Patents by Inventor Naveed Ahmad
Naveed Ahmad has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11689549Abstract: Balancing the observed signals used to train network intrusion detection models allows for a more accurate allocation of computing resources to defend the network from malicious parties. The models are trained against live data defined within a rolling window and historic data to detect user-defined features in the data. Automated attacks ensure that various kinds of attacks are always present in the rolling training window. The set of models are constantly trained to determine which model to place into production, to alert analysts of intrusions, and/or to automatically deploy countermeasures. The models are continually updated as the features are redefined and as the data in the rolling window changes, and the content of the rolling window is balanced to provide sufficient data of each observed type by which to train the models. When balancing the dataset, low-population signals are overlaid onto high-population signals to balance their relative numbers.Type: GrantFiled: July 17, 2019Date of Patent: June 27, 2023Assignee: Microsoft Technology Licensing, LLCInventors: Pengcheng Luo, Reeves Hoppe Briggs, Naveed Ahmad
-
Patent number: 11233810Abstract: Detecting compromised devices and user accounts within an online service via multi-signal analysis allows for fewer false positives and thus a more accurate allocation of computing resources and human analyst resources. Individual scopes of analysis, related to devices, accounts, or processes are specified and multiple behaviors over a period of time are analyzed to detect persistent (and slow acting) threats as well as brute force (and fast acting) threats. Analysts are alerted to individually affected scopes suspected of being compromised and may address them accordingly.Type: GrantFiled: November 21, 2019Date of Patent: January 25, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Pengcheng Luo, Reeves Hoppe Briggs, Art Sadovsky, Naveed Ahmad
-
Patent number: 10992693Abstract: Detecting emergent abnormal behavior in a computer network faster and more accurately allows for the security of the network against malicious parties to be improved. To detect abnormal behavior, outbound traffic is examined from across several devices and processes in the network to identify rarely communicated-with destinations that are associated with rarely-executed processes. As a given destination and process is used more frequently over time by the network, the level of suspicion associated with that destination and process is lowered as large groups of devices are expected to behave the same when operating properly and not under the control of a malicious party. Analysts are alerted in near real-time to the destinations associated with the activities deemed most suspicious.Type: GrantFiled: February 9, 2017Date of Patent: April 27, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Pengcheng Luo, Reeves Hoppe Briggs, Bryan Robert Jeffrey, Marco DiPlacido, Naveed Ahmad
-
Publication number: 20200092318Abstract: Detecting compromised devices and user accounts within an online service via multi-signal analysis allows for fewer false positives and thus a more accurate allocation of computing resources and human analyst resources. Individual scopes of analysis, related to devices, accounts, or processes are specified and multiple behaviors over a period of time are analyzed to detect persistent (and slow acting) threats as well as brute force (and fast acting) threats. Analysts are alerted to individually affected scopes suspected of being compromised and may address them accordingly.Type: ApplicationFiled: November 21, 2019Publication date: March 19, 2020Applicant: Microsoft Technology Licensing, LLCInventors: Pengcheng Luo, Reeves Hoppe Briggs, Art Sadovsky, Naveed Ahmad
-
Patent number: 10491616Abstract: Detecting compromised devices and user accounts within an online service via multi-signal analysis allows for fewer false positives and thus a more accurate allocation of computing resources and human analyst resources. Individual scopes of analysis, related to devices, accounts, or processes are specified and multiple behaviors over a period of time are analyzed to detect persistent (and slow acting) threats as well as brute force (and fast acting) threats. Analysts are alerted to individually affected scopes suspected of being compromised and may address them accordingly.Type: GrantFiled: February 13, 2017Date of Patent: November 26, 2019Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Pengcheng Luo, Reeves Hoppe Briggs, Art Sadovsky, Naveed Ahmad
-
Publication number: 20190342319Abstract: Balancing the observed signals used to train network intrusion detection models allows for a more accurate allocation of computing resources to defend the network from malicious parties. The models are trained against live data defined within a rolling window and historic data to detect user-defined features in the data. Automated attacks ensure that various kinds of attacks are always present in the rolling training window. The set of models are constantly trained to determine which model to place into production, to alert analysts of intrusions, and/or to automatically deploy countermeasures. The models are continually updated as the features are redefined and as the data in the rolling window changes, and the content of the rolling window is balanced to provide sufficient data of each observed type by which to train the models. When balancing the dataset, low-population signals are overlaid onto high-population signals to balance their relative numbers.Type: ApplicationFiled: July 17, 2019Publication date: November 7, 2019Applicant: Microsoft Technology Licensing, LLCInventors: Pengcheng LUO, Reeves Hoppe BRIGGS, Naveed AHMAD
-
Patent number: 10397258Abstract: Balancing the observed signals used to train network intrusion detection models allows for a more accurate allocation of computing resources to defend the network from malicious parties. The models are trained against live data defined within a rolling window and historic data to detect user-defined features in the data. Automated attacks ensure that various kinds of attacks are always present in the rolling training window. The set of models are constantly trained to determine which model to place into production, to alert analysts of intrusions, and/or to automatically deploy countermeasures. The models are continually updated as the features are redefined and as the data in the rolling window changes, and the content of the rolling window is balanced to provide sufficient data of each observed type by which to train the models. When balancing the dataset, low-population signals are overlaid onto high-population signals to balance their relative numbers.Type: GrantFiled: January 30, 2017Date of Patent: August 27, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Pengcheng Luo, Reeves Hoppe Briggs, Naveed Ahmad
-
Publication number: 20180234442Abstract: Detecting compromised devices and user accounts within an online service via multi-signal analysis allows for fewer false positives and thus a more accurate allocation of computing resources and human analyst resources. Individual scopes of analysis, related to devices, accounts, or processes are specified and multiple behaviors over a period of time are analyzed to detect persistent (and slow acting) threats as well as brute force (and fast acting) threats. Analysts are alerted to individually affected scopes suspected of being compromised and may address them accordingly.Type: ApplicationFiled: February 13, 2017Publication date: August 16, 2018Applicant: Microsoft Technology Licensing, LLCInventors: Pengcheng Luo, Reeves Hoppe Briggs, Art Sadovsky, Naveed Ahmad
-
Publication number: 20180227322Abstract: Detecting emergent abnormal behavior in a computer network faster and more accurately allows for the security of the network against malicious parties to be improved. To detect abnormal behavior, outbound traffic is examined from across several devices and processes in the network to identify rarely communicated-with destinations that are associated with rarely-executed processes. As a given destination and process is used more frequently over time by the network, the level of suspicion associated with that destination and process is lowered as large groups of devices are expected to behave the same when operating properly and not under the control of a malicious party. Analysts are alerted in near real-time to the destinations associated with the activities deemed most suspicious.Type: ApplicationFiled: February 9, 2017Publication date: August 9, 2018Applicant: Microsoft Technology Licensing, LLCInventors: Pengcheng Luo, Reeves Hoppe Briggs, Bryan Robert Jeffrey, Marco DiPlacido, Naveed Ahmad
-
Publication number: 20180219887Abstract: Balancing the observed signals used to train network intrusion detection models allows for a more accurate allocation of computing resources to defend the network from malicious parties. The models are trained against live data defined within a rolling window and historic data to detect user-defined features in the data. Automated attacks ensure that various kinds of attacks are always present in the rolling training window. The set of models are constantly trained to determine which model to place into production, to alert analysts of intrusions, and/or to automatically deploy countermeasures. The models are continually updated as the features are redefined and as the data in the rolling window changes, and the content of the rolling window is balanced to provide sufficient data of each observed type by which to train the models. When balancing the dataset, low-population signals are overlaid onto high-population signals to balance their relative numbers.Type: ApplicationFiled: January 30, 2017Publication date: August 2, 2018Applicant: Microsoft Technology Licensing, LLCInventors: Pengcheng Luo, Reeves Hoppe Briggs, Naveed Ahmad
-
Patent number: 8171118Abstract: Disclosed are systems and methods for application streaming over HTTP. A virtual application running on a host computing device may detect the need for a page of memory that is not present on the host computing device. Accordingly, the virtual application may send a request to a virtual application server, seeking the absent memory page. The virtual application server may send to a web server an HTTP GET byte range request for the desired memory page. The web server may retrieve the requested block, which may be a portion of the virtual application image file. The requested data is returned to the host computing device via the virtual application server. The virtual application continues running on the host device using the requested data.Type: GrantFiled: July 31, 2008Date of Patent: May 1, 2012Assignee: Microsoft CorporationInventors: John Sheehan, Naveed Ahmad, Kristofer Reierson
-
Publication number: 20090313322Abstract: Disclosed are systems and methods for application streaming over HTTP. A virtual application running on a host computing device may detect the need for a page of memory that is not present on the host computing device. Accordingly, the virtual application may send a request to a virtual application server, seeking the absent memory page. The virtual application server may send to a web server an HTTP GET byte range request for the desired memory page. The web server may retrieve the requested block, which may be a portion of the virtual application image file. The requested data is returned to the host computing device via the virtual application server. The virtual application continues running on the host device using the requested data.Type: ApplicationFiled: July 31, 2008Publication date: December 17, 2009Applicant: Microsoft CorporationInventors: John Sheehan, Naveed Ahmad, Kristofer Reierson