Abstract: The present disclosure includes methods and systems for processing a file input/output (I/O). A method may include beginning, by a processor, copy-on-write snapshotting for a file stored in electronic storage; establishing, by the processor, a scope of authorization within a first layer using a first authorization callback function; determining, by the processor, if a read file that is being tracked is being opened for modification; and if the read file that is being tracked is not being opened for modification, ending the copy-on-write snapshotting, or if the read file that is being tracked is being opened for modification, marking the file as a subject of the copy-on-write snapshotting and then ending the copy-on-write snapshotting.

Abstract: Disclosed herein are systems and method for optimizing artificial intelligence (A.I)-based malware analysis on offline endpoints in a network. In one aspect, a method includes identifying a file that has not been executed on an endpoint system and scanning the endpoint system to detect malicious behavior using a machine learning algorithm. In response to determining that the endpoint system does not exhibit malicious behavior based on the machine learning algorithm, the method includes enabling execution of the file. Subsequent to the execution of the file, the method includes rescanning the endpoint system to detect malicious behavior using the machine learning algorithm. In response to determining that the endpoint system does exhibit malicious behavior subsequent to the execution, the method includes extracting attributes of the file and retraining the machine learning algorithm using the extracted attributes to detect malicious behavior associated with the file without having to execute the file.

Abstract: In a multi-tenant hierarchical data storage system, tenant nodes are organized into trees and subtrees including virtual shards and with tenant data on single shards. The system is configured to allow scalable parallel access by a plurality of tenant-users.

Abstract: A system and method are disclosed for identifying malicious activity on a target device based on behavior analysis of the target device. The system includes a behavioral analyzer run on a virtual machine connected to the target device. The virtual machine collects system events and parameters from the target device and run a script, independent of the target device, to detect a threat. The script is a set of instructions executed to analyze behavior of an object by processing and correlating the events. The script includes a rule structure which stores signatures and expressions of the known malwares. By correlating the selected event parameters with known malware parameters, it is determined whether the event imposes a threat or not. A finite state machine is used for the state transition table.

Abstract: Systems and methods for trusted storage of encrypted data onto a cloud storage server are disclosed. The system includes a client device and the cloud storage server. The client device includes a processing unit, a client agent, and a trusted data loading device. The client agent has no access to the network and is implemented within the client device. The client agent receives data and requests to upload the data from the processing unit. The client agent encrypts the data and wraps the data into an encrypted data container.

Abstract: Disclosed herein are systems and method efficiently executing a program operation on a cloud-based service. In an exemplary aspect, a method comprises receiving a request to perform a program operation on a cloud-based service and at least one user constraint for performing the program operation, and determining a plurality of sub-operations that are comprised in the program operation. The method comprises identifying a plurality of service component combinations offered by the service provider that can execute the program operation, and identifying at least one processing constraint of each service component. The method comprises determining a service component combination from the plurality of service component combinations for executing the program operation based on the at least one user constraint and processing constraints. The method comprises executing the program operation by the determined service component combination.

Abstract: Disclosed herein are systems and method for determining environment dimensions based on landmark detection, the method including: training, with a dataset including a plurality of images featuring an environment and labelled landmarks in the environment, a neural network to identify the labelled landmarks in an arbitrary image of the environment; receiving an input image depicting the environment; generating an input tensor based on the received input image; inputting the input tensor into the neural network, wherein the neural network is configured to generate an output tensor including a position of each identified landmark and a visibility score associated with each position; calculating a homography matrix between each position in the output tensor along a camera plane and a corresponding position in an environment plane, based on a pre-built model of the environment; and outputting an image that visually connects each landmark along the environment plane based on the homography matrix.

Abstract: Disclosed herein are systems and method efficiently executing a program operation on a cloud-based service. In an exemplary aspect, a method comprises receiving a request to perform a program operation on a cloud-based service and at least one user constraint for performing the program operation, and determining a plurality of sub-operations that are comprised in the program operation. The method comprises identifying a plurality of service component combinations offered by the service provider that can execute the program operation, and identifying at least one processing constraint of each service component. The method comprises determining a service component combination from the plurality of service component combinations for executing the program operation based on the at least one user constraint and processing constraints. The method comprises executing the program operation by the determined service component combination.

Abstract: Disclosed herein are systems and method for customizing a user workspace environment using artificial intelligence-based analysis. In one exemplary aspect, a method comprises detecting user actions in a user workspace environment that provides access to a plurality of workspace elements. The method comprises generating a plurality of rules for customizing the user workspace environment, wherein each rule links a set of input parameters of a machine learning algorithm as criteria with an output user action and an output identifier of the workspace element, and wherein each rule assigns at least one customization action that (1) reduces an amount of steps to perform in the user workspace environment to access the workspace element associated with the output identifier and (2) reduces a processing time to perform the output user action. When a criterion is fulfilled, the method comprises executing a corresponding customization action that alters the user workspace environment.

Abstract: Disclosed herein are systems and method for synthetic file scanning. In one exemplary aspect, a method may comprise, for each respective file in a plurality of files on a storage device, determining a respective likelihood of the respective file being targeted by the malicious activity, and including, in a subset of files, each respective file in the plurality of files with a respective likelihood that is greater than a threshold likelihood. The method may comprise for each respective file in the subset of files, identifying at least one fragment of the respective file that is susceptible to the malicious activity. The method may comprise extracting and storing at least one fragment from each respective file in a synthetic file, and scanning the synthetic file periodically instead of the plurality of files.

Abstract: Systems and methods for file sharing over secure connections.

Abstract: Disclosed are systems and methods for data archiving using machine learning techniques. The system collects statistical information and event data and processes them using machine learning techniques to classify data and/or predict data access demands. The system receives statistical information related to user access of a plurality of files, which can effectively “train” the system to archive data that is not needed at a certain moment and extract it at other moments. The system identifies, using a machine learning module, a pattern of access in the plurality of files based on the received statistical information. The system modifies, using the identified pattern of access, a threshold value related to file access, and assigns a set of files from the plurality of files an access classification based on the modified threshold value. The system migrates the set of files between hot and cold data areas based on the assigned access classification.

Abstract: Disclosed herein are systems and methods for securing cloud meetings using containers. In one aspect, an exemplary system comprises, a device comprising a processor, an OS operable in a user mode and a kernel mode, and a kernel driver for performing operations while in kernel mode, the kernel driver having a kernel driver interceptor configured to: register for a process notification callback for user applications used for web-based meetings, monitor to determine when a process notification callback is received, receive a process notification callback and a command line in the callback, and analyze and transmit the command line to a service that secures the meeting, wherein the securing is performed by: configuring a container for executing the user application in an isolated virtual environment, transferring, to the container, all resources needed to run the user application, and executing the user application in the container.

Abstract: A method for creating a collection with optimized family-specific signatures for protecting from malware includes collecting statistics of potential signatures for chosen sample attribute vectors, the statistics of potential signatures being collected for clean files and malware files, estimating a probability to find a potential signature in the clean files, grouping malware files with the same signature in clusters (families), choosing the most optimal signature for the malware family files based on a predefined target function, and exporting a collection with optimized family-specific signatures configured to be implemented by scan engines.

Abstract: The present disclosure relates to a system and method for creating a backup and restoring the exact clean system state prior to malware detection. The system includes a security system, in communication with one or more applications of a computing system, and a backup unit. The security system detects malware during execution of the applications or events based on a memory dump analysis. The backup unit creates a backup copy of the system state corresponding to each event, labels each copy and creates an index. When the security system detects presence of the malware at a particular event, the backup system parses the index, and with use of the labels, retrieves the exact backup copy that belongs to the event preceding the other event that caused the malware attack.

Abstract: Disclosed herein are systems and methods for updating select files in an image backup. In an exemplary aspect, a method comprises performing an image backup of a storage device comprising a plurality of files. The method comprises selecting a file of the plurality of files based on file selection rules and subsequent to the image backup, detecting that the file has exited a full consistency state. The method comprises monitoring the file to detect a return to the full consistency state. In response to detecting that the file has returned to the full consistency state, the method comprises identifying a physical address of at least one sector comprising the file on the storage device, and updating a version of the file previously captured in the image backup with a version of the file after returning to the full consistency state.

Abstract: A rootkit detection system and method analyzes memory dumps to determine connections between intercepted system driver operations requested by unknown files and changes in system memory before and after those operations. Memory dump differences and I/O buffers are analyzed with machine learning models to identify clustered features associated with rootkits.

Abstract: Disclosed herein are systems and method for forming and executing a backup strategy. In one aspect, an exemplary method comprises forming a respective backup strategy for each respective file of a plurality of files stored in a data source based on a frequency of occurrence, a desired recovery time, and a criticality of data loss for the respective file. The method further comprises executing the respective backup strategy for the respective file.

Abstract: In a multi-tenant hierarchical data storage system, tenant nodes are organized into trees and subtrees including virtual shards and with tenant data on single shards. The system is configured to allow scalable parallel access by a plurality of tenant-users.

Abstract: A multi-layer path-planning system and method calculates trajectories for autonomous vehicles using a global planner, a fast local planner, and an optimizing local planner. The calculated trajectories are used to guide the autonomous vehicle along a bounded path between a starting point and a destination.