Patents by Inventor Royi Ronen
Royi Ronen has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20190236396Abstract: In various embodiments, methods and systems for implementing a media management system, for video data processing and adaptation data generation, are provided. At a high level, a video data processing engine relies on different types of video data properties and additional auxiliary data resources to perform video optical character recognition operations for recognizing characters in video data. In operation, video data is accessed to identify recognized characters. A video OCR operation to perform on the video data for character recognition is determined from video character processing and video auxiliary data processing. Video auxiliary data processing includes processing an auxiliary reference object; the auxiliary reference object is an indirect reference object that is a derived input element used as a factor in determining the recognized characters. The video data is processed based on the video OCR operation and based on processing the video data, at least one recognized character is communicated.Type: ApplicationFiled: June 29, 2018Publication date: August 1, 2019Inventors: Royi RONEN, Ika BAR-MENACHEM, Ohad JASSIN, Avner LEVI, Olivier NANO, Oron NIR, Mor Geva PIPEK, Ori ZIV
-
Patent number: 10320817Abstract: A system for detecting an attack by a virtual or physical machine on one or more auto-generated websites is provided. The system includes a processor, a memory, and an application. The application is stored in the memory and includes instructions, which are executable by the processor. The instructions are configured to: access an index of a search engine server computer and determine uniform resource locators (URLs) of auto-generated websites, where the auto-generated websites include the one or more auto-generated websites; and access Internet protocol (IP) address-URL entries stored in a domain name system server computer.Type: GrantFiled: November 16, 2016Date of Patent: June 11, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Hani Neuvirth-Telem, Elad Yom-Tov, Royi Ronen, Daniel Alon Hilevich
-
Publication number: 20190114301Abstract: Data from social networking applications and other applications that can be used to communicate are combined for a user to generate a graph of the various relationships that the user has with other users in the social networking applications and other applications. In addition, the behaviors of each user with respect to communicating through the various social networking applications and other applications are monitored to generate task data that describes user preferences for communicating using each social networking application or other application for different tasks. At a later time, when a user is looking to connect with another user for an indicated task such as networking, the graph can be used to recommend paths to other users in the various social networking applications and other applications, and the generated task data can be used to rank the recommended paths based on the indicated task.Type: ApplicationFiled: December 21, 2018Publication date: April 18, 2019Applicant: Microsoft Technology Licensing, LLCInventors: Neta Haiby-Weiss, Amir Pinchas, Hanan Lavy, Yitzhak Tzahi Weisfeld, Yair Snir, Royi Ronen
-
Publication number: 20190081965Abstract: Systems and methods for identifying and responding to anomalous data activity by a computer user on a computing device are presented. An anomalous data activity service, implemented as a machine learning service, receives notice of data activity and conducts an evaluation to determine whether the data activity is an anomalous data activity. Upon determining that the data activity is an anomalous data activity, a responsive action may be taken that may result in the anomalous data activity being blocked or allowed.Type: ApplicationFiled: September 8, 2017Publication date: March 14, 2019Inventors: Roee OZ, Yuval ELDAR, Royi RONEN
-
Patent number: 10176263Abstract: Data from social networking applications and other applications that can be used to communicate are combined for a user to generate a graph of the various relationships that the user has with other users in the social networking applications and other applications. In addition, the behaviors of each user with respect to communicating through the various social networking applications and other applications are monitored to generate task data that describes user preferences for communicating using each social networking application or other application for different tasks. At a later time, when a user is looking to connect with another user for an indicated task such as networking, the graph can be used to recommend paths to other users in the various social networking applications and other applications, and the generated task data can be used to rank the recommended paths based on the indicated task.Type: GrantFiled: September 25, 2015Date of Patent: January 8, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Neta Haiby-Weiss, Amir Pinchas, Hanan Lavy, Yitzhak Tzahi Weisfeld, Yair Snir, Royi Ronen
-
Patent number: 10129295Abstract: Use machine learning to train a classifier to classify entities to increase confidence with respect to an entity being part of a distributed denial of service attack. The method includes training a classifier to use a first classification method, to identify probabilities that entities from a set of entities are performing denial of service attacks. The method further includes identifying a subset of entities meeting a threshold probability of performing a denial of service attack. The method further includes using a second classification method, identifying similarity of entities in the subset of entities. The method further includes based on the similarity, classifying individual entities.Type: GrantFiled: August 31, 2016Date of Patent: November 13, 2018Assignee: Microsoft Technology Licensing, LLCInventors: Omer Karin, Royi Ronen, Hani Neuvirth, Roey Vilnai
-
Publication number: 20180324193Abstract: A system for detecting a non-targeted attack by a first machine on a second machine is provided. The system includes an application that includes instructions configured to: extract network data corresponding to traffic flow between the first and second machines, where the second machine is implemented in a cloud-based network; identify a first suspect external IP address based on the network data; calculate features for the first suspect external IP address, where the features include exploration type features and exploitation type features; train a classifier based on predetermined examples and the features to generate and update a model; classify the first suspect external IP address based on the model and at least some of the features; and perform a countermeasure if a classification provided from classifying the first suspect external IP address indicates that the first suspect external IP address is associated with a malicious attack on the second machine.Type: ApplicationFiled: May 5, 2017Publication date: November 8, 2018Inventors: Royi RONEN, Hani Hana NEUVIRTH, Tomer KOREN, Omer KARIN
-
Patent number: 10068277Abstract: A method includes acts for filtering auto consumption recommendations and auto consumption actions. The method includes receiving from a recommendation system, a recommendation of an asset for consumption. The asset for consumption is evaluated in the context of one or more filter rules regarding auto consumption. The filter rules are configured to filter recommended assets from being consumed when certain criteria are met or to permit recommended assets to be consumed when certain criteria are met. As a result, the method includes identifying one or more constraints on how recommended asset should be consumed. The method further includes filtering consumption of the recommended asset based on the one or more constraints.Type: GrantFiled: June 17, 2014Date of Patent: September 4, 2018Assignee: Microsoft Technology Licensing, LLCInventors: Tom Jurgenson, Royi Ronen, Elad Ziklik, Oran Brill
-
Publication number: 20180248906Abstract: One embodiment illustrated herein includes a computer implemented method. The method includes acts for training an amplification attack detection system. The method includes obtaining a plurality of samples of IPFIX data. The method further includes using the IPFIX data to create a plurality of time-based, server samples on a per server basis such that each sample corresponds to a server and a period of time over which IPFIX data in the sample corresponds. The method further includes identifying a plurality of the server samples that are labeled positive for amplification attacks. The method further includes identifying a plurality of server samples that are labeled negative for amplification attacks. The method further includes automatically labeling at least some of the remaining server samples as positive or negative based on the previously identified labeled samples. The method further includes using the automatically labeled samples to train an amplification attack detection system.Type: ApplicationFiled: February 27, 2017Publication date: August 30, 2018Inventors: Mathias Scherman, Tomer Teller, Hanan Shteingart, Royi Ronen
-
Publication number: 20180205736Abstract: A method and a computing system for allowing just-in-time (“JIT”) access to a machine is provided. A system receives a request to allow JIT access to the machine. The system directs a port of the machine to be opened for a JIT access period. The system also directs the machine to alter security relating to applications allowed to execute on the machine for the JIT access period. During the JIT access period, the machine can be accessed via the port with the altered security relating to applications. After the JIT access period, the system directs the port to be closed and directs the security to return to the unaltered security.Type: ApplicationFiled: May 25, 2017Publication date: July 19, 2018Inventors: Gilad Michael ELYASHAR, Royi RONEN, Efim HUDIS
-
Publication number: 20180191664Abstract: A method for managing communication among a plurality of social network members. The method comprises defining a multi participant task, setting at least one forward rule limiting the distribution an invitation message for participating in the multi participant task, forwarding the invitation message to at least one addressee from a plurality of social network members, allowing the at least one addressee to forward the invitation message to at least one additional addressee from the plurality of social network members under the at least one forward rule, monitoring a plurality of feedbacks to the invitation message to determine whether the multi participant task is achieved, and updating a status of the multi participant task according to the determination.Type: ApplicationFiled: February 26, 2018Publication date: July 5, 2018Applicant: Technion Research & Development Foundation LimitedInventors: Oded SHMUELI, Royi RONEN
-
Publication number: 20180152465Abstract: A method and device for detecting botnets in a cloud-computing infrastructure are provided. The method includes gathering data feeds over a predefined detection time window to produce a detection dataset, wherein the detection dataset includes at least security events and a first set of bot-labels related to the activity of each of at least one virtual machine in the cloud-computing infrastructure during the detection time window; generating, using the detection dataset, a features vector for each of a plurality of virtual machines in the cloud-computing infrastructure, wherein the features vector is based on idiosyncratic (iSync) scores related to botnet activity; transmitting each generated features vector to a supervised machine learning decision model to generate a label indicating if each of the plurality of virtual machines is a bot based on the respective features vector; and determining each virtual machine labeled as a bot as being part of a botnet.Type: ApplicationFiled: November 28, 2016Publication date: May 31, 2018Applicant: Microsoft Technology Licensing, LLC.Inventors: Roy LEVIN, Royi RONEN
-
Publication number: 20180139215Abstract: A system for detecting an attack by a virtual or physical machine on one or more auto-generated websites is provided. The system includes a processor, a memory, and an application. The application is stored in the memory and includes instructions, which are executable by the processor. The instructions are configured to: access an index of a search engine server computer and determine uniform resource locators (URLs) of auto-generated websites, where the auto-generated websites include the one or more auto-generated websites; and access Internet protocol (IP) address-URL entries stored in a domain name system server computer.Type: ApplicationFiled: November 16, 2016Publication date: May 17, 2018Inventors: Hani Neuvirth-Telem, Elad Yom-Tov, Royi Ronen, Daniel Alon Hilevich
-
Publication number: 20180124073Abstract: Enhancements to network security are provided by identifying malicious actions taken against servers in a network environment, without having to access log data from individual servers. Seed data are collected by an administrator of the network environment, from honeypots and servers whose logs are shared with the administrator, to identify patterns of malicious actions to access the network environment. These patterns of use include ratios of TCP flags in communication sessions, entropy in the use of TCP flags over the life of a communication session, and packet size metrics, which are used to develop a model of characteristic communications for an attack. These attack models are shared with servers in the network environment to detect attacks without having to examine the traffic logs of those servers.Type: ApplicationFiled: October 31, 2016Publication date: May 3, 2018Applicant: Microsoft Technology Licensing, LLCInventors: Mathias Scherman, Daniel Mark Edwards, Tomer Koren, Royi Ronen
-
Publication number: 20180096157Abstract: Controlling device security includes obtaining a set of device activity data indicating current device activity on a device and a set of user activity data indicating a current activity state of one or more legitimate users of the device. It is determined whether the indicated current activity state of the users indicates that a legitimate user is in an active state on the device, or that none of the legitimate users is in an active state on the device. A statistical fit of the indicated current device activity on the device, with the indicated current activity state of the one or more legitimate users, is determined, by a comparison with at least one of the models that are generated via supervised learning. A security alert action may be initiated, based on a result of the determination of the statistical fit indicating a compromised state of the device.Type: ApplicationFiled: October 5, 2016Publication date: April 5, 2018Applicant: Microsoft Technology Licensing, LLCInventors: Moshe Israel, Royi Ronen, Daniel Alon, Tomer Teller, Hanan Shteingart
-
Publication number: 20180084001Abstract: Systems and methods for analyzing security alerts within an enterprise are provided. An enterprise graph is generated based on information such as operational intelligence regarding the enterprise. The enterprise graph identifies relationships between entities of the enterprise and a plurality of security alerts are produced by a plurality of security components of the enterprise. One or more significant relationships are identified between two or more of the plurality of security alerts based on a strength of a relationship identified in the enterprise graph. A significant relationship is utilized to identify a potential security incident between two or more of the security alerts.Type: ApplicationFiled: September 22, 2016Publication date: March 22, 2018Applicant: Microsoft Technology Licensing, LLC.Inventors: Efim Hudis, Michal Braverman-Blumenstyk, Daniel Alon, Hani Hana Neuvirth, Royi Ronen, Yuri Gurevich
-
Publication number: 20180063188Abstract: Use machine learning to train a classifier to classify entities to increase confidence with respect to an entity being part of a distributed denial of service attack. The method includes training a classifier to use a first classification method, to identify probabilities that entities from a set of entities are performing denial of service attacks. The method further includes identifying a subset of entities meeting a threshold probability of performing a denial of service attack. The method further includes using a second classification method, identifying similarity of entities in the subset of entities. The method further includes based on the similarity, classifying individual entities.Type: ApplicationFiled: August 31, 2016Publication date: March 1, 2018Inventors: Omer Karin, Royi Ronen, Hani Neuvirth, Roey Vilnai
-
Patent number: 9906486Abstract: A method for managing communication among a plurality of social network members. The method comprises defining a multi participant task, setting at least one forward rule limiting the distribution an invitation message for participating in the multi participant task, forwarding the invitation message to at least one addressee from a plurality of social network members, allowing the at least one addressee to forward the invitation message to at least one additional addressee from the plurality of social network members under the at least one forward rule, monitoring a plurality of feedbacks to the invitation message to determine whether the multi participant task is achieved, and updating a status of the multi participant task according to the determination.Type: GrantFiled: March 29, 2016Date of Patent: February 27, 2018Assignee: Technion Research & Development Foundation LimitedInventors: Oded Shmueli, Royi Ronen
-
Publication number: 20180046957Abstract: Technologies are provided for determining effectiveness of online meetings and providing actionable recommendations and insights based, in part, on a determined effectiveness of the online meetings. According to one embodiment, a measurement of the effectiveness, with respect to meeting participants of proposed, future meetings is predicted, and based on this, aspects of the proposed future meetings are optimized to maximize their effectiveness. Another embodiment relates to optimizing current online meetings as they occur. The ongoing meetings are monitored and data associated with the meetings is analyzed to provide recommendations and insights to meeting presenters and participants in real-time, or near real-time.Type: ApplicationFiled: August 9, 2016Publication date: February 15, 2018Inventors: Ronen Yaari, Ola Lavi, Royi Ronen, Eyal Itah
-
Publication number: 20170359362Abstract: In an example embodiment, a computer-implemented method comprises obtaining labels from messages associated with an email service provider, wherein the labels indicate for each message IP how many spam and non-spam messages have been received; obtaining network data features from a cloud service provider; providing the labels and network data features to a machine learning application; generating a prediction model representing an algorithm for determining whether a particular set of network data features are spam or not; applying the prediction model to network data features for an unlabeled message; and generating an output of the prediction model indicating a likelihood that the unlabeled message is spam.Type: ApplicationFiled: November 30, 2016Publication date: December 14, 2017Applicant: Microsoft Technology Licensing, LLCInventors: Ori Kashi, Philip Newman, Daniel Alon, Elad Yom-Tov, Hani Neuvirth, Royi Ronen