Patents by Inventor Royi Ronen

Royi Ronen has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10320817
    Abstract: A system for detecting an attack by a virtual or physical machine on one or more auto-generated websites is provided. The system includes a processor, a memory, and an application. The application is stored in the memory and includes instructions, which are executable by the processor. The instructions are configured to: access an index of a search engine server computer and determine uniform resource locators (URLs) of auto-generated websites, where the auto-generated websites include the one or more auto-generated websites; and access Internet protocol (IP) address-URL entries stored in a domain name system server computer.
    Type: Grant
    Filed: November 16, 2016
    Date of Patent: June 11, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Hani Neuvirth-Telem, Elad Yom-Tov, Royi Ronen, Daniel Alon Hilevich
  • Publication number: 20190114301
    Abstract: Data from social networking applications and other applications that can be used to communicate are combined for a user to generate a graph of the various relationships that the user has with other users in the social networking applications and other applications. In addition, the behaviors of each user with respect to communicating through the various social networking applications and other applications are monitored to generate task data that describes user preferences for communicating using each social networking application or other application for different tasks. At a later time, when a user is looking to connect with another user for an indicated task such as networking, the graph can be used to recommend paths to other users in the various social networking applications and other applications, and the generated task data can be used to rank the recommended paths based on the indicated task.
    Type: Application
    Filed: December 21, 2018
    Publication date: April 18, 2019
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Neta Haiby-Weiss, Amir Pinchas, Hanan Lavy, Yitzhak Tzahi Weisfeld, Yair Snir, Royi Ronen
  • Publication number: 20190081965
    Abstract: Systems and methods for identifying and responding to anomalous data activity by a computer user on a computing device are presented. An anomalous data activity service, implemented as a machine learning service, receives notice of data activity and conducts an evaluation to determine whether the data activity is an anomalous data activity. Upon determining that the data activity is an anomalous data activity, a responsive action may be taken that may result in the anomalous data activity being blocked or allowed.
    Type: Application
    Filed: September 8, 2017
    Publication date: March 14, 2019
    Inventors: Roee OZ, Yuval ELDAR, Royi RONEN
  • Patent number: 10176263
    Abstract: Data from social networking applications and other applications that can be used to communicate are combined for a user to generate a graph of the various relationships that the user has with other users in the social networking applications and other applications. In addition, the behaviors of each user with respect to communicating through the various social networking applications and other applications are monitored to generate task data that describes user preferences for communicating using each social networking application or other application for different tasks. At a later time, when a user is looking to connect with another user for an indicated task such as networking, the graph can be used to recommend paths to other users in the various social networking applications and other applications, and the generated task data can be used to rank the recommended paths based on the indicated task.
    Type: Grant
    Filed: September 25, 2015
    Date of Patent: January 8, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Neta Haiby-Weiss, Amir Pinchas, Hanan Lavy, Yitzhak Tzahi Weisfeld, Yair Snir, Royi Ronen
  • Patent number: 10129295
    Abstract: Use machine learning to train a classifier to classify entities to increase confidence with respect to an entity being part of a distributed denial of service attack. The method includes training a classifier to use a first classification method, to identify probabilities that entities from a set of entities are performing denial of service attacks. The method further includes identifying a subset of entities meeting a threshold probability of performing a denial of service attack. The method further includes using a second classification method, identifying similarity of entities in the subset of entities. The method further includes based on the similarity, classifying individual entities.
    Type: Grant
    Filed: August 31, 2016
    Date of Patent: November 13, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Omer Karin, Royi Ronen, Hani Neuvirth, Roey Vilnai
  • Publication number: 20180324193
    Abstract: A system for detecting a non-targeted attack by a first machine on a second machine is provided. The system includes an application that includes instructions configured to: extract network data corresponding to traffic flow between the first and second machines, where the second machine is implemented in a cloud-based network; identify a first suspect external IP address based on the network data; calculate features for the first suspect external IP address, where the features include exploration type features and exploitation type features; train a classifier based on predetermined examples and the features to generate and update a model; classify the first suspect external IP address based on the model and at least some of the features; and perform a countermeasure if a classification provided from classifying the first suspect external IP address indicates that the first suspect external IP address is associated with a malicious attack on the second machine.
    Type: Application
    Filed: May 5, 2017
    Publication date: November 8, 2018
    Inventors: Royi RONEN, Hani Hana NEUVIRTH, Tomer KOREN, Omer KARIN
  • Patent number: 10068277
    Abstract: A method includes acts for filtering auto consumption recommendations and auto consumption actions. The method includes receiving from a recommendation system, a recommendation of an asset for consumption. The asset for consumption is evaluated in the context of one or more filter rules regarding auto consumption. The filter rules are configured to filter recommended assets from being consumed when certain criteria are met or to permit recommended assets to be consumed when certain criteria are met. As a result, the method includes identifying one or more constraints on how recommended asset should be consumed. The method further includes filtering consumption of the recommended asset based on the one or more constraints.
    Type: Grant
    Filed: June 17, 2014
    Date of Patent: September 4, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Tom Jurgenson, Royi Ronen, Elad Ziklik, Oran Brill
  • Publication number: 20180248906
    Abstract: One embodiment illustrated herein includes a computer implemented method. The method includes acts for training an amplification attack detection system. The method includes obtaining a plurality of samples of IPFIX data. The method further includes using the IPFIX data to create a plurality of time-based, server samples on a per server basis such that each sample corresponds to a server and a period of time over which IPFIX data in the sample corresponds. The method further includes identifying a plurality of the server samples that are labeled positive for amplification attacks. The method further includes identifying a plurality of server samples that are labeled negative for amplification attacks. The method further includes automatically labeling at least some of the remaining server samples as positive or negative based on the previously identified labeled samples. The method further includes using the automatically labeled samples to train an amplification attack detection system.
    Type: Application
    Filed: February 27, 2017
    Publication date: August 30, 2018
    Inventors: Mathias Scherman, Tomer Teller, Hanan Shteingart, Royi Ronen
  • Publication number: 20180205736
    Abstract: A method and a computing system for allowing just-in-time (“JIT”) access to a machine is provided. A system receives a request to allow JIT access to the machine. The system directs a port of the machine to be opened for a JIT access period. The system also directs the machine to alter security relating to applications allowed to execute on the machine for the JIT access period. During the JIT access period, the machine can be accessed via the port with the altered security relating to applications. After the JIT access period, the system directs the port to be closed and directs the security to return to the unaltered security.
    Type: Application
    Filed: May 25, 2017
    Publication date: July 19, 2018
    Inventors: Gilad Michael ELYASHAR, Royi RONEN, Efim HUDIS
  • Publication number: 20180191664
    Abstract: A method for managing communication among a plurality of social network members. The method comprises defining a multi participant task, setting at least one forward rule limiting the distribution an invitation message for participating in the multi participant task, forwarding the invitation message to at least one addressee from a plurality of social network members, allowing the at least one addressee to forward the invitation message to at least one additional addressee from the plurality of social network members under the at least one forward rule, monitoring a plurality of feedbacks to the invitation message to determine whether the multi participant task is achieved, and updating a status of the multi participant task according to the determination.
    Type: Application
    Filed: February 26, 2018
    Publication date: July 5, 2018
    Applicant: Technion Research & Development Foundation Limited
    Inventors: Oded SHMUELI, Royi RONEN
  • Publication number: 20180152465
    Abstract: A method and device for detecting botnets in a cloud-computing infrastructure are provided. The method includes gathering data feeds over a predefined detection time window to produce a detection dataset, wherein the detection dataset includes at least security events and a first set of bot-labels related to the activity of each of at least one virtual machine in the cloud-computing infrastructure during the detection time window; generating, using the detection dataset, a features vector for each of a plurality of virtual machines in the cloud-computing infrastructure, wherein the features vector is based on idiosyncratic (iSync) scores related to botnet activity; transmitting each generated features vector to a supervised machine learning decision model to generate a label indicating if each of the plurality of virtual machines is a bot based on the respective features vector; and determining each virtual machine labeled as a bot as being part of a botnet.
    Type: Application
    Filed: November 28, 2016
    Publication date: May 31, 2018
    Applicant: Microsoft Technology Licensing, LLC.
    Inventors: Roy LEVIN, Royi RONEN
  • Publication number: 20180139215
    Abstract: A system for detecting an attack by a virtual or physical machine on one or more auto-generated websites is provided. The system includes a processor, a memory, and an application. The application is stored in the memory and includes instructions, which are executable by the processor. The instructions are configured to: access an index of a search engine server computer and determine uniform resource locators (URLs) of auto-generated websites, where the auto-generated websites include the one or more auto-generated websites; and access Internet protocol (IP) address-URL entries stored in a domain name system server computer.
    Type: Application
    Filed: November 16, 2016
    Publication date: May 17, 2018
    Inventors: Hani Neuvirth-Telem, Elad Yom-Tov, Royi Ronen, Daniel Alon Hilevich
  • Publication number: 20180124073
    Abstract: Enhancements to network security are provided by identifying malicious actions taken against servers in a network environment, without having to access log data from individual servers. Seed data are collected by an administrator of the network environment, from honeypots and servers whose logs are shared with the administrator, to identify patterns of malicious actions to access the network environment. These patterns of use include ratios of TCP flags in communication sessions, entropy in the use of TCP flags over the life of a communication session, and packet size metrics, which are used to develop a model of characteristic communications for an attack. These attack models are shared with servers in the network environment to detect attacks without having to examine the traffic logs of those servers.
    Type: Application
    Filed: October 31, 2016
    Publication date: May 3, 2018
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Mathias Scherman, Daniel Mark Edwards, Tomer Koren, Royi Ronen
  • Publication number: 20180096157
    Abstract: Controlling device security includes obtaining a set of device activity data indicating current device activity on a device and a set of user activity data indicating a current activity state of one or more legitimate users of the device. It is determined whether the indicated current activity state of the users indicates that a legitimate user is in an active state on the device, or that none of the legitimate users is in an active state on the device. A statistical fit of the indicated current device activity on the device, with the indicated current activity state of the one or more legitimate users, is determined, by a comparison with at least one of the models that are generated via supervised learning. A security alert action may be initiated, based on a result of the determination of the statistical fit indicating a compromised state of the device.
    Type: Application
    Filed: October 5, 2016
    Publication date: April 5, 2018
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Moshe Israel, Royi Ronen, Daniel Alon, Tomer Teller, Hanan Shteingart
  • Publication number: 20180084001
    Abstract: Systems and methods for analyzing security alerts within an enterprise are provided. An enterprise graph is generated based on information such as operational intelligence regarding the enterprise. The enterprise graph identifies relationships between entities of the enterprise and a plurality of security alerts are produced by a plurality of security components of the enterprise. One or more significant relationships are identified between two or more of the plurality of security alerts based on a strength of a relationship identified in the enterprise graph. A significant relationship is utilized to identify a potential security incident between two or more of the security alerts.
    Type: Application
    Filed: September 22, 2016
    Publication date: March 22, 2018
    Applicant: Microsoft Technology Licensing, LLC.
    Inventors: Efim Hudis, Michal Braverman-Blumenstyk, Daniel Alon, Hani Hana Neuvirth, Royi Ronen, Yuri Gurevich
  • Publication number: 20180063188
    Abstract: Use machine learning to train a classifier to classify entities to increase confidence with respect to an entity being part of a distributed denial of service attack. The method includes training a classifier to use a first classification method, to identify probabilities that entities from a set of entities are performing denial of service attacks. The method further includes identifying a subset of entities meeting a threshold probability of performing a denial of service attack. The method further includes using a second classification method, identifying similarity of entities in the subset of entities. The method further includes based on the similarity, classifying individual entities.
    Type: Application
    Filed: August 31, 2016
    Publication date: March 1, 2018
    Inventors: Omer Karin, Royi Ronen, Hani Neuvirth, Roey Vilnai
  • Patent number: 9906486
    Abstract: A method for managing communication among a plurality of social network members. The method comprises defining a multi participant task, setting at least one forward rule limiting the distribution an invitation message for participating in the multi participant task, forwarding the invitation message to at least one addressee from a plurality of social network members, allowing the at least one addressee to forward the invitation message to at least one additional addressee from the plurality of social network members under the at least one forward rule, monitoring a plurality of feedbacks to the invitation message to determine whether the multi participant task is achieved, and updating a status of the multi participant task according to the determination.
    Type: Grant
    Filed: March 29, 2016
    Date of Patent: February 27, 2018
    Assignee: Technion Research & Development Foundation Limited
    Inventors: Oded Shmueli, Royi Ronen
  • Publication number: 20180046957
    Abstract: Technologies are provided for determining effectiveness of online meetings and providing actionable recommendations and insights based, in part, on a determined effectiveness of the online meetings. According to one embodiment, a measurement of the effectiveness, with respect to meeting participants of proposed, future meetings is predicted, and based on this, aspects of the proposed future meetings are optimized to maximize their effectiveness. Another embodiment relates to optimizing current online meetings as they occur. The ongoing meetings are monitored and data associated with the meetings is analyzed to provide recommendations and insights to meeting presenters and participants in real-time, or near real-time.
    Type: Application
    Filed: August 9, 2016
    Publication date: February 15, 2018
    Inventors: Ronen Yaari, Ola Lavi, Royi Ronen, Eyal Itah
  • Publication number: 20170359372
    Abstract: Detecting a volumetric attack on a computer network with fewer false positives and while also requiring fewer processing resources is provided. The systems and methods described herein use observations taken at the network level to observe network traffic to form a predictive model for future traffic. When the network's future traffic sufficiently exceeds the predictive model, the monitoring systems and methods will indicate to the network to take security measures. The traffic to the network may be observed in subsets, corresponding to various groupings of sources, destinations, and protocols so that security measures may be targeted to that subset without affecting other machines in the network.
    Type: Application
    Filed: June 14, 2016
    Publication date: December 14, 2017
    Applicant: Microsoft Technology Licensing, LLC.
    Inventors: Royi Ronen, Hani Neuvirth-Telem, Shai Baruch Nahum, Yuri Gabaev, Oleg Yanovsky, Vlad Korsunsky, Tomer Teller, Hanan Shteingart
  • Publication number: 20170359362
    Abstract: In an example embodiment, a computer-implemented method comprises obtaining labels from messages associated with an email service provider, wherein the labels indicate for each message IP how many spam and non-spam messages have been received; obtaining network data features from a cloud service provider; providing the labels and network data features to a machine learning application; generating a prediction model representing an algorithm for determining whether a particular set of network data features are spam or not; applying the prediction model to network data features for an unlabeled message; and generating an output of the prediction model indicating a likelihood that the unlabeled message is spam.
    Type: Application
    Filed: November 30, 2016
    Publication date: December 14, 2017
    Applicant: Microsoft Technology Licensing, LLC
    Inventors: Ori Kashi, Philip Newman, Daniel Alon, Elad Yom-Tov, Hani Neuvirth, Royi Ronen