Patents by Inventor Evan John Argyle
Evan John Argyle has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20260087131Abstract: The disclosed configurations generate synthetic attack data that emulates the markers of a cyberattack. The generated synthetic attack data is used to train an attack detection machine learning model that detects and mitigates actual cyberattacks in real-time. Synthetic attack data is generated by a synthetic attack data generation model, which is trained with a synthetic attack data generation prompt. The synthetic attack data generation prompt is constructed out of attack data samples and a prompt guideline. The prompt guideline is created from attack procedure descriptions, such as security blog posts or other write-ups about actual cyberattacks. Prompt guidelines may include samples of actual attack data that indicate how to format synthetic attack data. Once deployed, the attack detection machine learning model infers the occurrence of a cyberattack from log entries. Detected cyberattacks may be mitigated in an automated or semi-automated manner.Type: ApplicationFiled: November 27, 2024Publication date: March 26, 2026Inventors: Zheng DONG, Everton Luís BERZ, Jie LI, Patrick ESTAVILLO, Geoffrey Lyall MCDONALD, Dmitri BEKERMAN, Evan John ARGYLE, Moukhik MISRA
-
Publication number: 20250165598Abstract: Embodiments of the present disclosure provide systems, methods, and non-transitory computer storage media for identifying malicious enterprise behaviors within a large enterprise. At a high level, embodiments of the present disclosure identify sub-graphs of behaviors within an enterprise based on probabilistic and deterministic methods. For example, starting with the node or edge having the highest risk score, embodiments of the present disclosure iteratively crawl a list of neighbors associated with the nodes or edges to identify subsets of behaviors within an enterprise that indicate potentially malicious activity based on the risk scores of each connected node and edge. In another example, embodiments select a target node and traverse the connected nodes via edges until a root-cause condition is met. Based on the traversal, a sub-graph is identified indicating a malicious execution path of traversed nodes with associated insights indicating the meaning or activity of the node.Type: ApplicationFiled: January 23, 2025Publication date: May 22, 2025Inventors: Joshua Charles NEIL, Evan John ARGYLE, Anna Swanson BERTIGER, Lior GRANIT, Yair TSARFATY, David Natan KAPLAN
-
Patent number: 12242602Abstract: Embodiments of the present disclosure provide systems, methods, and non-transitory computer storage media for identifying malicious enterprise behaviors within a large enterprise. At a high level, embodiments of the present disclosure identify sub-graphs of behaviors within an enterprise based on probabilistic and deterministic methods. For example, starting with the node or edge having the highest risk score, embodiments of the present disclosure iteratively crawl a list of neighbors associated with the nodes or edges to identify subsets of behaviors within an enterprise that indicate potentially malicious activity based on the risk scores of each connected node and edge. In another example, embodiments select a target node and traverse the connected nodes via edges until a root-cause condition is met. Based on the traversal, a sub-graph is identified indicating a malicious execution path of traversed nodes with associated insights indicating the meaning or activity of the node.Type: GrantFiled: December 22, 2022Date of Patent: March 4, 2025Assignee: Microsoft Technology Licensing, LLCInventors: Joshua Charles Neil, Evan John Argyle, Anna Swanson Bertiger, Lior Granit, Yair Tsarfaty, David Natan Kaplan
-
Publication number: 20240380771Abstract: In network security systems, graph-based techniques can be used to analyze data collected for a particular security incident, e.g., a command-and-control incident. In example embodiments, data extracted from data records of network activity and/or security alerts is used to generate a multipartite graph in which different entities (e.g., machines, processes, and domains or IP addresses) are represented as different types of nodes and relationships between the entities are represented as edges. The multipartite graph may be clustered, and the clusters be ranked according to some indicator of maliciousness (e.g., the number of associated security alerts or indicators of compromise (IoCs)). An output generated from the highest-ranking cluster(s) may serve, e.g., to identify new IoCs, or flow into mitigating actions taken in response to the incident.Type: ApplicationFiled: July 19, 2024Publication date: November 14, 2024Inventors: Nisha SHAHUL HAMEED, Rishi Dev JHA, Evan John ARGYLE
-
Patent number: 12081569Abstract: In network security systems, graph-based techniques can be used to analyze data collected for a particular security incident, e.g., a command-and-control incident. In example embodiments, data extracted from data records of network activity and/or security alerts is used to generate a multipartite graph in which different entities (e.g., machines, processes, and domains or IP addresses) are represented as different types of nodes and relationships between the entities are represented as edges. The multipartite graph may be clustered, and the clusters be ranked according to some indicator of maliciousness (e.g., the number of associated security alerts or indicators of compromise (IoCs)). An output generated from the highest-ranking cluster(s) may serve, e.g., to identify new IoCs, or flow into mitigating actions taken in response to the incident.Type: GrantFiled: February 25, 2022Date of Patent: September 3, 2024Assignee: Microsoft Technology Licensing, LLCInventors: Nisha Shahul Hameed, Rishi Dev Jha, Evan John Argyle
-
Publication number: 20230275912Abstract: In network security systems, graph-based techniques can be used to analyze data collected for a particular security incident, e.g., a command-and-control incident. In example embodiments, data extracted from data records of network activity and/or security alerts is used to generate a multipartite graph in which different entities (e.g., machines, processes, and domains or IP addresses) are represented as different types of nodes and relationships between the entities are represented as edges. The multipartite graph may be clustered, and the clusters be ranked according to some indicator of maliciousness (e.g., the number of associated security alerts or indicators of compromise (IoCs)). An output generated from the highest-ranking cluster(s) may serve, e.g., to identify new IoCs, or flow into mitigating actions taken in response to the incident.Type: ApplicationFiled: February 25, 2022Publication date: August 31, 2023Inventors: Nisha SHAHUL HAMEED, Rishi Dev JHA, Evan John ARGYLE
-
Publication number: 20230129144Abstract: Embodiments of the present disclosure provide systems, methods, and non-transitory computer storage media for identifying malicious enterprise behaviors within a large enterprise. At a high level, embodiments of the present disclosure identify sub-graphs of behaviors within an enterprise based on probabilistic and deterministic methods. For example, starting with the node or edge having the highest risk score, embodiments of the present disclosure iteratively crawl a list of neighbors associated with the nodes or edges to identify subsets of behaviors within an enterprise that indicate potentially malicious activity based on the risk scores of each connected node and edge. In another example, embodiments select a target node and traverse the connected nodes via edges until a root-cause condition is met. Based on the traversal, a sub-graph is identified indicating a malicious execution path of traversed nodes with associated insights indicating the meaning or activity of the node.Type: ApplicationFiled: December 22, 2022Publication date: April 27, 2023Inventors: Joshua Charles NEIL, Evan John Argyle, Anna Swanson Bertiger, Lior Granit, Yair Tsarfaty, David Natan Kaplan
-
Patent number: 11556636Abstract: Embodiments of the present disclosure provide systems, methods, and non-transitory computer storage media for identifying malicious enterprise behaviors within a large enterprise. At a high level, embodiments of the present disclosure identify sub-graphs of behaviors within an enterprise based on probabilistic and deterministic methods. For example, starting with the node or edge having the highest risk score, embodiments of the present disclosure iteratively crawl a list of neighbors associated with the nodes or edges to identify subsets of behaviors within an enterprise that indicate potentially malicious activity based on the risk scores of each connected node and edge. In another example, embodiments select a target node and traverse the connected nodes via edges until a root-cause condition is met. Based on the traversal, a sub-graph is identified indicating a malicious execution path of traversed nodes with associated insights indicating the meaning or activity of the node.Type: GrantFiled: June 30, 2020Date of Patent: January 17, 2023Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Joshua Charles Neil, Evan John Argyle, Anna Swanson Bertiger, Lior Granit, Yair Tsarfaty, David Natan Kaplan
-
Publication number: 20210406365Abstract: Embodiments of the present disclosure provide systems, methods, and non-transitory computer storage media for identifying malicious enterprise behaviors within a large enterprise. At a high level, embodiments of the present disclosure identify sub-graphs of behaviors within an enterprise based on probabilistic and deterministic methods. For example, starting with the node or edge having the highest risk score, embodiments of the present disclosure iteratively crawl a list of neighbors associated with the nodes or edges to identify subsets of behaviors within an enterprise that indicate potentially malicious activity based on the risk scores of each connected node and edge. In another example, embodiments select a target node and traverse the connected nodes via edges until a root-cause condition is met. Based on the traversal, a sub-graph is identified indicating a malicious execution path of traversed nodes with associated insights indicating the meaning or activity of the node.Type: ApplicationFiled: June 30, 2020Publication date: December 30, 2021Inventors: Joshua Charles Neil, Evan John Argyle, Anna Swanson Bertiger, Lior Granit, Yair Tsarfaty, David Natan Kaplan