Abstract: A system is described herein that includes a preference deriver component that receives a predefined preference rule that indicates a hierarchy pertaining to entities belonging to a domain, wherein each of the entities has attributes and values for such attributes corresponding thereto, and wherein the preference deriver component outputs preferences between various subsets of entities based at least in part upon the preference rule. The system also includes a learning component that learns a computer-implemented ranker component that is configured to rank the entities belonging to the domain, wherein the learning component learns the computer-implemented ranker based at least in part upon the preferences between the various subsets of the entities output by the preference deriver component.

Abstract: Search relevance failures are diagnosed automatically. Users presented with unsatisfactory search results can report their dissatisfaction through various mechanisms. Dissatisfaction reports can trigger automatic investigation into the root cause of such dissatisfaction. Based on the identified root cause, a search engine can be modified to resolve the issue creating dissatisfaction thereby improving search engine quality.

Abstract: Architecture that scales up the non-negative matrix factorization (NMF) technique to a distributed NMF (denoted DNMF) to handle large matrices, for example, on a web scale that can include millions and billions of data points. To analyze web-scale data, DNMF is applied through parallelism on distributed computer clusters, for example, with thousands of machines. In order to maximize the parallelism and data locality, matrices are partitioned in the short dimension. The probabilistic DNMF can employ not only Gaussian and Poisson NMF techniques, but also exponential NMF for modeling web dyadic data (e.g., dwell time of a user on browsed web pages).

Abstract: A method and systems for providing and processing images of a virtual world scene. The method includes: rendering the scene of the virtual world to generate a plurality of rendering results, generating at least one image stream based on at least part of the plurality of rendering results, and sending the at least one image stream to the client. The system for providing the images includes: rendering means to generate a plurality of rendering results; image stream generation means for generating at least one image stream; and sending means for sending said at least one image stream to a client. After providing the images, the images are processed by receiving means for receiving, at a client, two image streams and merging means for merging the two image streams into a single image stream for playing.

Abstract: In an embodiment of isolation environment-based information access, programs—including operating systems and applications—running on a computing-based device can be isolated in an environment such as a virtual machine. Information including commands and/or data transmitted between the computing-based device and the program(s) being run, as well as information associated with the program(s) and the computing-based device, is accessed without being detected by the program(s). In one implementation, the information includes state information as well as commands and/or data—including sensitive information, such as usernames and passwords. In another implementation, the information can be used to secretly access the program(s).

Abstract: A method and system for retrieving data from devices in a way that seeks to preserve privacy and ensure the integrity of the retrieved data is provided. A retrieval system is implemented on a network of devices that communicate with each other via a secure communications link. Each device is directly connected to one or more “friend” devices that it trusts. The retrieval system operates by forwarding a request for data from one friend device to another friend device. Each friend device may optionally add data to the request until all the requested data is added. The request with the retrieved data is returned to the device that initiated the request.

Abstract: A method described herein includes acts of receiving data from a social networking application, wherein the data is generated by a first individual, and executing an entity extraction algorithm to extract at least one entity from the received data. The method also includes automatically causing a hyperlink to be displayed on a computing device utilized by a second individual, wherein the hyperlink is based at least in part upon the at least one entity, wherein the hyperlink is configured to direct the first individual to a search engine and is further configured to cause the search engine to execute a search that pertains to the at least one entity.

Abstract: A method and system for determining whether resources of a computer system are being hidden is provided. The security system invokes a high-level function of user mode that is intercepted and filtered by the malware to identify resources. The security system also directly invokes a low-level function of kernel mode that is not intercepted and filtered by the malware to identify resources. After invoking the high-level function and the low-level function, the security system compares the identified resources. If the low-level function identified a resource that was not identified by the high-level function, then the security system may consider the resource to be hidden.

Abstract: Defeating click-through cloaking includes retrieving a search results page to set a browser variable, inserting a link to a page into the search results page and clicking through to the page using the inserted link. Investigating cloaking includes providing script associated with a suspected spam URL, modifying the script to de-obfuscate the script and executing the modified script to reveal cloaking logic associated with the script.

Abstract: Embodiments of automated cloud service performance prediction are disclosed. The automated cloud service performance prediction includes extracting a parental dependency graph (PDG) for a webpage. The PDG encapsulates one or more dependency relationships for each web object in the webpage. The prediction further includes determining an original page load time (PLT) and original timing information of a webpage. The prediction also includes simulating a page loading of the webpage based on adjusted timing information of each web object and the PDG to estimate a new PLT of the webpage. The prediction additionally includes comparing the original PLT of the webpage to the new PLT of the webpage to determine whether the adjusted timing information increased or decreased the new PLT of the webpage.

Abstract: A method and system for determining whether resources of a computer system are being hidden is provided. The security system invokes a high-level function of user mode that is intercepted and filtered by the malware to identify resources. The security system also directly invokes a low-level function of kernel mode that is not intercepted and filtered by the malware to identify resources. After invoking the high-level function and the low-level function, the security system compares the identified resources. If the low-level function identified a resource that was not identified by the high-level function, then the security system may consider the resource to be hidden.

Abstract: Defeating click-through cloaking includes retrieving a search results page to set a browser variable, inserting a link to a page into the search results page and clicking through to the page using the inserted link. Investigating cloaking includes providing script associated with a suspected spam URL, modifying the script to de-obfuscate the script and executing the modified script to reveal cloaking logic associated with the script.

Abstract: A network can be explored to investigate exploitive behavior. For example, network sites may be actively explored by a honey monkey system to detect if they are capable of accomplishing exploits, including browser-based exploits, on a machine Also, the accomplishment of exploits may be detected by tracing events occurring on a machine after visiting a network site and analyzing the traced events for illicit behavior. Alternatively, site redirections between and among uniform resource locators (URLs) may be explored to discover relationships between sites that are visited.

Abstract: A technique for identifying dependencies of an application upon a given security context includes monitoring security checks generated by the application. The security checks requiring elevated rights are identified and the state of execution of the application corresponding to the identified security checks may be logged. The security checks requiring elevated rights may be identified by monitoring access checks, monitoring privilege checks, checking user/group identifiers against a list of known identifiers associated with elevated rights, or the like.

Abstract: A technique for identifying dependencies of an application upon a given security context includes monitoring security checks generated by the application. The security checks requiring elevated rights are identified and the state of execution of the application corresponding to the identified security checks may be logged. The security checks requiring elevated rights may be identified by monitoring access checks, monitoring privilege checks, checking user/group identifiers against a list of known identifiers associated with elevated rights, or the like.

Abstract: A network can be explored to investigate exploitive behavior. For example, network sites may be actively explored by a honey monkey system to detect if they are capable of accomplishing exploits, including browser-based exploits, on a machine. Also, the accomplishment of exploits may be detected by tracing events occurring on a machine after visiting a network site and analyzing the traced events for illicit behavior. Alternatively, site redirections between and among uniform resource locators (URLs) may be explored to discover relationships between sites that are visited.

Abstract: As computer programs grow more complex, extensible, and connected, it becomes increasingly difficult for users to understand what has changed on their machines and what impact those changes have. An embodiment of the invention is described via a software tool, called AskStrider, that answers those questions by correlating volatile process information with persistent-state context information and change history. AskStrider scans a system for active components, matches them against a change log to identify recently updated and hence more interesting state, and searches for context information to help users understand the changes. Several real-world cases are provided to demonstrate the effectiveness of using AskStrider to quickly identify the presence of unwanted software, to determine if a software patch is potentially breaking an application, and to detect lingering components left over from an unclean uninstallation.

Abstract: Systems and methodologies for improved query classification and processing are provided herein. As described herein, a query prediction model can be constructed from a set of training data (e.g., diagnostic data obtained from an automatic diagnostic system and/or other suitable data) using a machine learning-based technique. Subsequently upon receiving a query, a set of features corresponding to the query, such as the length and/or frequency of the query, unigram probabilities of respective words and/or groups of words in the query, presence of pre-designated words or phrases in the query, or the like, can be generated. The generated features can then be analyzed in combination with the query prediction model to classify the query by predicting whether the query is aimed at a head Uniform Resource Locator (URL) or a tail URL. Based on this prediction, an appropriate index or combination of indexes can be assigned to answer the query.

Abstract: An exemplary method includes providing a typographically erroneous domain name, tracing the domain name where tracing includes entering the domain name as part of a URL and recording one or more subsequent URLs, identifying a domain parking service for the domain name based at least in part on information in one of the recorded URLs, determining client identification information in at least one of the recorded URLs where the client identification information identifies a customer of the domain parking service and blocking one or more domain names based at least in part on the client identification information. Other exemplary technologies are also disclosed.

Abstract: Techniques are described for generating a statistical model from observed click chains. The model can be used to compute a probability that a document is relevant to a given search query. With the model, a probability of a user examining a given document in a given search result conditionally depends on: a probability that a preceding document in the given search result is examined by a user viewing the given search result; a probability that the preceding document is clicked on by a user viewing the given search result, which conditionally depends directly on the probability that the preceding document is examined and on a probability of relevance of the preceding document.