Patents by Inventor Royi Ronen
Royi Ronen has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10936630Abstract: Systems and methods are disclosed for inferring topics from a file containing both audio and video, for example a multimodal or multimedia file, in order to facilitate video indexing. A set of entities is extracted from the file and linked to produce a graph, and reference information is also obtained for the set of entities. Entities may be drawn, for example, from Wikipedia categories, or other large ontological data sources. Analysis of the graph, using unsupervised learning, permits determining clusters in the graph. Extracting features from the clusters, possibly using supervised learning, provides for selection of topic identifiers. The topic identifiers are then used for indexing the file.Type: GrantFiled: September 13, 2018Date of Patent: March 2, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Royi Ronen, Oron Nir, Chin-Yew Lin, Ohad Jassin, Daniel Nurieli, Eylon Ami, Avner Levi
-
Patent number: 10902288Abstract: Aspects of the technology described herein improve an object recognition system by specifying a type of picture that would improve the accuracy of the object recognition system if used to retrain the object recognition system. The technology described herein can take the form of an improvement model that improves an object recognition model by suggesting the types of training images that would improve the object recognition model's performance. For example, the improvement model could suggest that a picture of a person smiling be used to retrain the object recognition system. Once trained, the improvement model can be used to estimate a performance score for an image recognition model given the set characteristics of a set of training of images. The improvement model can then select a feature of an image, which if added to the training set, would cause a meaningful increase in the recognition system's performance.Type: GrantFiled: May 11, 2018Date of Patent: January 26, 2021Inventors: Oron Nir, Royi Ronen, Ohad Jassin, Milan M. Gada, Mor Geva Pipek
-
Publication number: 20200342860Abstract: Methods for speaker role determination and scrubbing identifying information are performed by systems and devices. In speaker role determination, data from an audio or text file is divided into respective portions related to speaking parties. Characteristics classifying the portions of the data for speaking party roles are identified in the portions to generate data sets from the portions corresponding to the speaking party roles and to assign speaking party roles for the data sets. For scrubbing identifying information in data, audio data for speaking parties is processed using speech recognition to generate a text-based representation. Text associated with identifying information is determined based on a set of key words/phrases, and a portion of the text-based representation that includes a part of the text is identified. A segment of audio data that corresponds to the identified portion is replaced with different audio data, and the portion is replaced with different text.Type: ApplicationFiled: April 29, 2019Publication date: October 29, 2020Inventors: Yun-Cheng Ju, Ashwarya Poddar, Royi Ronen, Oron Nir, Ami Turgman, Andreas Stolcke, Edan Hauon
-
Publication number: 20200342138Abstract: Methods for speaker role determination and scrubbing identifying information are performed by systems and devices. In speaker role determination, data from an audio or text file is divided into respective portions related to speaking parties. Characteristics classifying the portions of the data for speaking party roles are identified in the portions to generate data sets from the portions corresponding to the speaking party roles and to assign speaking party roles for the data sets. For scrubbing identifying information in data, audio data for speaking parties is processed using speech recognition to generate a text-based representation. Text associated with identifying information is determined based on a set of key words/phrases, and a portion of the text-based representation that includes a part of the text is identified. A segment of audio data that corresponds to the identified portion is replaced with different audio data, and the portion is replaced with different text.Type: ApplicationFiled: April 29, 2019Publication date: October 29, 2020Inventors: Yun-Cheng Ju, Ashwarya Poddar, Royi Ronen, Oron Nir, Ami Turgman, Andreas Stolcke, Edan Hauon
-
Patent number: 10771492Abstract: Systems and methods for analyzing security alerts within an enterprise are provided. An enterprise graph is generated based on information such as operational intelligence regarding the enterprise. The enterprise graph identifies relationships between entities of the enterprise and a plurality of security alerts are produced by a plurality of security components of the enterprise. One or more significant relationships are identified between two or more of the plurality of security alerts based on a strength of a relationship identified in the enterprise graph. A significant relationship is utilized to identify a potential security incident between two or more of the security alerts.Type: GrantFiled: September 22, 2016Date of Patent: September 8, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Efim Hudis, Michal Braverman-Blumenstyk, Daniel Alon, Hani Hana Neuvirth, Royi Ronen, Yuri Gurevich
-
Patent number: 10762375Abstract: In various embodiments, methods and systems for implementing a media management system, for video data processing and adaptation data generation, are provided. At a high level, a video data processing engine relies on different types of video data properties and additional auxiliary data resources to perform video optical character recognition operations for recognizing characters in video data. In operation, video data is accessed to identify recognized characters. A video OCR operation to perform on the video data for character recognition is determined from video character processing and video auxiliary data processing. Video auxiliary data processing includes processing an auxiliary reference object; the auxiliary reference object is an indirect reference object that is a derived input element used as a factor in determining the recognized characters. The video data is processed based on the video OCR operation and based on processing the video data, at least one recognized character is communicated.Type: GrantFiled: June 29, 2018Date of Patent: September 1, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Royi Ronen, Ika Bar-Menachem, Ohad Jassin, Avner Levi, Olivier Nano, Oron Nir, Mor Geva Pipek, Ori Ziv
-
Patent number: 10692012Abstract: A computerized method of classifying network accessible storage transactions at network accessible storage. The method comprises obtaining an client predictive security model for anomaly or malfunctioning detection, the client predictive security model is dynamically created by an analysis of a plurality of client transactions made to access target data stored in an client computing device, monitoring a plurality of network accessible storage transactions made to access a replica of the target data when the replica is stored in an network accessible storage, and classifying at least some of the plurality of network accessible storage transactions based on the client predictive security model.Type: GrantFiled: May 29, 2016Date of Patent: June 23, 2020Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Royi Ronen, Peiheng Hu, Lars Mohr
-
Patent number: 10623427Abstract: Systems and methods for identifying and responding to anomalous data activity by a computer user on a computing device are presented. An anomalous data activity service, implemented as a machine learning service, receives notice of data activity and conducts an evaluation to determine whether the data activity is an anomalous data activity. Upon determining that the data activity is an anomalous data activity, a responsive action may be taken that may result in the anomalous data activity being blocked or allowed.Type: GrantFiled: September 8, 2017Date of Patent: April 14, 2020Assignee: MICROSOFT TECHNOLOGY LICENSING, LLCInventors: Roee Oz, Yuval Eldar, Royi Ronen
-
Publication number: 20200089802Abstract: Systems and methods are disclosed for inferring topics from a file containing both audio and video, for example a multimodal or multimedia file, in order to facilitate video indexing. A set of entities is extracted from the file and linked to produce a graph, and reference information is also obtained for the set of entities. Entities may be drawn, for example, from Wikipedia categories, or other large ontological data sources. Analysis of the graph, using unsupervised learning, permits determining clusters in the graph. Extracting features from the clusters, possibly using supervised learning, provides for selection of topic identifiers. The topic identifiers are then used for indexing the file.Type: ApplicationFiled: September 13, 2018Publication date: March 19, 2020Inventors: Royi RONEN, Oron NIR, Chin-Yew LIN, Ohad JASSIN, Daniel NURIELI, Eylon AMI, Avner Levi
-
Patent number: 10594711Abstract: A method and device for detecting botnets in a cloud-computing infrastructure are provided. The method includes gathering data feeds over a predefined detection time window to produce a detection dataset, wherein the detection dataset includes at least security events and a first set of bot-labels related to the activity of each of at least one virtual machine in the cloud-computing infrastructure during the detection time window; generating, using the detection dataset, a features vector for each of a plurality of virtual machines in the cloud-computing infrastructure, wherein the features vector is based on idiosyncratic (iSync) scores related to botnet activity; transmitting each generated features vector to a supervised machine learning decision model to generate a label indicating if each of the plurality of virtual machines is a bot based on the respective features vector; and determining each virtual machine labeled as a bot as being part of a botnet.Type: GrantFiled: November 28, 2016Date of Patent: March 17, 2020Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC.Inventors: Roy Levin, Royi Ronen
-
Patent number: 10581915Abstract: Enhancements to network security are provided by identifying malicious actions taken against servers in a network environment, without having to access log data from individual servers. Seed data are collected by an administrator of the network environment, from honeypots and servers whose logs are shared with the administrator, to identify patterns of malicious actions to access the network environment. These patterns of use include ratios of TCP flags in communication sessions, entropy in the use of TCP flags over the life of a communication session, and packet size metrics, which are used to develop a model of characteristic communications for an attack. These attack models are shared with servers in the network environment to detect attacks without having to examine the traffic logs of those servers.Type: GrantFiled: October 31, 2016Date of Patent: March 3, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Mathias Scherman, Daniel Mark Edwards, Tomer Koren, Royi Ronen
-
Patent number: 10534925Abstract: Controlling device security includes obtaining a set of device activity data indicating current device activity on a device and a set of user activity data indicating a current activity state of one or more legitimate users of the device. It is determined whether the indicated current activity state of the users indicates that a legitimate user is in an active state on the device, or that none of the legitimate users is in an active state on the device. A statistical fit of the indicated current device activity on the device, with the indicated current activity state of the one or more legitimate users, is determined, by a comparison with at least one of the models that are generated via supervised learning. A security alert action may be initiated, based on a result of the determination of the statistical fit indicating a compromised state of the device.Type: GrantFiled: October 5, 2016Date of Patent: January 14, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Moshe Israel, Royi Ronen, Daniel Alon, Tomer Teller, Hanan Shteingart
-
Publication number: 20190394240Abstract: Methods, systems, and media are shown for reducing the vulnerability of user accounts to attack that involve creating a rule for a user account that includes a permitted parameter corresponding to a user account activity property, monitoring the account activity of the user account. If it is determined that account activity property is inconsistent with the permitted parameter, then the user account is disabled. An example of a permitted parameter is a permitted time period, such as a start time, an end time, a recurrence definition, a days of the week definition, a start date, an end date, and a number of occurrences definition. Other examples are a physical parameter, such as a permitted geographic location, device, or network, or a permitted usage parameter, such as a permitted application, data access, or domain.Type: ApplicationFiled: June 21, 2018Publication date: December 26, 2019Inventors: Moshe Israel, Ben Kliger, Royi Ronen
-
Patent number: 10516675Abstract: A method and a computing system for allowing just-in-time (“JIT”) access to a machine is provided. A system receives a request to allow JIT access to the machine. The system directs a port of the machine to be opened for a JIT access period. The system also directs the machine to alter security relating to applications allowed to execute on the machine for the JIT access period. During the JIT access period, the machine can be accessed via the port with the altered security relating to applications. After the JIT access period, the system directs the port to be closed and directs the security to return to the unaltered security.Type: GrantFiled: May 25, 2017Date of Patent: December 24, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Gilad Michael Elyashar, Royi Ronen, Efim Hudis
-
Patent number: 10511615Abstract: A system for detecting a non-targeted attack by a first machine on a second machine is provided. The system includes an application that includes instructions configured to: extract network data corresponding to traffic flow between the first and second machines, where the second machine is implemented in a cloud-based network; identify a first suspect external IP address based on the network data; calculate features for the first suspect external IP address, where the features include exploration type features and exploitation type features; train a classifier based on predetermined examples and the features to generate and update a model; classify the first suspect external IP address based on the model and at least some of the features; and perform a countermeasure if a classification provided from classifying the first suspect external IP address indicates that the first suspect external IP address is associated with a malicious attack on the second machine.Type: GrantFiled: May 5, 2017Date of Patent: December 17, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Royi Ronen, Hani Hana Neuvirth, Tomer Koren, Omer Karin
-
Publication number: 20190362713Abstract: Technology is disclosed for providing dynamic identification and extraction or tagging of contextually-coherent text blocks from an electronic document. In an embodiment, an electronic document may be parsed into a plurality of content tokens that each corresponds to a portion of the electronic document, such as a sentence or a paragraph. Employing a sliding window approach, a number of token groups are independently analyzed, where each group of tokens has a different number of tokens included therein. Each token group is analyzed to determine confidence scores for various determinable contexts based on content included in the token set. The confidence scores can then be processed for each token group to determine an entropy score for the token group. In this way, one of the analyzed token groups can be selected as a representative text block that corresponds to one of the plurality of determinable contexts.Type: ApplicationFiled: May 25, 2018Publication date: November 28, 2019Inventors: Abedelkader ASI, Liron IZHAKI-ALLERHAND, Ran MIZRACHI, Royi RONEN, Ohad JASSIN
-
Publication number: 20190347522Abstract: Aspects of the technology described herein improve an object recognition system by specifying a type of picture that would improve the accuracy of the object recognition system if used to retrain the object recognition system. The technology described herein can take the form of an improvement model that improves an object recognition model by suggesting the types of training images that would improve the object recognition model's performance. For example, the improvement model could suggest that a picture of a person smiling be used to retrain the object recognition system. Once trained, the improvement model can be used to estimate a performance score for an image recognition model given the set characteristics of a set of training of images. The improvement model can then select a feature of an image, which if added to the training set, would cause a meaningful increase in the recognition system's performance.Type: ApplicationFiled: May 11, 2018Publication date: November 14, 2019Inventors: Oron NIR, Royi RONEN, Ohad JASSIN, Milan M. GADA, Mor Geva PIPEK
-
Patent number: 10425443Abstract: Detecting a volumetric attack on a computer network with fewer false positives and while also requiring fewer processing resources is provided. The systems and methods described herein use observations taken at the network level to observe network traffic to form a predictive model for future traffic. When the network's future traffic sufficiently exceeds the predictive model, the monitoring systems and methods will indicate to the network to take security measures. The traffic to the network may be observed in subsets, corresponding to various groupings of sources, destinations, and protocols so that security measures may be targeted to that subset without affecting other machines in the network.Type: GrantFiled: June 14, 2016Date of Patent: September 24, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Royi Ronen, Hani Neuvirth-Telem, Shai Baruch Nahum, Yuri Gabaev, Oleg Yanovsky, Vlad Korsunsky, Tomer Teller, Hanan Shteingart
-
Patent number: 10404738Abstract: One embodiment illustrated herein includes a computer implemented method. The method includes acts for training an amplification attack detection system. The method includes obtaining a plurality of samples of IPFIX data. The method further includes using the IPFIX data to create a plurality of time-based, server samples on a per server basis such that each sample corresponds to a server and a period of time over which IPFIX data in the sample corresponds. The method further includes identifying a plurality of the server samples that are labeled positive for amplification attacks. The method further includes identifying a plurality of server samples that are labeled negative for amplification attacks. The method further includes automatically labeling at least some of the remaining server samples as positive or negative based on the previously identified labeled samples. The method further includes using the automatically labeled samples to train an amplification attack detection system.Type: GrantFiled: February 27, 2017Date of Patent: September 3, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Mathias Scherman, Tomer Teller, Hanan Shteingart, Royi Ronen
-
Patent number: 10397256Abstract: In an example embodiment, a computer-implemented method comprises obtaining labels from messages associated with an email service provider, wherein the labels indicate for each message IP how many spam and non-spam messages have been received; obtaining network data features from a cloud service provider; providing the labels and network data features to a machine learning application; generating a prediction model representing an algorithm for determining whether a particular set of network data features are spam or not; applying the prediction model to network data features for an unlabeled message; and generating an output of the prediction model indicating a likelihood that the unlabeled message is spam.Type: GrantFiled: November 30, 2016Date of Patent: August 27, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Ori Kashi, Philip Newman, Daniel Alon, Elad Yom-Tov, Hani Neuvirth, Royi Ronen