Patents by Inventor Daniel Lee Mace

Daniel Lee Mace has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12615267
    Abstract: In network security systems, graph-based techniques may be employed to generate “thumbprints” of security incidents, which may thereafter be used, e.g., for threat actor attribution or the identification of similar incidents. In various embodiments, each security incident is represented by a graph in which security events correspond to nodes, and which encodes associated metadata in additional nodes and/or node/edge attributes. Graph representation learning may be used to compute node and/or edge embeddings, which can then be aggregated into the thumbprint of the incident.
    Type: Grant
    Filed: February 28, 2022
    Date of Patent: April 28, 2026
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Daniel Lee Mace, Andrew White Wicker
  • Patent number: 12602550
    Abstract: Machine learning models are used to generate a plan that responds to a user request. The plan includes one or more skills selected from a list of available skills. The prompt may be written in natural language, enabling the user to express their intent without having to know which skills are available or their intricacies. In some configurations, a skill is included in the plan if an embedding representation of an example prompt associated with the skill is within a defined distance of an embedding representation of the user request. Additionally, or alternatively, the embedding distance computations are used to narrow the list of available skills, which is then used to construct a meta-prompt that selects a skill. Skills listed in the meta-prompt may include data types of parameters and return values. This allows the model that processes the meta-prompt to order skills based on data type compatibility.
    Type: Grant
    Filed: June 21, 2023
    Date of Patent: April 14, 2026
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Amir H. Abdi, Nitin Kumar Goel, Daniel Lee Mace, William Blum
  • Publication number: 20260057183
    Abstract: In some examples, a method of generating a security report is provided. The method includes receiving a user query and security data, and providing the user query and security data to a semantic model. The semantic model generates one or more first embeddings. The method further includes receiving, from a data model, one or more second embeddings. The data model is generated based on historical threat intelligence data. The model further includes generating an execution plan based on the one or more first embeddings and the one or more second embeddings, and returning a report that corresponds to the execution plan.
    Type: Application
    Filed: October 31, 2025
    Publication date: February 26, 2026
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Eric Paul DOUGLAS, Mario Davis GOERTZEL, Lloyd Geoffrey GREENWALD, Aditi Kamlesh SHAH, Leo Moreno BETTHAUSER, Daniel Lee MACE, Nicholas BECKER
  • Publication number: 20260004135
    Abstract: Methods, systems, and computer storage media for providing a data analysis pipeline using a data analysis pipeline engine in a data intelligence system are described. A data analysis pipeline refers to a structured sequence of data processing steps that support transforming raw data into meaningful insights or actionable outcomes. The data analysis pipeline engine is an unsupervised learning pipeline based on clustering, topic modeling, and Large Language Models (LLMs). For example, the data analysis pipeline can use advanced machine learning techniques to automatically categorize emails into semantically similar clusters, enabling the data intelligence system to quickly identify and prioritize potentially high-risk emails for further investigation. The data analysis pipeline employs AI agents for context-aware graph induction relevance assessment. The AI agents employ induction and deduction loops to build and refine a data feature hypergraph (e.g.
    Type: Application
    Filed: June 29, 2024
    Publication date: January 1, 2026
    Inventors: Melissa AILEM, Max Piasevoli, Srisuma Movva, William Blum, Daniel Lee Mace, Homa Hayatyfar
  • Publication number: 20260004121
    Abstract: Methods, systems, and computer storage media for providing iterative data processing optimization using an iterative data processing optimization engine in a data intelligence system are described. Iterative data processing refers to handling data where the processing steps are repeated multiple times, across multiple views or modalities, to train machine learning models, filter and score data or generate output. The iterative data processing optimization engine employs expectation step machine learning models that are simple but with fast language models to efficiently and effectively probe and analyze data, while iteratively refining maximization step machine learning models that are optimized and fast to approximate the probing mechanism of the expectation step machine learning models more efficiently, for example, using metadata, external information, and compressed representation.
    Type: Application
    Filed: June 29, 2024
    Publication date: January 1, 2026
    Inventors: Daniel Lee MACE, Max Piasevoli, Melissa Ailem, Srisuma Movva, Wesley Hsien-Yi Chan, William Blum
  • Patent number: 12505206
    Abstract: Techniques are described herein that are capable of performing automatic graph-based detection of potential security threats. A Bayesian network is initialized using an association graph to establish connections among network nodes in the Bayesian network. The network nodes are grouped among clusters that correspond to respective intents. Patterns in the Bayesian network are identified. At least one redundant connection, which is redundant with regard to one or more other connections, is removed from the patterns. Scores are assigned to the respective patterns in the Bayesian network, based on knowledge of historical patterns and historical security threats, such that each score indicates a likelihood of the respective pattern to indicate a security threat. An output graph is automatically generated. The output graph includes each pattern that has a score that is greater than or equal to a score threshold. Each pattern in the output graph represents a potential security threat.
    Type: Grant
    Filed: February 4, 2024
    Date of Patent: December 23, 2025
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Anisha Mazumder, Haijun Zhai, Daniel Lee Mace, Yogesh K. Roy, Seetharaman Harikrishnan
  • Patent number: 12462106
    Abstract: In some examples, a method of generating a security report is provided. The method includes receiving a user query and security data, and providing the user query and security data to a semantic model. The semantic model generates one or more first embeddings. The method further includes receiving, from a data model, one or more second embeddings. The data model is generated based on historical threat intelligence data. The model further includes generating an execution plan based on the one or more first embeddings and the one or more second embeddings, and returning a report that corresponds to the execution plan.
    Type: Grant
    Filed: March 24, 2023
    Date of Patent: November 4, 2025
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Eric Paul Douglas, Mario Davis Goertzel, Lloyd Geoffrey Greenwald, Aditi Kamlesh Shah, Leo Moreno Betthauser, Daniel Lee Mace, Nicholas Becker
  • Publication number: 20250322069
    Abstract: A computer-implemented method of generating a security language query from a user input query includes receiving, at a computer system, an input security hunting user query indicating a user intention; selecting, using a trained machine learning model and based on the input security hunting query, an example user security hunting query and corresponding example security language query; generating, using the trained machine learning model, query metadata from the input security hunting query; generating a prompt, the prompt comprising: the input security hunting user query; the selected example user security hunting query and the corresponding example security language query; and the generated query metadata; inputting the prompt to a large language model; receiving a security language query from the large language model corresponding to the input security hunting query reflective of the user intention.
    Type: Application
    Filed: June 27, 2025
    Publication date: October 16, 2025
    Inventors: Daniel Lee MACE, William Blum, Jeremias Eichelbaum, Amir Rubin, Edir V. Garcia Lazo, Nihal Irmak Pakis, Yogesh K. Roy, Jugal Parikh, Peter A. Bryan, Benjamin Elliott Nick, Ram Shankar Siva Kumar
  • Patent number: 12373554
    Abstract: A computer-implemented method of generating a security language query from a user input query includes receiving, at a computer system, an input security hunting user query indicating a user intention; selecting, using a trained machine learning model and based on the input security hunting query, an example user security hunting query and corresponding example security language query; generating, using the trained machine learning model, query metadata from the input security hunting query; generating a prompt, the prompt comprising: the input security hunting user query; the selected example user security hunting query and the corresponding example security language query; and the generated query metadata; inputting the prompt to a large language model; receiving a security language query from the large language model corresponding to the input security hunting query reflective of the user intention.
    Type: Grant
    Filed: August 31, 2022
    Date of Patent: July 29, 2025
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Daniel Lee Mace, William Blum, Jeremias Eichelbaum, Amir Rubin, Edir V. Garcia Lazo, Nihal Irmak Pakis, Yogesh K. Roy, Jugal Parikh, Peter A. Bryan, Benjamin Elliott Nick, Ram Shankar Siva Kumar
  • Publication number: 20240428007
    Abstract: Machine learning models are used to generate a plan that responds to a user request. The plan includes one or more skills selected from a list of available skills. The prompt may be written in natural language, enabling the user to express their intent without having to know which skills are available or their intricacies. In some configurations, a skill is included in the plan if an embedding representation of an example prompt associated with the skill is within a defined distance of an embedding representation of the user request. Additionally, or alternatively, the embedding distance computations are used to narrow the list of available skills, which is then used to construct a meta-prompt that selects a skill. Skills listed in the meta-prompt may include data types of parameters and return values. This allows the model that processes the meta-prompt to order skills based on data type compatibility.
    Type: Application
    Filed: June 21, 2023
    Publication date: December 26, 2024
    Inventors: Amir H. ABDI, Nitin Kumar GOEL, Daniel Lee MACE, William BLUM
  • Publication number: 20240256780
    Abstract: In some examples, a method of generating a security report is provided. The method includes receiving a user query and security data, and providing the user query and security data to a semantic model. The semantic model generates one or more first embeddings. The method further includes receiving, from a data model, one or more second embeddings. The data model is generated based on historical threat intelligence data. The model further includes generating an execution plan based on the one or more first embeddings and the one or more second embeddings, and returning a report that corresponds to the execution plan.
    Type: Application
    Filed: March 24, 2023
    Publication date: August 1, 2024
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Eric Paul DOUGLAS, Mario Davis GOERTZEL, Lloyd Geoffrey GREENWALD, Aditi Kamlesh SHAH, Leo Moreno BETTHAUSER, Daniel Lee MACE, Nicholas BECKER
  • Publication number: 20240211591
    Abstract: Techniques are described herein that are capable of performing automatic graph-based detection of potential security threats. A Bayesian network is initialized using an association graph to establish connections among network nodes in the Bayesian network. The network nodes are grouped among clusters that correspond to respective intents. Patterns in the Bayesian network are identified. At least one redundant connection, which is redundant with regard to one or more other connections, is removed from the patterns. Scores are assigned to the respective patterns in the Bayesian network, based on knowledge of historical patterns and historical security threats, such that each score indicates a likelihood of the respective pattern to indicate a security threat. An output graph is automatically generated. The output graph includes each pattern that has a score that is greater than or equal to a score threshold. Each pattern in the output graph represents a potential security threat.
    Type: Application
    Filed: February 4, 2024
    Publication date: June 27, 2024
    Inventors: Anisha MAZUMDER, Haijun ZHAI, Daniel Lee MACE, Yogesh K. ROY, Seetharaman HARIKRISHNAN
  • Patent number: 11928207
    Abstract: Techniques are described herein that are capable of performing automatic graph-based detection of potential security threats. A Bayesian network is initialized using an association graph to establish connections among network nodes in the Bayesian network. The network nodes are grouped among clusters that correspond to respective intents. Patterns in the Bayesian network are identified. At least one redundant connection, which is redundant with regard to one or more other connections, is removed from the patterns. Scores are assigned to the respective patterns in the Bayesian network, based on knowledge of historical patterns and historical security threats, such that each score indicates a likelihood of the respective pattern to indicate a security threat. An output graph is automatically generated. The output graph includes each pattern that has a score that is greater than or equal to a score threshold. Each pattern in the output graph represents a potential security threat.
    Type: Grant
    Filed: November 5, 2021
    Date of Patent: March 12, 2024
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Anisha Mazumder, Haijun Zhai, Daniel Lee Mace, Yogesh K. Roy, Seetharaman Harikrishnan
  • Publication number: 20240070270
    Abstract: A computer-implemented method of generating a security language query from a user input query includes receiving, at a computer system, an input security hunting user query indicating a user intention; selecting, using a trained machine learning model and based on the input security hunting query, an example user security hunting query and corresponding example security language query; generating, using the trained machine learning model, query metadata from the input security hunting query; generating a prompt, the prompt comprising: the input security hunting user query; the selected example user security hunting query and the corresponding example security language query; and the generated query metadata; inputting the prompt to a large language model; receiving a security language query from the large language model corresponding to the input security hunting query reflective of the user intention.
    Type: Application
    Filed: August 31, 2022
    Publication date: February 29, 2024
    Inventors: Daniel Lee MACE, William BLUM, Jeremias EICHELBAUM, Amir RUBIN, Edir V. GARCIA LAZO, Nihal Irmak PAKIS, Yogesh K. ROY, Jugal PARIKH, Peter A. BRYAN, Benjamin Elliott NICK, Ram Shankar Siva KUMAR
  • Publication number: 20230275907
    Abstract: In network security systems, graph-based techniques can be used to identify, for any given security incident including a collection of security events, other incidents that are similar. In example embodiments, similarity is determined based on graph representations of the incidents in which security events are represented as nodes, using graph matching techniques or incident thumbprints computed from node embeddings. The identified similar incidents can provide context to inform threat assessment and the selection of appropriate mitigating actions.
    Type: Application
    Filed: February 28, 2022
    Publication date: August 31, 2023
    Inventors: Anna Swanson BERTIGER, Daniel Lee MACE, Andrew White WICKER
  • Publication number: 20230275908
    Abstract: In network security systems, graph-based techniques may be employed to generate “thumbprints” of security incidents, which may thereafter be used, e.g., for threat actor attribution or the identification of similar incidents. In various embodiments, each security incident is represented by a graph in which security events correspond to nodes, and which encodes associated metadata in additional nodes and/or node/edge attributes. Graph representation learning may be used to compute node and/or edge embeddings, which can then be aggregated into the thumbprint of the incident.
    Type: Application
    Filed: February 28, 2022
    Publication date: August 31, 2023
    Inventors: Daniel Lee MACE, Andrew White WICKER
  • Publication number: 20230102103
    Abstract: Techniques are described herein that are capable of performing automatic graph-based detection of potential security threats. A Bayesian network is initialized using an association graph to establish connections among network nodes in the Bayesian network. The network nodes are grouped among clusters that correspond to respective intents. Patterns in the Bayesian network are identified. At least one redundant connection, which is redundant with regard to one or more other connections, is removed from the patterns. Scores are assigned to the respective patterns in the Bayesian network, based on knowledge of historical patterns and historical security threats, such that each score indicates a likelihood of the respective pattern to indicate a security threat. An output graph is automatically generated. The output graph includes each pattern that has a score that is greater than or equal to a score threshold. Each pattern in the output graph represents a potential security threat.
    Type: Application
    Filed: November 5, 2021
    Publication date: March 30, 2023
    Inventors: Anisha MAZUMDER, Haijun ZHAI, Daniel Lee MACE, Yogesh K. ROY, Seetharaman HARIKRISHNAN
  • Publication number: 20200104696
    Abstract: Systems are provided for using machine learning to identify service accounts and/or for distinguishing service accounts from user accounts based on the user names of the accounts. Machine learning tools can be trained on user name label data for service accounts and user accounts. The trained machine learning tool can then be applied to user names of accounts to determine whether the user names correspond to service accounts or not and, in some instances, without referencing tables or other structures that explicitly identify and distinguish the service/user accounts and/or conventions for identifying service accounts. Then, the systems can respond appropriately, based on the determination. The machine learning tool can also be shared with other systems to make the same determinations for their accounts without having to share confidential or proprietary account information.
    Type: Application
    Filed: September 28, 2018
    Publication date: April 2, 2020
    Inventors: Richard Patrick Lewis, Lisa Deng, Craig Henry Wittenberg, Daniel Lee Mace, Yogesh Kant Roy
  • Publication number: 20180137401
    Abstract: A computing system for generating automated responses to improve response times for diagnosing security alerts includes a processor and a memory. An application is stored in the memory and executed by the processor. The application includes instructions for receiving a text phrase relating to a security alert; using a natural language interface with a natural language model to select one of a plurality of intents corresponding to the text phrase; and mapping the selected intent to one of a plurality of actions. Each of the plurality of actions includes at least one of a static response, a dynamic response, and a task. The application includes instructions for sending a response based on the at least one of the static response, the dynamic response, and the task.
    Type: Application
    Filed: November 16, 2016
    Publication date: May 17, 2018
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Ram Shankar Siva KUMAR, Bryan Jeffrey SMITH, Andrew White WICKER, Daniel Lee MACE, David Charles LADD
  • Publication number: 20160203316
    Abstract: Embodiments are directed to generating an account process profile based on meta-events and to detecting account behavior anomalies based on account process profiles. In one scenario, a computer system accesses an indication of which processes were initiated by an account over a specified period of time. The computer system analyzes at least some of the processes identified in the indication to extract features associated with the processes. The computer system assigns the processes to meta-events based on the extracted features, where each meta-event is a representation of how the processes are executed within the computer system. The computer system then generates an account process profile for the account based on the meta-events, where the account process profile provides a comprehensive view of the account's behavior over the specified period of time. This account process profile can be used to identify anomalies in process execution.
    Type: Application
    Filed: January 14, 2015
    Publication date: July 14, 2016
    Inventors: Daniel Lee Mace, Gil Lapid Shafriri, Craig Henry Wittenberg