Patents by Inventor Shai Kaplan
Shai Kaplan has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10999320Abstract: A system for determining whether a velocity event is fake or real is provided. The system accesses a data store of velocity events, each of which specifies a pair of addresses that share the velocity event. For each address of the velocity events, the system sets a score for that address based on the number of addresses that share a velocity event with that address. When the score for that address satisfies an originating address criterion, the system designates that address as an originating address. The system may determine that a velocity event is real when both addresses of the velocity event are originating addresses.Type: GrantFiled: March 30, 2017Date of Patent: May 4, 2021Assignee: Microsoft Technology Licensing, LLCInventors: Ido Bar Av, Yonatan Most, Shai Kaplan
-
Patent number: 10867033Abstract: When processing events associated with a group comprising multiple different sub-groups, a hash function can be applied to the sub-group identifier to map the events associated with the sub-group to different computational elements used to process the group's events. The hash value can be a number between 1 and n or 0 and n?1 where n is the number of computational elements available to the group. Data concerning the last time a particular value for a property was encountered in an event stream can be retained. On each computational element assigned to the group, the detection of a particular property value in an event of a sub-group can be collected, periodically aggregated and sent to each of the computational elements used by the group, thereby enabling the first detection of a new property value within a group of events to be determined.Type: GrantFiled: March 22, 2018Date of Patent: December 15, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Shai Keren, Ido Barav, Avihai Berkovitz, Shai Kaplan
-
Patent number: 10764303Abstract: Embodiments detect unauthorized access to cloud-based resources. One technique analyzes cloud-based events to distinguish potentially malicious velocity incidents from benign velocity incidents. A velocity incident occurs when the same user causes events from two geographically remote locations in a short time. Benign velocity incidents are distinguished from malicious velocity incidents by comparing an event with past events that have the same features. Embodiments probabilistically determine if a velocity incident is malicious or benign based on a weighted multi-feature analysis. For each feature of an event, a probability is calculated based on past events that have the same feature. Then, each feature is associated with a weight based on a relative frequency of past events having that feature. A weighted average of probabilities is calculated, and the resulting probability is compared to a defined threshold to determine if the velocity incident is likely malicious or benign.Type: GrantFiled: April 25, 2018Date of Patent: September 1, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Yonatan Most, Shai Kaplan, Ido Bar Av
-
Patent number: 10536473Abstract: An anomaly detection system is provided and includes a processor, a memory, and a security application that is stored in the memory and includes instructions. The instructions are configured to collect information of behavior data for the users of an organization accessing cloud applications via a distributed network. The behavior data includes one or more parameters tracked over time for the users. The instructions are further configured to: establish baselines for each of the users and for each of the cloud applications or types of cloud applications of the organization; detect anomalies based on the baselines; provide aggregated anomaly data by aggregating anomalies corresponding to two or more of the baselines and a same behavior or corresponding to multiple users of a same cloud application during a same period of time; determine a risk value based on the aggregated anomaly data; and perform a countermeasure based on the risk value.Type: GrantFiled: February 15, 2017Date of Patent: January 14, 2020Assignee: Microsoft Technology Licensing, LLCInventors: Shai Kaplan, Yonatan Most
-
Patent number: 10496664Abstract: A device configured to operate in a distributed network system includes a key-value processing system to generate at least one of a first request and a second request. The first request is to retrieve a selected one of a plurality of sub-groups of data. The first request includes a plurality of keys each including a first value identifying the selected one of the plurality of sub-groups and a respective one of a plurality of second values. Each of the second values identifies a respective subset of data within the selected one of the plurality of sub-groups. The second request is to retrieve a selected one of the subsets of data within the selected one of the plurality of sub-groups and includes a key. The key includes the first value and a selected one of the second values, and the selected one of the second values corresponds to a hash value.Type: GrantFiled: March 31, 2017Date of Patent: December 3, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Shai Kaplan, Yaniv Joseph Oliver, Noam Liran, Ido Yehiel Preizler
-
Publication number: 20190334923Abstract: Embodiments detect unauthorized access to cloud-based resources. One technique analyzes cloud-based events to distinguish potentially malicious velocity incidents from benign velocity incidents. A velocity incident occurs when the same user causes events from two geographically remote locations in a short time. Benign velocity incidents are distinguished from malicious velocity incidents by comparing an event with past events that have the same features. Embodiments probabilistically determine if a velocity incident is malicious or benign based on a weighted multi-feature analysis. For each feature of an event, a probability is calculated based on past events that have the same feature. Then, each feature is associated with a weight based on a relative frequency of past events having that feature. A weighted average of probabilities is calculated, and the resulting probability is compared to a defined threshold to determine if the velocity incident is likely malicious or benign.Type: ApplicationFiled: April 25, 2018Publication date: October 31, 2019Inventors: Yonatan MOST, Shai KAPLAN, Ido BAR AV
-
Patent number: 10452610Abstract: A storage cluster includes a plurality of key-value storage nodes categorized into sub-groups of data associated with a first value identifying the sub-group and second values identifying respective subsets of data. A key-value processing system receives at least one of a first request to retrieve a selected one of the sub-groups of data, the first request including a plurality of keys, each of the plurality of keys including the first value and a respective one of the second values, and a second request to retrieve a selected one of the subsets of data. The second request includes a key having the first value and a selected one of the second values. The selected one of the second values corresponds to a hash value. The storage cluster selectively provides at least one of the selected one of the sub-groups of data and the selected one of the subsets of data.Type: GrantFiled: March 31, 2017Date of Patent: October 22, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Shai Kaplan, Yaniv Joseph Oliver, Noam Liran, Ido Yehiel Preizler
-
Publication number: 20190294781Abstract: When processing events associated with a group comprising multiple different sub-groups, a hash function can be applied to the sub-group identifier to map the events associated with the sub-group to different computational elements used to process the group's events. The hash value can be a number between 1 and n or 0 and n?1 where n is the number of computational elements available to the group. Data concerning the last time a particular value for a property was encountered in an event stream can be retained. On each computational element assigned to the group, the detection of a particular property value in an event of a sub-group can be collected, periodically aggregated and sent to each of the computational elements used by the group, thereby enabling the first detection of a new property value within a group of events to be determined.Type: ApplicationFiled: March 22, 2018Publication date: September 26, 2019Inventors: SHAI KEREN, IDO BARAV, AVIHAI BERKOVITZ, SHAI KAPLAN
-
Patent number: 10326787Abstract: An anomaly detection system is provided and includes a processor, a memory and a security application stored in the memory and including instructions. The instructions are for collecting behavior data corresponding to users of an organization accessing cloud applications. The behavior data includes parameters tracked over time for the users. The instructions are for: creating a first model based on the behavior data tracked for the users; creating a second model corresponding to a first user based on the parameters tracked for the users except the first user, where the second model excludes behavior data pertaining to the first user; scoring the second model based on the first model to generate a first score; determining whether the first user is an outlier based on the first score; and removing the behavior data corresponding to the first user from the first model if the first user is an outlier.Type: GrantFiled: February 15, 2017Date of Patent: June 18, 2019Assignee: Microsoft Technology Licensing, LLCInventors: Anton Wolkov, Shai Kaplan, Yonatan Most, Ido Bar Av
-
Publication number: 20180351978Abstract: According to examples, an apparatus may include a processor and a memory having instructions that are to cause processor to access an event log that lists an event item corresponding to an event that occurred at a network appliance, determine that the event item matches an item listed in a user log that lists records of user information and a plurality of items, in which the records correspond to user events in a network, identify the user information corresponding to the matching item, determine a confidence level that the identified user information corresponds to the event item, determine whether the confidence level exceeds a certain threshold value, in response to a determination that the confidence level exceeds the certain threshold, correlate the user information to the event item, and insert an entry into a database that the user information corresponds to the event item.Type: ApplicationFiled: June 5, 2017Publication date: December 6, 2018Applicant: Microsoft Technology Licensing, LLCInventors: Ido Y. PREIZLER, Avihai BERKOVITZ, Shai KAPLAN, Yaniv J. OLIVER
-
Publication number: 20180285427Abstract: A device configured to operate in a distributed network system includes a key-value processing system to generate at least one of a first request and a second request. The first request is to retrieve a selected one of a plurality of sub-groups of data. The first request includes a plurality of keys each including a first value identifying the selected one of the plurality of sub-groups and a respective one of a plurality of second values. Each of the second values identifies a respective subset of data within the selected one of the plurality of sub-groups. The second request is to retrieve a selected one of the subsets of data within the selected one of the plurality of sub-groups and includes a key. The key includes the first value and a selected one of the second values, and the selected one of the second values corresponds to a hash value.Type: ApplicationFiled: March 31, 2017Publication date: October 4, 2018Inventors: Shai KAPLAN, Yaniv Joseph OLIVER, Noam LIRAN, Ido Yehiel PREIZLER
-
Publication number: 20180285441Abstract: A storage cluster includes a plurality of key-value storage nodes categorized into sub-groups of data associated with a first value identifying the sub-group and second values identifying respective subsets of data. A key-value processing system receives at least one of a first request to retrieve a selected one of the sub-groups of data, the first request including a plurality of keys, each of the plurality of keys including the first value and a respective one of the second values, and a second request to retrieve a selected one of the subsets of data. The second request includes a key having the first value and a selected one of the second values. The selected one of the second values corresponds to a hash value. The storage cluster selectively provides at least one of the selected one of the sub-groups of data and the selected one of the subsets of data.Type: ApplicationFiled: March 31, 2017Publication date: October 4, 2018Inventors: Shai KAPLAN, Yaniv Joseph OLIVER, Noam LIRAN, ldo Yehiel PREIZLER
-
Publication number: 20180234444Abstract: An anomaly detection system is provided and includes a processor, a memory, and a security application that is stored in the memory and includes instructions. The instructions are configured to collect information of behavior data for the users of an organization accessing cloud applications via a distributed network. The behavior data includes one or more parameters tracked over time for the users. The instructions are further configured to: establish baselines for each of the users and for each of the cloud applications or types of cloud applications of the organization; detect anomalies based on the baselines; provide aggregated anomaly data by aggregating anomalies corresponding to two or more of the baselines and a same behavior or corresponding to multiple users of a same cloud application during a same period of time; determine a risk value based on the aggregated anomaly data; and perform a countermeasure based on the risk value.Type: ApplicationFiled: February 15, 2017Publication date: August 16, 2018Inventors: Shai Kaplan, Yonatan Most
-
Publication number: 20180234443Abstract: An anomaly detection system is provided and includes a processor, a memory and a security application stored in the memory and including instructions. The instructions are for collecting behavior data corresponding to users of an organization accessing cloud applications. The behavior data includes parameters tracked over time for the users. The instructions are for: creating a first model based on the behavior data tracked for the users; creating a second model corresponding to a first user based on the parameters tracked for the users except the first user, where the second model excludes behavior data pertaining to the first user; scoring the second model based on the first model to generate a first score; determining whether the first user is an outlier based on the first score; and removing the behavior data corresponding to the first user from the first model if the first user is an outlier.Type: ApplicationFiled: February 15, 2017Publication date: August 16, 2018Inventors: Anton Wolkov, Shai Kaplan, Yonatan Most, ldo Bar Av
-
Publication number: 20180139232Abstract: A system for determining whether a velocity event is fake or real is provided. The system accesses a data store of velocity events, each of which specifies a pair of addresses that share the velocity event. For each address of the velocity events, the system sets a score for that address based on the number of addresses that share a velocity event with that address. When the score for that address satisfies an originating address criterion, the system designates that address as an originating address. The system may determine that a velocity event is real when both addresses of the velocity event are originating addresses.Type: ApplicationFiled: March 30, 2017Publication date: May 17, 2018Inventors: Ido Bar Av, Yonatan Most, Shai Kaplan
-
Patent number: 9286439Abstract: A system and method for planning, manipulating, processing and editing DNA molecules utilizing a core operation on a given input DNA molecule to produce a targeted DNA molecule.Type: GrantFiled: December 17, 2008Date of Patent: March 15, 2016Assignee: YEDA RESEARCH AND DEVELOPMENT CO LTDInventors: Ehud Y. Shapiro, Shai Kaplan, Gregory Linshiz, Tuval Ben-Yehezkel, Uri Shabi
-
Publication number: 20150252362Abstract: A method for manufacturing synthetic genes and combinatorial DNA and protein libraries, termed here Divide and Conquer-DNA synthesis (D&C-DNA synthesis) method. The method can be used in a systematic and automated way to synthesize any long DNA molecule and, more generally, any combinatorial molecular library having the mathematical property of being a regular set of strings. The D&C-DNA synthesis method is an algorithm design paradigm that works by recursively breaking down a problem into two or more sub-problems of the same type. The division of long DNA sequences is done in silico. The assembly of the sequence is done in vitro. The D&C-DNA synthesis method protocol consists of a tree, in which each node represents an intermediate sequence. The internal nodes are created in elongation reactions from their daughter nodes, and the leaves are synthesized directly. After each elongation only one DNA strand passes to the next level in the tree until receiving the final product.Type: ApplicationFiled: January 28, 2015Publication date: September 10, 2015Inventors: Ehud Y. SHAPIRO, Gregory LINSHIZ, Ilan GRONAU, Rivka ADAR, Shai KAPLAN, Sivan TUVI
-
Patent number: 8962532Abstract: A method for manufacturing synthetic genes and combinatorial DNA and protein libraries, termed here Divide and Conquer-DNA synthesis (D&C-DNA synthesis) method. The method can be used in a systematic and automated way to synthesize any long DNA molecule and, more generally, any combinatorial molecular library having the mathematical property of being a regular set of strings. The D&C-DNA synthesis method is an algorithm design paradigm that works by recursively breaking down a problem into two or more sub-problems of the same type. The division of long DNA sequences is done in silico. The assembly of the sequence is done in vitro. The D&C-DNA synthesis method protocol consists of a tree, in which each node represents an intermediate sequence. The internal nodes are created in elongation reactions from their daughter nodes, and the leaves are synthesized directly. After each elongation only one DNA strand passes to the next level in the tree until receiving the final product.Type: GrantFiled: June 19, 2007Date of Patent: February 24, 2015Assignee: Yeda Research and Development Co. Ltd.Inventors: Ehud Y. Shapiro, Gregory Linshiz, Tuval Ben-Yehezkel, Shai Kaplan, Rivka Adar, Ilan Gronau, Sivan Tuvi
-
Publication number: 20120171680Abstract: A method, apparatus and system for performing single molecule PCR for amplification from single stranded polynucleotides.Type: ApplicationFiled: June 12, 2009Publication date: July 5, 2012Inventors: Ehud Y. Shapiro, Tuval Ben-Yehezkel, Gregory Linshiz, Shai Kaplan, Uri Shabi
-
Patent number: 7917306Abstract: A method of generating a cell lineage tree of a plurality of cells of an individual is provided. The method comprising: (a) determining at least one genotypic marker for each cell of the plurality of cells; and (b) computationally clustering data representing the at least one genotypic marker to thereby generate the cell lineage tree of the plurality of cells of the individual.Type: GrantFiled: March 27, 2006Date of Patent: March 29, 2011Assignee: Yeda Research and Developement Co. Ltd.Inventors: Dan Frumkin, Adam Wasserstrom, Shai Kaplan, Uriel Feige, Ehud Y. Shapiro