Patents by Inventor Tim Uwe Scheideler
Tim Uwe Scheideler has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240119137Abstract: A computer-implemented method or protecting a machine-learning model against training data attacks is disclosed. The method comprises performing an initial training of a machine-learning system with controlled training data, thereby building a trained initial machine-learning model and identifying high-impact training data from a larger training data set than in the controlled training data, wherein the identified individual training data have an impact on a training cycle of the training of machine-learning model, wherein the impact is larger than a predefined impact threshold value. The method also comprises building an artificial pseudo-malicious training data set from the identified high-impact training data and retraining the machine-learning system comprising the trained initial machine-learning model using the artificial pseudo-malicious training data set.Type: ApplicationFiled: November 21, 2022Publication date: April 11, 2024Inventors: Matthias Seul, Andrea Giovannini, Frederik Frank Flother, Tim Uwe Scheideler
-
Patent number: 11886587Abstract: Aspects of the present invention disclose a method, computer program product, and system for detecting a malicious process by a selected instance of an anti-malware system. The method includes one or more processors examining a process for indicators of compromise to the process. The method further includes one or more processors determining a categorization of the process based upon a result of the examination. In response to determining that the categorization of the process does not correspond to a known benevolent process and a known malicious process, the method further includes one or more processors executing the process in a secure enclave. The method further includes one or more processors collecting telemetry data from executing the process in the secure enclave. The method further includes one or more processors passing the collected telemetry data to a locally trained neural network system.Type: GrantFiled: October 13, 2020Date of Patent: January 30, 2024Assignee: KYNDRYL, INCInventors: Arjun Udupi Raghavendra, Tim Uwe Scheideler, Matthias Seul, Andrea Giovannini
-
Patent number: 11757912Abstract: A computer-implemented method for protecting a processing environment from malicious incoming network traffic may be provided. The method comprises: in response to receiving incoming network traffic comprising a data packet, performing a packet and traffic analysis of the data packet to determine whether said data packet is non-malicious and malicious, and processing of the data packet in a sandbox environment. Furthermore, the method comprises: in response to detecting that the data packet is non-malicious based on the packet and traffic analysis, releasing the processed data packet from the sandbox environment for further processing in the processing environment, and in response to detecting that the data packet is malicious based on the packet and traffic analysis discarding the data packet.Type: GrantFiled: December 20, 2022Date of Patent: September 12, 2023Assignee: KYNDRYL, INC.Inventors: Arjun Udupi Raghavendra, Tim Uwe Scheideler, Matthias Seul
-
Publication number: 20230118136Abstract: A computer-implemented method for protecting a processing environment from malicious incoming network traffic may be provided. The method comprises: in response to receiving incoming network traffic comprising a data packet, performing a packet and traffic analysis of the data packet to determine whether said data packet is non-malicious and malicious, and processing of the data packet in a sandbox environment. Furthermore, the method comprises: in response to detecting that the data packet is non-malicious based on the packet and traffic analysis, releasing the processed data packet from the sandbox environment for further processing in the processing environment, and in response to detecting that the data packet is malicious based on the packet and traffic analysis discarding the data packet.Type: ApplicationFiled: December 20, 2022Publication date: April 20, 2023Inventors: Arjun Udupi Raghavendra, Tim Uwe Scheideler, Matthias Seul
-
Publication number: 20230049773Abstract: A method for processing security events by applying a rule-based alarm scheme may be provided. The method includes generating a rule index of rules and an indicator of compromise index for each of the rules. The method includes also processing the incoming security event by applying the rules, increasing a current rule counter relating to a triggered rule, and increasing a current indicator of compromise counter pertaining to the triggered rule. Furthermore, the method includes generating a pseudo security event from received data about known attacks and related indicators of compromise, processing the pseudo security events by sequentially applying the rules, increasing a current rule counter of pseudo security events, and increasing a current indicator of compromise counter for pseudo security events, and sorting the rules and sorting within each rule the indicator of compromise values in the indicator of compromise index.Type: ApplicationFiled: October 25, 2022Publication date: February 16, 2023Inventors: Tim Uwe Scheideler, Ivan James Reedman, Arjun Udupi Raghavendra, Matthias Seul
-
Patent number: 11563761Abstract: A computer-implemented method for protecting a processing environment from malicious incoming network traffic may be provided. The method comprises: in response to receiving incoming network traffic comprising a data packet, performing a packet and traffic analysis of the data packet to determine whether said data packet is non-malicious and malicious, and processing of the data packet in a sandbox environment. Furthermore, the method comprises: in response to detecting that the data packet is non-malicious based on the packet and traffic analysis, releasing the processed data packet from the sandbox environment for further processing in the processing environment, and in response to detecting that the data packet is malicious based on the packet and traffic analysis discarding the data packet.Type: GrantFiled: April 23, 2020Date of Patent: January 24, 2023Assignee: Kyndryl, Inc.Inventors: Arjun Udupi Raghavendra, Tim Uwe Scheideler, Matthias Seul
-
Patent number: 11539737Abstract: A method for providing protection of a computing resource constrained device against cyberattacks may include collecting threat intelligence data in form of indicators of compromise (IoC). The indicators may include cyberattack chain related data. The method may also include determining a relevance of the cyberattack chain for the device, measuring a utilization of security measures in terms of their detection of the respective IoCs and their respective responses to the IoCs, measuring a resource consumption of the security measures, and determining a benefit value for at least one the security measure expressed by its utilization and a relevance value of the IoCs detected with it.Type: GrantFiled: October 28, 2020Date of Patent: December 27, 2022Assignee: KYNDRYL, INC.Inventors: Tim Uwe Scheideler, Matthias Seul, Arjun Udupi Raghavendra, Andrea Giovannini
-
Patent number: 11516228Abstract: A method for processing security events by applying a rule-based alarm scheme may be provided. The method includes generating a rule index of rules and an indicator of compromise index for each of the rules. The method includes also processing the incoming security event by applying the rules, increasing a current rule counter relating to a triggered rule, and increasing a current indicator of compromise counter pertaining to the triggered rule. Furthermore, the method includes generating a pseudo security event from received data about known attacks and related indicators of compromise, processing the pseudo security events by sequentially applying the rules, increasing a current rule counter of pseudo security events, and increasing a current indicator of compromise counter for pseudo security events, and sorting the rules and sorting within each rule the indicator of compromise values in the indicator of compromise index.Type: GrantFiled: May 29, 2019Date of Patent: November 29, 2022Assignee: KYNDRYL, INC.Inventors: Tim Uwe Scheideler, Ivan James Reedman, Arjun Udupi Raghavendra, Matthias Seul
-
Publication number: 20220300638Abstract: A computer-implemented method for managing access rights to a knowledge graph is provided. The method comprises splitting, for each user system, its respective portion of the knowledge graph into a plurality of knowledge subgraphs, encrypting each of the knowledge subgraphs, and generating a plurality of private summary graphs. The method also comprises maintaining a collaboration graph comprising one vertex per user system and edges representing collaborations between the users, mapping all private subgraphs of all user systems to one public summary graph, each vertex of the public summary graph comprises less data than the related vertex of the related private summary graphs and wherein none of the vertices of the summary graph comprises any encryption or decryption key, and granting access to a selected knowledge subgraph from a first user system to a second user system.Type: ApplicationFiled: June 8, 2022Publication date: September 22, 2022Inventors: Tim Uwe Scheideler, Arjun Udupi Raghavendra, Matthias Seul
-
Patent number: 11431734Abstract: A computer-implemented method for dynamically identifying security threats comprising a cyber-attack chain composed of a sequence of partial cyber-attacks represented by attack patterns may be provided. The method comprises receiving a sequence of security events, determining, a first cyber-attack pattern by applying a set of predefined rules for detecting an indicator of compromise of a first partial cyber-attack of the cyber-attack chain—thereby, identifying a specific cyber-attack chain—and determining a type and an attribute in the pattern of the first partial cyber-attack. The method comprises further configuring at least one rule for a downstream partial cyber-attack in the specific cyber-attack chain based on the type and the attribute in the attack pattern of the first partial cyber-attack, and adding the at least one configured rule to the set of predefined rules to be used by the correlation engine for dynamically identifying security threats to information technology systems.Type: GrantFiled: April 18, 2019Date of Patent: August 30, 2022Assignee: KYNDRYL, INC.Inventors: Matthias Seul, Arjun Udupi Raghavendra, Tim Uwe Scheideler, Tiziano Airoldi
-
Publication number: 20220269949Abstract: The exemplary embodiments disclose a method, a computer system, and a computer program product for detecting malware. The exemplary embodiments may include aggregating known malware patterns by storing malware patterns and related malware categories of the malware patterns. The exemplary embodiments may additionally include training a first machine-learning system, comprising a generator portion and a discriminator portion, by using the known malware patterns and the related malware categories as training data. The exemplary embodiments may also include generating additional synthetic code patterns by feeding random code samples to the trained first machine-learning system. The exemplary embodiments may further include training a second machine-learning system by using benevolent code patterns and the generated additional synthetic code patterns as training data.Type: ApplicationFiled: February 22, 2021Publication date: August 25, 2022Inventors: Tim Uwe Scheideler, Arjun Udupi Raghavendra, Matthias Seul, Andrea Giovannini
-
Patent number: 11397825Abstract: A computer-implemented method for managing access rights to a knowledge graph is provided. The method comprises splitting, for each user system, its respective portion of the knowledge graph into a plurality of knowledge subgraphs, encrypting each of the knowledge subgraphs, and generating a plurality of private summary graphs. The method also comprises maintaining a collaboration graph comprising one vertex per user system and edges representing collaborations between the users, mapping all private subgraphs of all user systems to one public summary graph, each vertex of the public summary graph comprises less data than the related vertex of the related private summary graphs and wherein none of the vertices of the summary graph comprises any encryption or decryption key, and granting access to a selected knowledge subgraph from a first user system to a second user system.Type: GrantFiled: August 9, 2019Date of Patent: July 26, 2022Assignee: Kyndryl, Inc.Inventors: Tim Uwe Scheideler, Arjun Udupi Raghavendra, Matthias Seul
-
Publication number: 20220131889Abstract: A method for providing protection of a computing resource constrained device against cyberattacks may include collecting threat intelligence data in form of indicators of compromise (IoC). The indicators may include cyberattack chain related data. The method may also include determining a relevance of the cyberattack chain for the device, measuring a utilization of security measures in terms of their detection of the respective IoCs and their respective responses to the IoCs, measuring a resource consumption of the security measures, and determining a benefit value for at least one the security measure expressed by its utilization and a relevance value of the IoCs detected with it.Type: ApplicationFiled: October 28, 2020Publication date: April 28, 2022Inventors: Tim Uwe Scheideler, Matthias Seul, Arjun Udupi Raghavendra, Andrea Giovannini
-
Patent number: 11314857Abstract: A method and system for determining a power consumption pattern for at least one application being executed on a computer is provided. The method comprises measuring a DC current and measuring a DC supply voltage provided to a data processing device, thereby creating a stream of time-stamped voltage value samples and current value samples. The method comprises further determining a product of the streams at identical times and converting the product into a real and an imaginary data stream using I/Q digital signal processing, combining these into a complex data stream, applying a signal processing demodulation step to the complex data stream, thereby generating a demodulated data stream, and extracting from the demodulated data stream at least one stream-based parameter signature, the at least one stream-based parameter signature representing the power consumption pattern of the at least one corresponding application being executed on the data processing device.Type: GrantFiled: May 17, 2019Date of Patent: April 26, 2022Assignee: Kyndryl, Inc.Inventors: Ivan James Reedman, Tim Uwe Scheideler
-
Publication number: 20220114260Abstract: Aspects of the present invention disclose a method, computer program product, and system for detecting a malicious process by a selected instance of an anti-malware system. The method includes one or more processors examining a process for indicators of compromise to the process. The method further includes one or more processors determining a categorization of the process based upon a result of the examination. In response to determining that the categorization of the process does not correspond to a known benevolent process and a known malicious process, the method further includes one or more processors executing the process in a secure enclave. The method further includes one or more processors collecting telemetry data from executing the process in the secure enclave. The method further includes one or more processors passing the collected telemetry data to a locally trained neural network system.Type: ApplicationFiled: October 13, 2020Publication date: April 14, 2022Inventors: Arjun Udupi Raghavendra, Tim Uwe Scheideler, Matthias Seul, Andrea Giovannini
-
Patent number: 11176149Abstract: A computer-implemented method for performing an analytic workflow process is provided. The method includes storing data from multiple input sources into a data storage pool, performing at least one analytic workflow executed by computing nodes, identifying data, by an analyzer module, expected to be required for a downstream analytic step. Thereby, the identified data have not yet been received in the in-memory database. The method also includes triggering a push module to move the identified data from the data storage pool to the in-memory database. Additionally, the method includes monitoring, by the analyzer module, output data of an analytic step and identifying pointers to additional data expected to be required for a downstream analytic step of a parallel analytic workflow process different to the analytic step of the monitored output data, and moving, by a push module, the data referred to by the pointers to the in-memory database.Type: GrantFiled: August 13, 2019Date of Patent: November 16, 2021Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Tim Uwe Scheideler, Thorsten Muehge, Erik Rueger, Thomas Snellgrove
-
Publication number: 20210336977Abstract: A computer-implemented method for protecting a processing environment from malicious incoming network traffic may be provided. The method comprises: in response to receiving incoming network traffic comprising a data packet, performing a packet and traffic analysis of the data packet to determine whether said data packet is non-malicious and malicious, and processing of the data packet in a sandbox environment. Furthermore, the method comprises: in response to detecting that the data packet is non-malicious based on the packet and traffic analysis, releasing the processed data packet from the sandbox environment for further processing in the processing environment, and in response to detecting that the data packet is malicious based on the packet and traffic analysis discarding the data packet.Type: ApplicationFiled: April 23, 2020Publication date: October 28, 2021Inventors: Arjun Udupi Raghavendra, Tim Uwe Scheideler, Matthias Seul
-
Patent number: 11086909Abstract: A method for partitioning a knowledge graph is provided. The method analyzes past searches and determines an access frequency of a plurality of edges. The method marks, as intermediate cluster cores, edges having the highest access frequencies, sorts the marked intermediate cluster cores according to their access frequencies, and selects a first cluster core having the highest access frequency. The method assigns first edges in a first radius around the first cluster core to build the first cluster. The method selects a second cluster core having the highest access frequency apart from edges of the first cluster, and assigns second edges in a second radius around second cluster core to build the second cluster. The method partitions the knowledge graph into a first sub-knowledge-graph comprising the first cluster and a second sub-knowledge-graph comprising the second cluster.Type: GrantFiled: November 27, 2018Date of Patent: August 10, 2021Assignee: International Business Machines CorporationInventors: Tim Uwe Scheideler, Erik Rueger, Stefan Ravizza, Frederik Frank Flöther
-
Publication number: 20210049168Abstract: A computer-implemented method for performing an analytic workflow process is provided. The method includes storing data from multiple input sources into a data storage pool, performing at least one analytic workflow executed by computing nodes, identifying data, by an analyzer module, expected to be required for a downstream analytic step. Thereby, the identified data have not yet been received in the in-memory database. The method also includes triggering a push module to move the identified data from the data storage pool to the in-memory database. Additionally, the method includes monitoring, by the analyzer module, output data of an analytic step and identifying pointers to additional data expected to be required for a downstream analytic step of a parallel analytic workflow process different to the analytic step of the monitored output data, and moving, by a push module, the data referred to by the pointers to the in-memory database.Type: ApplicationFiled: August 13, 2019Publication date: February 18, 2021Inventors: Tim Uwe Scheideler, Thorsten Muehge, Erik Rueger, Thomas Snellgrove
-
Publication number: 20210042438Abstract: A computer-implemented method for managing access rights to a knowledge graph is provided. The method comprises splitting, for each user system, its respective portion of the knowledge graph into a plurality of knowledge subgraphs, encrypting each of the knowledge subgraphs, and generating a plurality of private summary graphs. The method also comprises maintaining a collaboration graph comprising one vertex per user system and edges representing collaborations between the users, mapping all private subgraphs of all user systems to one public summary graph, each vertex of the public summary graph comprises less data than the related vertex of the related private summary graphs and wherein none of the vertices of the summary graph comprises any encryption or decryption key, and granting access to a selected knowledge subgraph from a first user system to a second user system.Type: ApplicationFiled: August 9, 2019Publication date: February 11, 2021Inventors: Tim Uwe Scheideler, Arjun Udupi Raghavendra, Matthias Seul