Abstract: Systems and methods for threat detection and analysis. A method includes monitoring at least one thread associated with at least one user process on a computing device. The method further includes detecting specific-system calls associated with at least one user process at user level. The specific-system calls are analyzed by applying a filter to system calls sequence feature sets associated with the specific-system calls for detecting one or more events of interest. A capture of a full stack trace of at least one user process is requested if the system calls sequence feature set is filtered and at least one event of interest is detected. A first level monitoring is provided to the computing device, which includes processing and analyzing the captured full stack trace by a machine learning (ML) stack trace analyzer to generate a first verdict for threat detection and analysis.

Abstract: Disclosed herein are systems and method for classifying objects in an image using a color-based neural network. A method may include: training a neural network to classify an object in a given image into a color class from a set of color classes; determining, from the set of color classes, a subset of color classes that are anticipated to be in a received input image based on image metadata; generating a matched mask input indicating the subset; inputting both the input image and the matched mask input into the neural network, wherein the neural network is configured to: determine a first semantic embedding of the input image and the matched mask input; outputting a color class associated with a second semantic embedding with a least amount of distance to the first semantic embedding from a plurality of semantic embeddings.

Abstract: The present disclosure relates to a system and method for creating a backup and restoring the exact clean system state prior to malware detection. The system includes a security system, in communication with one or more applications of a computing system, and a backup unit. The security system detects malware during execution of the applications or events based on a memory dump analysis. The backup unit creates a backup copy of the system state corresponding to each event, labels each copy and creates an index. When the security system detects presence of the malware at a particular event, the backup system parses the index, and with use of the labels, retrieves the exact backup copy that belongs to the event preceding the other event that caused the malware attack.

Abstract: Forensic analysis on consistent system footprints relates to a system and method for rootkit detection based on forensic analysis performed on consistent system footprints, such as application events, application network communications and application files. The system includes a security system periodically monitoring one or more applications of a computing system. The security system includes a threat detection unit for collecting and storing system memory dumps, a machine learning module trained on clean and infectious memory dump, a similarity scanner to identify similarity between suspicious memory block and consistent system footprints, and a forensic analyzer to perform forensic analysis and detect infection, if any, based on the similarity found. The suspicious memory block is identified by the threat detection unit based on the analysis performed by the machine learning model. Upon rootkit detection an alert and forensic analysis report are generated.

Abstract: A rootkit detection system and method analyzes memory dumps to determine connections between intercepted system driver operations requested by unknown files and changes in system memory before and after those operations. Memory dump differences and I/O buffers are analyzed with machine learning models to identify clustered features associated with rootkits.

Abstract: Systems and methods for detecting a malware injection interested processes. The method includes identifying one or more trusted processes, monitoring at least one thread associated with the trusted processes using at least one control point, detecting activity at the at least one thread based on the at least one control point and determining a timestamp of the detected activity, receiving from the trusted processes at least one execution stack corresponding to the timestamp and indicating the at least one control point used to monitor the at least one thread, applying a first malware detector to the at least one execution stack to generate a first verdict, collecting the first verdict and auxiliary information corresponding to the trusted processes at the given timestamp, and applying a second malware detector to the first verdict and the auxiliary information to generate a second verdict.

Abstract: Systems and methods for firmware protection of industrial control systems. A kernel-level agent operating at a kernel mode intercepts a request to the resource, collects data associated with the intercepted request, and sends the collected data to a security service. A security service receives the collected data, analyzes the collected data to determine a verdict, and sends the verdict to the kernel-level agent. The kernel-level agent then executes a security action for the resource based on the verdict.

Abstract: Disclosed herein are systems and method for forming and executing a backup strategy. In one aspect, an exemplary method comprises forming a respective backup strategy for each respective file of a plurality of files stored in a data source based on a frequency of occurrence, a desired recovery time, and a criticality of data loss for the respective file. The method further comprises executing the respective backup strategy for the respective file.

Abstract: Disclosed herein are systems and method for determining environment dimensions based on environment pose. In one aspect, the method may include training, with a dataset including a plurality of images featuring an environment and labelled landmarks in the environment, a neural network to identify a pose of an environment. The method may comprise receiving an input image depicting the environment, generating an input tensor based on the input image, and inputting the input tensor into the neural network, which may be configured to generate an output tensor including a position of each identified landmark, a confidence level associated with each position, and a pose confidence score. The method may include calculating a homography matrix between each position in the output tensor along a camera plane and a corresponding position in an environment plane in order to output an image that visually connects each landmark along the environment plane.

Abstract: Systems and methods for automatically identifying outliers in Machine Learning training datasets. The method includes gaining access to a training set for the neural network NN. For each element of the training dataset, an embedding vector is generated, which is a numeric representation of the corresponding element. A centroid of all the embedding vectors of all the elements of the training set is computed equal to an average of all the embedding vectors of all the elements of the training set. A dissimilarity score is generated for each element of the training set by calculating a distance between the embedding vector corresponding to the element and the centroid. The method further includes identifying the elements from the training set with embedding vectors having the dissimilarity score higher than or equal to a predetermined threshold value.

Abstract: Systems and methods for generating video highlights with a certain label and a specific duration (SD) using a trained ranking neural network (RankNet). The system obtains a request for highlight generation, specific duration, and a specific label. The video is split into a set of fragments of pre-defined duration forming a sequence. Digital representation in a form of 3D spatio-temporal embedding is generated for each fragment by a spatio-temporal encoder. Using the embedding value, a rank of each fragment is identified by a trained Ranking Neural Network. Ranks are recorded into a data structure. A minimum number of fragments are selected to cover the SD using a criteria comprising comparing ranks of different fragments. A video highlight is generated from concatenated selected fragments with a truncation, if necessary.

Abstract: Systems and methods for augmenting a training dataset. The method includes gaining access to at least one insufficient training dataset for training a neural network NN. A generative convolutional neural network GCNN is trained using the training set or a subset thereof. At least one additional item is generated by the GCNN trained on the existing training set, and the generated item is added to the original training set.

Abstract: Systems and methods for automatic generation of highlights of video. The system includes a video processor to select one type of the video to be analyzed and split video clips from the video. The video processor recognizes positive clips, negative clips, and auxiliary clips. A spatio-temporal encoder is configured to select, from the recognized clips, a main positive clip, a main negative clip, and auxiliary positive and negative clips, and generate a three-dimensional (3D) embedding vector of each clip. The selected clips are processed by a ranking network having a self-attention layer. The self-attention layer, using a query head, a key head and the value head produces self-attention resultant vector on which an activation function is performed. A rank value is thus obtained for the selected clip. Based on the rank value, video highlights are generated.

Abstract: Systems and methods for automatically enhancing the quality of images in the training set of a neural network NN. A method includes gaining access to a training set including a plurality of images. Using at least one image quality assessment method, at least one image is identified from a plurality of images in the training set, which matches a low-quality criterion as at least one low-quality image. At least one image enhancement method is used for enhancing the at least one low-quality image to obtain at least one enhanced image. The at least one low-quality image is replaced with the corresponding at least one enhanced image in the training set.

Abstract: A rootkit detection system and method analyzes memory dumps to determine connections between intercepted system driver operations requested by unknown files and changes in system memory before and after those operations. Memory dump differences and I/O buffers are analyzed with machine learning models to identify clustered features associated with rootkits.

Abstract: A system and method for malware classification using machine learning models trained using synthesized feature sets based on features extracted from samples of known malicious objects and known safe objects. The synthesized feature sets act as virtual samples for training a machine learning classifier to recognize new objects in the wild that are likely to be malicious.

Abstract: Systems and methods for threat detection and analysis. A method includes monitoring at least one thread associated with at least one user process on a computing device. The method further includes detecting specific-system calls associated with at least one user process at user level. The specific-system calls are analyzed by applying a filter to system calls sequence feature sets associated with the specific-system calls for detecting one or more events of interest. A capture of a full stack trace of at least one user process is requested if the system calls sequence feature set is filtered and at least one event of interest is detected. A first level monitoring is provided to the computing device, which includes processing and analyzing the captured full stack trace by a machine learning (ML) stack trace analyzer to generate a first verdict for threat detection and analysis.

Abstract: Disclosed herein are systems and method for detecting small objects in an image using a neural network (NN). An exemplary method may include: receiving a first NN that is trained on a dataset including a plurality of images depicting various objects; identifying a first structure of the first NN, the first structure indicative of each layer and layer size in the first NN; determining, based on the first structure, whether the first NN can classify an object less than a threshold size in an input image; in response to determining that the first NN cannot classify the object, identifying a subset of detection layers in the first NN; generating and training a second NN that has a second structure in which the subset of detection layers are replaced by at least one layer not in the subset; and receiving, from the second NN, a classification of the object.

Abstract: A system and a method for performing brand detection and brand analysis in a video are disclosed herein. The method comprises receiving the video for performing the brand detection thereon; splitting the video for obtaining input video frames; performing an open set detection on the input video frames to compute instances of detecting brand media; determining an exact square region in which the brand media is occupied within the input video frame; resolving a scene understanding task in the input video frame; detecting crucial moments in the video; identifying an area on the input frame where a user's attention is focused to provide user focus index; generating heat maps using the detection of crucial moments and user focus index; and combining above inputs from the brand detection and the scene understanding into the heat maps for all the input video frames of the video for computing a brand advertising rate.

Abstract: A system and method for performing brand detection in a video is disclosed herein. The method comprises receiving the video for performing the brand detection thereon; splitting the video for obtaining a plurality of video frames; performing an open set detection on each input video frame from the plurality of video frames, which comprises proposing one or more bounding boxes on the input video frames on regions of the video frame that potentially include brand media; cropping the one or more bounding boxes; providing the cropped bounding boxes to a classification module for obtaining embedding vectors corresponding to each of the cropped bounding boxes; and comparing the embedding vectors of the cropped bounding boxes with embedding vectors of one or more brand reference images provided by a user for computing instances of brand detection in each video frame of the plurality of video frames.