. Furthermore, the system may construct various matrices indicative of position, pressure, and directional characteristics associated with the user input. Furthermore, the system may generate a feature vector based on processing the matrices through a neural network. Furthermore, the system may generate an encrypted feature vector based on encrypting the feature vector by using a private key of the user and a homomorphic encryption function. The system may further provide an authorized access to the user based on performing authentication of the user using the encrypted feature vector.
    Type: Application
    Filed: December 7, 2020
    Publication date: June 9, 2022
    Applicant: ACCENTURE GLOBAL SOLUTIONS LIMITED
    Inventors: Amin HASSANZADEH, Aditi MAHESHWARI
  • Publication number: 20220129590
    Abstract: Implementations of the present disclosure include providing a graph representative of a network, a set of nodes representing respective assets, each edge representing one or more lateral paths between assets, the graph data including configurations affecting at least one impact that has an effect on an asset, determining multiple sets of fixes for configurations, each fix having a cost associated therewith, incorporating fix data of the sets of fixes into the graph, defining a set of fixes including one or more fixes from the multiple sets of fixes by defining an optimization problem that identifies one or more impacts that are to be nullified and executing resolving the optimization problem to define the set of fixes, each fix in the set of fixes being associated with a respective configuration in the graph, and scheduling performance of each fix in the set of fixes based on one or more operational constraints.
    Type: Application
    Filed: December 15, 2021
    Publication date: April 28, 2022
    Inventors: Eitan Hadar, Amin Hassanzadeh, Anup Nayak
  • Publication number: 20220131894
    Abstract: Implementations are directed to receiving analytical attack graph (AAG) data representative of one or more AAGs, each AAG representing one or more lateral paths between configuration items within an enterprise network, calculating, for each configuration item in a set of configuration items, a process risk value for each impact in a set of impacts achievable within the configuration item, for a first impact, a first process risk value being calculated based on a multi-path formula in response to determining that multiple paths in the AAG lead to the first impact, and, for a second impact, a second process risk value being calculated based on a single-path formula in response to determining that a single path in the AAG leads to the second impact, and determining that at least one process risk value exceeds a threshold process risk value, and in response, adjusting one or more security controls within the enterprise network.
    Type: Application
    Filed: October 26, 2020
    Publication date: April 28, 2022
    Inventors: Amin Hassanzadeh, Anup Nayak, MD Sharif Ullah
  • Patent number: 11281806
    Abstract: Implementations of the present disclosure include providing, by a security platform, graph data defining a graph that is representative of an enterprise network, the graph including nodes and edges between nodes, a set of nodes representing respective assets within the enterprise network, and a node representing a process executed within a system of the enterprise, each edge representing at least a portion of one or more lateral paths between assets in the enterprise network, determining, for each asset, a contribution value indicating a contribution of a respective asset to operation of the process, determining, for each asset, an impact value based on a total value of the process and a respective contribution value of the asset, and implementing one or more remediations based on a set of impact values determined for the assets, each remediation mitigating a cyber-security risk within the enterprise network.
    Type: Grant
    Filed: August 29, 2019
    Date of Patent: March 22, 2022
    Assignee: Accenture Global Solutions Limited
    Inventors: Eitan Hadar, Amin Hassanzadeh, Dani Grabois, Gil Fidel, Avraham Dayan
  • Patent number: 11277432
    Abstract: Implementations of the present disclosure include providing a state graph representative of a set of action states within a network, each action state representing an attack that can be performed by an adversary within the network, determining a path stealthiness value for each attack path of a set of attack paths within the network, path stealthiness values being determined based on a mapping that maps each action state to one or more technique-tactic pairs and one or more security controls, determining a path hardness value for each attack path of the set of attack paths within the network, path hardness values being determined based on a state correlation matrix that correlates action states relative to each other, and a decay factor that represents a reduction in effort required to repeatedly perform an action of an action state, and selectively generating one or more alerts based on one or more of path stealthiness values and path hardness values.
    Type: Grant
    Filed: August 29, 2019
    Date of Patent: March 15, 2022
    Assignee: Accenture Global Solutions Limited
    Inventors: Amin Hassanzadeh, Anup Nayak, Md Sharif Ullah