Patents by Inventor Jack W. Stokes
Jack W. Stokes has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10885190Abstract: Technologies pertaining to analyzing content extracted from web pages by a static crawler to determine whether respective web pages are members of a malware distribution network (MDN) are described. A set of features is learned based upon output of a dynamic crawler over known landing pages of a particular MDN, wherein the set of features are indicative of membership in the MDN. Using such set of features, additional members of the MDN (not subjected to crawling by a dynamic crawler) are identified.Type: GrantFiled: May 10, 2018Date of Patent: January 5, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Gang Wang, Jack W. Stokes, Cormac Herley, David Felstead
-
Publication number: 20180260565Abstract: Technologies pertaining to analyzing content extracted from web pages by a static crawler to determine whether respective web pages are members of a malware distribution network (MDN) are described. A set of features is learned based upon output of a dynamic crawler over known landing pages of a particular MDN, wherein the set of features are indicative of membership in the MDN. Using such set of features, additional members of the MDN (not subjected to crawling by a dynamic crawler) are identified.Type: ApplicationFiled: May 10, 2018Publication date: September 13, 2018Inventors: Gang Wang, Jack W. Stokes, Cormac Herley, David Felstead
-
Patent number: 9977900Abstract: Technologies pertaining to analyzing content extracted from web pages by a static crawler to determine whether respective web pages are members of a malware distribution network (MDN) are described. A set of features is learned based upon output of a dynamic crawler over known landing pages of a particular MDN, wherein the set of features are indicative of membership in the MDN. Using such set of features, additional members of the MDN (not subjected to crawling by a dynamic crawler) are identified.Type: GrantFiled: December 27, 2012Date of Patent: May 22, 2018Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Gang Wang, Jack W. Stokes, Cormac Herley, David Felstead
-
Patent number: 8869277Abstract: Architecture that selects a classification engine based on the expertise of the engine to process a given entity (e.g., a file). Selection of an engine is based on a probability that the engine will detect an unknown entity classification using properties of the entity. One or more of the highest ranked engines are activated in order to achieve the desired performance. A statistical, performance-light module is employed to skip or select several performance-demanding processes. Methods and algorithms are utilized for learning based on matching the best classification engine(s) to detect the entity class based on the entity properties. A user selection option is provided for specifying a maximum number of ranked, classification engines to consider for each state of the machine. A user can also select the minimum probability of detection for a specific entity (e.g., unknown file). The best classifications are re-evaluated over time as the classification engines are updated.Type: GrantFiled: September 30, 2010Date of Patent: October 21, 2014Assignee: Microsoft CorporationInventors: Kira Radinsky, Roy Varshavsky, Jack W. Stokes, Vladimir Holostov, Edward Schaefer
-
Patent number: 8805839Abstract: An analysis system is described for identifying potentially malicious activity within a computer network. It performs this task by interacting with a user to successively remove known instances of non-malicious activity, to eventually reveal potentially malicious activity. The analysis system interacts with the user by inviting the user to apply labels to identified examples of network behavior; upon response by the user, the analysis system supplies new examples of network behavior to the user. In one implementation, the analysis system generates such examples using a combination of feature-based analysis and graph-based analysis. The graph-based analysis relies on analysis of graph structure associated with access events, such as by identifying entropy scores for respective portions of the graph structure.Type: GrantFiled: April 7, 2010Date of Patent: August 12, 2014Assignee: Microsoft CorporationInventors: Robert E. Fitzgerald, Jack W. Stokes, Alice X. Zheng, Edward W. Hardy, Bodicherla Aditya Prakash
-
Patent number: 8799190Abstract: A reliable automated malware classification approach with substantially low false positive rates is provided. Graph-based local and/or global file relationships are used to improve malware classification along with a feature selection algorithm. File relationships such as containing, creating, copying, downloading, modifying, etc. are used to assign malware probabilities and simultaneously reduce the false positive and false negative rates on executable files.Type: GrantFiled: June 17, 2011Date of Patent: August 5, 2014Assignee: Microsoft CorporationInventors: Jack W. Stokes, Nikos Karampatziakis, John C. Platt, Anil Francis Thomas, Adrian M. Marinescu
-
Publication number: 20140189864Abstract: Technologies pertaining to analyzing content extracted from web pages by a static crawler to determine whether respective web pages are members of a malware distribution network (MDN) are described. A set of features is learned based upon output of a dynamic crawler over known landing pages of a particular MDN, wherein the set of features are indicative of membership in the MDN. Using such set of features, additional members of the MDN (not subjected to crawling by a dynamic crawler) are identified.Type: ApplicationFiled: December 27, 2012Publication date: July 3, 2014Applicant: MICROSOFT CORPORATIONInventors: Gang Wang, Jack W. Stokes, Cormac Herley, David Felstead
-
Publication number: 20120323829Abstract: A reliable automated malware classification approach with substantially low false positive rates is provided. Graph-based local and/or global file relationships are used to improve malware classification along with a feature selection algorithm. File relationships such as containing, creating, copying, downloading, modifying, etc. are used to assign malware probabilities and simultaneously reduce the false positive and false negative rates on executable files.Type: ApplicationFiled: June 17, 2011Publication date: December 20, 2012Applicant: MICROSOFT CORPORATIONInventors: Jack W. Stokes, Nikos Karampatziakis, John C. Platt, Anil Francis Thomas, Adrian M. Marinescu
-
Patent number: 8290181Abstract: A system level automatic gain control (“System AGC”) automatically initializes and controls analog microphone gain in an environment where multiple independent applications simultaneously receive an input from a single analog microphone or microphone array. In one embodiment, the System AGC also prevents those applications from acting to separately control the gain by intercepting external gain control commands and responding to the corresponding application with a corresponding digital gain applied to the input signal from the microphone. Consequently, the System AGC avoids problems relating to oscillations and instability in the microphone gain resulting from multiple applications trying to simultaneously control the gain while preventing each application from adversely affecting the quality of another application's audio capture signal.Type: GrantFiled: March 19, 2005Date of Patent: October 16, 2012Assignee: Microsoft CorporationInventors: Jack W. Stokes, III, John Platt, David Alan Stevens
-
Patent number: 8275120Abstract: An acoustic echo cancellation technique. The present adaptive acoustic echo cancellation technique employs a plurality of acoustic echo cancellation filters which use different adaptation techniques which may employ different parameters such as step size, to improve both the adaptation algorithm convergence time and misadjustment over previously known acoustic echo cancellation techniques.Type: GrantFiled: May 30, 2006Date of Patent: September 25, 2012Assignee: Microsoft Corp.Inventors: Jack W. Stokes, III, Dinei Florencio, Amit Chhetri
-
Patent number: 8244752Abstract: A method for classifying search query traffic can involve receiving a plurality of labeled sample search query traffic and generating a feature set partitioned into human physical limit features and query stream behavioral features. A model can be generated using the plurality of labeled sample search query traffic and the feature set. Search query traffic can be received and the model can be utilized to classify the received search query traffic as generated by a human or automatically generated.Type: GrantFiled: April 21, 2008Date of Patent: August 14, 2012Assignee: Microsoft CorporationInventors: Greg Buehrer, Kumar Chellapilla, Jack W. Stokes
-
Patent number: 8213598Abstract: Harmonic distortion residual echo suppression (HDRES) technique embodiments are presented which act to suppress the residual echo remaining after a near-end microphone signal has undergone AEC, including harmonic distortion in the signal that was caused by the speaker audio signal playback. In general, an AEC module is employed which suppresses some parts of the speaker audio signal found in a near-end microphone signal and generates an AEC output signal. A HDRES module then inputs the AEC output signal and the speaker audio signal, and suppresses at least a portion of a residual part of the speaker audio signal that was left unsuppressed by the AEC module. This includes at least a portion of the harmonic distortion exhibited in the AEC output signal.Type: GrantFiled: February 26, 2008Date of Patent: July 3, 2012Assignee: Microsoft CorporationInventors: Diego Ariel Bendersky, Jack W. Stokes, III, Henrique S. Malvar
-
Patent number: 8161130Abstract: An approach for identifying suspect network sites in a network environment entails using one or more malware analysis modules to identify distribution sites that host malicious content and/or benign content. The approach then uses a linking analysis module to identify landing sites that are linked to the distribution sites. These linked sites are identified as suspect sites for further analysis. This analysis can be characterized as “bottom up” because it is initiated by the detection of potentially problematic distribution sites. The approach can also perform linking analysis to identify a suspect network site based on a number of alternating paths between that network site and a set of distribution sites that are known to host malicious content. The approach can also train a classifier module to predict whether an unknown landing site is a malicious landing site or a benign landing site.Type: GrantFiled: April 10, 2009Date of Patent: April 17, 2012Assignee: Microsoft CorporationInventors: Jack W. Stokes, Reid M. Andersen, Kumar H. Chellapilla
-
Publication number: 20120084859Abstract: Architecture that selects a classification engine based on the expertise of the engine to process a given entity (e.g., a file). Selection of an engine is based on a probability that the engine will detect an unknown entity classification using properties of the entity. One or more of the highest ranked engines are activated in order to achieve the desired performance. A statistical, performance-light module is employed to skip or select several performance-demanding processes. Methods and algorithms are utilized for learning based on matching the best classification engine(s) to detect the entity class based on the entity properties. A user selection option is provided for specifying a maximum number of ranked, classification engines to consider for each state of the machine. A user can also select the minimum probability of detection for a specific entity (e.g., unknown file). The best classifications are re-evaluated over time as the classification engines are updated.Type: ApplicationFiled: September 30, 2010Publication date: April 5, 2012Applicant: MICROSOFT CORPORATIONInventors: Kira Radinsky, Roy Varshavsky, Jack W. Stokes, Vladimir Holostov, Edward Schaefer
-
Patent number: 8103011Abstract: Signal detectors are described herein. By way of example, a system for detecting signals can include a microphone signal detector, a loudspeaker signal detector, a signal discriminator and a decision component. When the microphone signal detector detects the presence of a microphone signal, the loudspeaker signal detector detects the presence of a loudspeaker signal and the signal discriminator determines that near-end speech dominates loudspeaker echo, the decision component can confirm the presence of doubletalk. When the microphone signal detector detects the presence of a microphone signal and the signal discriminator determines that near-end speech dominates loudspeaker echo, the decision component confirms the presence of near-end signal.Type: GrantFiled: January 31, 2007Date of Patent: January 24, 2012Assignee: Microsoft CorporationInventors: Asif Iqbal Mohammad, Jack W. Stokes, III, John C. Platt, Arungunram C. Surendran
-
Patent number: 8081753Abstract: Hybrid echo canceller controllers are described herein. By way of example, a system for controlling an echo canceller can include a signal indicator and an echo canceller controller. The signal indicator can be configured to indicate periods of near-end signal and to indicate periods of echo only with echo-path change in the corrupted signal based at least in part on cross-correlation between two signals associated with the echo canceller. The echo canceller controller can be configured to control the echo canceller according to indications from the signal indicator.Type: GrantFiled: April 2, 2007Date of Patent: December 20, 2011Assignee: Microsoft CorporationInventors: Asif Iqbal Mohammad, Jack W. Stokes, III
-
Publication number: 20110252032Abstract: An analysis system is described for identifying potentially malicious activity within a computer network. It performs this task by interacting with a user to successively remove known instances of non-malicious activity, to eventually reveal potentially malicious activity. The analysis system interacts with the user by inviting the user to apply labels to identified examples of network behavior; upon response by the user, the analysis system supplies new examples of network behavior to the user. In one implementation, the analysis system generates such examples using a combination of feature-based analysis and graph-based analysis. The graph-based analysis relies on analysis of graph structure associated with access events, such as by identifying entropy scores for respective portions of the graph structure.Type: ApplicationFiled: April 7, 2010Publication date: October 13, 2011Applicant: MICROSOFT CORPORATIONInventors: Robert E. Fitzgerald, Jack W. Stokes, Alice X. Zheng, Edward W. Hardy, Bodicherla Aditya Prakash
-
Patent number: 8019075Abstract: Hybrid echo canceller controllers are described herein. By way of example, a system for controlling an echo canceller can include a cross-correlator, a discriminator and an echo canceller controller. The cross-correlator can be configured to produce a cross-correlation based output that facilitates controlling the echo canceller by cross-correlating two signals associated with the echo canceller. The discriminator can be configured to produce a discriminator output that discriminates between near-end signal and echo in a corrupted signal. The echo canceller controller can be configured to control the echo canceller according to the cross-correlation based output and the discriminator output.Type: GrantFiled: April 2, 2007Date of Patent: September 13, 2011Assignee: Microsoft CorporationInventors: Asif Iqbal Mohammad, Jack W. Stokes, III
-
Patent number: 8014519Abstract: Cross-correlation based echo canceller controllers are described herein. By way of example, a system for controlling an echo canceller having one or more adaptive filters can include one or more adaptive filter controllers each corresponding to one of the one or more adaptive filters and each configured to halt adaptation of its corresponding adaptive filter according to the cross-correlation of its corresponding corrupted signal and its corresponding error signal of its corresponding adaptive filter.Type: GrantFiled: April 2, 2007Date of Patent: September 6, 2011Assignee: Microsoft CorporationInventors: Asif Iqbal Mohammad, Jack W. Stokes, III, Steven L. Grant
-
Patent number: 7941382Abstract: A malicious behavior detection/prevention system, such as an intrusion detection system, is provided that uses active learning to classify entries into multiple classes. A single entry can correspond to either the occurrence of one or more events or the non-occurrence of one or more events. During a training phase, entries are automatically classified into one of multiple classes. After classifying the entry, a generated model for the determined class is utilized to determine how well an entry corresponds to the model. Ambiguous classifications along with entries that do not fit the model well for the determined class are selected for labeling by a human analyst. The selected entries are presented to a human analyst for labeling. These labels are used to further train the classifier and the models. During an evaluation phase, entries are automatically classified using the trained classifier and a policy associated with determined class is applied.Type: GrantFiled: October 12, 2007Date of Patent: May 10, 2011Assignee: Microsoft CorporationInventors: Jack W. Stokes, John C. Platt, Michael Shilman, Joseph L. Kravis