Patents by Inventor Ben Kliger

Ben Kliger has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20230169181
    Abstract: A method for data-flow analysis includes constructing a data-flow graph for a computing system that runs multiple software applications. The data-flow graph includes (i) vertices representing data locations in the computing system, and (ii) edges representing data movements performed by the software applications between the data locations. One or more multi-hop paths are identified in the data-flow graph, each multi-hop path including a sequence of two or more edges that represents multi-hop movement of data in the computing system. One or more of the identified multi-hop paths are acted upon.
    Type: Application
    Filed: May 9, 2022
    Publication date: June 1, 2023
    Inventors: Michael Zeev Bargury, Ben Kliger
  • Patent number: 11429724
    Abstract: A security service utilizes a machine learning model to detect unused open ports. A security agent on client machines tracks the operating executables and the open ports on a machine. A machine learning model is trained for a specific port number using the more commonly-used executables that run on machines having the port opened from a large and diverse population of machines. The model is then used to determine the ports that an executable is likely to be associated with which is then used to determine if a particular machine has an unused open port.
    Type: Grant
    Filed: March 19, 2018
    Date of Patent: August 30, 2022
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC.
    Inventors: Michael Zeev Bargury, Moshe Israel, Ben Kliger, Yotam Livny
  • Patent number: 11263544
    Abstract: Systems, methods, and apparatuses are provided for clustering incidents in a computing environment. An incident notification relating to an event (e.g., a potential cyberthreat or any other alert) in the computing environment is received and a set of features may be generated based on the incident notification. The set of features may be provided as an input to a machine-learning engine to identify a similar incident notification in the computing environment. The similar incident notification may include a resolved incident notification or an unresolved incident notification. An action to resolve the incident notification may be received, and the received action may thereby be executed. In some implementations, in addition to resolving the received incident notification, the action may be executed to resolve a similar unresolved incident notification identified by the machine-learning engine.
    Type: Grant
    Filed: August 20, 2018
    Date of Patent: March 1, 2022
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Yotam Livny, Roy Levin, Ram Haim Pliskin, Ben Kliger, Mathias Abraham Marc Scherman, Moshe Israel, Michael Zeev Bargury
  • Patent number: 11184359
    Abstract: Methods, systems, and media are shown for generating access control rules for computer resources involving collecting historical access data for user accesses to a computer resource and separating the historical access data into a training data set and a validation data set. An access control rule is generated for the computer resource based on the properties of the user accesses to the computer resource in the training data set. The rule is validated against the validation data set to determine whether the rule produces a denial rate level is below a threshold when the rule is applied to the validation data set. If the rule is valid, then it is provided to an administrative interface so that an administrator can select the rule for application to incoming user requests.
    Type: Grant
    Filed: August 9, 2018
    Date of Patent: November 23, 2021
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Ben Kliger, Yotam Livny, Ram Haim Pliskin, Roy Levin, Mathias Abraham Marc Scherman, Moshe Israel, Michael Zeev Bargury
  • Patent number: 11184363
    Abstract: Embodiments described herein are directed to securing network-based compute resources. The foregoing may be achieved by determining a tag representative of non-malicious network addresses. The tag is determined by analyzing network data traffic received by a plurality of compute resources. Machine-learning based techniques may be used to automatically classify each network address that communicates with a particular compute resource as being malicious or non-malicious. Determined non-malicious network addresses for a particular compute resource are automatically associated with a tag. The tag is used to configure a firewall application to prevent access to a corresponding compute resource by malicious network addresses not represented by the tag. The number of non-malicious network addresses associated with a tag may be expanded by clustering compute resources having a similar set of network addresses that communicate therewith.
    Type: Grant
    Filed: December 31, 2018
    Date of Patent: November 23, 2021
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Mathias Abraham Marc Scherman, Ben Kliger, Evan Clarke Smith
  • Patent number: 11159568
    Abstract: Methods, systems, and media are shown for reducing the vulnerability of user accounts to attack that involve creating a rule for a user account that includes a permitted parameter corresponding to a user account activity property, monitoring the account activity of the user account. If it is determined that account activity property is inconsistent with the permitted parameter, then the user account is disabled. An example of a permitted parameter is a permitted time period, such as a start time, an end time, a recurrence definition, a days of the week definition, a start date, an end date, and a number of occurrences definition. Other examples are a physical parameter, such as a permitted geographic location, device, or network, or a permitted usage parameter, such as a permitted application, data access, or domain.
    Type: Grant
    Filed: June 21, 2018
    Date of Patent: October 26, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Moshe Israel, Ben Kliger, Royi Ronen
  • Patent number: 11030303
    Abstract: Methods, systems, and apparatuses are provided for managing an execution of applications in a computing environment. A whitelist list of applications that are permitted to execute in a computing environment is obtained. For one or more of the applications on the whitelist, a temporal rule is assigned that specifies a time period in which the application is permitted to execute in the computing environment. For instance, the temporal rule may be obtained via a user input or may be determined automatically by analyzing an execution history of the application. Applications are permitted to execute in the computing environment during the time period specified by the temporal rule, and are prevented from executing outside of the time period. By restricting the time period in which an application can execute, the overall vulnerability to malware attacks in a computing environment may be reduced.
    Type: Grant
    Filed: June 19, 2017
    Date of Patent: June 8, 2021
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Moshe Israel, Ben Kliger
  • Patent number: 11005893
    Abstract: Methods, systems, apparatuses, and computer program products are provided for generating a network security rule. Existing security rules may be determined across a network that includes a plurality of network resources, such as computing devices or virtual machines. A map is generated that identifies each of the permitted connections between the resources over the network. In some implementations, the map may include a network topology map. Network traffic data for each of the permitted connections may be gathered or monitored. Based on the existing security rules and the gathered network traffic data, an enhanced security rule may be generated for a particular connection that reduces data traffic over connection, which improves network security by further hardening the available communication paths.
    Type: Grant
    Filed: December 4, 2018
    Date of Patent: May 11, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Tamer Salman, Ben Kliger, Bolous AbuJaber
  • Patent number: 10944791
    Abstract: A system for predicting vulnerability of network resources is provided. The system can calculate an initial vulnerability score for each of the network resources and use the initial vulnerability scores along with activity data of the network resources to train a vulnerability model. After training, the vulnerability model can predict the vulnerability of the network resources based on new activity data collected from the network resources. Based on the predicted vulnerability, vulnerable network resources can be identified. Further analysis can be performed by comparing the activities of the vulnerable network resources and other network resources to identify activity patterns unique to the vulnerable network resources as attack patterns. Based on the attack patterns, one or more actions can be taken to increase the security of the vulnerable network resources to avoid further vulnerability.
    Type: Grant
    Filed: August 27, 2018
    Date of Patent: March 9, 2021
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Yotam Livny, Mathias Abraham Marc Scherman, Moshe Israel, Ben Kliger, Ram Haim Pliskin, Roy Levin, Michael Zeev Bargury
  • Patent number: 10911479
    Abstract: A computing system performs real-time mitigations for unfamiliar threat scenarios by identifying a particular threat scenario for a client system that has not previously experienced the threat scenario and for which a remediation process is unknown. The computing system responds to the unknown threat scenario by generating and providing the client system a mitigation file that includes a predictive set of mitigation processes for responding to the threat scenario. The mitigation file is generated by first generating a threat vector that identifies a plurality of different threat scenario characteristics for the particular threat scenario. Then, a classification model is applied to the threat vector to identify a predictive set of mitigation processes that are determined to be a best fit for the threat vector and that are included in the mitigation file.
    Type: Grant
    Filed: August 6, 2018
    Date of Patent: February 2, 2021
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Ben Kliger, Moshe Israel, Dotan Patrich, Michael Zeev Bargury
  • Patent number: 10826756
    Abstract: A computing system utilizes crowd sourcing to generate remediation files for systems experiencing alert conditions. During the generation of the remediation files the computing system identifies a plurality of different types of alerts associated with a plurality of different client systems. The computing system also generates a plurality of different client remediation process sets for each type of alert based on a correlation of process proximity and time to the alert conditions and determines which of the plurality of processes are related to the identified alert based on values in a correlation vector. Then, client remediation process sets are created to include the processes that are determined to be related to the identified alert and are clustered together to identify the processes to include in the generated composite remediation file for each type of alert, based on correlations existing between the plurality of different client remediation process sets.
    Type: Grant
    Filed: August 6, 2018
    Date of Patent: November 3, 2020
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Ben Kliger, Moshe Israel, Dotan Patrich, Michael Zeev Bargury
  • Patent number: 10778645
    Abstract: A security configuration for a firewall is generated. Network traffic data, network reputation data, and endpoint protection data are received from a network environment. A reputation score for a network address is generated from the network traffic data and the network reputation data. An endpoint protection configuration is generated from a routine based on the network traffic data and the endpoint protection data. A set of security rules is provided from the endpoint configuration and the reputation score.
    Type: Grant
    Filed: June 27, 2017
    Date of Patent: September 15, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Ben Kliger, Gilad Elyashar, Moshe Israel, Michael Zeev Bargury
  • Patent number: 10764299
    Abstract: An access configuration for an access control manager is generated. Access data including users, resources, and actions the users performed on the resources is received into a matrix. Clusters of the matrix are formed to produce ranges of the users and ranges of the resources having selected permission levels based on the actions. Administrator-modifiable security groups are created based on the ranges of users and administrator-modifiable resources groups based on the ranges of resources.
    Type: Grant
    Filed: June 29, 2017
    Date of Patent: September 1, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Ben Kliger, Efim Hudis, Moshe Israel, Steven J. Lieberman, Mark Wahl
  • Patent number: 10757110
    Abstract: A computing system for generating allowed lists of applications for machines is provided. The system, for each machine, identifies a set of executed applications that were executed by that machine. The system then clusters the machines based on similarity between the sets of executed applications so that machines with similar sets are in the same cluster. The system then, for each cluster of machines, creates an allowed list of applications for the cluster that includes the applications in the sets of executed applications of the machines of the cluster. An allowed list for a cluster indicates that only applications in the allowed list are allowed to be executed by a machine in the cluster. The system then distributes the allowed list for a cluster to the machines of that cluster so that the machines execute only applications in the allowed list for their cluster.
    Type: Grant
    Filed: December 21, 2016
    Date of Patent: August 25, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Moshe Israel, Ronen Yaari, Ben Kliger, Yaniv Dagan, Gilad Elyashar, Moshe Shalala, Erel Hansav
  • Publication number: 20200213325
    Abstract: Embodiments described herein are directed to securing network-based compute resources. The foregoing may be achieved by determining a tag representative of non-malicious network addresses. The tag is determined by analyzing network data traffic received by a plurality of compute resources. Machine-learning based techniques may be used to automatically classify each network address that communicates with a particular compute resource as being malicious or non-malicious. Determined non-malicious network addresses for a particular compute resource are automatically associated with a tag. The tag is used to configure a firewall application to prevent access to a corresponding compute resource by malicious network addresses not represented by the tag. The number of non-malicious network addresses associated with a tag may be expanded by clustering compute resources having a similar set of network addresses that communicate therewith.
    Type: Application
    Filed: December 31, 2018
    Publication date: July 2, 2020
    Inventors: Mathias Abraham Marc Scherman, Ben Kliger, Evan Clarke Smith
  • Publication number: 20200177638
    Abstract: Methods, systems, apparatuses, and computer program products are provided for generating a network security rule. Existing security rules may be determined across a network that includes a plurality of network resources, such as computing devices or virtual machines. A map is generated that identifies each of the permitted connections between the resources over the network. In some implementations, the map may include a network topology map. Network traffic data for each of the permitted connections may be gathered or monitored. Based on the existing security rules and the gathered network traffic data, an enhanced security rule may be generated for a particular connection that reduces data traffic over connection, which improves network security by further hardening the available communication paths.
    Type: Application
    Filed: December 4, 2018
    Publication date: June 4, 2020
    Inventors: Tamer Salman, Ben Kliger, Bolous AbuJaber
  • Patent number: 10623374
    Abstract: Described technologies automatically detect candidate networks having external nodes which communicate with nodes of a local network; a candidate external network can be identified even when the external nodes are owned by a different entity than the local network's owner. A list of network addresses which communicated with local network nodes is culled to obtain addresses likely to communicate in the future. A graph of local and external nodes is built, and connection strengths are assessed. A candidate network is identified, based on criteria such as connection frequency and duration, domain membership, address stability, address proximity, and others, using cutoff values that are set by default or by user action. The candidate network identification is then utilized as a basis for improved security though virtual private network establishment, improved bandwidth allocation, improved traffic anomaly detection, or network consolidation, for example.
    Type: Grant
    Filed: June 9, 2017
    Date of Patent: April 14, 2020
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Moshe Israel, Ben Kliger, Michael Zeev Bargury
  • Publication number: 20200067980
    Abstract: A system for predicting vulnerability of network resources is provided. The system can calculate an initial vulnerability score for each of the network resources and use the initial vulnerability scores along with activity data of the network resources to train a vulnerability model. After training, the vulnerability model can predict the vulnerability of the network resources based on new activity data collected from the network resources. Based on the predicted vulnerability, vulnerable network resources can be identified. Further analysis can be performed by comparing the activities of the vulnerable network resources and other network resources to identify activity patterns unique to the vulnerable network resources as attack patterns. Based on the attack patterns, one or more actions can be taken to increase the security of the vulnerable network resources to avoid further vulnerability.
    Type: Application
    Filed: August 27, 2018
    Publication date: February 27, 2020
    Inventors: Yotam LIVNY, Mathias Abraham Marc SCHERMAN, Moshe ISRAEL, Ben KLIGER, Ram Haim PLISKIN, Roy LEVIN, Michael Zeev BARGURY
  • Publication number: 20200057953
    Abstract: Systems, methods, and apparatuses are provided for clustering incidents in a computing environment. An incident notification relating to an event (e.g., a potential cyberthreat or any other alert) in the computing environment is received and a set of features may be generated based on the incident notification. The set of features may be provided as an input to a machine-learning engine to identify a similar incident notification in the computing environment. The similar incident notification may include a resolved incident notification or an unresolved incident notification. An action to resolve the incident notification may be received, and the received action may thereby be executed. In some implementations, in addition to resolving the received incident notification, the action may be executed to resolve a similar unresolved incident notification identified by the machine-learning engine.
    Type: Application
    Filed: August 20, 2018
    Publication date: February 20, 2020
    Inventors: Yotam Livny, Roy Levin, Ram Haim Pliskin, Ben Kliger, Mathias Abraham Marc Scherman, Moshe Israel, Michael Zeev Bargury
  • Publication number: 20200053090
    Abstract: Methods, systems, and media are shown for generating access control rules for computer resources involving collecting historical access data for user accesses to a computer resource and separating the historical access data into a training data set and a validation data set. An access control rule is generated for the computer resource based on the properties of the user accesses to the computer resource in the training data set. The rule is validated against the validation data set to determine whether the rule produces a denial rate level is below a threshold when the rule is applied to the validation data set. If the rule is valid, then it is provided to an administrative interface so that an administrator can select the rule for application to incoming user requests.
    Type: Application
    Filed: August 9, 2018
    Publication date: February 13, 2020
    Inventors: Ben KLIGER, Yotam LIVNY, Ram Haim PLISKIN, Roy LEVIN, Mathias Abraham Marc SCHERMAN, Moshe ISRAEL, Michael Zeev BARGURY