Patents by Inventor Evan John Argyle

Evan John Argyle has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20260087131
    Abstract: The disclosed configurations generate synthetic attack data that emulates the markers of a cyberattack. The generated synthetic attack data is used to train an attack detection machine learning model that detects and mitigates actual cyberattacks in real-time. Synthetic attack data is generated by a synthetic attack data generation model, which is trained with a synthetic attack data generation prompt. The synthetic attack data generation prompt is constructed out of attack data samples and a prompt guideline. The prompt guideline is created from attack procedure descriptions, such as security blog posts or other write-ups about actual cyberattacks. Prompt guidelines may include samples of actual attack data that indicate how to format synthetic attack data. Once deployed, the attack detection machine learning model infers the occurrence of a cyberattack from log entries. Detected cyberattacks may be mitigated in an automated or semi-automated manner.
    Type: Application
    Filed: November 27, 2024
    Publication date: March 26, 2026
    Inventors: Zheng DONG, Everton Luís BERZ, Jie LI, Patrick ESTAVILLO, Geoffrey Lyall MCDONALD, Dmitri BEKERMAN, Evan John ARGYLE, Moukhik MISRA
  • Publication number: 20250165598
    Abstract: Embodiments of the present disclosure provide systems, methods, and non-transitory computer storage media for identifying malicious enterprise behaviors within a large enterprise. At a high level, embodiments of the present disclosure identify sub-graphs of behaviors within an enterprise based on probabilistic and deterministic methods. For example, starting with the node or edge having the highest risk score, embodiments of the present disclosure iteratively crawl a list of neighbors associated with the nodes or edges to identify subsets of behaviors within an enterprise that indicate potentially malicious activity based on the risk scores of each connected node and edge. In another example, embodiments select a target node and traverse the connected nodes via edges until a root-cause condition is met. Based on the traversal, a sub-graph is identified indicating a malicious execution path of traversed nodes with associated insights indicating the meaning or activity of the node.
    Type: Application
    Filed: January 23, 2025
    Publication date: May 22, 2025
    Inventors: Joshua Charles NEIL, Evan John ARGYLE, Anna Swanson BERTIGER, Lior GRANIT, Yair TSARFATY, David Natan KAPLAN
  • Patent number: 12242602
    Abstract: Embodiments of the present disclosure provide systems, methods, and non-transitory computer storage media for identifying malicious enterprise behaviors within a large enterprise. At a high level, embodiments of the present disclosure identify sub-graphs of behaviors within an enterprise based on probabilistic and deterministic methods. For example, starting with the node or edge having the highest risk score, embodiments of the present disclosure iteratively crawl a list of neighbors associated with the nodes or edges to identify subsets of behaviors within an enterprise that indicate potentially malicious activity based on the risk scores of each connected node and edge. In another example, embodiments select a target node and traverse the connected nodes via edges until a root-cause condition is met. Based on the traversal, a sub-graph is identified indicating a malicious execution path of traversed nodes with associated insights indicating the meaning or activity of the node.
    Type: Grant
    Filed: December 22, 2022
    Date of Patent: March 4, 2025
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Joshua Charles Neil, Evan John Argyle, Anna Swanson Bertiger, Lior Granit, Yair Tsarfaty, David Natan Kaplan
  • Publication number: 20240380771
    Abstract: In network security systems, graph-based techniques can be used to analyze data collected for a particular security incident, e.g., a command-and-control incident. In example embodiments, data extracted from data records of network activity and/or security alerts is used to generate a multipartite graph in which different entities (e.g., machines, processes, and domains or IP addresses) are represented as different types of nodes and relationships between the entities are represented as edges. The multipartite graph may be clustered, and the clusters be ranked according to some indicator of maliciousness (e.g., the number of associated security alerts or indicators of compromise (IoCs)). An output generated from the highest-ranking cluster(s) may serve, e.g., to identify new IoCs, or flow into mitigating actions taken in response to the incident.
    Type: Application
    Filed: July 19, 2024
    Publication date: November 14, 2024
    Inventors: Nisha SHAHUL HAMEED, Rishi Dev JHA, Evan John ARGYLE
  • Patent number: 12081569
    Abstract: In network security systems, graph-based techniques can be used to analyze data collected for a particular security incident, e.g., a command-and-control incident. In example embodiments, data extracted from data records of network activity and/or security alerts is used to generate a multipartite graph in which different entities (e.g., machines, processes, and domains or IP addresses) are represented as different types of nodes and relationships between the entities are represented as edges. The multipartite graph may be clustered, and the clusters be ranked according to some indicator of maliciousness (e.g., the number of associated security alerts or indicators of compromise (IoCs)). An output generated from the highest-ranking cluster(s) may serve, e.g., to identify new IoCs, or flow into mitigating actions taken in response to the incident.
    Type: Grant
    Filed: February 25, 2022
    Date of Patent: September 3, 2024
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Nisha Shahul Hameed, Rishi Dev Jha, Evan John Argyle
  • Publication number: 20230275912
    Abstract: In network security systems, graph-based techniques can be used to analyze data collected for a particular security incident, e.g., a command-and-control incident. In example embodiments, data extracted from data records of network activity and/or security alerts is used to generate a multipartite graph in which different entities (e.g., machines, processes, and domains or IP addresses) are represented as different types of nodes and relationships between the entities are represented as edges. The multipartite graph may be clustered, and the clusters be ranked according to some indicator of maliciousness (e.g., the number of associated security alerts or indicators of compromise (IoCs)). An output generated from the highest-ranking cluster(s) may serve, e.g., to identify new IoCs, or flow into mitigating actions taken in response to the incident.
    Type: Application
    Filed: February 25, 2022
    Publication date: August 31, 2023
    Inventors: Nisha SHAHUL HAMEED, Rishi Dev JHA, Evan John ARGYLE
  • Publication number: 20230129144
    Abstract: Embodiments of the present disclosure provide systems, methods, and non-transitory computer storage media for identifying malicious enterprise behaviors within a large enterprise. At a high level, embodiments of the present disclosure identify sub-graphs of behaviors within an enterprise based on probabilistic and deterministic methods. For example, starting with the node or edge having the highest risk score, embodiments of the present disclosure iteratively crawl a list of neighbors associated with the nodes or edges to identify subsets of behaviors within an enterprise that indicate potentially malicious activity based on the risk scores of each connected node and edge. In another example, embodiments select a target node and traverse the connected nodes via edges until a root-cause condition is met. Based on the traversal, a sub-graph is identified indicating a malicious execution path of traversed nodes with associated insights indicating the meaning or activity of the node.
    Type: Application
    Filed: December 22, 2022
    Publication date: April 27, 2023
    Inventors: Joshua Charles NEIL, Evan John Argyle, Anna Swanson Bertiger, Lior Granit, Yair Tsarfaty, David Natan Kaplan
  • Patent number: 11556636
    Abstract: Embodiments of the present disclosure provide systems, methods, and non-transitory computer storage media for identifying malicious enterprise behaviors within a large enterprise. At a high level, embodiments of the present disclosure identify sub-graphs of behaviors within an enterprise based on probabilistic and deterministic methods. For example, starting with the node or edge having the highest risk score, embodiments of the present disclosure iteratively crawl a list of neighbors associated with the nodes or edges to identify subsets of behaviors within an enterprise that indicate potentially malicious activity based on the risk scores of each connected node and edge. In another example, embodiments select a target node and traverse the connected nodes via edges until a root-cause condition is met. Based on the traversal, a sub-graph is identified indicating a malicious execution path of traversed nodes with associated insights indicating the meaning or activity of the node.
    Type: Grant
    Filed: June 30, 2020
    Date of Patent: January 17, 2023
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Joshua Charles Neil, Evan John Argyle, Anna Swanson Bertiger, Lior Granit, Yair Tsarfaty, David Natan Kaplan
  • Publication number: 20210406365
    Abstract: Embodiments of the present disclosure provide systems, methods, and non-transitory computer storage media for identifying malicious enterprise behaviors within a large enterprise. At a high level, embodiments of the present disclosure identify sub-graphs of behaviors within an enterprise based on probabilistic and deterministic methods. For example, starting with the node or edge having the highest risk score, embodiments of the present disclosure iteratively crawl a list of neighbors associated with the nodes or edges to identify subsets of behaviors within an enterprise that indicate potentially malicious activity based on the risk scores of each connected node and edge. In another example, embodiments select a target node and traverse the connected nodes via edges until a root-cause condition is met. Based on the traversal, a sub-graph is identified indicating a malicious execution path of traversed nodes with associated insights indicating the meaning or activity of the node.
    Type: Application
    Filed: June 30, 2020
    Publication date: December 30, 2021
    Inventors: Joshua Charles Neil, Evan John Argyle, Anna Swanson Bertiger, Lior Granit, Yair Tsarfaty, David Natan Kaplan