Abstract: A method for information processing includes computing, over a corpus of conversations, a conversation structure model including (i) a sequence of conversation parts having a defined order, and (ii) a probabilistic model defining each of the conversation parts. For a given conversation, a segmentation of the conversation is computed based on the computed conversation structure model. Action is taken on the given conversation according to the segmentation.

Abstract: One embodiment of a computer-implemented method for detecting positivity violations within a dataset comprises generating, using a trained machine learning model, a plurality of propensity scores based on observational data associated with a group of entities; analyzing the plurality of propensity scores to identify one or more potential positivity violations; performing one or more training operations on the observational data based on the one or more potential positivity violations to generate a first trained decision tree associated with the one or more potential positivity violations; and determining, based on the trained first decision tree, a first positivity violation comprising a first combination of attribute values that is associated with at least one entity included in treatment group and is not associated with any entity included in a control group.

Abstract: A method for audio processing includes receiving a recording of a teleconference among multiple participants over a network, including an audio stream containing speech uttered by the participants and information outside the audio stream. The method further includes processing the audio stream to identify speech segments interspersed with intervals of silence, extracting speaker identifications from the information outside the audio stream in the received recording, labeling a first set of the identified speech segments from the audio stream with the speaker identifications, extracting acoustic features from the speech segments in the first set, learning a correlation between the speaker identifications labelled to the segments in the first set and the extracted acoustic features, and labeling a second set of the identified speech segments using the learned correlation, to indicate the participants who spoke during the speech segments in the second set.

Abstract: A method for audio processing includes receiving, in a computer, a recording of a teleconference among multiple participants over a network including an audio stream containing speech uttered by the participants and conference metadata for controlling a display on video screens viewed by the participants during the teleconference. The audio stream is processed by the computer to identify speech segments, in which one or more of the participants were speaking, interspersed with intervals of silence in the audio stream. The conference metadata are parsed so as to extract speaker identifications, which are indicative of the participants who spoke during successive periods of the teleconference. The teleconference is diarized by labeling the identified speech segments from the audio stream with the speaker identifications extracted from corresponding periods of the teleconference.

Abstract: Disclosed herein is a system and method that can be used with any underlying classification technique. The method receives a test dataset and determines the features in that test dataset that are present. From these features the training dataset is modified to only have those features that are present in the test dataset. This modified test dataset is then used to calibrate the classifier for the particular incoming data set. The process repeats itself for each different incoming dataset providing a just in time calibration of the classifier.

Abstract: A method for information processing includes completing, over a corpus of conversations, a conversation structure model including (i) a sequence of conversation parts having a defined order, and (ii) a probabilistic model defining each of the conversation parts. For a given conversation, a segmentation of the conversation is computed based on the computed conversation structure model. Action is taken on the given conversation according to the segmentation.

Abstract: Controlling device security includes obtaining a set of device activity data indicating current device activity on a device and a set of user activity data indicating a current activity state of one or more legitimate users of the device. It is determined whether the indicated current activity state of the users indicates that a legitimate user is in an active state on the device, or that none of the legitimate users is in an active state on the device. A statistical fit of the indicated current device activity on the device, with the indicated current activity state of the one or more legitimate users, is determined, by a comparison with at least one of the models that are generated via supervised learning. A security alert action may be initiated, based on a result of the determination of the statistical fit indicating a compromised state of the device.

Abstract: Systems, methods, and computer-readable storage media are provided for authenticating users to secure services or apps utilizing reversed, hands-free and/or continuous two-factor authentication. When a user desires to access a secure service or app for which s/he is already registered, the user, having a registered mobile computing device in proximity to his or her presence, comes within a threshold distance of a computing device that includes the desired secure service or app. The computing device authenticates the particular mobile computing device as associated with the particular registered user that utilized that mobile device during registration. Subsequent to such device authentication, the user is able to login to the service or app by simply providing his or her user credentials at a login form associated therewith. Two-factor authentication in accordance with embodiments hereof is more secure and more efficient that traditional authentication methodologies.

Abstract: Disclosed herein is a system and method that can be used with any underlying classification technique. The method takes into account both the value of the current feature vector. It is based on evaluating the effect of perturbing each feature by bootstrapping it with the negative samples and measuring the change in the classifier output. To assess the importance of a given feature value in the classified feature vector, a random negatively labeled instance is taken out of the training set and replaces the feature at question with a corresponding feature from this set. Then, by classifying the modified feature vector and comparing its predicted label and classifier output a user is able measure and observe the effect of changing each feature.

Abstract: A method for audio processing includes receiving, in a computer, a recording of a teleconference among multiple participants over a network including an audio stream containing speech uttered by the participants and conference metadata for controlling a display on video screens viewed by the participants during the teleconference. The audio stream is processed by the computer to identify speech segments, in which one or more of the participants were speaking, interspersed with intervals of silence in the audio stream. The conference metadata are parsed so as to extract speaker identifications, which are indicative of the participants who spoke during successive periods of the teleconference. The teleconference is diarized by labeling the identified speech segments from the audio stream with the speaker identifications extracted from corresponding periods of the teleconference.

Abstract: Detecting a volumetric attack on a computer network with fewer false positives and while also requiring fewer processing resources is provided. The systems and methods described herein use observations taken at the network level to observe network traffic to form a predictive model for future traffic. When the network's future traffic sufficiently exceeds the predictive model, the monitoring systems and methods will indicate to the network to take security measures. The traffic to the network may be observed in subsets, corresponding to various groupings of sources, destinations, and protocols so that security measures may be targeted to that subset without affecting other machines in the network.

Abstract: One embodiment illustrated herein includes a computer implemented method. The method includes acts for training an amplification attack detection system. The method includes obtaining a plurality of samples of IPFIX data. The method further includes using the IPFIX data to create a plurality of time-based, server samples on a per server basis such that each sample corresponds to a server and a period of time over which IPFIX data in the sample corresponds. The method further includes identifying a plurality of the server samples that are labeled positive for amplification attacks. The method further includes identifying a plurality of server samples that are labeled negative for amplification attacks. The method further includes automatically labeling at least some of the remaining server samples as positive or negative based on the previously identified labeled samples. The method further includes using the automatically labeled samples to train an amplification attack detection system.

Abstract: One embodiment illustrated herein includes a computer implemented method. The method includes acts for training an amplification attack detection system. The method includes obtaining a plurality of samples of IPFIX data. The method further includes using the IPFIX data to create a plurality of time-based, server samples on a per server basis such that each sample corresponds to a server and a period of time over which IPFIX data in the sample corresponds. The method further includes identifying a plurality of the server samples that are labeled positive for amplification attacks. The method further includes identifying a plurality of server samples that are labeled negative for amplification attacks. The method further includes automatically labeling at least some of the remaining server samples as positive or negative based on the previously identified labeled samples. The method further includes using the automatically labeled samples to train an amplification attack detection system.

Abstract: Controlling device security includes obtaining a set of device activity data indicating current device activity on a device and a set of user activity data indicating a current activity state of one or more legitimate users of the device. It is determined whether the indicated current activity state of the users indicates that a legitimate user is in an active state on the device, or that none of the legitimate users is in an active state on the device. A statistical fit of the indicated current device activity on the device, with the indicated current activity state of the one or more legitimate users, is determined, by a comparison with at least one of the models that are generated via supervised learning. A security alert action may be initiated, based on a result of the determination of the statistical fit indicating a compromised state of the device.

Abstract: Detecting a volumetric attack on a computer network with fewer false positives and while also requiring fewer processing resources is provided. The systems and methods described herein use observations taken at the network level to observe network traffic to form a predictive model for future traffic. When the network's future traffic sufficiently exceeds the predictive model, the monitoring systems and methods will indicate to the network to take security measures. The traffic to the network may be observed in subsets, corresponding to various groupings of sources, destinations, and protocols so that security measures may be targeted to that subset without affecting other machines in the network.

Abstract: Systems, methods, and computer-readable storage media are provided for authenticating users to secure services or apps utilizing reversed, hands-free and/or continuous two-factor authentication. When a user desires to access a secure service or app for which s/he is already registered, the user, having a registered mobile computing device in proximity to his or her presence, comes within a threshold distance of a computing device that includes the desired secure service or app. The computing device authenticates the particular mobile computing device as associated with the particular registered user that utilized that mobile device during registration. Subsequent to such device authentication, the user is able to login to the service or app by simply providing his or her user credentials at a login form associated therewith. Two-factor authentication in accordance with embodiments hereof is more secure and more efficient that traditional authentication methodologies.

Abstract: Disclosed herein is a system and method that can be used with any underlying classification technique. The method takes into account both the value of the current feature vector. It is based on evaluating the effect of perturbing each feature by bootstrapping it with the negative samples and measuring the change in the classifier output. To assess the importance of a given feature value in the classified feature vector, a random negatively labeled instance is taken out of the training set and replaces the feature at question with a corresponding feature from this set. Then, by classifying the modified feature vector and comparing its predicted label and classifier output a user is able measure and observe the effect of changing each feature.

Abstract: Disclosed herein is a system and method that can be used with any underlying classification technique. The method receives a test dataset and determines the features in that test dataset that are present. From these features the training dataset is modified to only have those features that are present in the test dataset. This modified test dataset is then used to calibrate the classifier for the particular incoming data set. The process repeats itself for each different incoming dataset providing a just in time calibration of the classifier.