Patents by Inventor Anna Swanson BERTIGER
Anna Swanson BERTIGER has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11949701Abstract: Disclosed is a scalable, graph-based approach to detecting anomalous accesses to resources in a computer network. Access events are represented as edges between resource nodes and accessing nodes (e.g., corresponding to users) in a bipartite graph, from which vector representations of the nodes that reflect the connections can be computed by graph embedding. For an access event of interest, an anomaly score may be computed based on dissimilarities, in terms of their embedding distances, between the associated accessing node and other accessing nodes that have accessed the same resource, and/or between the associated resource node and other resource nodes that have been accessed by the same accessing node.Type: GrantFiled: October 1, 2021Date of Patent: April 2, 2024Assignee: Microsoft Technology Licensing, LLCInventors: Anna Swanson Bertiger, Alexander Donald Modell, Jonathan Karl Larson
-
Patent number: 11870796Abstract: Disclosed are systems and methods for temporal link prediction based on (generalized) random dot product graphs (RDPGs), as well as applications of such temporal link prediction to network anomaly detection. In various embodiments, starting from a time series of adjacency matrices characterizing the evolution of the network, spectral embeddings and time-series models are used to predict estimated link probabilities for a future point in time, and the predicted link probabilities are compared against observed links to identify anomalous behavior. In some embodiments, element-wise independent models are used in the prediction to take network dynamics into account at the granularity of individual nodes or edges.Type: GrantFiled: July 20, 2022Date of Patent: January 9, 2024Assignee: Microsoft Technology Licensing, LLCInventors: Anna Swanson Bertiger, Francesco Sanna Passino, Joshua Neil
-
Publication number: 20230275907Abstract: In network security systems, graph-based techniques can be used to identify, for any given security incident including a collection of security events, other incidents that are similar. In example embodiments, similarity is determined based on graph representations of the incidents in which security events are represented as nodes, using graph matching techniques or incident thumbprints computed from node embeddings. The identified similar incidents can provide context to inform threat assessment and the selection of appropriate mitigating actions.Type: ApplicationFiled: February 28, 2022Publication date: August 31, 2023Inventors: Anna Swanson BERTIGER, Daniel Lee MACE, Andrew White WICKER
-
Publication number: 20230129144Abstract: Embodiments of the present disclosure provide systems, methods, and non-transitory computer storage media for identifying malicious enterprise behaviors within a large enterprise. At a high level, embodiments of the present disclosure identify sub-graphs of behaviors within an enterprise based on probabilistic and deterministic methods. For example, starting with the node or edge having the highest risk score, embodiments of the present disclosure iteratively crawl a list of neighbors associated with the nodes or edges to identify subsets of behaviors within an enterprise that indicate potentially malicious activity based on the risk scores of each connected node and edge. In another example, embodiments select a target node and traverse the connected nodes via edges until a root-cause condition is met. Based on the traversal, a sub-graph is identified indicating a malicious execution path of traversed nodes with associated insights indicating the meaning or activity of the node.Type: ApplicationFiled: December 22, 2022Publication date: April 27, 2023Inventors: Joshua Charles NEIL, Evan John Argyle, Anna Swanson Bertiger, Lior Granit, Yair Tsarfaty, David Natan Kaplan
-
Publication number: 20230053182Abstract: Disclosed is a scalable, graph-based approach to detecting anomalous accesses to resources in a computer network. Access events are represented as edges between resource nodes and accessing nodes (e.g., corresponding to users) in a bipartite graph, from which vector representations of the nodes that reflect the connections can be computed by graph embedding. For an access event of interest, an anomaly score may be computed based on dissimilarities, in terms of their embedding distances, between the associated accessing node and other accessing nodes that have accessed the same resource, and/or between the associated resource node and other resource nodes that have been accessed by the same accessing node.Type: ApplicationFiled: October 1, 2021Publication date: February 16, 2023Inventors: Anna Swanson BERTIGER, Alexander Donald MODELL, Jonathan Karl LARSON
-
Patent number: 11556636Abstract: Embodiments of the present disclosure provide systems, methods, and non-transitory computer storage media for identifying malicious enterprise behaviors within a large enterprise. At a high level, embodiments of the present disclosure identify sub-graphs of behaviors within an enterprise based on probabilistic and deterministic methods. For example, starting with the node or edge having the highest risk score, embodiments of the present disclosure iteratively crawl a list of neighbors associated with the nodes or edges to identify subsets of behaviors within an enterprise that indicate potentially malicious activity based on the risk scores of each connected node and edge. In another example, embodiments select a target node and traverse the connected nodes via edges until a root-cause condition is met. Based on the traversal, a sub-graph is identified indicating a malicious execution path of traversed nodes with associated insights indicating the meaning or activity of the node.Type: GrantFiled: June 30, 2020Date of Patent: January 17, 2023Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Joshua Charles Neil, Evan John Argyle, Anna Swanson Bertiger, Lior Granit, Yair Tsarfaty, David Natan Kaplan
-
Publication number: 20220377097Abstract: Disclosed are systems and methods for temporal link prediction based on (generalized) random dot product graphs (RDPGs), as well as applications of such temporal link prediction to network anomaly detection. In various embodiments, starting from a time series of adjacency matrices characterizing the evolution of the network, spectral embeddings and time-series models are used to predict estimated link probabilities for a future point in time, and the predicted link probabilities are compared against observed links to identify anomalous behavior. In some embodiments, element-wise independent models are used in the prediction to take network dynamics into account at the granularity of individual nodes or edges.Type: ApplicationFiled: July 20, 2022Publication date: November 24, 2022Inventors: Anna Swanson BERTIGER, Francesco SANNA PASSINO, Joshua NEIL
-
Patent number: 11418526Abstract: Disclosed are systems and methods for temporal link prediction based on (generalized) random dot product graphs (RDPGs), as well as applications of such temporal link prediction to network anomaly detection. In various embodiments, starting from a time series of adjacency matrices characterizing the evolution of the network, spectral embeddings and time-series models are used to predict estimated link probabilities for a future point in time, and the predicted link probabilities are compared against observed links to identify anomalous behavior. In some embodiments, element-wise independent models are used in the prediction to take network dynamics into account at the granularity of individual nodes or edges.Type: GrantFiled: May 31, 2020Date of Patent: August 16, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Anna Swanson Bertiger, Francesco Sanna Passino, Joshua Neil
-
Publication number: 20220224721Abstract: In a computer network monitored for security threats, security incidents corresponding to groups of mutually related security alerts may be ranked based on values of a diversity metric computed for each incident from attribute values of an attribute, or multiple attributes, associated with the security alerts. In some embodiments, values of attribute-specific sub-metrics are determined for each incident and combined, e.g., upon conversion to p-values, into respective values of the overall diversity metric. Based on the ranking, an output may be generated. For example, a ranked list of the security incidents (or a subset thereof) may be communicated to a security administrator, and/or may trigger an automated mitigating action.Type: ApplicationFiled: January 13, 2021Publication date: July 14, 2022Inventors: Anna Swanson Bertiger, Michael Steven Flowers
-
Publication number: 20210406365Abstract: Embodiments of the present disclosure provide systems, methods, and non-transitory computer storage media for identifying malicious enterprise behaviors within a large enterprise. At a high level, embodiments of the present disclosure identify sub-graphs of behaviors within an enterprise based on probabilistic and deterministic methods. For example, starting with the node or edge having the highest risk score, embodiments of the present disclosure iteratively crawl a list of neighbors associated with the nodes or edges to identify subsets of behaviors within an enterprise that indicate potentially malicious activity based on the risk scores of each connected node and edge. In another example, embodiments select a target node and traverse the connected nodes via edges until a root-cause condition is met. Based on the traversal, a sub-graph is identified indicating a malicious execution path of traversed nodes with associated insights indicating the meaning or activity of the node.Type: ApplicationFiled: June 30, 2020Publication date: December 30, 2021Inventors: Joshua Charles Neil, Evan John Argyle, Anna Swanson Bertiger, Lior Granit, Yair Tsarfaty, David Natan Kaplan
-
Publication number: 20210194907Abstract: Disclosed are systems and methods for temporal link prediction based on (generalized) random dot product graphs (RDPGs), as well as applications of such temporal link prediction to network anomaly detection. In various embodiments, starting from a time series of adjacency matrices characterizing the evolution of the network, spectral embeddings and time-series models are used to predict estimated link probabilities for a future point in time, and the predicted link probabilities are compared against observed links to identify anomalous behavior. In some embodiments, element-wise independent models are used in the prediction to take network dynamics into account at the granularity of individual nodes or edges.Type: ApplicationFiled: May 31, 2020Publication date: June 24, 2021Inventors: Anna Swanson Bertiger, Francesco Sanna Passino, Joshua Neil
-
Publication number: 20190228103Abstract: Described herein is a system and method for filtering content of a document (e.g., web page). Based on content of an element of a received document, using a filter a model is applied (e.g., naïve Bayes classifier) to calculate an approximate probability or score that the element comprises non-desired content. Based upon the calculated approximate probability or score, a determination is made that the element comprises non-desired content (e.g., probability greater than or equal to a threshold). An action is taken with respect to the element based upon the determination that the element comprises non-desired content. The action taken with respect to the element can include, for example, removing, blocking out, highlighting, applying an opaque filter and/or colorizing.Type: ApplicationFiled: January 19, 2018Publication date: July 25, 2019Applicant: Microsoft Technology Licensing, LLCInventors: Adam Edward SHIREY, Anna Swanson BERTIGER, Aaron Joseph MERRILL