Patents by Inventor Reeves Hoppe Briggs
Reeves Hoppe Briggs has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11811940Abstract: The disclosed embodiments generate a plurality of anomaly detector configurations and compare results generated by these anomaly detectors to a reference result set. The reference result set is generated by a trained model. A correlation between each result generated by the anomaly detectors and the result set is compared to select an anomaly detector configuration that provides results most similar to those of the trained model. In some embodiments, data defining the selected configuration is then communicated to a product installation. The product installation instantiates the defined anomaly detector and analyzes local events using the instantiated detector. In some other embodiments, the defined anomaly detector is instantiated by the same system that selects the anomaly detector, and thus in these embodiments, the anomaly detector configuration is not transmitted from one system to another.Type: GrantFiled: August 10, 2022Date of Patent: November 7, 2023Assignee: Microsoft Technology Licensing, LLCInventors: Bryan R. Jeffrey, Craig Gordon Lockwood, Reeves Hoppe Briggs
-
Patent number: 11689549Abstract: Balancing the observed signals used to train network intrusion detection models allows for a more accurate allocation of computing resources to defend the network from malicious parties. The models are trained against live data defined within a rolling window and historic data to detect user-defined features in the data. Automated attacks ensure that various kinds of attacks are always present in the rolling training window. The set of models are constantly trained to determine which model to place into production, to alert analysts of intrusions, and/or to automatically deploy countermeasures. The models are continually updated as the features are redefined and as the data in the rolling window changes, and the content of the rolling window is balanced to provide sufficient data of each observed type by which to train the models. When balancing the dataset, low-population signals are overlaid onto high-population signals to balance their relative numbers.Type: GrantFiled: July 17, 2019Date of Patent: June 27, 2023Assignee: Microsoft Technology Licensing, LLCInventors: Pengcheng Luo, Reeves Hoppe Briggs, Naveed Ahmad
-
Publication number: 20220385473Abstract: The disclosed embodiments generate a plurality of anomaly detector configurations and compare results generated by these anomaly detectors to a reference result set. The reference result set is generated by a trained model. A correlation between each result generated by the anomaly detectors and the result set is compared to select an anomaly detector configuration that provides results most similar to those of the trained model. In some embodiments, data defining the selected configuration is then communicated to a product installation. The product installation instantiates the defined anomaly detector and analyzes local events using the instantiated detector. In some other embodiments, the defined anomaly detector is instantiated by the same system that selects the anomaly detector, and thus in these embodiments, the anomaly detector configuration is not transmitted from one system to another.Type: ApplicationFiled: August 10, 2022Publication date: December 1, 2022Inventors: Bryan R. Jeffrey, Craig Gordon Lockwood, Reeves Hoppe Briggs
-
Patent number: 11451396Abstract: Disclosed embodiments provide for detection of fraudulent electronic security tokens. A compromised private key allows forgery of electronic security tokens, which then allow access to computer resources. Some embodiments track sequence numbers issued by a token issuing authority and are then able to predict sequence numbers issued by the token issuing authority going forward. Some embodiments also determine validity of a token based, at least in part, on a service or client attempting to access resources using the token. For example, some of the disclosed embodiments maintain reputation data for clients or services utilizing electronic tokens, and make determinations on whether a token is likely valid based on the client or services reputation.Type: GrantFiled: November 5, 2019Date of Patent: September 20, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Bryan R. Jeffrey, Craig Gordon Lockwood, Reeves Hoppe Briggs
-
Patent number: 11233810Abstract: Detecting compromised devices and user accounts within an online service via multi-signal analysis allows for fewer false positives and thus a more accurate allocation of computing resources and human analyst resources. Individual scopes of analysis, related to devices, accounts, or processes are specified and multiple behaviors over a period of time are analyzed to detect persistent (and slow acting) threats as well as brute force (and fast acting) threats. Analysts are alerted to individually affected scopes suspected of being compromised and may address them accordingly.Type: GrantFiled: November 21, 2019Date of Patent: January 25, 2022Assignee: Microsoft Technology Licensing, LLCInventors: Pengcheng Luo, Reeves Hoppe Briggs, Art Sadovsky, Naveed Ahmad
-
Publication number: 20210135875Abstract: Disclosed embodiments provide for detection of fraudulent electronic security tokens. A compromised private key allows forgery of electronic security tokens, which then allow access to computer resources. Some embodiments track sequence numbers issued by a token issuing authority and are then able to predict sequence numbers issued by the token issuing authority going forward. Some embodiments also determine validity of a token based, at least in part, on a service or client attempting to access resources using the token. For example, some of the disclosed embodiments maintain reputation data for clients or services utilizing electronic tokens, and make determinations on whether a token is likely valid based on the client or services reputation.Type: ApplicationFiled: November 5, 2019Publication date: May 6, 2021Inventors: Bryan R. Jeffrey, Craig Gordon Lockwood, Reeves Hoppe Briggs
-
Patent number: 10992693Abstract: Detecting emergent abnormal behavior in a computer network faster and more accurately allows for the security of the network against malicious parties to be improved. To detect abnormal behavior, outbound traffic is examined from across several devices and processes in the network to identify rarely communicated-with destinations that are associated with rarely-executed processes. As a given destination and process is used more frequently over time by the network, the level of suspicion associated with that destination and process is lowered as large groups of devices are expected to behave the same when operating properly and not under the control of a malicious party. Analysts are alerted in near real-time to the destinations associated with the activities deemed most suspicious.Type: GrantFiled: February 9, 2017Date of Patent: April 27, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Pengcheng Luo, Reeves Hoppe Briggs, Bryan Robert Jeffrey, Marco DiPlacido, Naveed Ahmad
-
Patent number: 10949535Abstract: A set of candidate malicious activity identification models are trained and evaluated against a production malicious activity identification model to identify a best performing model. If the best performing model is one of the candidate models, then an alert threshold is dynamically set for the best performing model, for each of a plurality of different urgency levels. A reset threshold, for each urgency level, is also dynamically set for the best performing model.Type: GrantFiled: September 29, 2017Date of Patent: March 16, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Pengcheng Luo, Reeves Hoppe Briggs, Bryan Robert Jeffrey, Naveed Azeemi Ahmad
-
Publication number: 20200092318Abstract: Detecting compromised devices and user accounts within an online service via multi-signal analysis allows for fewer false positives and thus a more accurate allocation of computing resources and human analyst resources. Individual scopes of analysis, related to devices, accounts, or processes are specified and multiple behaviors over a period of time are analyzed to detect persistent (and slow acting) threats as well as brute force (and fast acting) threats. Analysts are alerted to individually affected scopes suspected of being compromised and may address them accordingly.Type: ApplicationFiled: November 21, 2019Publication date: March 19, 2020Applicant: Microsoft Technology Licensing, LLCInventors: Pengcheng Luo, Reeves Hoppe Briggs, Art Sadovsky, Naveed Ahmad
-
Patent number: 10491616Abstract: Detecting compromised devices and user accounts within an online service via multi-signal analysis allows for fewer false positives and thus a more accurate allocation of computing resources and human analyst resources. Individual scopes of analysis, related to devices, accounts, or processes are specified and multiple behaviors over a period of time are analyzed to detect persistent (and slow acting) threats as well as brute force (and fast acting) threats. Analysts are alerted to individually affected scopes suspected of being compromised and may address them accordingly.Type: GrantFiled: February 13, 2017Date of Patent: November 26, 2019Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Pengcheng Luo, Reeves Hoppe Briggs, Art Sadovsky, Naveed Ahmad
-
Publication number: 20190342319Abstract: Balancing the observed signals used to train network intrusion detection models allows for a more accurate allocation of computing resources to defend the network from malicious parties. The models are trained against live data defined within a rolling window and historic data to detect user-defined features in the data. Automated attacks ensure that various kinds of attacks are always present in the rolling training window. The set of models are constantly trained to determine which model to place into production, to alert analysts of intrusions, and/or to automatically deploy countermeasures. The models are continually updated as the features are redefined and as the data in the rolling window changes, and the content of the rolling window is balanced to provide sufficient data of each observed type by which to train the models. When balancing the dataset, low-population signals are overlaid onto high-population signals to balance their relative numbers.Type: ApplicationFiled: July 17, 2019Publication date: November 7, 2019Applicant: Microsoft Technology Licensing, LLCInventors: Pengcheng LUO, Reeves Hoppe BRIGGS, Naveed AHMAD
-
Patent number: 10397258Abstract: Balancing the observed signals used to train network intrusion detection models allows for a more accurate allocation of computing resources to defend the network from malicious parties. The models are trained against live data defined within a rolling window and historic data to detect user-defined features in the data. Automated attacks ensure that various kinds of attacks are always present in the rolling training window. The set of models are constantly trained to determine which model to place into production, to alert analysts of intrusions, and/or to automatically deploy countermeasures. The models are continually updated as the features are redefined and as the data in the rolling window changes, and the content of the rolling window is balanced to provide sufficient data of each observed type by which to train the models. When balancing the dataset, low-population signals are overlaid onto high-population signals to balance their relative numbers.Type: GrantFiled: January 30, 2017Date of Patent: August 27, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Pengcheng Luo, Reeves Hoppe Briggs, Naveed Ahmad
-
Publication number: 20190102554Abstract: A set of candidate malicious activity identification models are trained and evaluated against a production malicious activity identification model to identify a best performing model. If the best performing model is one of the candidate models, then an alert threshold is dynamically set for the best performing model, for each of a plurality of different urgency levels. A reset threshold, for each urgency level, is also dynamically set for the best performing model.Type: ApplicationFiled: September 29, 2017Publication date: April 4, 2019Inventors: Pengcheng LUO, Reeves Hoppe BRIGGS, Bryan Robert JEFFREY, Naveed Azeemi AHMAD
-
Publication number: 20180234442Abstract: Detecting compromised devices and user accounts within an online service via multi-signal analysis allows for fewer false positives and thus a more accurate allocation of computing resources and human analyst resources. Individual scopes of analysis, related to devices, accounts, or processes are specified and multiple behaviors over a period of time are analyzed to detect persistent (and slow acting) threats as well as brute force (and fast acting) threats. Analysts are alerted to individually affected scopes suspected of being compromised and may address them accordingly.Type: ApplicationFiled: February 13, 2017Publication date: August 16, 2018Applicant: Microsoft Technology Licensing, LLCInventors: Pengcheng Luo, Reeves Hoppe Briggs, Art Sadovsky, Naveed Ahmad
-
Publication number: 20180227322Abstract: Detecting emergent abnormal behavior in a computer network faster and more accurately allows for the security of the network against malicious parties to be improved. To detect abnormal behavior, outbound traffic is examined from across several devices and processes in the network to identify rarely communicated-with destinations that are associated with rarely-executed processes. As a given destination and process is used more frequently over time by the network, the level of suspicion associated with that destination and process is lowered as large groups of devices are expected to behave the same when operating properly and not under the control of a malicious party. Analysts are alerted in near real-time to the destinations associated with the activities deemed most suspicious.Type: ApplicationFiled: February 9, 2017Publication date: August 9, 2018Applicant: Microsoft Technology Licensing, LLCInventors: Pengcheng Luo, Reeves Hoppe Briggs, Bryan Robert Jeffrey, Marco DiPlacido, Naveed Ahmad
-
Publication number: 20180219887Abstract: Balancing the observed signals used to train network intrusion detection models allows for a more accurate allocation of computing resources to defend the network from malicious parties. The models are trained against live data defined within a rolling window and historic data to detect user-defined features in the data. Automated attacks ensure that various kinds of attacks are always present in the rolling training window. The set of models are constantly trained to determine which model to place into production, to alert analysts of intrusions, and/or to automatically deploy countermeasures. The models are continually updated as the features are redefined and as the data in the rolling window changes, and the content of the rolling window is balanced to provide sufficient data of each observed type by which to train the models. When balancing the dataset, low-population signals are overlaid onto high-population signals to balance their relative numbers.Type: ApplicationFiled: January 30, 2017Publication date: August 2, 2018Applicant: Microsoft Technology Licensing, LLCInventors: Pengcheng Luo, Reeves Hoppe Briggs, Naveed Ahmad
-
Patent number: 8572252Abstract: Gathering performance information with respect to delivering web resources as perceived by a user at the web client. A method includes receiving a request for a web page. As a result of receiving the request, a first set of executable instructions are sent. The first set of executable instructions are configured to indicate a plurality of resources required to be at least one of downloaded to or rendered at the client for the web page to be considered loaded at the client. The first set of executable instructions are also configured to determine when each individual resource in the required resources have been be at least one of downloaded to or rendered at the client. The first set of executable instructions are also configured to determine a length of time associated with at least one of downloading to or rendering at the client the resources in the plurality of resources.Type: GrantFiled: April 9, 2010Date of Patent: October 29, 2013Assignee: Microsoft CorporationInventors: Vikas Ahuja, Brian Charles Blomquist, Reeves Hoppe Briggs
-
Publication number: 20110252138Abstract: Gathering performance information with respect to delivering web resources as perceived by a user at the web client. A method includes receiving a request for a web page. As a result of receiving the request, a first set of executable instructions are sent. The first set of executable instructions are configured to indicate a plurality of resources required to be at least one of downloaded to or rendered at the client for the web page to be considered loaded at the client. The first set of executable instructions are also configured to determine when each individual resource in the required resources have been be at least one of downloaded to or rendered at the client. The first set of executable instructions are also configured to determine a length of time associated with at least one of downloading to or rendering at the client the resources in the plurality of resources.Type: ApplicationFiled: April 9, 2010Publication date: October 13, 2011Applicant: Microsoft CorporationInventors: Vikas Ahuja, Brian Charles Blomquist, Reeves Hoppe Briggs