Patents by Inventor Fady Copty

Fady Copty has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20240411867
    Abstract: Methods, systems, and computer storage media for providing data security posture management using an application discovery engine in a security management system. Application discovery supports identifying and mapping various applications within a computing environment. In particular, application discovery can be provided as part of security management operations to assess security posture of applications, identify vulnerabilities, and ensure compliance with regulations. In operation, application discovery data associated with a plurality computing resources of a computing environment is accessed. An annotated application discovery graph comprising a plurality of entities that represent the plurality of computing resources is generated. The annotated application discovery graph is deployed to support generating security postures for computing environments. A request is received for a security posture of the computing environment.
    Type: Application
    Filed: June 7, 2023
    Publication date: December 12, 2024
    Inventors: Shay Chriba SAKAZI, Fady Copty, Tamer SALMAN, Ofir MONZA
  • Patent number: 12132751
    Abstract: An approach to predicting the outcome of a computer security response. The approach can analyze an unlabeled set of network data and based on the analysis, create a language model of the network. The approach can process the language model to predict a reduction factor associated with network availability. The approach can further process the language model and a malicious sequence to predict an effectiveness factor associated with blocking the malicious sequence. The approach can output bot the reduction factor and the effectiveness factor to a network administrator for determining the applicability of the computer security response.
    Type: Grant
    Filed: September 25, 2023
    Date of Patent: October 29, 2024
    Assignee: International Business Machines Corporation
    Inventor: Fady Copty
  • Patent number: 11947444
    Abstract: Embodiments may provide techniques that may provide more accurate and actionable alerts by cloud workload security systems so as to improve overall cloud workload security. For example, in an embodiment, a method may be implemented in a computer system comprising a processor, memory accessible by the processor, and computer program instructions stored in the memory and executable by the processor, and the method may comprise generating performance and security information relating to a software system during development of the software system, generating performance and security information relating to the software system during deployed operation of the software system, matching the performance and security information generated during development of the software system with the performance and security information generated during deployed operation of the software system to determine performance and security alerts to escalate, and reporting the escalated performance and security alerts.
    Type: Grant
    Filed: November 6, 2020
    Date of Patent: April 2, 2024
    Assignee: International Business Machines Corporation
    Inventors: Fady Copty, Omri Soceanu, Gilad Ezov, Ronen Levy
  • Publication number: 20240015174
    Abstract: An approach to predicting the outcome of a computer security response. The approach can analyze an unlabeled set of network data and based on the analysis, create a language model of the network. The approach can process the language model to predict a reduction factor associated with network availability. The approach can further process the language model and a malicious sequence to predict an effectiveness factor associated with blocking the malicious sequence. The approach can output bot the reduction factor and the effectiveness factor to a network administrator for determining the applicability of the computer security response.
    Type: Application
    Filed: September 25, 2023
    Publication date: January 11, 2024
    Inventor: Fady Copty
  • Patent number: 11805141
    Abstract: An approach to predicting the outcome of a computer security response. The approach can analyze an unlabeled set of network data and based on the analysis, create a language model of the network. The approach can process the language model to predict a reduction factor associated with network availability. The approach can further process the language model and a malicious sequence to predict an effectiveness factor associated with blocking the malicious sequence. The approach can output bot the reduction factor and the effectiveness factor to a network administrator for determining the applicability of the computer security response.
    Type: Grant
    Filed: March 30, 2021
    Date of Patent: October 31, 2023
    Assignee: International Business Machines Corporation
    Inventor: Fady Copty
  • Patent number: 11720802
    Abstract: Embodiments may provide techniques that that may automatically generate a customized SOC rule set for an organization. For example, in an embodiment, a method may be implemented in a computer comprising a processor, memory accessible by the processor, and computer program instructions stored in the memory and executable by the processor, the method may comprise simulating operation of a security incident and event management system by running a plurality of rules of the system on labeled data, determining fitness metrics of the plurality of rules, selecting at least one rule of the plurality of rules based on the determined fitness metrics; modifying the selected rule to form an updated rule, and repeating running the updated rule on the labeled data, determining fitness metrics of the updated rule, and mutating the updated rule.
    Type: Grant
    Filed: February 26, 2020
    Date of Patent: August 8, 2023
    Inventors: Fady Copty, Benjamin Zeltser
  • Patent number: 11704119
    Abstract: A method for automatically migrating infrastructure as code (IaC) from a first cloud infrastructure platform to a second cloud infrastructure platform is provided. The method may include receiving an original IaC comprising a first type of coding language. The method may further include using natural language processing to map a connection between the first type of coding language and a second type of coding language. The method may further include based on the mapped connection, using the NLP to automatically generate a partial translation of the first type of coding language to the second type of coding language. The method may further include using a machine learning algorithm to correct at least one inaccuracy in the partial translation. The method may further include generating a complete translation and implementing a second IaC on the second cloud infrastructure platform based on the complete translation.
    Type: Grant
    Filed: August 26, 2021
    Date of Patent: July 18, 2023
    Assignee: International Business Machines Corporation
    Inventors: Fady Copty, Lev Greenberg, Dov Murik, Omer Yehuda Boehm, Omri Soceanu
  • Patent number: 11573785
    Abstract: An example system includes a processor to receive a source code sample to be classified. The processor can execute a hybrid code analysis to generate an internal analysis state. The processor can extract features from the internal analysis state via a trained machine learning model modified using transfer learning. The processor can generate a label based on the extracted features via a machine learning classifier model trained on internal analysis states of hybrid code analyses.
    Type: Grant
    Filed: May 14, 2020
    Date of Patent: February 7, 2023
    Assignee: International Business Machines Corporation
    Inventors: Fady Copty, Shai Doron, Reda Igbaria
  • Patent number: 11550567
    Abstract: The present invention relates to novel techniques for monitoring changes to source code of Infrastructure as Code systems to detect attempted anomalous changes and block such changes from the code. For example, a method may comprise learning a security architecture and history of an infrastructure as code system to be deployed in at least one cloud account, monitoring changes to source code of the infrastructure as code system that are made before deployment of the infrastructure as code system to detect an anomaly, determining whether the detected anomaly affects regulated resources of the infrastructure as code system, and blocking changes to the source code of the infrastructure as code system that produce the detected anomaly that affects regulated resources of the infrastructure as code system.
    Type: Grant
    Filed: April 4, 2021
    Date of Patent: January 10, 2023
    Assignee: International Business Machines Corporation
    Inventors: Fady Copty, Omri Soceanu, Lev Greenberg, Dov Murik
  • Publication number: 20220309337
    Abstract: In an approach for policy security shifting left of infrastructure as code compliance, a processor trains a neural network model to classify a code per policy and provide a policy vector score for the code associated with one or more policies. A processor enables the neural network model to scan and score a new code during a continuous integration and continuous deployment pipeline. A processor outputs a scanned score of the new code to a user. A processor retrains the neural network model by capturing a continuous integration and continuous deployment change and run-time compliance posture that occurs as a response by the user.
    Type: Application
    Filed: March 29, 2021
    Publication date: September 29, 2022
    Inventor: Fady Copty
  • Patent number: 11409501
    Abstract: An approach for detecting non-compliant methodologies in a repository. The approach can generate an abstract model of an Infrastructure as Code (IaC) repository based on security requirements of an IaC. The approach can compare the abstract model to one or more validated abstract models associated with other repositories of a hybrid multi-cloud system. The approach can generate an alert notifying the IaC repository of one or more non-compliant methodology measures. The approach can send the alert to the IaC repository.
    Type: Grant
    Filed: June 30, 2021
    Date of Patent: August 9, 2022
    Assignee: International Business Machines Corporation
    Inventors: Fady Copty, Shripad Nadgowda
  • Patent number: 11308210
    Abstract: Deriving malware signatures by training a binary decision tree using known malware and benign software samples, each tree node representing a different software feature set and having one descending edge representing samples that are characterized by the node's software feature set and another descending edge representing samples that are not characterized thusly, selecting multiple continuous descending paths for multiple subsets of nodes, each path traversing a selected one of the edges descending from each of the nodes in its corresponding subset, deriving, based on the nodes and edges in any of the paths, a malware-associated software feature signature where the malware samples represented by leaves that directly or indirectly descend from an end of the continuous descending path meets a minimum percentage of the total number of samples represented by the leaves, and providing the malware signatures for use by a computer-based security tool configured to identify malware.
    Type: Grant
    Filed: January 22, 2019
    Date of Patent: April 19, 2022
    Assignee: International Business Machines Corporation
    Inventors: Fady Copty, Matan Danos, Orit Edelstein, Dov Murik, Benjamin Zeltser
  • Patent number: 11295013
    Abstract: An apparatus, a computer program product and a method for dimensionality reduction comprising: obtaining a set of Application Programming Interface (API) functions of a system invocable by a program, and a set of artifacts. Each artifact is associated with at least one API function and indicative of a functionality thereof. The method further comprising: clustering the API functions based on an analysis of the artifacts to create a set of clusters smaller than the set of API functions, such that each cluster comprises API functions having a similar functionality; and performing a dimensionality reduction to a feature vector using the set of clusters.
    Type: Grant
    Filed: December 11, 2017
    Date of Patent: April 5, 2022
    Assignee: International Business Machines Corporation
    Inventors: Fady Copty, Ayman Jarrous, Tamer Salman, Maksim Shudrak
  • Publication number: 20210357207
    Abstract: An example system includes a processor to receive a source code sample to be classified. The processor can execute a hybrid code analysis to generate an internal analysis state. The processor can extract features from the internal analysis state via a trained machine learning model modified using transfer learning. The processor can generate a label based on the extracted features via a machine learning classifier model trained on internal analysis states of hybrid code analyses.
    Type: Application
    Filed: May 14, 2020
    Publication date: November 18, 2021
    Inventors: Fady Copty, Shai Doron, Reda Igbaria
  • Patent number: 11023362
    Abstract: An apparatus, a computer program product and a method for co-verification of systems comprising software and hardware components. The method comprises obtaining an over-approximation of the system that over-approximates the software or the hardware by using a non-deterministic version thereof; performing simulation of the over-approximation of the system; and utilizing an outcome of the simulation to guide a co-simulation of the system. The co-simulation comprises instrumenting the software to identify whether the coverage goals are reached during execution, generating a test input for the system, simulating execution of the test input by the instrumented software, wherein during said simulating, stimuli provided from the instrumented software to underlying hardware is provided to a hardware simulator that is configured to simulate the hardware-under-test; determining a coverage of the execution of the test input, and utilizing the coverage information in a successive iteration of the method.
    Type: Grant
    Filed: January 9, 2020
    Date of Patent: June 1, 2021
    Assignee: International Business Machines Corporation
    Inventors: Fady Copty, Dov Murik, Sharon Keidar Barner
  • Patent number: 11003573
    Abstract: An apparatus, a computer program product and a method for co-verification of systems comprising software and hardware components. The method comprises obtaining an over-approximation of the system that over-approximates the software or the hardware by using a non-deterministic version thereof; performing simulation of the over-approximation of the system; and utilizing an outcome of the simulation to guide a co-simulation of the system. The co-simulation comprises instrumenting the software to identify whether the coverage goals are reached during execution, generating a test input for the system, simulating execution of the test input by the instrumented software, wherein during said simulating, stimuli provided from the instrumented software to underlying hardware is provided to a hardware simulator that is configured to simulate the hardware-under-test; determining a coverage of the execution of the test input, and utilizing the coverage information in a successive iteration of the method.
    Type: Grant
    Filed: January 9, 2020
    Date of Patent: May 11, 2021
    Assignee: International Business Machines Corporation
    Inventors: Fady Copty, Dov Murik, Sharon Keidar Barner
  • Patent number: 10915436
    Abstract: Embodiments of the present systems and methods may provide techniques that may provide unit-level test of an SUT, but which translates the unit-level test into a valid test of the SUT itself. For example, in an embodiment, a computer-implemented method for testing a system, the method may comprise analyzing the system to determine sub-components of the system and inputs to the sub-components, performing dynamic testing of the system and collecting pairs of inputs to the system and inputs to the sub-components, training a machine learning model to translate from inputs to the sub-components to inputs to the system input using the collected pairs of inputs to the system and inputs to the sub-components and performing sub-component level testing and translating the sub-component level testing to system level testing.
    Type: Grant
    Filed: December 8, 2018
    Date of Patent: February 9, 2021
    Assignee: International Business Machines Corporation
    Inventors: Fady Copty, Karen Yorav
  • Patent number: 10798075
    Abstract: A system, an apparatus, a computer program product and a method for obfuscation-based security and authentication. The method comprises: obtaining a different key for each different device; obfuscating an interface layer utilized by components of the device to interact, using the key, to produce an obfuscated interface layer; and providing, directly or indirectly, the two components with the key to allow the two components to utilize the obfuscated interface layer to interact with each other. The system comprises a plurality of devices that are instances of a same device and a server coupled to a memory retaining a plurality of keys, each of which is used to obfuscate interface layers of a different device to produce heterogeneous set of devices instead of a homogenous set of devices. Communications and operations with the plurality of devices are performed in an obfuscated manner through the server.
    Type: Grant
    Filed: January 29, 2018
    Date of Patent: October 6, 2020
    Assignee: International Business Machines Corporation
    Inventors: Fady Copty, Ayman Jarrous, Ronen Levy, Sharon Keidar Barner
  • Patent number: 10742642
    Abstract: In some examples, a system for authenticating users can include a processor to train a first predictive application based on a first set of user engagements with advertisements, wherein the first predictive application is associated with a first advertising identifier. The processor can also train a second predictive application based on a second set of user engagements with the advertisements, wherein the second predictive application is associated with a second advertising identifier. Additionally, the processor can compare the first predictive application and the second predictive application and authenticate a user in response to detecting a similarity of the first predictive application and the second predictive application is below a threshold value, wherein authenticating the user enables the user to access a resource or service.
    Type: Grant
    Filed: October 25, 2018
    Date of Patent: August 11, 2020
    Assignee: International Business Machines Corporation
    Inventors: Ayelet Avni, Fady Copty, Ayman Jarrous, Sharon Keidar-Barner, Shiri Lemel
  • Patent number: 10657257
    Abstract: A method, apparatus and product performing feature vector aggregation for malware detection. Two sets of measurements produced by a two dynamic analyses of an examined program are obtained, wherein the two dynamic analyses are performed with respect to the examined program executing two different execution paths. An aggregated feature vector representing the examined program is generated. The aggregated feature vector comprises a set of aggregated features, wherein a value of each aggregated feature is based on an aggregation of corresponding measurements in the first set of measurements and in the second set of measurements. A predictive model is applied on the aggregated feature vector to classify the examined program as malicious or benign.
    Type: Grant
    Filed: December 6, 2017
    Date of Patent: May 19, 2020
    Assignee: International Business Machines Corporation
    Inventors: Fady Copty, Cynthia Eisner, Dov Murik, Tamer Salman