Patents by Inventor Shay Kels

Shay Kels has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12301615
    Abstract: Some embodiments help protect an organization against ransomware attacks by combining incrimination logics. An organizational-level incrimination logic helps detect alert spikes across many machines, which collectively indicate an attack. Graph-based incrimination logics help detect infestations of even a few machines, and local incrimination logics focus on protecting respective individual machines. Graph-based incrimination logics may compare monitored system graphs to known ransomware attack graphs. Graphs may have devices as nodes and device network connectivity, repeated files, repeated processes or actions, or other connections as edges. Statistical analyses and machine learning models may be employed as incrimination logics. Search logics may find additional incrimination candidates that would otherwise evade detection, based on files, processes, IP addresses, devices, accounts, or other computational entities previously incriminated.
    Type: Grant
    Filed: April 24, 2022
    Date of Patent: May 13, 2025
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Arie Agranonik, Shay Kels, Amir Rubin, Charles Edouard Elie Bettan, Yair Tsarfaty, Itai Kollmann Dekel
  • Patent number: 12141280
    Abstract: Embodiments of the present disclosure provide systems, methods, and non-transitory computer storage media for identifying malicious behavior using a trained deep learning model. At a high level, embodiments of the present disclosure utilize a trained deep learning model that takes a sequence of ordered signals as input to generate a score that indicates whether the sequence is malicious or benign. Initially, process data is collected from a client. After the data is collected, a virtual process tree is generated based on parent and child relationships associated with the process data. Subsequently, embodiments of the present disclosure aggregate signal data with the process data such that each signal is associated with a corresponding process in a chronologically ordered sequence of events. The ordered sequence of events is vectorized and fed into the trained deep learning model to generate a score indicating the level of maliciousness of the sequence of events.
    Type: Grant
    Filed: June 30, 2020
    Date of Patent: November 12, 2024
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Arie Agranonik, Shay Kels, Ofer Raz
  • Patent number: 11985156
    Abstract: Embodiments of the present disclosure provide systems, methods, and non-transitory computer storage media for detecting abnormal behavior of device in an enterprise network based on an analysis of behavioral information of the device's neighbors in network. At a high level, embodiments of the present disclosure employ a hive-mind approach to determine anomalous behavior of a device in a network based on analyzing behavior information reported by neighboring devices within the network. Embodiments identify that a device is alive and connected within the network based on multiple neighboring devices reporting behavioral information about the device; however, the device may be dysfunctional and failing to report its own information. By aggregating and analyzing behavioral information of a device based on the reporting information of its neighboring devices, embodiments of the present disclosure are able to determine whether a device is healthy even when the device is unable to report its own information.
    Type: Grant
    Filed: January 26, 2023
    Date of Patent: May 14, 2024
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Shay Kels, Jonathan Bar Or, Corina Feuerstein, Amir Kutcher
  • Patent number: 11582255
    Abstract: Embodiments of the present disclosure provide systems, methods, and non-transitory computer storage media for detecting abnormal behavior of device in an enterprise network based on an analysis of behavioral information of the device's neighbors in network. At a high level, embodiments of the present disclosure employ a hive-mind approach to determine anomalous behavior of a device in a network based on analyzing behavior information reported by neighboring devices within the network. Embodiments identify that a device is alive and connected within the network based on multiple neighboring devices reporting behavioral information about the device; however, the device may be dysfunctional and failing to report its own information. By aggregating and analyzing behavioral information of a device based on the reporting information of its neighboring devices, embodiments of the present disclosure are able to determine whether a device is healthy even when the device is unable to report its own information.
    Type: Grant
    Filed: December 18, 2020
    Date of Patent: February 14, 2023
    Assignee: MICROSOFT TECHNOLOGY LICENSING, LLC
    Inventors: Shay Kels, Jonathan Bar Or, Corina Feuerstein, Amir Kutcher
  • Patent number: 9398034
    Abstract: Disclosed herein is a system and method for automatically identifying potential malware files or benign files in files that are not known to be malware. Vector distances for select features of the files are compared to vectors both known malware files and benign files. Based on the distance measures a malware score is obtained for the unknown file. If the malware score exceeds a threshold a researcher may be notified of the potential malware, or the file may be automatically classified as malware if the score is significantly high.
    Type: Grant
    Filed: December 19, 2013
    Date of Patent: July 19, 2016
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Royi Ronen, Shay Kels, Elad Ziklik, Efim Hudis, Corina Feuerstein, Tomer Brand
  • Publication number: 20150180890
    Abstract: Disclosed herein is a system and method for automatically identifying potential malware files or benign files in files that are not known to be malware. Vector distances for select features of the files are compared to vectors both known malware files and benign files. Based on the distance measures a malware score is obtained for the unknown file. If the malware score exceeds a threshold a researcher may be notified of the potential malware, or the file may be automatically classified as malware if the score is significantly high.
    Type: Application
    Filed: December 19, 2013
    Publication date: June 25, 2015
    Applicant: Microsoft Corporation
    Inventors: Royi Ronen, Shay Kels, Elad Ziklik, Efim Hudis, Corina Feuerstein, Tomar Brand