Abstract: Aspects of the disclosure relate to the field of detecting a behavioral anomaly in an application. In one exemplary aspect, a method may comprise retrieving and identifying at least one key metric from historical usage information for an application on a computing device. The method may comprise generating a regression model configured to predict usage behavior associated with the application and generating a statistical model configured to identify outliers in the data associated with the at least one key metric. The method may comprise receiving usage information in real-time for the application. The method may comprise predicting, using the regression model, a usage pattern for the application indicating expected values of the at least one key metric. In response to determining that the usage information does not correspond to the predicted usage pattern and does not comprise a known outlier, the method may comprise detecting the behavioral anomaly.

Abstract: The present disclosure includes methods and systems for protecting network resources. An exemplary method comprises starting, by a processor, copy-on-write snapshotting for modifications to a plurality of files in storage, the modification initiated by a suspicious application, detecting, by the processor, a modification of a file of the plurality of files, determining, by the processor, whether the file is stored on a shared network resource or a local resource, in response to determining that the file is stored on a shared network resource, determining, by the processor, that a current region being modified is not already saved in a snapshot, and if the current region is not saved, saving the current region to a snapshot, marking, by the processor, the current region as being saved and analyzing all saved regions that were modified for malicious activity to determine that the suspicious application modifying the saved regions is malicious.

Abstract: Disclosed herein are systems and methods for preserving data using a replication and blockchain notarization. In one aspect, an exemplary method comprises, by a hardware processor, receiving, from a user, a request for a legal hold of data and criteria for controlling access to the data, creating a legal hold object and establishing an access control criteria, creating, in the cloud storage, a cloud storage space that corresponds to the created legal hold object, and defining the access control for reading from the created cloud storage space, searching, in a backup data storage of a client data system, to identify all relevant data corresponding to the created legal hold object, and storing the identified relevant data and the search queries used for the identification of the relevant data, replicating the identified relevant data in the created cloud storage space, and notarizing the replicated relevant data using a blockchain notarization service.

Abstract: Systems and methods are disclosed for generating a user behavioral avatar. A method may include receiving a request to generate an avatar that performs actions on behalf of a user on a social media platform; identifying a plurality of historical user actions manually taken by the user on the social media platform; generating, based on the plurality of historical user actions, an action profile that represents user tendencies for executing available actions on the social media platform; identifying a plurality of data items in a retrieved backup of at least one computing device associated with the user; classifying the plurality of data items into a plurality of topics; training and executing the avatar to detect, in the social media platform, a social media item that shares at least one topic of the plurality of topics from the backup and perform a user action in accordance with the action profile.

Abstract: Disclosed are systems and methods for detecting multiple malicious processes. The described techniques identify a first process and a second process launched on a computing device. The techniques receive from the first process a first execution stack indicating at least one first control point used to monitor at least one thread associated with the first process, and receive from the second process a second execution stack indicating at least one second control point used to monitor at least one thread associated with the second process. The techniques determine that both the first process and the second process are malicious using a machine learning classifier on the at least one first control point and the at least one second control point. In response, the techniques generate an indication that an execution of the first process and the second process is malicious.

Abstract: Systems and methods for data recovery, backup and catalog generation are described. In part, the disclosure relates to a computer-implemented method for generating a data catalog includes creating a current backup archive; obtaining access to a Master File Table (MFT), or other index table such as an Inode Table, of the current backup archive and a MFT, or other index table such as an Inode Table, of a previous backup archive; comparing each entry in the MFT, or Inode Table, of the current backup to each entry of the MFT, or Inode Table, of the previous backup to identify one or more differences in the current backup archive; and saving one or more of the differences into the data catalog of the current backup archive.

Abstract: Disclosed herein are systems and methods for enabling self-notarization in a data backup. In one aspects, a method may comprise generating the data backup at a computing device. The method may comprise calculating a checksum of the data backup. The method may comprise adding a self-notarization script to the data backup. The self-notarization script may be configured to automatically trigger without intervention by an external notarization system, in response to a pre-determined backup storage event, and in response to triggering, notarize and send the checksum to a distributed registry. The method may comprise sending the data backup comprising the self-notarization script to a backup storage device.

Abstract: Disclosed are systems and methods for detecting malicious applications. An exemplary method may comprise detecting that a first process has been launched on a computing device. The method may comprise receiving, from the first process, an execution stack associated with one or more control points of the first process. The method may comprise applying a machine learning classifier on the execution stack, wherein the machine learning classifier is configured to classify whether a process is malicious based on activity on control points captured on a given execution stack, and wherein a feature of a malicious process is detection of a system call to create a remote thread that runs in a virtual address space of a shared-service process configured to import third-party processes to be embedded in the shared-service process as separate threads. The method may comprise generating an indication that the execution of the first process is malicious/non-malicious.

Abstract: Disclosed herein are systems and method for anti-virus scanning of backup data at a centralized storage. In an exemplary aspect, a method may receive, at the centralized storage, a backup slice from each respective computing device in a plurality of computing devices, wherein the centralized storage comprises, for each respective computing device, a respective backup archive including a plurality of backup slices. The method may mount the received backup slice as a virtual disk. The method may detect, for the respective computing device, a change between the mounted virtual disk and any number of previous backup slices and may evaluate the change against behavioral rules to identify malicious behavior. In response to determining that the change exhibits malicious behavior, the method may execute a remediation action to prevent an attack on the plurality of computing devices or the centralized storage.

Abstract: A distributed agent for backup and restoration of virtual machines collects backup data and meta-data. The distributed agent includes an agent inside a virtual machine and an agent outside the virtual machine. The two kinds of agents communicate with each other to collect data of different types used to backup and restore virtual machines.

Abstract: A distributed agent for backup and restoration of virtual machines collects backup data and meta-data. The distributed agent includes an agent inside a virtual machine and an agent outside the virtual machine. The two kinds of agents communicate with each other to collect data of different types used to backup and restore virtual machines.

Abstract: An anomaly detection system uses an AI engine to analyze configurations and backups to identify and assess anomalies. Backup data and configurations are used to characterize events as either secure or insecure.

Abstract: In a multi-tenant hierarchical data storage system, tenant nodes are organized into trees and subtrees including virtual shards and with tenant data on single shards. The system is configured to allow scalable parallel access by a plurality of tenant-users.

Abstract: Disclosed herein are systems and method for customizing a user workspace environment using user action sequence analysis. In one exemplary aspect, a method may comprise detecting user actions in a user workspace environment that provides access to a plurality of workspace elements further comprising a plurality of files and a plurality of applications and identifying a plurality of user action sequences based on each timestamp of a respective user action. The method may comprise generating action sequence groups, each comprising a unique subset of the user action sequences and sequence trigger. In response to detecting a particular sequence trigger, the method may comprise executing a corresponding customization action that alters the user workspace environment such that an amount of steps and/or processing time to perform in the user workspace environment to access workspace elements associated with the associated action sequence group is reduced.

Abstract: Disclosed herein are systems and method for customizing a user workspace environment using artificial intelligence-based analysis. In one exemplary aspect, a method comprises detecting user actions in a user workspace environment that provides access to a plurality of workspace elements. The method comprises generating a plurality of rules for customizing the user workspace environment, wherein each rule links a set of input parameters of a machine learning algorithm as criteria with an output user action and an output identifier of the workspace element, and wherein each rule assigns at least one customization action that (1) reduces an amount of steps to perform in the user workspace environment to access the workspace element associated with the output identifier and (2) reduces a processing time to perform the output user action. When a criterion is fulfilled, the method comprises executing a corresponding customization action that alters the user workspace environment.

Abstract: Disclosed herein are systems and method for detecting small objects in an image using a neural network (NN). An exemplary method may include: receiving a first NN that is trained on a dataset including a plurality of images depicting various objects; identifying a first structure of the first NN, the first structure indicative of each layer and layer size in the first NN; determining, based on the first structure, whether the first NN can classify an object less than a threshold size in an input image; in response to determining that the first NN cannot classify the object, identifying a subset of detection layers in the first NN; generating and training a second NN that has a second structure in which the subset of detection layers are replaced by at least one layer not in the subset; and receiving, from the second NN, a classification of the object.

Abstract: Disclosed herein are systems and method for classifying objects in an image using a neural network. In one exemplary aspect, the techniques described herein relate to a method including: training, with a dataset including a plurality of images, a neural network to identify objects of a set of classes, wherein the neural network includes: a shared convolutional backbone with feature extraction layers, and a plurality of heads with fully connected layers, wherein there is a respective distinct head for each of the set of classes; receiving an input image depicting at least one object from the set of classes; inputting the input image into the neural network, wherein the neural network is configured to classify the at least one object into at least one class of the set of classes; and outputting the at least one class.

Abstract: Disclosed herein are systems and method for determining environment dimensions based on landmark detection, the method including: training, with a dataset including a plurality of images featuring an environment and labelled landmarks in the environment, a neural network to identify the labelled landmarks in an arbitrary image of the environment; receiving an input image depicting the environment; generating an input tensor based on the received input image; inputting the input tensor into the neural network, wherein the neural network is configured to generate an output tensor including a position of each identified landmark and a visibility score associated with each position; calculating a homography matrix between each position in the output tensor along a camera plane and a corresponding position in an environment plane, based on a pre-built model of the environment; and outputting an image that visually connects each landmark along the environment plane based on the homography matrix.

Abstract: Aspects of the present disclosure describe methods and systems for optimized re-striping in an erasure encoded storage. In one exemplary aspect, a method may receive a request to re-stripe a plurality of data blocks arranged as a tile in the erasure encoded storage, wherein the request comprises a desired tile width. The method may identify (1) a number of data blocks in the tile and (2) a width of the tile. The method may determine a maximum number of data blocks that do not need to be rearranged when reconfiguring the tile to the desired tile width. Furthermore, the method may determine a tile reconfiguration with the desired tile width that does not rearrange the maximum number of the data blocks of the tile, and may re-stripe the tile in accordance with the tile reconfiguration.

Abstract: Disclosed herein are systems and method for protecting an endpoint device from malware. In one aspect, an exemplary method comprises performing, by a light analysis tool of the endpoint, a light static analysis of a sample, terminating the process and notifying the user when the process is malware, performing light dynamic analysis when the process is not malware based on the light static analysis, when the process is clean based on the light dynamic analysis, enabling the process to execute, when the process is malware, terminating the process and notifying the user, and when the process is suspicious pattern, suspending the process, setting a level of trust, sending the sample to a sandbox, terminating the process and notifying the user when the process is a malware based on received final verdict, enabling the process to resume executing when the process is determined as being clean based on the final verdict.