Patents by Inventor Daniel Lee Mace
Daniel Lee Mace has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 12615267Abstract: In network security systems, graph-based techniques may be employed to generate “thumbprints” of security incidents, which may thereafter be used, e.g., for threat actor attribution or the identification of similar incidents. In various embodiments, each security incident is represented by a graph in which security events correspond to nodes, and which encodes associated metadata in additional nodes and/or node/edge attributes. Graph representation learning may be used to compute node and/or edge embeddings, which can then be aggregated into the thumbprint of the incident.Type: GrantFiled: February 28, 2022Date of Patent: April 28, 2026Assignee: Microsoft Technology Licensing, LLCInventors: Daniel Lee Mace, Andrew White Wicker
-
Patent number: 12602550Abstract: Machine learning models are used to generate a plan that responds to a user request. The plan includes one or more skills selected from a list of available skills. The prompt may be written in natural language, enabling the user to express their intent without having to know which skills are available or their intricacies. In some configurations, a skill is included in the plan if an embedding representation of an example prompt associated with the skill is within a defined distance of an embedding representation of the user request. Additionally, or alternatively, the embedding distance computations are used to narrow the list of available skills, which is then used to construct a meta-prompt that selects a skill. Skills listed in the meta-prompt may include data types of parameters and return values. This allows the model that processes the meta-prompt to order skills based on data type compatibility.Type: GrantFiled: June 21, 2023Date of Patent: April 14, 2026Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Amir H. Abdi, Nitin Kumar Goel, Daniel Lee Mace, William Blum
-
Publication number: 20260057183Abstract: In some examples, a method of generating a security report is provided. The method includes receiving a user query and security data, and providing the user query and security data to a semantic model. The semantic model generates one or more first embeddings. The method further includes receiving, from a data model, one or more second embeddings. The data model is generated based on historical threat intelligence data. The model further includes generating an execution plan based on the one or more first embeddings and the one or more second embeddings, and returning a report that corresponds to the execution plan.Type: ApplicationFiled: October 31, 2025Publication date: February 26, 2026Applicant: Microsoft Technology Licensing, LLCInventors: Eric Paul DOUGLAS, Mario Davis GOERTZEL, Lloyd Geoffrey GREENWALD, Aditi Kamlesh SHAH, Leo Moreno BETTHAUSER, Daniel Lee MACE, Nicholas BECKER
-
Publication number: 20260004135Abstract: Methods, systems, and computer storage media for providing a data analysis pipeline using a data analysis pipeline engine in a data intelligence system are described. A data analysis pipeline refers to a structured sequence of data processing steps that support transforming raw data into meaningful insights or actionable outcomes. The data analysis pipeline engine is an unsupervised learning pipeline based on clustering, topic modeling, and Large Language Models (LLMs). For example, the data analysis pipeline can use advanced machine learning techniques to automatically categorize emails into semantically similar clusters, enabling the data intelligence system to quickly identify and prioritize potentially high-risk emails for further investigation. The data analysis pipeline employs AI agents for context-aware graph induction relevance assessment. The AI agents employ induction and deduction loops to build and refine a data feature hypergraph (e.g.Type: ApplicationFiled: June 29, 2024Publication date: January 1, 2026Inventors: Melissa AILEM, Max Piasevoli, Srisuma Movva, William Blum, Daniel Lee Mace, Homa Hayatyfar
-
Publication number: 20260004121Abstract: Methods, systems, and computer storage media for providing iterative data processing optimization using an iterative data processing optimization engine in a data intelligence system are described. Iterative data processing refers to handling data where the processing steps are repeated multiple times, across multiple views or modalities, to train machine learning models, filter and score data or generate output. The iterative data processing optimization engine employs expectation step machine learning models that are simple but with fast language models to efficiently and effectively probe and analyze data, while iteratively refining maximization step machine learning models that are optimized and fast to approximate the probing mechanism of the expectation step machine learning models more efficiently, for example, using metadata, external information, and compressed representation.Type: ApplicationFiled: June 29, 2024Publication date: January 1, 2026Inventors: Daniel Lee MACE, Max Piasevoli, Melissa Ailem, Srisuma Movva, Wesley Hsien-Yi Chan, William Blum
-
Patent number: 12505206Abstract: Techniques are described herein that are capable of performing automatic graph-based detection of potential security threats. A Bayesian network is initialized using an association graph to establish connections among network nodes in the Bayesian network. The network nodes are grouped among clusters that correspond to respective intents. Patterns in the Bayesian network are identified. At least one redundant connection, which is redundant with regard to one or more other connections, is removed from the patterns. Scores are assigned to the respective patterns in the Bayesian network, based on knowledge of historical patterns and historical security threats, such that each score indicates a likelihood of the respective pattern to indicate a security threat. An output graph is automatically generated. The output graph includes each pattern that has a score that is greater than or equal to a score threshold. Each pattern in the output graph represents a potential security threat.Type: GrantFiled: February 4, 2024Date of Patent: December 23, 2025Assignee: Microsoft Technology Licensing, LLCInventors: Anisha Mazumder, Haijun Zhai, Daniel Lee Mace, Yogesh K. Roy, Seetharaman Harikrishnan
-
Patent number: 12462106Abstract: In some examples, a method of generating a security report is provided. The method includes receiving a user query and security data, and providing the user query and security data to a semantic model. The semantic model generates one or more first embeddings. The method further includes receiving, from a data model, one or more second embeddings. The data model is generated based on historical threat intelligence data. The model further includes generating an execution plan based on the one or more first embeddings and the one or more second embeddings, and returning a report that corresponds to the execution plan.Type: GrantFiled: March 24, 2023Date of Patent: November 4, 2025Assignee: Microsoft Technology Licensing, LLCInventors: Eric Paul Douglas, Mario Davis Goertzel, Lloyd Geoffrey Greenwald, Aditi Kamlesh Shah, Leo Moreno Betthauser, Daniel Lee Mace, Nicholas Becker
-
Publication number: 20250322069Abstract: A computer-implemented method of generating a security language query from a user input query includes receiving, at a computer system, an input security hunting user query indicating a user intention; selecting, using a trained machine learning model and based on the input security hunting query, an example user security hunting query and corresponding example security language query; generating, using the trained machine learning model, query metadata from the input security hunting query; generating a prompt, the prompt comprising: the input security hunting user query; the selected example user security hunting query and the corresponding example security language query; and the generated query metadata; inputting the prompt to a large language model; receiving a security language query from the large language model corresponding to the input security hunting query reflective of the user intention.Type: ApplicationFiled: June 27, 2025Publication date: October 16, 2025Inventors: Daniel Lee MACE, William Blum, Jeremias Eichelbaum, Amir Rubin, Edir V. Garcia Lazo, Nihal Irmak Pakis, Yogesh K. Roy, Jugal Parikh, Peter A. Bryan, Benjamin Elliott Nick, Ram Shankar Siva Kumar
-
Patent number: 12373554Abstract: A computer-implemented method of generating a security language query from a user input query includes receiving, at a computer system, an input security hunting user query indicating a user intention; selecting, using a trained machine learning model and based on the input security hunting query, an example user security hunting query and corresponding example security language query; generating, using the trained machine learning model, query metadata from the input security hunting query; generating a prompt, the prompt comprising: the input security hunting user query; the selected example user security hunting query and the corresponding example security language query; and the generated query metadata; inputting the prompt to a large language model; receiving a security language query from the large language model corresponding to the input security hunting query reflective of the user intention.Type: GrantFiled: August 31, 2022Date of Patent: July 29, 2025Assignee: Microsoft Technology Licensing, LLCInventors: Daniel Lee Mace, William Blum, Jeremias Eichelbaum, Amir Rubin, Edir V. Garcia Lazo, Nihal Irmak Pakis, Yogesh K. Roy, Jugal Parikh, Peter A. Bryan, Benjamin Elliott Nick, Ram Shankar Siva Kumar
-
Publication number: 20240428007Abstract: Machine learning models are used to generate a plan that responds to a user request. The plan includes one or more skills selected from a list of available skills. The prompt may be written in natural language, enabling the user to express their intent without having to know which skills are available or their intricacies. In some configurations, a skill is included in the plan if an embedding representation of an example prompt associated with the skill is within a defined distance of an embedding representation of the user request. Additionally, or alternatively, the embedding distance computations are used to narrow the list of available skills, which is then used to construct a meta-prompt that selects a skill. Skills listed in the meta-prompt may include data types of parameters and return values. This allows the model that processes the meta-prompt to order skills based on data type compatibility.Type: ApplicationFiled: June 21, 2023Publication date: December 26, 2024Inventors: Amir H. ABDI, Nitin Kumar GOEL, Daniel Lee MACE, William BLUM
-
Publication number: 20240256780Abstract: In some examples, a method of generating a security report is provided. The method includes receiving a user query and security data, and providing the user query and security data to a semantic model. The semantic model generates one or more first embeddings. The method further includes receiving, from a data model, one or more second embeddings. The data model is generated based on historical threat intelligence data. The model further includes generating an execution plan based on the one or more first embeddings and the one or more second embeddings, and returning a report that corresponds to the execution plan.Type: ApplicationFiled: March 24, 2023Publication date: August 1, 2024Applicant: Microsoft Technology Licensing, LLCInventors: Eric Paul DOUGLAS, Mario Davis GOERTZEL, Lloyd Geoffrey GREENWALD, Aditi Kamlesh SHAH, Leo Moreno BETTHAUSER, Daniel Lee MACE, Nicholas BECKER
-
Publication number: 20240211591Abstract: Techniques are described herein that are capable of performing automatic graph-based detection of potential security threats. A Bayesian network is initialized using an association graph to establish connections among network nodes in the Bayesian network. The network nodes are grouped among clusters that correspond to respective intents. Patterns in the Bayesian network are identified. At least one redundant connection, which is redundant with regard to one or more other connections, is removed from the patterns. Scores are assigned to the respective patterns in the Bayesian network, based on knowledge of historical patterns and historical security threats, such that each score indicates a likelihood of the respective pattern to indicate a security threat. An output graph is automatically generated. The output graph includes each pattern that has a score that is greater than or equal to a score threshold. Each pattern in the output graph represents a potential security threat.Type: ApplicationFiled: February 4, 2024Publication date: June 27, 2024Inventors: Anisha MAZUMDER, Haijun ZHAI, Daniel Lee MACE, Yogesh K. ROY, Seetharaman HARIKRISHNAN
-
Patent number: 11928207Abstract: Techniques are described herein that are capable of performing automatic graph-based detection of potential security threats. A Bayesian network is initialized using an association graph to establish connections among network nodes in the Bayesian network. The network nodes are grouped among clusters that correspond to respective intents. Patterns in the Bayesian network are identified. At least one redundant connection, which is redundant with regard to one or more other connections, is removed from the patterns. Scores are assigned to the respective patterns in the Bayesian network, based on knowledge of historical patterns and historical security threats, such that each score indicates a likelihood of the respective pattern to indicate a security threat. An output graph is automatically generated. The output graph includes each pattern that has a score that is greater than or equal to a score threshold. Each pattern in the output graph represents a potential security threat.Type: GrantFiled: November 5, 2021Date of Patent: March 12, 2024Assignee: Microsoft Technology Licensing, LLCInventors: Anisha Mazumder, Haijun Zhai, Daniel Lee Mace, Yogesh K. Roy, Seetharaman Harikrishnan
-
Publication number: 20240070270Abstract: A computer-implemented method of generating a security language query from a user input query includes receiving, at a computer system, an input security hunting user query indicating a user intention; selecting, using a trained machine learning model and based on the input security hunting query, an example user security hunting query and corresponding example security language query; generating, using the trained machine learning model, query metadata from the input security hunting query; generating a prompt, the prompt comprising: the input security hunting user query; the selected example user security hunting query and the corresponding example security language query; and the generated query metadata; inputting the prompt to a large language model; receiving a security language query from the large language model corresponding to the input security hunting query reflective of the user intention.Type: ApplicationFiled: August 31, 2022Publication date: February 29, 2024Inventors: Daniel Lee MACE, William BLUM, Jeremias EICHELBAUM, Amir RUBIN, Edir V. GARCIA LAZO, Nihal Irmak PAKIS, Yogesh K. ROY, Jugal PARIKH, Peter A. BRYAN, Benjamin Elliott NICK, Ram Shankar Siva KUMAR
-
Publication number: 20230275907Abstract: In network security systems, graph-based techniques can be used to identify, for any given security incident including a collection of security events, other incidents that are similar. In example embodiments, similarity is determined based on graph representations of the incidents in which security events are represented as nodes, using graph matching techniques or incident thumbprints computed from node embeddings. The identified similar incidents can provide context to inform threat assessment and the selection of appropriate mitigating actions.Type: ApplicationFiled: February 28, 2022Publication date: August 31, 2023Inventors: Anna Swanson BERTIGER, Daniel Lee MACE, Andrew White WICKER
-
Publication number: 20230275908Abstract: In network security systems, graph-based techniques may be employed to generate “thumbprints” of security incidents, which may thereafter be used, e.g., for threat actor attribution or the identification of similar incidents. In various embodiments, each security incident is represented by a graph in which security events correspond to nodes, and which encodes associated metadata in additional nodes and/or node/edge attributes. Graph representation learning may be used to compute node and/or edge embeddings, which can then be aggregated into the thumbprint of the incident.Type: ApplicationFiled: February 28, 2022Publication date: August 31, 2023Inventors: Daniel Lee MACE, Andrew White WICKER
-
Publication number: 20230102103Abstract: Techniques are described herein that are capable of performing automatic graph-based detection of potential security threats. A Bayesian network is initialized using an association graph to establish connections among network nodes in the Bayesian network. The network nodes are grouped among clusters that correspond to respective intents. Patterns in the Bayesian network are identified. At least one redundant connection, which is redundant with regard to one or more other connections, is removed from the patterns. Scores are assigned to the respective patterns in the Bayesian network, based on knowledge of historical patterns and historical security threats, such that each score indicates a likelihood of the respective pattern to indicate a security threat. An output graph is automatically generated. The output graph includes each pattern that has a score that is greater than or equal to a score threshold. Each pattern in the output graph represents a potential security threat.Type: ApplicationFiled: November 5, 2021Publication date: March 30, 2023Inventors: Anisha MAZUMDER, Haijun ZHAI, Daniel Lee MACE, Yogesh K. ROY, Seetharaman HARIKRISHNAN
-
Publication number: 20200104696Abstract: Systems are provided for using machine learning to identify service accounts and/or for distinguishing service accounts from user accounts based on the user names of the accounts. Machine learning tools can be trained on user name label data for service accounts and user accounts. The trained machine learning tool can then be applied to user names of accounts to determine whether the user names correspond to service accounts or not and, in some instances, without referencing tables or other structures that explicitly identify and distinguish the service/user accounts and/or conventions for identifying service accounts. Then, the systems can respond appropriately, based on the determination. The machine learning tool can also be shared with other systems to make the same determinations for their accounts without having to share confidential or proprietary account information.Type: ApplicationFiled: September 28, 2018Publication date: April 2, 2020Inventors: Richard Patrick Lewis, Lisa Deng, Craig Henry Wittenberg, Daniel Lee Mace, Yogesh Kant Roy
-
Publication number: 20180137401Abstract: A computing system for generating automated responses to improve response times for diagnosing security alerts includes a processor and a memory. An application is stored in the memory and executed by the processor. The application includes instructions for receiving a text phrase relating to a security alert; using a natural language interface with a natural language model to select one of a plurality of intents corresponding to the text phrase; and mapping the selected intent to one of a plurality of actions. Each of the plurality of actions includes at least one of a static response, a dynamic response, and a task. The application includes instructions for sending a response based on the at least one of the static response, the dynamic response, and the task.Type: ApplicationFiled: November 16, 2016Publication date: May 17, 2018Applicant: Microsoft Technology Licensing, LLCInventors: Ram Shankar Siva KUMAR, Bryan Jeffrey SMITH, Andrew White WICKER, Daniel Lee MACE, David Charles LADD
-
Publication number: 20160203316Abstract: Embodiments are directed to generating an account process profile based on meta-events and to detecting account behavior anomalies based on account process profiles. In one scenario, a computer system accesses an indication of which processes were initiated by an account over a specified period of time. The computer system analyzes at least some of the processes identified in the indication to extract features associated with the processes. The computer system assigns the processes to meta-events based on the extracted features, where each meta-event is a representation of how the processes are executed within the computer system. The computer system then generates an account process profile for the account based on the meta-events, where the account process profile provides a comprehensive view of the account's behavior over the specified period of time. This account process profile can be used to identify anomalies in process execution.Type: ApplicationFiled: January 14, 2015Publication date: July 14, 2016Inventors: Daniel Lee Mace, Gil Lapid Shafriri, Craig Henry Wittenberg