Patents by Inventor Barak Raz
Barak Raz has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20230300155Abstract: The disclosure herein describes automatically performing security operations associated with a client system based on aggregated event impact scores of computing events during a rolling time interval. Event data is obtained, wherein the event data is from a plurality of computing devices of the client system associated with computing events occurring during a time interval after an endpoint of the rolling time interval. Event impact scores are calculated for the computing events of the obtained event data over the time interval based at least on cardinality estimation. The calculated event impact scores are merged into the set of aggregated event impact scores associated with the rolling time interval and event impact scores associated with an expired time interval are removed from the set of aggregated event impact scores. Based on the set of aggregated event impact scores, at least one security operation is performed for at least one computing event.Type: ApplicationFiled: May 23, 2023Publication date: September 21, 2023Inventors: Zhen MO, Ereli ERAN, Barak RAZ, Vijay GANTI
-
Patent number: 11729207Abstract: The disclosure provides an approach for detecting and preventing attacks in a network. Embodiments include determining a plurality of network behaviors of a process by monitoring the process. Embodiments include generating a plurality of intended states for the process based on subsets of the plurality of network behaviors. Embodiments include determining a plurality of intended state clusters by applying a clustering technique to the plurality of intended states. Embodiments include determining a state of the process. Embodiments include identifying a given cluster of the plurality of intended state clusters that corresponds to the state of the process. Embodiments include selecting a novelty detection technique based on a size of the given cluster. Embodiments include using the novelty detection technique to determine, based on the given cluster and the state of the process, whether to generate a security alert for the process.Type: GrantFiled: June 12, 2020Date of Patent: August 15, 2023Assignee: VMWARE, INC.Inventors: Zhen Mo, Vijay Ganti, Debessay Fesehaye Kassa, Barak Raz, Honglei Li
-
Patent number: 11689545Abstract: The disclosure herein describes automatically performing security operations associated with a client system based on aggregated event impact scores of computing events during a rolling time interval. Event data is obtained, wherein the event data is from a plurality of computing devices of the client system associated with computing events occurring during a time interval after an endpoint of the rolling time interval. Event impact scores are calculated for the computing events of the obtained event data over the time interval based at least on cardinality estimation. The calculated event impact scores are merged into the set of aggregated event impact scores associated with the rolling time interval and event impact scores associated with an expired time interval are removed from the set of aggregated event impact scores. Based on the set of aggregated event impact scores, at least one security operation is performed for at least one computing event.Type: GrantFiled: January 16, 2021Date of Patent: June 27, 2023Assignee: VMware, Inc.Inventors: Zhen Mo, Ereli Eran, Barak Raz, Vijay Ganti
-
Patent number: 11645339Abstract: Certain aspects of the present disclosure relate to methods and systems for evaluating a first command line interface (CLI) input of a process. The method comprises examining the first CLI input and selecting a first clustering model corresponding to the process, wherein the first clustering model is created based on a first clustering configuration and a first feature type combination. The method further comprises creating a first feature combination for the first CLI input based on the first feature type combination, evaluating the first CLI input using the first clustering model and the first feature combination, wherein the evaluating further comprises determining a similarity score corresponding to a similarity between the first feature combination and the one or more clusters, and determining whether or not the first CLI input corresponds to normal behavior based on the similarity score.Type: GrantFiled: July 3, 2019Date of Patent: May 9, 2023Assignee: VMWARE, INC.Inventors: Barak Raz, Vamsi Akkineni
-
Patent number: 11449638Abstract: Examples herein disclose via use of a physical processor, detecting a specific application programming interface (API) call to interact with an application running on a production server. Based on the detection of the specific API call, die examples assist, using the physical processor, a scanning session based on the specific API call Using the physical processor, the examples identify a modification to the application based on the scanning session.Type: GrantFiled: March 18, 2016Date of Patent: September 20, 2022Assignee: MICRO FOCUS LLCInventors: Ming Sum Sam Ng, Sasi Siddharth Muthurajan, Barak Raz
-
Patent number: 11431792Abstract: In some examples, an alert relating to an issue in a computing arrangement is received. Contextual information is determined for the alert, the determined contextual information comprising spatial and temporal distributions of previous instances of the alert or similar alerts. The contextual information is communicated for use in addressing the issue in the computing arrangement.Type: GrantFiled: January 31, 2017Date of Patent: August 30, 2022Assignee: Micro Focus LLCInventors: Manish Marwah, Renato Keshet, Barak Raz, Brent James Miller
-
Publication number: 20220232032Abstract: The disclosure herein describes automatically performing security operations associated with a client system based on aggregated event impact scores of computing events during a rolling time interval. Event data is obtained, wherein the event data is from a plurality of computing devices of the client system associated with computing events occurring during a time interval after an endpoint of the rolling time interval. Event impact scores are calculated for the computing events of the obtained event data over the time interval based at least on cardinality estimation. The calculated event impact scores are merged into the set of aggregated event impact scores associated with the rolling time interval and event impact scores associated with an expired time interval are removed from the set of aggregated event impact scores. Based on the set of aggregated event impact scores, at least one security operation is performed for at least one computing event.Type: ApplicationFiled: January 16, 2021Publication date: July 21, 2022Inventors: Zhen MO, Ereli ERAN, Barak RAZ, Vijay GANTI
-
Patent number: 11240256Abstract: In some examples, a plurality of alerts relating to issues in a computing arrangement are received, where the plurality of alerts generated based on events in the computing arrangement. A subset of the plurality of alerts is grouped into a bundle of alerts, the grouping being based on a criterion. The bundle of alerts is communicated to cause processing of the alerts in the bundle of alerts together.Type: GrantFiled: January 31, 2017Date of Patent: February 1, 2022Assignee: Micro Focus LLCInventors: Tomasz Jaroslaw Bania, William G. Horne, Renato Keshet, Pratyusa K. Manadhata, Manish Marwah, Brent James Miller, Barak Raz, Tomas Sander
-
Publication number: 20220027409Abstract: An example method of representing a selected entity in a plurality of entities in a computing system includes: obtaining a graph representation of the plurality of entities, the graph representation having nodes and edges representing a hierarchy of the plurality of entities; extracting a set of paths from the graph representation, each path in the set of paths including a series of edge-connected nodes in the graph representation; processing the set of paths to generate a vector representation of the selected entity, the vector representation having a plurality of elements representing a context of the selected entity within the graph representation; and providing the vector representation as input to an application executing in the computing system.Type: ApplicationFiled: July 23, 2020Publication date: January 27, 2022Inventors: Srilakshmi LINGAMNENI, Barak RAZ, Bin ZAN, Zhen MO, Vijay GANTI
-
Publication number: 20210392160Abstract: The disclosure provides an approach for detecting and preventing attacks in a network. Embodiments include determining a plurality of network behaviors of a process by monitoring the process. Embodiments include generating a plurality of intended states for the process based on subsets of the plurality of network behaviors. Embodiments include determining a plurality of intended state clusters by applying a clustering technique to the plurality of intended states. Embodiments include determining a state of the process. Embodiments include identifying a given cluster of the plurality of intended state clusters that corresponds to the state of the process. Embodiments include selecting a novelty detection technique based on a size of the given cluster. Embodiments include using the novelty detection technique to determine, based on the given cluster and the state of the process, whether to generate a security alert for the process.Type: ApplicationFiled: June 12, 2020Publication date: December 16, 2021Inventors: Zhen MO, Vijay GANTI, Debessay Fesehaye KASSA, Barak RAZ, Honglei LI
-
Patent number: 11108794Abstract: Systems and methods for identifying, in a domain name, n-grams that do not appear in words of a given language, where n is greater than two are disclosed. The disclosed systems and methods may include comparing a value based on a number of the identified n-grams to a threshold and indicating that the domain name is potentially generated by malware in response to the value having a specified relationship with respect to the threshold.Type: GrantFiled: January 31, 2018Date of Patent: August 31, 2021Assignee: MICRO FOCUS LLCInventors: Pratyusa K. Manadhata, Kyle Williams, Barak Raz, Martin Arlitt
-
Patent number: 10965697Abstract: In some examples, a system counts a number of digits in a domain name. The system compares a value based on the number of digits to a threshold, and indicates that the domain name is potentially generated by malware in response to the value having a specified relationship with respect to the threshold.Type: GrantFiled: January 31, 2018Date of Patent: March 30, 2021Assignee: MICRO FOCUS LLCInventors: Pratyusa K. Manadhata, Kyle Williams, Barak Raz, Martin Arlitt
-
Patent number: 10911481Abstract: In some examples, for a device that transmitted domain names, a system determines a dissimilarity between the domain names, compares a value derived from the determined dissimilarity to a threshold, and identifies the device as malware infected in response to the comparing.Type: GrantFiled: January 31, 2018Date of Patent: February 2, 2021Assignee: MICRO FOCUS LLCInventors: Pratyusa K. Manadhata, Kyle Williams, Barak Raz, Martin Arlitt
-
Publication number: 20210004408Abstract: Certain aspects of the present disclosure relate to methods and systems for evaluating a first command line interface (CLI) input of a process. The method comprises examining the first CLI input and selecting a first clustering model corresponding to the process, wherein the first clustering model is created based on a first clustering configuration and a first feature type combination. The method further comprises creating a first feature combination for the first CLI input based on the first feature type combination, evaluating the first CLI input using the first clustering model and the first feature combination, wherein the evaluating further comprises determining a similarity score corresponding to a similarity between the first feature combination and the one or more clusters, and determining whether or not the first CLI input corresponds to normal behavior based on the similarity score.Type: ApplicationFiled: July 3, 2019Publication date: January 7, 2021Inventors: Barak RAZ, Vamsi AKKINENI
-
Publication number: 20200293673Abstract: Examples herein disclose via use of a physical processor, detecting a specific application programming interface (API) call to interact with an application running on a production server. Based on the detection of the specific API call, die examples assist, using the physical processor, a scanning session based on the specific API call Using the physical processor, the examples identify a modification to the application based on the scanning session.Type: ApplicationFiled: March 18, 2016Publication date: September 17, 2020Inventors: Ming Sum Sam Ng, Sasi Siddharth Muthurajan, Barak Raz
-
Patent number: 10681069Abstract: A technique includes processing domain name system queries generated by a host to identify a subset of the queries for which domain names were not resolved. The technique includes using a time-based analysis to detect domain generation algorithm-based malware communications by the host, including detecting malicious communications by the host based at least in part on a number of the queries of the identified subset and a time span within which the queries of the subset were generated.Type: GrantFiled: January 19, 2017Date of Patent: June 9, 2020Assignee: MICRO FOCUS LLCInventors: Barak Raz, Sasi Siddharth Muthurajan
-
Publication number: 20190238562Abstract: In some examples, for a device that transmitted domain names, a system determines a dissimilarity between the domain names, compares a value derived from the determined dissimilarity to a threshold, and identifies the device as malware infected in response to the comparing.Type: ApplicationFiled: January 31, 2018Publication date: August 1, 2019Inventors: Pratyusa K. Manadhata, Kyle Williams, Barak Raz, Martin Arlitt
-
Publication number: 20190238572Abstract: In some examples, a system identifies, in a domain name, n-grams that do not appear in words of a given language, where n is greater than two. The system compares a value based on a number of the identified n-grams to a threshold, and indicates that the domain name is potentially generated by malware in response to the value having a specified relationship with respect to the threshold.Type: ApplicationFiled: January 31, 2018Publication date: August 1, 2019Inventors: Pratyusa K. Manadhata, Kyle Williams, Barak Raz, Martin Arlitt
-
Publication number: 20190238573Abstract: In some examples, a system counts a number of digits in a domain name. The system compares a value based on the number of digits to a threshold, and indicates that the domain name is potentially generated by malware in response to the value having a specified relationship with respect to the threshold.Type: ApplicationFiled: January 31, 2018Publication date: August 1, 2019Inventors: Pratyusa K. Manadhata, Kyle Williams, Barak Raz, Martin Arlitt
-
Publication number: 20180219876Abstract: In some examples, an alert relating to an issue in a computing arrangement is received. Contextual information is determined for the alert, the determined contextual information comprising spatial and temporal distributions of previous instances of the alert or similar alerts. The contextual information is communicated for use in addressing the issue in the computing arrangement.Type: ApplicationFiled: January 31, 2017Publication date: August 2, 2018Inventors: Manish Marwah, Renato Keshet, Barak Raz, Brent James Miller