Abstract: In a multi-tenant hierarchical data storage system, tenant nodes are organized into trees and subtrees including virtual shards and with tenant data on single shards. The system is configured to allow scalable parallel access by a plurality of tenant-users.

Abstract: Disclosed herein are systems and method for customizing a user workspace environment using artificial intelligence-based analysis. In one exemplary aspect, a method comprises detecting user actions in a user workspace environment that provides access to a plurality of workspace elements. The method comprises generating a plurality of rules for customizing the user workspace environment, wherein each rule links a set of input parameters of a machine learning algorithm as criteria with an output user action and an output identifier of the workspace element, and wherein each rule assigns at least one customization action that (1) reduces an amount of steps to perform in the user workspace environment to access the workspace element associated with the output identifier and (2) reduces a processing time to perform the output user action. When a criterion is fulfilled, the method comprises executing a corresponding customization action that alters the user workspace environment.

Abstract: Disclosed herein are systems and method for customizing a user workspace environment using user action sequence analysis. In one exemplary aspect, a method may comprise detecting user actions in a user workspace environment that provides access to a plurality of workspace elements further comprising a plurality of files and a plurality of applications and identifying a plurality of user action sequences based on each timestamp of a respective user action. The method may comprise generating action sequence groups, each comprising a unique subset of the user action sequences and sequence trigger. In response to detecting a particular sequence trigger, the method may comprise executing a corresponding customization action that alters the user workspace environment such that an amount of steps and/or processing time to perform in the user workspace environment to access workspace elements associated with the associated action sequence group is reduced.

Abstract: Methods and systems are provided for modifying configuration of a storage system using artificial intelligence. An exemplary method comprises collecting, over a period of time, health and parameter information of the storage system. The method comprises predicting, using a machine learning algorithm, upcoming events that may degrade performance of the storage system based on the health and parameter information. The method comprises determining that the storage system will not operate in accordance with a set of goals based on the upcoming events. In response to determining that the storage system will not operate in accordance with the set of goals, the method comprises generating parameter changes, and applying the parameter changes to the storage system.

Abstract: Disclosed herein are systems and method for detecting small objects in an image using a neural network (NN). An exemplary method may include: receiving a first NN that is trained on a dataset including a plurality of images depicting various objects; identifying a first structure of the first NN, the first structure indicative of each layer and layer size in the first NN; determining, based on the first structure, whether the first NN can classify an object less than a threshold size in an input image; in response to determining that the first NN cannot classify the object, identifying a subset of detection layers in the first NN; generating and training a second NN that has a second structure in which the subset of detection layers are replaced by at least one layer not in the subset; and receiving, from the second NN, a classification of the object.

Abstract: Disclosed herein are systems and method for classifying objects in an image using a neural network. In one exemplary aspect, the techniques described herein relate to a method including: training, with a dataset including a plurality of images, a neural network to identify objects of a set of classes, wherein the neural network includes: a shared convolutional backbone with feature extraction layers, and a plurality of heads with fully connected layers, wherein there is a respective distinct head for each of the set of classes; receiving an input image depicting at least one object from the set of classes; inputting the input image into the neural network, wherein the neural network is configured to classify the at least one object into at least one class of the set of classes; and outputting the at least one class.

Abstract: Disclosed herein are systems and method for determining environment dimensions based on landmark detection, the method including: training, with a dataset including a plurality of images featuring an environment and labelled landmarks in the environment, a neural network to identify the labelled landmarks in an arbitrary image of the environment; receiving an input image depicting the environment; generating an input tensor based on the received input image; inputting the input tensor into the neural network, wherein the neural network is configured to generate an output tensor including a position of each identified landmark and a visibility score associated with each position; calculating a homography matrix between each position in the output tensor along a camera plane and a corresponding position in an environment plane, based on a pre-built model of the environment; and outputting an image that visually connects each landmark along the environment plane based on the homography matrix.

Abstract: Aspects of the present disclosure describe methods and systems for optimized re-striping in an erasure encoded storage. In one exemplary aspect, a method may receive a request to re-stripe a plurality of data blocks arranged as a tile in the erasure encoded storage, wherein the request comprises a desired tile width. The method may identify (1) a number of data blocks in the tile and (2) a width of the tile. The method may determine a maximum number of data blocks that do not need to be rearranged when reconfiguring the tile to the desired tile width. Furthermore, the method may determine a tile reconfiguration with the desired tile width that does not rearrange the maximum number of the data blocks of the tile, and may re-stripe the tile in accordance with the tile reconfiguration.

Abstract: Disclosed herein are systems and method for protecting an endpoint device from malware. In one aspect, an exemplary method comprises performing, by a light analysis tool of the endpoint, a light static analysis of a sample, terminating the process and notifying the user when the process is malware, performing light dynamic analysis when the process is not malware based on the light static analysis, when the process is clean based on the light dynamic analysis, enabling the process to execute, when the process is malware, terminating the process and notifying the user, and when the process is suspicious pattern, suspending the process, setting a level of trust, sending the sample to a sandbox, terminating the process and notifying the user when the process is a malware based on received final verdict, enabling the process to resume executing when the process is determined as being clean based on the final verdict.

Abstract: Methods and systems for safeguarding against malware such as ransomware are described. In part, the disclosure relates to systems and methods for restoring user data and other data encrypted by malware or otherwise rendered inaccessible thereby. In one embodiment, the disclosure relates to a method of safeguarding user data. The method includes monitoring a plurality of processes executing on a computing device; detecting when a first process of the plurality of processes attempts to modify one or more parameters of a user data file; determining if first process is a trusted process or an untrusted process using one or more heuristics; and if the first process is determined to be an untrusted process, create a backup version of the user data file, wherein the backup version of the user data file is created with regard to an unchanged version the user data file.

Abstract: Disclosed herein are systems and method for determining a backup schedule on a computer system. In one exemplary aspect, a method may comprise collecting user behavior data on the computer system. The method may comprise analyzing the user behavior data to determine an optimal time of a backup session to create backup copies of modified data stored on a volume of the computer system and determining an optimal duration of the backup session based on the analyzed user behavior. The method may comprise determining a portion of the modified data that can be saved during the backup session within the optimal duration at the optimal time of backup, and performing the backup session comprising the portion.

Abstract: Disclosed are systems and methods for detecting malicious applications. The described techniques detect a first process has been launched on a computing device, and monitor at least one thread associated with the first process using one or more control points of the first process. An execution stack associated with the one or more control points of the first process is received from the first process. In response to detecting activity on the one or more control points of the first process, an indication that the execution of the first process is malicious is generated by applying a machine learning classifier to the received execution stack associated with the one or more control points of the first process.

Abstract: Disclosed herein are systems and method for detecting unauthorized access to computing resources for cryptomining. In one exemplary aspect, a method may detect that at least one process has been launched on a computer system. In response to the detecting, the method may collect data related to the launch of the at least one process. The method may compare the collected data with behavioral rules specifying compliant behavior on the computer system. The method may identify suspicious behavior associated with the at least one process in response to determining that the collected data does not meet the behavioral rules. The method may generate an alert indicative of the suspicious behavior. In response to identifying the suspicious behavior, the method may obtain telemetry data of the computer system, and may update the behavioral rules based on the telemetry data to improve accuracy of identifying further suspicious behavior.

Abstract: Disclosed herein are system and method for driving organization and subsequent analysis of an autonomous vehicle. In an exemplary aspect, the system and method comprise dividing a path of a vehicle into a plurality of segments based on predetermined conditions; monitoring both behavior of the vehicle and driving conditions during each of the plurality of segments; storing the behavior and the driving conditions in a plurality of records of an immutable storage; determining whether an accident has occurred involving the vehicle; in response to determining that the accident has occurred, retrieving for the plurality of segments the behavior and the driving conditions from the immutable storage; reconstructing the path using the retrieved behavior and the driving conditions and the plurality of segments; and analyzing the reconstructed path to determine a cause of the accident.

Abstract: Disclosed herein are systems and method for inspecting archived slices for malware. In one exemplary aspect, the method comprises identifying a first slice in a plurality of slices in a backup archive, wherein the first slice is an image of user data at a first time. The method comprises scanning the first slice of the plurality of slices in the backup archive and detecting at least one infected file in the first slice. The method comprises identifying a block of the first slice that corresponds to the at least one infected file. The method comprises mounting, to a disk, a second slice of the plurality of slices. The method comprises tracking the block and determining that the at least one infected file exists on the second slice and removing the infected file from the second slice by generating a respective cured slice of the second slice.

Abstract: Systems and methods for remediating vulnerabilities on a plurality of computing devices is disclosed herein. In one exemplary aspect, a method comprises classifying monitored data into a plurality of categories using a machine learning algorithm. For each respective data file of the monitored data, the method comprises retrieving one or more policies associated with a classified category of the respective data file and determining whether respective data file complies with the one or more policies. The method further comprises generating a compliance map based on compliance with policies for each respective data file of the monitored data, wherein the compliance map indicates vulnerabilities in the plurality of computing devices, determining whether the vulnerabilities are actionable, and in response to determining the vulnerabilities are actionable, requesting actions to be performed on the plurality of devices to remediate the vulnerabilities and non-compliance.

Abstract: Disclosed herein are systems and method for multiplexing data of an underlying index. In an exemplary aspect, an index handler may: search for a data file in a plurality of data buckets associated with an index, wherein at least one respective data bucket of a plurality of data buckets is attached to a respective slot of a plurality of slots; identify, based on the searching, a first data bucket of the plurality of data buckets that comprises the data file; in response to determining that the first data bucket is not attached to any of the plurality of slots, attach the first data bucket to a first slot of the plurality of slots; and enable access to the data file via the first data bucket attached to the first slot.

Abstract: Disclosed herein are systems and method for detecting usage anomalies based on environmental sensor data. A method may include: receiving a physical user input at a computing device located in an environment; determining whether the physical user input was received from an authorized user of the computing device by: retrieving environmental sensor data from at least one sensor located in the environment; identifying a window of time during which the physical user input was received; and verifying a presence of the authorized user at the environment during the window of time based on the environmental sensor data; and in response to determining that the authorized user was not present in the environment during the window of time, detecting a usage anomaly and not executing the physical user input.

Abstract: Disclosed herein are systems and method for optimizing artificial intelligence (A.I)-based malware analysis on offline endpoints in a network. In one aspect, a method includes identifying a file that has not been executed on an endpoint system and scanning the endpoint system to detect malicious behavior using a machine learning algorithm. In response to determining that the endpoint system does not exhibit malicious behavior based on the machine learning algorithm, the method includes enabling execution of the file. Subsequent to the execution of the file, the method includes rescanning the endpoint system to detect malicious behavior using the machine learning algorithm. In response to determining that the endpoint system does exhibit malicious behavior subsequent to the execution, the method includes extracting attributes of the file and retraining the machine learning algorithm using the extracted attributes to detect malicious behavior associated with the file without having to execute the file.

Abstract: Disclosed herein are systems and method for adjusting data protection levels based on system metadata. A method may include monitoring a computing device for a cyberattack, wherein a kernel driver of the computing device is configured to allow access to kernel control paths and hash tables in accordance with a first protection level, and detecting that the cyberattack is in progress. While the cyberattack is in progress, the method may include identifying kernel control paths and hashes of software objects that will be affected by the cyberattack, and configuring the kernel driver to disable access to the identified kernel control paths and hashes of the software objects in accordance with a second protection level, wherein the second protection level includes greater access restrictions to the computing device than the first protection level.