Patents by Inventor Marco DiPlacido
Marco DiPlacido has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10992693Abstract: Detecting emergent abnormal behavior in a computer network faster and more accurately allows for the security of the network against malicious parties to be improved. To detect abnormal behavior, outbound traffic is examined from across several devices and processes in the network to identify rarely communicated-with destinations that are associated with rarely-executed processes. As a given destination and process is used more frequently over time by the network, the level of suspicion associated with that destination and process is lowered as large groups of devices are expected to behave the same when operating properly and not under the control of a malicious party. Analysts are alerted in near real-time to the destinations associated with the activities deemed most suspicious.Type: GrantFiled: February 9, 2017Date of Patent: April 27, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Pengcheng Luo, Reeves Hoppe Briggs, Bryan Robert Jeffrey, Marco DiPlacido, Naveed Ahmad
-
Publication number: 20180227322Abstract: Detecting emergent abnormal behavior in a computer network faster and more accurately allows for the security of the network against malicious parties to be improved. To detect abnormal behavior, outbound traffic is examined from across several devices and processes in the network to identify rarely communicated-with destinations that are associated with rarely-executed processes. As a given destination and process is used more frequently over time by the network, the level of suspicion associated with that destination and process is lowered as large groups of devices are expected to behave the same when operating properly and not under the control of a malicious party. Analysts are alerted in near real-time to the destinations associated with the activities deemed most suspicious.Type: ApplicationFiled: February 9, 2017Publication date: August 9, 2018Applicant: Microsoft Technology Licensing, LLCInventors: Pengcheng Luo, Reeves Hoppe Briggs, Bryan Robert Jeffrey, Marco DiPlacido, Naveed Ahmad
-
Patent number: 9825978Abstract: Lateral movement detection may be performed by employing different detection models to score logon sessions. The different detection models may be implemented by and/or utilize counts computed from historical security event data. The different detection models may include probabilistic intrusion detection models for detecting compromised behavior based on logon behavior, a sequence of security events observed during a logon session, inter-event time between security events observed during a logon session, and/or an attempt to logon using explicit credentials. Scores for each logon session that are output by the different detection models may be combined to generate a ranking score for each logon session. A list of ranked alerts may be generated based on the ranking score for each logon session to identify compromised authorized accounts and/or compromised machines. An attack graph may be automatically generated based on compromised account-machine pairs to visually display probable paths of an attacker.Type: GrantFiled: January 16, 2017Date of Patent: November 21, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Ram Shankar Siva Kumar, Nguyen Song Khanh Vu, Marco DiPlacido, Vinod Nair, Aniruddha Das, Matt Swann, Keerthi Selvaraj, Sundararajan Sellamanickam
-
Publication number: 20170126717Abstract: Lateral movement detection may be performed by employing different detection models to score logon sessions. The different detection models may be implemented by and/or utilize counts computed from historical security event data. The different detection models may include probabilistic intrusion detection models for detecting compromised behavior based on logon behavior, a sequence of security events observed during a logon session, inter-event time between security events observed during a logon session, and/or an attempt to logon using explicit credentials. Scores for each logon session that are output by the different detection models may be combined to generate a ranking score for each logon session. A list of ranked alerts may be generated based on the ranking score for each logon session to identify compromised authorized accounts and/or compromised machines. An attack graph may be automatically generated based on compromised account-machine pairs to visually display probable paths of an attacker.Type: ApplicationFiled: January 16, 2017Publication date: May 4, 2017Inventors: Ram Shankar Siva Kumar, Nguyen Song Khanh Vu, Marco DiPlacido, Vinod Nair, Aniruddha Das, Matt Swann, Keerthi Selvaraj, Sundararajan Sellamanickam
-
Patent number: 9591006Abstract: Lateral movement detection may be performed by employing different detection models to score logon sessions. The different detection models may be implemented by and/or utilize counts computed from historical security event data. The different detection models may include probabilistic intrusion detection models for detecting compromised behavior based on logon behavior, a sequence of security events observed during a logon session, inter-event time between security events observed during a logon session, and/or an attempt to logon using explicit credentials. Scores for each logon session that are output by the different detection models may be combined to generate a ranking score for each logon session. A list of ranked alerts may be generated based on the ranking score for each logon session to identify compromised authorized accounts and/or compromised machines. An attack graph may be automatically generated based on compromised account-machine pairs to visually display probable paths of an attacker.Type: GrantFiled: September 18, 2014Date of Patent: March 7, 2017Assignee: Microsoft Technology Licensing, LLCInventors: Ram Shankar Siva Kumar, Nguyen Song Khanh Vu, Marco DiPlacido, Vinod Nair, Aniruddha Das, Matt Swann, Keerthi Selvaraj, Sundararajan Sellamanickam
-
Publication number: 20160088000Abstract: Lateral movement detection may be performed by employing different detection models to score logon sessions. The different detection models may be implemented by and/or utilize counts computed from historical security event data. The different detection models may include probabilistic intrusion detection models for detecting compromised behavior based on logon behavior, a sequence of security events observed during a logon session, inter-event time between security events observed during a logon session, and/or an attempt to logon using explicit credentials. Scores for each logon session that are output by the different detection models may be combined to generate a ranking score for each logon session. A list of ranked alerts may be generated based on the ranking score for each logon session to identify compromised authorized accounts and/or compromised machines. An attack graph may be automatically generated based on compromised account-machine pairs to visually display probable paths of an attacker.Type: ApplicationFiled: September 18, 2014Publication date: March 24, 2016Inventors: Ram Shankar Siva Kumar, Nguyen Song Khanh Vu, Marco DiPlacido, Vinod Nair, Aniruddha Das, Matt Swann, Keerthi Selvaraj, Sundararajan Sellamanickam
-
Patent number: 7603425Abstract: An email sending service embeds identifying information within emails sent on behalf of its service consumers. A recipient notifies their email provider that an email received from the service is a spam email (e.g., an unsolicited message). The email provider forwards a complaint, including a copy of the email, to the email sending service. The service utilizes the information embedded in the email to identify the responsible service consumer. The email sending service then takes corrective action as necessary to prevent or deter the identified service consumer from sending subsequent spam emails.Type: GrantFiled: August 7, 2006Date of Patent: October 13, 2009Assignee: Microsoft CorporationInventors: Marco DiPlacido, Mehul Shah
-
Publication number: 20080034046Abstract: An email sending service embeds identifying information within emails sent on behalf of its service consumers. A recipient notifies their email provider that an email received from the service is a spam email (e.g., an unsolicited message). The email provider forwards a complaint, including a copy of the email, to the email sending service. The service utilizes the information embedded in the email to identify the responsible service consumer. The email sending service then takes corrective action as necessary to prevent or deter the identified service consumer from sending subsequent spam emails.Type: ApplicationFiled: August 7, 2006Publication date: February 7, 2008Applicant: Microsoft CorporationInventors: Marco DiPlacido, Mehul Shah
-
Publication number: 20050114435Abstract: A system for generating a user interface for display over a network on a user device includes a skeleton file and one or more web servers. The skeleton file contains embedded tags and placeholders. The embedded tags define types of information and control elements. The placeholders define a layout of the user interface. The one or more web servers are adapted to populate the embedded tags with information and control elements based on interactions of a user.Type: ApplicationFiled: November 18, 2004Publication date: May 26, 2005Applicant: Microsoft CorporationInventors: Marco DiPlacido, Eric Smith