The present disclosure provides an approach of providing, to an artificial intelligence (AI) model, a malicious script that includes a malicious behavior. The AI model is configured to modify software code of the malicious script to produce modified software code that obfuscates the malicious behavior. The approach produces, by a processing device using the AI model, an adversarial script that includes the modified software code that obfuscates the malicious behavior. In turn, the approach initiates a malware detector to test the adversarial script.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
A system and method of using generative AI to recommend and validate asset and/or cloud configurations. The method includes acquiring a set of parameters associated with one or more network entities of a computing network. The method includes providing the set of parameters to a configuration model trained to generate, based on semantic matching, recommended configurations for network entities and validated configurations for the network entities. The method includes generating, by a processing device using the configuration model, one or more recommended configurations for the one or more network entities based on the set of parameters.
Systems and methods for providing cybersecurity notifications based on structured and unstructured data. The systems and methods receive a natural language query from a client device and processes, by an artificial intelligence model, the natural language query to identify elements of cybersecurity intelligence to monitor. The systems and methods further monitor cybersecurity intelligence for a match to the identified elements from the natural language query and provide a notification to the client device in response to the matching of the identified elements to one or more items of cybersecurity intelligence.
A system and method of using generative AI to identify exposures of computing devices on computing networks to actual and/or potential threats. The method includes collecting a plurality of responses from a plurality of devices to a target device on a private network. The method includes providing the plurality of responses to a classification model trained to assign device descriptions for device responses based on semantic matching of the device responses to database data. The method includes assigning, by the processing device using the classification model, a plurality of device descriptions for the plurality of responses to the target device, each response is respectively associated with one or more device descriptions of the plurality of device descriptions. The method includes generating, based on the plurality of device descriptions, a status report comprising a list of network addresses associated with a group of devices having access to the target device.
H04L 41/16 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p.ex. des réseaux de commutation de paquets en utilisant l'apprentissage automatique ou l'intelligence artificielle
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Computer security consulting; consulting in the field of
information technology; computer security and network
security consulting, namely, consultation in the fields of
protecting data and information from unauthorized access,
identifying malware on computer systems, identifying the
source and genealogy of malware, and identifying the
objectives of computer system attackers; computer security
consultancy in the field of scanning and penetration testing
of computers and networks to assess information security
vulnerability; maintenance and updating of computer software
relating to computer and network security and prevention of
computer risks; computer security consultancy for protecting
data and information from unauthorized access, namely,
developing plans for improving computer and network security
and preventing criminal activity; cloud computing featuring
software for detecting breaches for use in computer and
network security; cloud computing services featuring
software for authorizing access to databases in the field of
computer and network security; computer services, namely,
online scanning, detecting, quarantining, and eliminating
viruses, worms, trojans, spyware, adware, malware and
unauthorized data and programs on computers, networks, and
electronic devices; computer systems analysis; monitoring of
computer systems for protecting data and information from
unauthorized access; computer security consultancy for
protecting data and information from unauthorized access;
computer technology consulting in the field of systems for
the surveillance and monitoring of vulnerability and
security problems in computer hardware, networks, and
software; computer security consultancy for protecting data
and information from unauthorized access in the field of
endpoint protection software or curated cyberthreat data for
computer security assurance and identification of malicious
intrusions into computers, computer networks or computer
endpoints; software as a service (SAAS) services featuring
software for ensuring the security of computers and computer
networks; software as a service (SAAS) services, namely,
hosting software for use by others for detecting, blocking,
and removing computer viruses and threats; application
service provider (ASP) featuring non-downloadable computer
software for ensuring the security of computers and computer
networks; computer services, namely, acting as an
application service provider in the field of knowledge
management to host computer application software for
creating databases of information and data related to
malware and computer and network security; computer security
consultancy in the field of administration of digital keys
and digital certificates.
Nodal work assignments efficiently distribute server work items, such as storing redundant copies of electronic data. A cloud computing network establishes a policy that governs how and where the redundant copies are stored cloud computing nodes (such as by region, zone, and cluster targets). The cloud computing network repeatedly or continuously re-evaluates the work assignments based on replication assignment skews and/or leadership penalties. The nodal work assignments thus minimize hardware and software operations, network traffic, and electrical energy consumption.
H04L 67/1031 - Commande du fonctionnement des serveurs par un répartiteur de charge, p.ex. en ajoutant ou en supprimant de serveurs qui servent des requêtes
G06F 9/50 - Allocation de ressources, p.ex. de l'unité centrale de traitement [UCT]
7.
FUNNEL TECHNIQUES FOR NATURAL LANGUAGE TO API CALLS
The present disclosure produces a first output in response to inputting a first prompt into a large language model (LLM). The first prompt comprises a first document group that corresponds to a second document group, and the LLM is limited by a maximum token limit that is less than a token count of the second document group. The present disclosure generates a second prompt that comprises a subset of the second document group corresponding to the first output. The present disclosure then produces a second output based on the subset of the second document group in response to inputting the second prompt into the LLM.
A rules-based malware detection and assessment service pre-screens malware events reported by endpoint client devices. The endpoint client devices report the malware events to a cloud-computing environment providing the malware detection and assessment service. The malware events are compared to logical rules specifying malware and safe activities. Moreover, the malware detection and assessment service maintains a comprehensive, historical database that stores logs and tracks each malware event. Any new malware events are compared to the historical database. Any matching historical entry indicates a duplicate or repetitive malware detection, so the historical detection and assessment may be retrieved and suggested. The rules-based malware detection and assessment service thus provides a much faster and simpler resolution that easily scales to the ever-increasing volume of malware reports.
Systems and methods for incremental solves using LLMs for API calls is presented. The systems and methods produce, by a first large learning model (LLM), a processing plan based on a first prompt, wherein the processing plan includes a plurality of tasks corresponding to a plurality of services. The systems and methods send a plurality of messages corresponding to the plurality of tasks to a plurality of service agents, wherein the plurality of service agents correspond to the plurality of services and comprise a plurality of second LLMs that produce a plurality of agent responses. The systems and methods then generate a query response based on the plurality of agent responses.
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Computer security consulting; consulting in the field of
information technology; computer security consultancy
services for protecting data and information from
unauthorized access in the field of computer and network
security, identifying malware on computer systems,
identifying the source and genealogy of malware, and
identifying the objectives of computer system attacker;
computer security consultancy in the field of scanning and
penetration testing of computers and networks to assess
information security vulnerability; computer security
consultancy for protecting data and information from
unauthorized access, namely, developing plans for improving
computer and network security and preventing criminal
activity; cloud computing featuring software for use in
computer and network security; cloud computing services in
the field of computer and network security; computer
security services by online scanning, detecting,
quarantining, and eliminating of viruses, worms, Trojans,
spyware, adware, malware and unauthorized data and programs
on computers, networks, and electronic devices; computer
systems analysis; monitoring of computer systems for
protecting data and information from unauthorized access;
computer security consultancy for protecting data and
information from unauthorized access and computer technology
consulting of systems for the surveillance and monitoring of
vulnerability and security problems in computer hardware,
networks, and software; computer security consultancy for
protecting data and information from unauthorized access in
the field of endpoint protection software or curated
cyberthreat data for computer security assurance and
identification of malicious intrusions into computers,
computer networks or computer endpoints; software as a
service (SaaS) services featuring software for computer and
network security; software as a service (SaaS) services,
namely, hosting software for use by others for detecting,
blocking, and removing computer viruses and threats;
application service provider (ASP) featuring
non-downloadable computer software for use in computer and
network security; electronic monitoring services for
advanced computer threat detection using real-time
monitoring and machine learning to detect computer threats
and viruses, and for providing detailed analysis and
contextual intelligence to inform responses to sophisticated
computer threats; monitoring and investigation of bad actors
and adversaries across computer networks to neutralize
emerging computer threats and improve cybersecurity and
computer network security.
11.
IDENTIFYING PATTERNS IN LARGE QUANTITIES OF COLLECTED EMAILS
A system and method of detecting malicious activity in emails using pattern recognition. The method includes maintaining a plurality of associations between a plurality of emails and a plurality of multi-dimensional (MD) vectors of the plurality of emails. Each association is between a respective email of the plurality of emails and a respective MD vector of the plurality of MD vectors that corresponds to the respective email. The method includes identifying, based on one or more keywords, a set of MD vectors of the plurality of MD vectors. The method includes selecting, based on the plurality of associations, a set of emails associated with the set of MD vectors. The method includes generating, by a processing device, based on the set of emails or the set of MD vectors, a set of clusters to represent patterns in the set of emails.
Boot status markers record historical boot processes performed by a computer system. Each time the computer system boots, an operating system performs a boot process and interfaces with an antimalware driver. The antimalware driver determines the boot status markers that were set during previous boot processes. The antimalware driver may then classify other drivers based on the boot status markers set during the previous boot processes. The antimalware driver may then report driver classifications to the operating system. The operating system may then block, or allow, the drivers based on the driver classifications.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
13.
PREVENTION OF PROMPT INJECTION ATTACKS ON LARGE LANGUAGE MODELS BY TOKENIZATION OF STRUCTURED DATA ELEMENTS
Systems and methods for implementing prevention of prompt injection attacks on large language models by tokenization of structured data elements is presented. The systems and methods replace one or more data elements in a database response with one or more tokens to produce a tokenized database response. The systems and methods provide the tokenized database response to a large language model (LLM). The systems and methods receive a tokenized LLM output that includes at least one of the one or more tokens. The systems and methods produce a detokenized LLM output by replacing the one or more tokens in the tokenized LLM output with the one or more data elements.
G06F 40/284 - Analyse lexicale, p.ex. segmentation en unités ou cooccurrence
G06F 16/908 - Recherche caractérisée par l’utilisation de métadonnées, p.ex. de métadonnées ne provenant pas du contenu ou de métadonnées générées manuellement utilisant des métadonnées provenant automatiquement du contenu
Techniques for aggregating data usable for generating security recommendations are discussed herein. A system can aggregate detection data from host devices associated with different organizations based on profile information describing each organization. The system can analyze the aggregated data to identify potential security threats in a data stream, and generate recommendation data usable for defending the data stream from future malicious events.
H04L 41/16 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p.ex. des réseaux de commutation de paquets en utilisant l'apprentissage automatique ou l'intelligence artificielle
A security service can determine a synthetic context based at least in part on context data associated with a first malware sample, and detonate the first malware sample in the synthetic context to provide one or more first event records representing events performed by the first malware sample and detected during detonation. Additionally or alternatively, the security service can detonate the first malware sample and locate a second malware sample in a corpus based at least in part on the one or more first event records. Additionally or alternatively, the security service can receive event records representing events detected during a detonation of a first malware sample, the detonation based at least in part on context data, and locate a second malware sample in the corpus based at least in part on the one or more reference event records.
G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
Techniques to determining a program installed on a computing device may be indicative of performing a targeted intrusion of the computing device is described. A log file associated with the computing device may be generated. Various indicators from the log file may be determined. A security program may determine that the program may be indicative of performing the targeted intrusion based on at least one of the indicators. The security program may determine an action to take based on the indication of performing the targeted intrusion.
A computer-implemented method of detecting similarity between a first file and a plurality of second files, the method includes generating a first vector corresponding to the first file and a plurality of second vectors each corresponding to one of the plurality of second files; determining that the first file is similar to at least one of the plurality of second files based on a comparison of the first vector to the plurality of second vectors; and responsive to determining that the first file is similar to the at least one of the plurality of second files, performing a remediation operation on the first file.
A method for selecting a region of a similarity space in which to locate a file. Numerous files are received, and feature vectors for each of the received files is created, each feature vector comprising values representing corresponding features for the file. A respective similarity space is created for each of the respective number of feature vectors, each respective similarity space comprising several regions. One of the regions of the respective similarity space is selected in which a respective representation of each file is located based on the respective feature vector for the file. A map of relationships between one or more regions of the similarity spaces is then constructed.
A feature vector is created that comprises a plurality of values, each representing a corresponding portion of a filename extension for a digital file. During an inference workflow of a neural network model, an embedding vector is created that represents, in a meaningful way, the feature vector for the filename extension. A class label prediction value is then computed, based on an evaluation of the embedding vector, a first plurality of embedding vectors representing a plurality of feature vectors for a plurality of benign filename extensions, and a second plurality of embedding vectors representing a plurality of feature vectors for a plurality of malicious filename extensions. A prediction as to whether the digital file has been renamed by a malicious computer program is made, based on the class label prediction value.
G06F 18/2415 - Techniques de classification relatives au modèle de classification, p.ex. approches paramétriques ou non paramétriques basées sur des modèles paramétriques ou probabilistes, p.ex. basées sur un rapport de vraisemblance ou un taux de faux positifs par rapport à un taux de faux négatifs
Interpolant pattern matching reflects a runtime environment. Any interpolant finite automata (such as a DFA) using a regular expression may be modified with an interpolant string to create an interpolant finite automata (such as an IDFA). The interpolant string incorporates a placeholder that is then modified according to the runtime environment. An environmental variable or a directory path, for example, may be inserted into the placeholder at runtime. An input string may be pattern matched to the IDFA that reflects the runtime environment.
G06F 17/17 - Opérations mathématiques complexes Évaluation de fonctions par des procédés d'approximation, p.ex. par interpolation ou extrapolation, par lissage ou par le procédé des moindres carrés
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
Cloud-delivered hooks are injected as binary instrumentation into a software application. The cloud-delivered hooks are specified by a cloud computing environment. The cloud-delivered hooks may be set up, and torn down, by software updates from the cloud computing environment. The cloud-delivered hooks monitor and intercept functions, APIs, and system calls in both user space and kernel space. Moreover, the cloud-delivered hooks may utilize a polymorphic universal hooking mechanism that eliminates strict signature requirements between target functions and detour functions. Because the cloud-delivered hooks are commanded by, and received from, the cloud computing environment, the cloud-delivered hooks may be easily and nearly instantaneously distributed to clients in the field for near real time software instrumentation and reporting. The cloud-delivered hooks can thus greatly simplify and quicken software development, software debugging, malware detection, and software monitoring.
Methods and systems for applying a diffusion model to adversarial purification and generating adversarial samples in malware detection are disclosed. According to an example, a malware file is inputted to a diffusion model to obtain an adversarial sample by altering content of the malware file. The adversarial sample is further tested by a malware detector. In some examples, the content of an input file may be encoded prior to be processed by the diffusion model. If the malware detector can identify the adversarial sample as a malware file, the diffusion model is updated to further alter the content until the adversarial sample successfully deceives the malware detector. According to another example, an executable file is purified using a diffusion model prior to be inputted to a malware detector. The diffusion model may remove potential malware content from the executable file, thus improving the performance of the malware detector.
An interwoven approximate membership query (AMQ) data structure interweaves multiple AMQ data sets. The interwoven AMQ data structure collapses the AMQ data sets into a composite membership representation. The interwoven AMQ data structure still represents a computer database, but the interwoven AMQ data structure yields far faster membership results. The interwoven AMQ data structure requires orders of magnitude less data reads. Memory allocation is reduced, processor cycles are reduced, input/output operations are reduced, and translations from kernel space to user space are reduced. The interwoven AMQ data structure greatly improves computer functioning.
A system and method of adjusting a classifier to improve a performance of the classifier to detect a malicious file. The method includes receiving a request to process a target file. The method includes generating, based on a configuration file and the target file, one or more modified files and metadata associated with the one or more modified files. The method includes providing the one or more modified files to a classifier trained to generate an output indicating whether each of the one or more modified files is malicious or non-malicious. The method includes generating, based on the output and the metadata, performance data indicative of a performance of the classifier. The method includes adjusting, based on the performance data, parameters of the classifier to improve the performance of the classifier to detect a group of attacks on a computing environment.
A computer-implemented method for deobfuscating an executable image including a plurality of computer instructions organized in a first control flow is provided. The computer-implemented method includes analyzing the executable image to identify a plurality of discrete blocks of the computer instructions, the computer instructions of each of the discrete blocks comprising a control flow transfer instruction and a dispatcher variable, categorizing a type of each of the discrete blocks into one of a plurality of block types, wherein the plurality of block types comprise a conditional functional block type, an unconditional functional block type, and a dispatcher block type, based on the type of each of the discrete blocks, reorganizing the computer instructions of the executable image into a second control flow, different from the first control flow.
G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
G06F 21/52 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données
26.
Method and Apparatus for Evaluating Similarity Between Files
A method for constructing a similarity space in which to compare files. The method receives, and creates a respective pair of feature vectors for, each of the files. A low-level feature vector is created for a file, via a first parser, which includes a number of values, each representing corresponding low-level features identified in the file. A high-level feature vector is created, which includes a number of values, each representing corresponding high-level features identified in the file. The method then creates, during a training workflow of a neural network model, a similarity space comprising embedding vectors each corresponding to the respective pair of feature vectors for each of the files. The proximity of any two of the embedding vectors in the similarity space is based on a proximity of respective high-level feature vectors for a corresponding two files.
G06F 18/2415 - Techniques de classification relatives au modèle de classification, p.ex. approches paramétriques ou non paramétriques basées sur des modèles paramétriques ou probabilistes, p.ex. basées sur un rapport de vraisemblance ou un taux de faux positifs par rapport à un taux de faux négatifs
G06F 16/16 - Opérations sur les fichiers ou les dossiers, p.ex. détails des interfaces utilisateur spécialement adaptées aux systèmes de fichiers
27.
ACCESSIBILITY SERVICES BASED PHISHING DETECTION AND PREVENTION
Systems and methods disclosed that receive, from an accessibility service executing on a computing device, screen content that is displayed on a screen of the computing device to a user. The accessibility service is configured to interact with a graphical user interface executing on the computing device to determine the screen content and determine that the screen content includes malicious content. The systems and methods perform an operation, by the computing device, that impedes the user from selecting the malicious content.
A distributed security system can include instances of a compute engine that can execute either locally in security agents on client devices or as cloud instances in a security network. Event data can be processed by elements of the distributed security system according to centrally-defined ontological definitions and/or configurations. Bounding managers of local security agents can control how much event data is sent to the security network. A storage engine in the security network can store event data received from client devices, can route event data to other elements of the security network, including cloud instances of the compute engine. An experimentation engine of the security network can also at least temporarily adjust other elements of the distributed security system during experiments or tests.
Methods and systems implement computing systems configured to trigger a volatile memory scan based on execution of computer-executable instructions, and to downselect scope of a volatile memory scan. Such techniques for triggering scans are sufficiently selective to avoid volatile memory scans for each and every running process, or vast majority of running processes. Moreover, volatile memory scans are triggered responsively after the computer-executable instructions are run, so that target processes to be scanned have not yet terminated at the time of the volatile memory scan. Additionally, a variety of techniques are implemented to minimize the volatile memory scans adversely impacting computational performance of the computing system.
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Software as a service (SaaS) services featuring software for
automating customer interactions and data collection for
computer security consulting, namely, using artificial
intelligence for customer interaction for identifying
malware on computer systems, identifying the source and
genealogy of malware, and identifying the objectives of
computer system attackers; software as a service (SaaS)
services featuring software using artificial intelligence
for automating customer interactions and data collection for
scanning and penetration testing of computers and networks
to assess information security vulnerability for maintaining
and updating of computer software relating to computer and
network security and prevention of computer risks, and for
protecting data and information from unauthorized access
using artificial intelligence to develop plans for improving
computer and network security and preventing criminal
activity; cloud computing featuring software for use in
computer and network security; cloud computing services
using artificial intelligence for automating customer
interactions and data collection in the field of computer
and network security; software as a service (SaaS) services
featuring software using artificial intelligence for
automating customer interactions and data collection for
conducting online scanning, detecting, quarantining, and
eliminating viruses, worms, Trojans, spyware, adware,
malware and unauthorized data and programs on computers,
networks, and electronic devices; computer systems analysis;
software as a service (SaaS) services featuring software
using artificial intelligence for automating customer
interactions and data collection for monitoring of computer
systems for protecting data and information from
unauthorized access; computer security consultancy for
protecting data and information from unauthorized access and
computer technology consulting of systems using software as
a service (SaaS) services using artificial intelligence for
automating customer interactions for the surveillance and
monitoring of vulnerability and security problems in
computer hardware, networks, and software; computer security
consultancy for protecting data and information from
unauthorized access in the field of endpoint protection
software or curated cyberthreat data for computer security
assurance and identification of malicious intrusions into
computers, computer networks or computer endpoints; software
as a service (SAAS) services featuring software for computer
and network security; software as a service (SAAS) services,
namely, hosting software for use by others for detecting,
blocking, and removing computer viruses and threats;
application service provider (ASP) featuring
non-downloadable computer software for use in computer and
network security using artificial intelligence for
automating customer interactions and collection of data;
application service provider [ASP], namely, hosting computer
software applications in the field of knowledge management
for creating databases of information and data related to
malware and computer and network security; computer security
consultancy in the field of administration of digital keys
and digital certificates; providing online non-downloadable
software for the artificial production of human speech and
text based on deep learning algorithms to recognize and
respond to customer interactions relating to computer
security consulting, namely, for identifying malware on
computer systems, identifying the source and genealogy of
malware, identifying the objectives of computer system
attackers, scanning and penetration testing of computers and
networks to assess information security vulnerability,
maintaining and updating of computer software relating to
computer and network security and prevention of computer
risks, and for protecting data and information from
unauthorized access using artificial intelligence to develop
plans for improving computer and network security and
preventing criminal activity.
Techniques to manage queries for managing queries that detect activity associated with a data stream of a computing device. A system can receive a request to implement a query from a device, test the query in a test environment, and determine whether or not to deploy the query to a production environment that includes one or more host devices. The system can generate an instruction and/or a query identifier to control a start time and/or an end time for a query.
A method of generating a file hash using fingerprinting data includes acquiring, using one or more programs executing in a kernel space of an operating system, fingerprinting data associated with a target application process in a user space of the operating system responsive to detecting an execution of the target application process, sharing, by a processing device using the one or more programs, the fingerprinting data with a user space monitoring application executing in the user space of the operating system, generating a hash value of a target application file associated with the target application process, and determining, using the user space monitoring application, a validity of the hash value based on the fingerprinting data.
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06F 21/54 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
A method of generating a file hash using mount namespace data includes identifying, by a user space monitoring application executing in a user space of an operating system, a target application file associated with a target application process executing in the user space of the operating system, wherein the target application process is associated with a first mount namespace, accessing, by the user space monitoring application, a mapping between the first mount namespace and one or more processes executing in the user space of the operating system, switching, by a processing device, the user space monitoring application to the first mount namespace based on the mapping, and accessing, by the user space monitoring application, the target application file in the first mount namespace.
An artificial intelligence (AI) monitoring service detects, in real time or in near real time, misbehaving AI. The AI monitoring service monitors any of inputs to the AI, incoming/outgoing communications, API calls, inter-service/inter-container activities associated with the AI, and/or an output generated by the AI. Any activity conducted by, or associated with, the AI may be compared to an AI behavior profile defining permissible/impermissible activities. If any activity fails to conform to the AI behavior profile, alerts are sent and threat procedures are implemented. Very early stages of abnormal AI behavior are detected, thus quickly exposing abnormal AI behavior before the artificial intelligence can implement undesirable, or even harmful, actions.
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
(1) Computer security consulting; consulting in the field of information technology; computer security consultancy services for protecting data and information from unauthorized access in the field of computer and network security, identifying malware on computer systems, identifying the source and genealogy of malware, and identifying the objectives of computer system attacker; computer security consultancy in the field of scanning and penetration testing of computers and networks to assess information security vulnerability; computer security consultancy for protecting data and information from unauthorized access, namely, developing plans for improving computer and network security and preventing criminal activity; cloud computing featuring software for use in computer and network security; cloud computing services in the field of computer and network security; computer security services by online scanning, detecting, quarantining, and eliminating of viruses, worms, Trojans, spyware, adware, malware and unauthorized data and programs on computers, networks, and electronic devices; computer systems analysis; monitoring of computer systems for protecting data and information from unauthorized access; computer security consultancy for protecting data and information from unauthorized access and computer technology consulting of systems for the surveillance and monitoring of vulnerability and security problems in computer hardware, networks, and software; computer security consultancy for protecting data and information from unauthorized access in the field of endpoint protection software or curated cyberthreat data for computer security assurance and identification of malicious intrusions into computers, computer networks or computer endpoints; software as a service (SaaS) services featuring software for computer and network security; software as a service (SaaS) services, namely, hosting software for use by others for detecting, blocking, and removing computer viruses and threats; application service provider (ASP) featuring non-downloadable computer software for use in computer and network security; electronic monitoring services for advanced computer threat detection using real-time monitoring and machine learning to detect computer threats and viruses, and for providing detailed analysis and contextual intelligence to inform responses to sophisticated computer threats; monitoring and investigation of bad actors and adversaries across computer networks to neutralize emerging computer threats and improve cybersecurity and computer network security.
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Computer security consulting; consulting in the field of information technology; consultation for protecting data and information from unauthorized access in the field of computer and network security, identifying malware on computer systems, identifying the source and genealogy of malware, and identifying the objectives of computer system attackers; computer security consultancy in the field of scanning and penetration testing of computers and networks to assess information security vulnerability; computer security consultancy for protecting data and information from unauthorized access, namely, developing plans for improving computer and network security and preventing criminal activity; cloud computing featuring software for use in computer and network security; cloud computing services in the field of computer and network security; computer services, namely, online scanning, detecting, quarantining, and eliminating viruses, worms, Trojans, spyware, adware, malware and unauthorized data and programs on computers, networks, and electronic devices; computer systems analysis; monitoring of computer systems for protecting data and information from unauthorized access; computer security consultancy for protecting data and information from unauthorized access and computer technology consulting of systems for the surveillance and monitoring of vulnerability and security problems in computer hardware, networks, and software; computer security consultancy for protecting data and information from unauthorized access in the field of endpoint protection software or curated cyberthreat data for computer security assurance and identification of malicious intrusions into computers, computer networks or computer endpoints; software as a service (SAAS) services featuring software for computer and network security; software as a service (SAAS) services, namely, hosting software for use by others for detecting, blocking, and removing computer viruses and threats; application service provider (ASP) featuring non-downloadable computer software for use in computer and network security; computer services, namely, acting as an application service provider in the field of knowledge management to host computer application software for creating databases of information and data related to malware and computer and network security; computer security consultancy in the field of administration of digital keys and digital certificates; advanced computer threat detection services, using real-time monitoring and machine learning to detect computer threats and viruses, providing detailed analysis and contextual intelligence to inform responses to sophisticated computer threats; monitoring and investigation of bad actors and adversaries across computer networks to neutralize emerging computer threats and improve cybersecurity and computer network security
37.
Aggressive Embedding Dropout in Embedding-Based Malware Detection
Malware is detected using an embedding-based machine learning model. The model generates embeddings using byte n-grams. A feature importance operation reveals that only a subset of the embeddings is required to detect malware. In some cases, even a single embedding is adequate and retains 99% detection capabilities. An aggressive embedding dropout operation is implemented that ignores lesser-important embeddings. Because perhaps only one, or a few, embeddings need be determined, malware detection is greatly simplified. Malware detection is greatly simplified and need not calculate full-sized embeddings. A malware detection service runs quicker, and just as capably, while consuming less resources.
A security agent configured to initiate multifactor authentication (MFA) in response to security triggers occurring on a computing device. Upon occurrence of a security trigger, the security agent delays action associated with a process on the computing device and provides, to a display of a user of the computing device, a prompt asking if the security trigger resulted from an action of the user. The security agent then initiates MFA with an MFA provider to authenticate the user and, based at least on a result of the MFA and the user answer to the prompt, takes further action. The user answer may be provided separately from the MFA or through successful completion of the MFA.
A process subset of an executing process is obtained from a memory of a computing device. The process subset includes less than all of an in-memory executable program generated by the executing process. A feature vector is extracted from the process subset based on data within the process subset. A malware classification is generated based on the process subset. A remediation operation is initiated on the executing process based on the malware classification.
A security agent configured to utilize a decision validation model for a prediction model of a security agent of the computing device is described herein. The decision validation model includes non-executable data and is utilized by a function of the security agent along with the input vector and decision value of the prediction model as inputs to the decision validation model. The decision validation model then outputs a different decision value from the decision value of the prediction model. The security agent receives the decision validation model from a security service that trains the decision validation model when the prediction model is generating false predictions.
A video player includes the user interface comprising: a video display; a texture strip visually representing a series of frames of a video, the texture strip comprising a sequence of textured frame representations, each textured frame representation in sequence of textured frame representations representing a corresponding frame from a series of frames; a control to allow a user to use the texture strip to seek frames in the series of frames in a random manner. An input is received via the control, the input including an indication of a selection of a location in the texture strip, the location in the texture strip having a corresponding temporal location in the series of frames. Based on the input, a frame selected from the series of frames is displayed in the video display, the selected frame located at the corresponding temporal location in the series of frames.
H04N 5/262 - Circuits de studio, p.ex. pour mélanger, commuter, changer le caractère de l'image, pour d'autres effets spéciaux
H04N 5/272 - Moyens pour insérer une image de premier plan dans une image d'arrière plan, c. à d. incrustation, effet inverse
H04N 5/76 - Enregistrement du signal de télévision
H04N 5/765 - Circuits d'interface entre un appareil d'enregistrement et un autre appareil
H04N 5/77 - Circuits d'interface entre un appareil d'enregistrement et un autre appareil entre un appareil d'enregistrement et une caméra de télévision
H04N 5/775 - Circuits d'interface entre un appareil d'enregistrement et un autre appareil entre un appareil d'enregistrement et un récepteur de télévision
H04N 5/93 - Régénération du signal de télévision ou de parties sélectionnées de celui-ci
H04N 7/173 - Systèmes à secret analogiques; Systèmes à abonnement analogiques à deux voies, p.ex. l'abonné envoyant un signal de sélection du programme
H04N 21/234 - Traitement de flux vidéo élémentaires, p.ex. raccordement de flux vidéo ou transformation de graphes de scènes MPEG-4
H04N 21/2343 - Traitement de flux vidéo élémentaires, p.ex. raccordement de flux vidéo ou transformation de graphes de scènes MPEG-4 impliquant des opérations de reformatage de signaux vidéo pour la distribution ou la mise en conformité avec les requêtes des utilisateurs finaux ou les exigences des dispositifs des utilisateurs finaux
H04N 21/426 - Structure de client; Structure de périphérique de client Éléments internes de client
H04N 21/4402 - Traitement de flux élémentaires vidéo, p.ex. raccordement d'un clip vidéo récupéré d'un stockage local avec un flux vidéo en entrée ou rendu de scènes selon des graphes de scène MPEG-4 impliquant des opérations de reformatage de signaux vidéo pour la redistribution domestique, le stockage ou l'affichage en temps réel
H04N 21/472 - Interface pour utilisateurs finaux pour la requête de contenu, de données additionnelles ou de services; Interface pour utilisateurs finaux pour l'interaction avec le contenu, p.ex. pour la réservation de contenu ou la mise en place de rappels, pour la requête de notification d'événement ou pour la transformation de contenus affichés
H04N 21/61 - Structure physique de réseau; Traitement de signal
A digital security system can store data associated with entities in resolver trees. If the digital security system determines that two resolver trees are likely representing the same entity, the digital security system can use a merge operation to merge the resolver trees into a single resolver tree that represents the entity. The single resolver tree can include a merge node indicating a merge identifier of the merge operation. Nodes containing information merged into the resolver tree from another resolver tree during the merge operation can be tagged with the corresponding merge identifier. Accordingly, if the merge operation is to be undone, for instance if subsequent information indicates that the entries are likely separate entities, the resolver tree can be unmerged and the nodes tagged with the merge identifier can be restored to a separate resolver tree.
G06F 7/14 - Interclassement, c. à d. association d'au moins deux séries de supports d'enregistrement, chacun étant rangé dans le même ordre de succession, en vue de former une série unique rangée dans le même ordre de succession
G06F 16/22 - Indexation; Structures de données à cet effet; Structures de stockage
G06F 16/28 - Bases de données caractérisées par leurs modèles, p.ex. des modèles relationnels ou objet
43.
SYSTEMS AND METHODS FOR CACHING OF MANAGED CONTENT IN A DISTRIBUTED ENVIRONMENT USING A MULTI-TIERED ARCHITECTURE INCLUDING OFF-LINE ACCESS TO CACHED CONTENT
Embodiments as disclosed provide a distributed caching solution that improve the performance and functionality of a content management platform for sites that are physically or logically remote from the primary site of the content management platform. In particular, according to embodiments, a remote cache server may be associated with a remote site to store local copies of documents that are managed by the primary content management platform. Periodically, a portion of the remote site's cache may be synchronized with the content management platform's primary site using an extensible architecture to ensure that content at the remote cache server is current.
G06F 16/2458 - Types spéciaux de requêtes, p.ex. requêtes statistiques, requêtes floues ou requêtes distribuées
H04L 67/1097 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau pour le stockage distribué de données dans des réseaux, p.ex. dispositions de transport pour le système de fichiers réseau [NFS], réseaux de stockage [SAN] ou stockage en réseau [NAS]
44.
TECHNIQUES FOR ORDERING PROCESS ACTIVITY IN A CONCURRENT ENVIRONMENT
Trackable activity performed by a process executing in an operating system of a computing device is detected, the process associated with an initial sequence number and an initial message queue of a plurality of message queues, and each of the plurality of message queues comprising a first counter. Based on a comparison of the first counter to the initial sequence number, an assigned message queue of the process is set to the initial message queue or a second message queue of the plurality of message queues. A message is transmitted on the assigned message queue, the message comprising a process identifier of the process.
A method includes retrieving, in a kernel space of an operating system executing on a computing device, a first value from a first clock source, retrieving, in a user space of the operating system executing on the computing device, a second value from a second clock source, generating a unique process identifier (UPID) associated with a process identifier (PID) of a process executing in the operating system, wherein the UPID is based on the first value of the first clock source and the second value of the second clock source, and tracking process activity of the process executing in the operating system by utilizing the UPID.
A unique process identifier (UPID) associated with a process identifier (PID) of a process executing in an operating system is generated in a kernel space of the operating system executing on a computing device. The UPID is inserted into a first mapping store that maps the PID to the UPID. A message is transmitted including the PID to a message buffer structure. A second mapping store that maps the UPID to the PID is updated in a user space of the operating system based on the message.
A creation of a first process is detected in a kernel space of the operating system executing on a computing device. An exec parent of the first process is determined. The exec parent identifies a second process within an ancestry of the first process that last performed an exec operation prior to the creation of the first process. A unique process identifier (UPID) associated with a process identifier (PID) of the first process is generated. The UPID is associated with the exec parent in a first mapping store that maps the PID to the UPID. Process activity of the first process executing in the operating system is tracked to generate process activity data that comprises the exec parent.
G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
G06F 21/52 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données
Augmented reality presentations are provided at respective electronic devices. A first electronic device receives information relating to modification made to an augmented reality presentation at a second electronic device, and the first electronic device modifies the first augmented reality presentation in response to the information.
G06T 19/00 - Transformation de modèles ou d'images tridimensionnels [3D] pour infographie
A63F 13/50 - Commande des signaux de sortie en fonction de la progression du jeu
A63F 13/65 - Création ou modification du contenu du jeu avant ou pendant l’exécution du programme de jeu, p.ex. au moyen d’outils spécialement adaptés au développement du jeu ou d’un éditeur de niveau intégré au jeu automatiquement par des dispositifs ou des serveurs de jeu, à partir de données provenant du monde réel, p.ex. les mesures en direct dans les compétitions de course réelles
A63F 13/655 - Création ou modification du contenu du jeu avant ou pendant l’exécution du programme de jeu, p.ex. au moyen d’outils spécialement adaptés au développement du jeu ou d’un éditeur de niveau intégré au jeu automatiquement par des dispositifs ou des serveurs de jeu, à partir de données provenant du monde réel, p.ex. les mesures en direct dans les compétitions de course réelles par importation de photos, p.ex. du joueur
G06F 3/14 - Sortie numérique vers un dispositif de visualisation
G06V 10/75 - Appariement de motifs d’image ou de vidéo; Mesures de proximité dans les espaces de caractéristiques utilisant l’analyse de contexte; Sélection des dictionnaires
G06V 20/80 - Reconnaissance des objets d’image caractérisés par des motifs aléatoires uniques
49.
Adaptive Profiling of Cloud Services Using Machine Learning for Malware Detection
A cloud-service malware detection application detects, in real time or in near real time, malware infecting cloud services. The cloud-service malware detection application monitors incoming communications, outgoing communications, API calls, and other inter-service activities conducted between different cloud services in a cloud-computing environment. Because the cloud-computing environment may have many different cloud services, the cloud-service malware detection application detects a malware attack that spans multiple hosts and cloud services. The cloud-service malware detection application adaptively profiles each individual cloud service using machine learning, thus providing quicker, more accurate, and more scalable malware detection.
Systems and methods of authentication utilizing a large language model (LLM) are provided. The method includes accessing a knowledge base comprising user-specific data of a user device associated with a domain. In response to a request from the user device for access to a resource of the domain, the method includes generating one or more authentication challenges based on the user-specific data. The one or more authentication challenges are generated by an LLM trained on the user-specific data and contextual interactions associated with the user device. In response to determining that a response to the one or more authentication challenges matches the user-specific data of the knowledge base and the contextual interactions, the method includes providing the user device access to the resource of the domain.
A system and method of securing a Function as a Service (FaaS) cloud computing system without using access rights to operating system (OS) kernels of the cloud service system. The method includes receiving a request to invoke a user-function associated with a computing language. The method includes executing the user-function within an operating system that executes on a processing device of the cloud service system. The method includes monitoring, by the processing device, a real-time behavior of the user-function using a security sensor that executes within the operating system, wherein the security sensor is without access rights to a kernel of the operating system. The method includes acquiring behavioral data indicative of the real-time behavior of the user-function.
Methods and systems for multi-cloud breach detection using ensemble classification and deep anomaly detection are disclosed. According to an implementation, a security appliance may receive logged event data. The security appliance may determine using a supervised machine learning (ML) model, a first anomaly score representing a first context. The security appliance may further determine using a semi-supervised machine learning (ML) model, a second anomaly score representing the second context, and using an unsupervised ML model, one or more third anomaly scores representing one or more third contexts. The security appliance may aggregate the first anomaly score, the second anomaly score and the one or more third anomaly scores using a classification module to produce a final anomaly score and a final context. The security appliance may determine that an anomaly exists and a type of attack based on the final anomaly score and the final context.
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
(1) Software as a service (SaaS) services featuring software for automating customer interactions and data collection for computer security consulting, namely, using artificial intelligence for customer interaction for identifying malware on computer systems, identifying the source and genealogy of malware, and identifying the objectives of computer system attackers; software as a service (SaaS) services featuring software using artificial intelligence for automating customer interactions and data collection for scanning and penetration testing of computers and networks to assess information security vulnerability for maintaining and updating of computer software relating to computer and network security and prevention of computer risks, and for protecting data and information from unauthorized access using artificial intelligence to develop plans for improving computer and network security and preventing criminal activity; cloud computing featuring software for use in computer and network security; cloud computing services using artificial intelligence for automating customer interactions and data collection in the field of computer and network security; software as a service (SaaS) services featuring software using artificial intelligence for automating customer interactions and data collection for conducting online scanning, detecting, quarantining, and eliminating viruses, worms, Trojans, spyware, adware, malware and unauthorized data and programs on computers, networks, and electronic devices; computer systems analysis; software as a service (SaaS) services featuring software using artificial intelligence for automating customer interactions and data collection for monitoring of computer systems for protecting data and information from unauthorized access; computer security consultancy for protecting data and information from unauthorized access and computer technology consulting of systems using software as a service (SaaS) services using artificial intelligence for automating customer interactions for the surveillance and monitoring of vulnerability and security problems in computer hardware, networks, and software; computer security consultancy for protecting data and information from unauthorized access in the field of endpoint protection software or curated cyberthreat data for computer security assurance and identification of malicious intrusions into computers, computer networks or computer endpoints; software as a service (SAAS) services featuring software for computer and network security; software as a service (SAAS) services, namely, hosting software for use by others for detecting, blocking, and removing computer viruses and threats; application service provider (ASP) featuring non-downloadable computer software for use in computer and network security using artificial intelligence for automating customer interactions and collection of data; application service provider [ASP], namely, hosting computer software applications in the field of knowledge management for creating databases of information and data related to malware and computer and network security; computer security consultancy in the field of administration of digital keys and digital certificates; providing online non-downloadable software for the artificial production of human speech and text based on deep learning algorithms to recognize and respond to customer interactions relating to computer security consulting, namely, for identifying malware on computer systems, identifying the source and genealogy of malware, identifying the objectives of computer system attackers, scanning and penetration testing of computers and networks to assess information security vulnerability, maintaining and updating of computer software relating to computer and network security and prevention of computer risks, and for protecting data and information from unauthorized access using artificial intelligence to develop plans for improving computer and network security and preventing criminal activity.
54.
Techniques for variable memory allocation using constant-sized structures
A first message structure is selected from a first subset of a plurality of message structures based on a size of a message payload and a message type of the message payload. Each of the first subset of the plurality of message structures has a different size. A size of the first message structure is greater than or equal to the size of the message payload. A first request is transmitted to an application programming interface (API) utilizing the size of the first message structure. In response to transmitting the first request to the API, a reference is received to a buffer structure. The message payload is copied into the buffer structure using the reference to the buffer structure.
A command line anomaly detection system can generate anomaly scores associated with command line entries, such that command line entries associated with the highest anomaly scores can be identified. The command line anomaly detection system can include a transformer model trained, via unsupervised machine learning, to determine meanings of components of individual command line entries. The command line anomaly detection system can also include an anomaly detection model trained, via unsupervised machine learning, to determine anomaly scores based on the meanings of components of individual command line entries determined by the transformer model.
A method to predict that a text file contains source code written in one or more of a plurality of source code programming languages involves creating a feature vector comprising a plurality of values, wherein each value represents a corresponding piece of text found in the text file. Then, during an inference workflow with a neural network model, embedding representation values identified for each value in the feature vector. An overall embedding representation value is calculated for the feature vector based on the obtained embedding representation values. A plurality of class label prediction values is then created, based on the overall embedding representation value and a plurality of class labels corresponding to the plurality of source code programming languages. Finally, a prediction is made as to the source code programming language in which the source code is written in the text file based on the plurality of class label prediction values.
A value is assigned to a rate threshold for adding child nodes to a distinct parent node in a tree data structure. A first datum comprising a first variable assigned a first value and a second variable assigned a first value is added to the tree at a first timestamp, by adding to the first level in the tree a first parent node representing the first variable assigned the first value and adding to the second level in the tree a first child node representing the second variable assigned the first value and connected by a first directed edge from the first parent node. A second datum comprising the first variable assigned the first value and the second variable assigned a second value is received at a second timestamp. The method blocks adding to the second level in the tree a second child node representing the second variable assigned the second value and connected by a second directed edge from the first parent node when a rate based on the first timestamp and the second timestamp exceeds the rate threshold.
Methods and systems for generating and using a dynamic asset inventory are disclosed. According to an implementation, a dynamic inventory can be generated by a function included in a security agent that provides security for a network environment. First computing asset information can be collected from first data sources, and the first computing asset information can be supplemented with second computing asset information. The supplemented computing asset information can be used to generate log files for computing assets. The log files can be used to generate an asset search index that supports rapid search of the dynamic asset inventory.
G06F 16/00 - Recherche d’informations; Structures de bases de données à cet effet; Structures de systèmes de fichiers à cet effet
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
G06F 16/22 - Indexation; Structures de données à cet effet; Structures de stockage
59.
ON-DEVICE ARTIFICIAL INTELLIGENCE SYSTEMS AND METHODS FOR DOCUMENT AUTO-ROTATION
An auto-rotation module having a single-layer neural network on a user device can convert a document image to a monochrome image having black and white pixels and segment the monochrome image into bounding boxes, each bounding box defining a connected segment of black pixels in the monochrome image. The auto-rotation module can determine textual snippets from the bounding boxes and prepare them into input images for the single-layer neural network. The single-layer neural network is trained to process each input image, recognize a correct orientation, and output a set of results for each input image. Each result indicates a probability associated with a particular orientation. The auto-rotation module can examine the results, determine what degree of rotation is needed to achieve a correct orientation of the document image, and automatically rotate the document image by the degree of rotation needed to achieve the correct orientation of the document image.
G06V 10/24 - Alignement, centrage, détection de l’orientation ou correction de l’image
G06V 10/82 - Dispositions pour la reconnaissance ou la compréhension d’images ou de vidéos utilisant la reconnaissance de formes ou l’apprentissage automatique utilisant les réseaux neuronaux
G06V 30/19 - Reconnaissance utilisant des moyens électroniques
G06V 30/414 - Extraction de la structure géométrique, p.ex. arborescence; Découpage en blocs, p.ex. boîtes englobantes pour les éléments graphiques ou textuels
H04N 1/387 - Composition, repositionnement ou autre modification des originaux
A data store associated with one or more entities of a graph database hosted at a knowledge base hosting network maintains a respective one or more records of a plurality of mutation operations performed on the one or more entities. One or more of the plurality of mutation operations performed on the one or more entities is obtained from the data store. One or more documents of a document storage are then generated or updated based on the one or more of the plurality of mutation operations performed on the one or more entities obtained from the data store.
An executable program compiled for a first execution environment is obtained. The executable program is processed by an emulation function of a second execution environment to create an execution profile for the executable program. The emulation function of the second execution environment is configured to emulate an execution of the executable program and to replace an application programming interface (API) function call within the executable program with a call to an emulated API function call within the second execution environment. A malware classification is determined for the executable program based on the execution profile.
An event query host can include an event processor configured to process an event stream indicating events that occurred on a computing device. The event processor can add representations of events to an event graph. If an event added to the event graph is a trigger event associated with a query, the event processor can also add an instance of the query to a query queue. The query queue can be sorted based on scheduled execution times of query instances. At a scheduled execution time of a query instance in the query queue, a query manager of the event query host can execute the query instance and attempt to find a corresponding pattern of one or more events in the event graph.
Mechanisms are provided to detect content generated from phishing attacks. The mechanisms process an electronic communication, received from a data network, to produce a structure token. The structure token represents a content structure of the electronic communication. The structure token is processed by a machine learning model, which is trained to identify content that is generated in response to one or more phishing attacks. The machine learning model produces a classification output that indicates whether the electronic communication includes content that was generated in response to the one or more phishing attacks.
Techniques and systems are described for enabling an identity provider to identify a computing device during authentication of a user that uses the computing device, and to do so in a manner that is independent of a browser and/or a client application and/or an operating system on the computing device. For example, upon receiving, from a first identity provider, redirection data to redirect an authentication request to a second identity provider, a security agent executing on the computing device may intercept the authentication request, retrieve data about the computing device, and send the authentication request with the device data to the second identity provider. Upon receiving, from the second identity provider, a signed response to the authentication request, the computing device may send the signed response to the first identity provider to receive a result of the authentication request from the first identity provider.
G06F 21/46 - Structures ou outils d’administration de l’authentification par la création de mots de passe ou la vérification de la solidité des mots de passe
A system and method of predicting the probability of exploitation of vulnerabilities of a computing environment. The method includes acquiring one or more environment variables associated with a computing environment. The method includes identifying a vulnerability in the computing environment based on a vulnerability database (VDB) and the one or more environment variables associated with the computing environment. The method includes generating an input dataset based on behavioral-based endpoint detection and response (EDR) data associated with the vulnerability. The method includes providing the input dataset to one or more predictive models respectively trained to predict probabilities of exploitation of vulnerabilities of computing environments based on the input dataset. The method includes generating, by a processing device, a vulnerability risk score for the vulnerability of the computing environment based on the input dataset and the one or more predictive models.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
Deception-based techniques for responding to security attacks are described herein. The techniques include transitioning a security attack to a monitored computing device posing as a computing device impacted by the security attack and enabling the adversary to obtain deceptive information from the monitored computing device. Also, the adversary may obtain a document configured to report identifying information of an entity opening the document, thereby identifying the adversary associated with the attack. Further, the techniques include determining that a domain specified in a domain name request is associated with malicious activity and responding to the request with a network address of a monitored computing device to cause the requesting process to communicate with the monitored computing device in place of an adversary server. Additionally, a service may monitor dormant domains names associated with malicious activity and, in response to a change, respond with an alert or a configuration update.
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
H04L 61/4511 - Répertoires de réseau; Correspondance nom-adresse en utilisant des protocoles normalisés d'accès aux répertoires en utilisant le système de noms de domaine [DNS]
67.
Logical blocks analysis in an electronic file system volume
One or more identifiers respectively corresponding to a one or more logical blocks in an electronic file system volume is selected. One or more logical blocks respectively corresponding to the selected one or more identifiers is analyzed according to one or more criteria. A value is assigned to one or more indicators associated with each of the one or more logical blocks and corresponding to the one or more criteria, in response to the analyses of the corresponding one or more logical blocks. A representation of the one or more indicators, and their respective assigned values, associated with each of the one or more logical blocks that was analyzed according to the one or more criteria, is generated. In some embodiments, an action to be performed on or with an electronic file mapped to the logical blocks is controlled based on one or more of the values assigned to the one or more indicators associated with the one or more logical blocks.
Methods and systems for detecting malicious attacks in a network and preventing lateral movement in the network by identity control are disclosed. According to an implementation, a security appliance may receive telemetry data from an endpoint device collected during a period of time. The security appliance may determine a threat behavior based on the telemetry data. The threat behavior may be associated with a user identity or user account. The security appliance further determines one or more additional user identities based on the user identity connected to the threat behavior. The security appliance may enforce one or more security actions on the user identity and the one or more additional user identities to prevent attacks to a plurality of computing domains from the endpoint device using the one or more additional user identities. The security appliance may be implemented on any network participants including servers, cloud device, cloud-based services/platforms, etc.
A distributed security system includes instances of a compute engine that can receive an event stream comprising event data associated with an occurrence of one or more events on one or more client computing devices and generate new event data based on the event data in the event stream. A predictions engine coupled in communication with the compute engine(s) receives the new event data and applies at least a portion of the received new event data to one or more machine learning models of the distributed security system based to the received new event data. The one or more machine learning models generate a prediction result that indicates whether the occurrence of the one or more events from which the new event data was generated represents one or more target behaviors, based on the applying of at least the portion of the received new event data to the one or more machine learning models according to the received new event data.
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Business analysis, research and information services;
business consulting services in the field of information
technology (IT) and cloud computing; compilation and
systemization of information into computer databases;
database management services; business data analysis; data
processing services; conducting and arranging trade show
exhibitions for commercial and advertising purposes in the
fields of technology, cloud computing, web services,
software, software as a service (SaaS), artificial
intelligence, software development, game development,
databases, data processing and analytics, data storage, data
warehousing, data archiving, data and information security,
networking, mobile computing, and the Internet of Things
(IoT). Design and development of computer hardware and software;
cloud computing services, namely, consulting services in the
field of cloud computing; computer services, namely, cloud
hosting provider services; hosting of digital content on the
Internet; computer services, namely, cloud hosting of
electronic databases and virtual computing environments;
database development services, namely, administering and
maintaining databases and virtual computing environments for
others in the nature of providing virtual computer systems
and virtual computer environment through cloud computing and
maintenance of online databases therein; electronic data
storage; rental of web servers and co-location servers for
containerized data centers of others; Application service
provider (ASP), namely, hosting computer software
applications and databases of others; computer services,
namely, application service provider in the nature of
hosting, managing, administering, maintaining, monitoring to
improve scalability and performance, data encrypting, data
decrypting, data replicating and backing up databases and
cloud computing environments for others; data and
application migration services; data mining services;
electronic data backup and data restoration services in the
nature of recovery of computer data; remote online backup of
computer data; data encryption and decryption services; data
warehousing; technical support services, namely,
troubleshooting of computer software problems; software as a
service (SaaS) services featuring software for collecting,
editing, modifying, organizing, synchronizing, integrating,
monitoring, transmitting, storage and sharing of data and
information.
71.
SYSTEMS AND METHODS FOR GENERATING AND USING SEMANTIC IMAGES IN DEEP LEARNING FOR CLASSIFICATION AND DATA EXTRACTION
Disclosed is a new document processing solution that combines the powers of machine learning and deep learning and leverages the knowledge of a knowledge base. Textual information in an input image of a document can be converted to semantic information utilizing the knowledge base. A semantic image can then be generated utilizing the semantic information and geometries of the textual information. The semantic information can be coded by semantic type determined utilizing the knowledge base and positioned in the semantic image utilizing the geometries of the textual information. A region-based convolutional neural network (R-CNN) can be trained to extract regions from the semantic image utilizing the coded semantic information and the geometries. The regions can be mapped to the textual information for classification/data extraction. With semantic images, the number of samples and time needed to train the R-CNN for document processing can be significantly reduced.
G06V 10/82 - Dispositions pour la reconnaissance ou la compréhension d’images ou de vidéos utilisant la reconnaissance de formes ou l’apprentissage automatique utilisant les réseaux neuronaux
G06N 5/046 - Inférence en avant; Systèmes de production
G06V 30/414 - Extraction de la structure géométrique, p.ex. arborescence; Découpage en blocs, p.ex. boîtes englobantes pour les éléments graphiques ou textuels
G06V 30/40 - Reconnaissance des formes à partir d’images axée sur les documents
G06V 30/413 - Classification de contenu, p.ex. de textes, de photographies ou de tableaux
G06V 30/416 - Extraction de la structure logique, p.ex. chapitres, sections ou numéros de page; Identification des éléments de document, p.ex. des auteurs
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Software as a service (SaaS) services featuring software for automating customer interactions and data collection for computer security consulting, namely, using artificial intelligence for customer interaction for identifying malware on computer systems, identifying the source and genealogy of malware, and identifying the objectives of computer system attackers; software as a service (SaaS) services featuring software using artificial intelligence for automating customer interactions and data collection for scanning and penetration testing of computers and networks to assess information security vulnerability for maintaining and updating of computer software relating to computer and network security and prevention of computer risks, and for protecting data and information from unauthorized access using artificial intelligence to develop plans for improving computer and network security and preventing criminal activity; cloud computing featuring software for detecting breaches associated with authorizing access to databases in the field of computer and network security; cloud computing services using artificial intelligence for automating customer interactions and data collection in the field of computer and network security; software as a service (SaaS) services featuring software using artificial intelligence for automating customer interactions and data collection for conducting online scanning, detecting, quarantining, and eliminating viruses, worms, Trojans, spyware, adware, malware and unauthorized data and programs on computers, networks, and electronic devices; computer systems analysis; software as a service (SaaS) services featuring software using artificial intelligence for automating customer interactions and data collection for monitoring of computer systems for protecting data and information from unauthorized access; computer security consultancy for protecting data and information from unauthorized access and computer technology consulting of systems using software as a service (SaaS) services using artificial intelligence for automating customer interactions for the surveillance and monitoring of vulnerability and security problems in computer hardware, networks, and software; computer security consultancy for protecting data and information from unauthorized access in the field of endpoint protection software or curated cyberthreat data for computer security assurance and identification of malicious intrusions into computers, computer networks or computer endpoints; software as a service (SAAS) services featuring software for detecting breaches associated with authorizing access to databases in the field of computer and network security; software as a service (SAAS) services, namely, hosting software for use by others for detecting, blocking, and removing computer viruses and threats; application service provider (ASP) featuring non-downloadable computer software for use in computer and network security using artificial intelligence for automating customer interactions and collection of data; computer services, namely, acting as an application service provider in the field of knowledge management to host computer application software for creating databases of information and data related to malware and computer and network security; computer security consultancy in the field of administration of digital keys and digital certificates; providing online non-downloadable software for the artificial production of human speech and text based on deep learning algorithms to recognize and respond to customer interactions relating to computer security consulting, namely, for identifying malware on computer systems, identifying the source and genealogy of malware, identifying the objectives of computer system attackers, scanning and penetration testing of computers and networks to assess information security vulnerability, maintaining and updating of computer software relating to computer and network security and prevention of computer risks, and for protecting data and information from unauthorized access using artificial intelligence to develop plans for improving computer and network security and preventing criminal activity.
73.
Machine learning-based malware detection in process memory
A plurality of memory image data is obtained. Respective ones of the memory image data may include captured memory contents from an executing process. Training data including feature vectors and classification values are provided to a machine learning (ML) training model executing on a processing device. The feature vectors may include indications of patterns within the memory image data. The ML training model is trained based on the training data to generate an ML production model. The training may include computing a plurality of model parameters that relate the feature vectors of the training data to the classification values of the training data.
G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
G06F 21/53 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par exécution dans un environnement restreint, p.ex. "boîte à sable" ou machine virtuelle sécurisée
A file format identification system can predict file formats associated with binary data. The file format identification system can extract n-grams, such as byte 4-grams, from the binary data. A trained neural network with at least one embedding layer can generate embedding arrays that correspond to the extracted n-grams. A trained file format classifier can compare values in the embedding arrays with patterns of values associated with known file formats. The trained file format classifier can accordingly determine which of the known file formats are most likely to be associated with the binary data.
Methods and systems are provided for entropy exclusion of labeled training data by extracting windows therefrom, for training an embedding learning model to output a feature space for a feature space based learning model. Based on feature embedding by machine learning, a machine learning model is trained to embed feature vectors in a feature space which magnifies distances between features of a labeled dataset. Before training, however, sub-sequences of bytes are extracted from each sample of the labeled subset, based on a window size hyperparameter and a window distance hyperparameter. Information entropy is computed for each among a set of extracted windows, and extracted windows having highest information entropy, as well as extracted windows having lowest information entropy, are excluded therefrom. Extracted windows of the subset are stored in a data stream and accessed sequentially to derive feature vectors.
Techniques for searching an inverted index associating byte sequences of a fixed length and files that contain those byte sequences are described herein. Byte sequences comprising a search query are determined and searched in the inverted index. In some examples, training data for training machine learning (ML) model(s) may be created using pre-featured data from the inverted index. In various examples, training data may be used to retrain the ML model until the ML model meets a criterion. In some examples, the trained ML model may be used to perform searches on the inverted index and classify files.
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Computer security consulting; Consulting in the field of information technology relating to installation, maintenance and repair of computer software; Computer security and network security consulting, namely, consultation in the fields of protecting data and information from unauthorized access, identifying malware on computer systems, identifying the source and genealogy of malware, and identifying the objectives of computer system attackers; computer security consultancy in the field of scanning and penetration testing of computers and networks to assess information security vulnerability; maintenance and updating of computer software relating to computer and network security and prevention of computer risks; computer security consultancy for protecting data and information from unauthorized access, namely, developing plans for improving computer and network security and preventing criminal activity; cloud computing featuring software for detecting breaches for use in computer and network security; cloud computing services featuring software for authorizing access to databases in the field of computer and network security; computer services, namely, online scanning, detecting, quarantining, and eliminating viruses, worms, trojans, spyware, adware, malware and unauthorized data and programs on computers, networks, and electronic devices; computer systems analysis; monitoring of computer systems for protecting data and information from unauthorized access; computer security consultancy for protecting data and information from unauthorized access; computer technology consulting in the field of systems for the surveillance and monitoring of vulnerability and security problems in computer hardware, networks, and software; computer security consultancy for protecting data and information from unauthorized access in the field of endpoint protection software or curated cyberthreat data for computer security assurance and identification of malicious intrusions into computers, computer networks or computer endpoints; software as a service (SAAS) services featuring software for ensuring the security of computers and computer networks; software as a service (SAAS) services, namely, hosting software for use by others for detecting, blocking, and removing computer viruses and threats; application service provider (ASP) featuring non-downloadable computer software for ensuring the security of computers and computer networks; computer services, namely, acting as an application service provider in the field of knowledge management to host computer application software for creating databases of information and data related to malware and computer and network security; computer security consultancy in the field of administration of digital keys and digital certificates
78.
DERIVING STATISTICALLY PROBABLE AND STATISTICALLY RELEVANT INDICATOR OF COMPROMISE SIGNATURE FOR MATCHING ENGINES
Methods and systems are provided for a histogram model configuring a computing system to derive an indicator of compromise signature based on a sliding window index of identified malware samples, and a matching rule constructor configuring a computing system to generate matching signatures by selecting statistically relevant n-grams of an unidentified file sample. A matching rule constructor configures the computing system to construct a matching rule including, as a signature, 32 n-grams found in the unidentified file sample which occur most frequently, and another 32 n-grams found in the unidentified file sample which occur least frequently amongst records of the threat database across 32 discrete file size ranges. These functions can configure backend operations to a sample identification operation performed by a user operating a client computing device, in a fashion that does not require a user to manually discern strings from the unidentified file sample to derive a signature for the matching engine to search against the threat database.
G06F 21/56 - Détection ou gestion de programmes malveillants, p.ex. dispositions anti-virus
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
79.
System, method and computer program product for smart upload automation
Systems, methods, and computer program products for smart upload automation in which actions are automatically performed on a set of digital assets against a target item. In one embodiment, a system includes a network, a server machine, a client machine and a data storage device, each of which is coupled to the network. The client machine designates digital assets and a target item against which the assets will be uploaded. The digital assets are uploaded by the client machine to the data storage device via the network. The server machine automatically performs actions on the digital assets without intervention by the client machine, where the actions are associated with or in some way defined by the target item. The actions may include setting metadata values of the digital assets based upon metadata associated with the target item, or generating different renditions of the digital assets.
G06F 3/0484 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] pour la commande de fonctions ou d’opérations spécifiques, p.ex. sélection ou transformation d’un objet, d’une image ou d’un élément de texte affiché, détermination d’une valeur de paramètre ou sélection d’une plage de valeurs
G06F 16/48 - Recherche caractérisée par l’utilisation de métadonnées, p.ex. de métadonnées ne provenant pas du contenu ou de métadonnées générées manuellement
G06F 16/957 - Optimisation de la navigation, p.ex. mise en cache ou distillation de contenus
G06F 16/958 - Organisation ou gestion de contenu de sites Web, p.ex. publication, conservation de pages ou liens automatiques
H04L 67/02 - Protocoles basés sur la technologie du Web, p.ex. protocole de transfert hypertexte [HTTP]
H04L 67/06 - Protocoles spécialement adaptés au transfert de fichiers, p.ex. protocole de transfert de fichier [FTP]
H04L 67/565 - Conversion ou adaptation du format ou du contenu d'applications
G06F 15/16 - Associations de plusieurs calculateurs numériques comportant chacun au moins une unité arithmétique, une unité programme et un registre, p.ex. pour le traitement simultané de plusieurs programmes
80.
MACHINE LEARNING MALWARE CLASSIFICATIONS USING BEHAVIORAL ARTIFACTS
Techniques and systems for a security service system configured with a sensor component including a machine learning (ML) malware classifier to perform behavioral detection on host devices. The security service system may deploy a sensor component to monitor behavioral events on a host device. The sensor component may generate events data corresponding to monitored operations targeted by malware. The system may map individual events from events data onto a behavioral activity pattern and generate process trees. The system may extract behavioral artifacts to build a feature vector used for malware classification and generate a machine learning (ML) malware classifier. The sensor component may use the ML malware classifier to perform asynchronous behavioral detection on a host device and process system events for malware detection.
Training and use of a byte n-gram embedding model is described herein. A neural network is trained to determine a probability of occurrence associated with a byte n-gram. The neural network includes one or more embedding model layers, at least one of which is configured to output an embedding array of values. The byte n-gram embedding model may be used to generate a hash of received data, to classify the received data with no knowledge of a data structure associated with the received data, to compare the received data to files having a known classification, and/or to generate a signature for the received data.
Systems and methods for in-context editing of web pages in which the production format of a web page is visible while the web page is being edited, and the editable image is not distorted by the editing tools. In one embodiment, a system includes a server computer, a client computer and a transmission channel coupled between them. The server computer receives a request for a web page from the client computer and responsively transmits a web page containing in-context editing tools to the client computer. The client computer operates alternately in a first mode in which the in-context editing tools are superimposed on a web page image, or a second mode in which the web page image is displayed, but the in-context editing tools are hidden. The tools overlay in the first mode does not alter the production format of the web page image as displayed in the second mode.
G06F 40/166 - Traitement de texte Édition, p.ex. insertion ou suppression
G06F 40/143 - Balisage, p.ex. utilisation du langage SGML ou de définitions de type de document
B01L 3/00 - Récipients ou ustensiles pour laboratoires, p.ex. verrerie de laboratoire; Compte-gouttes
G01N 21/33 - Couleur; Propriétés spectrales, c. à d. comparaison de l'effet du matériau sur la lumière pour plusieurs longueurs d'ondes ou plusieurs bandes de longueurs d'ondes différentes en recherchant l'effet relatif du matériau pour les longueurs d'ondes caractéristiques d'éléments ou de molécules spécifiques, p.ex. spectrométrie d'absorption atomique en utilisant la lumière ultraviolette
A distributed security system can include instances of a compute engine that can execute either locally in security agents on client devices or as cloud instances in a security network. Event data can be processed by elements of the distributed security system according to centrally-defined ontological definitions and/or configurations. Bounding managers of local security agents can control how much event data is sent to the security network. A storage engine in the security network can store event data received from client devices, can route event data to other elements of the security network, including cloud instances of the compute engine. An experimentation engine of the security network can also at least temporarily adjust other elements of the distributed security system during experiments or tests.
H04L 41/042 - Architectures ou dispositions de gestion de réseau comprenant des centres de gestion distribués qui gèrent le réseau en collaboration
H04L 41/28 - Restriction de l’accès aux systèmes ou aux fonctions de gestion de réseau, p.ex. en utilisant la fonction d’autorisation pour accéder à la configuration du réseau
A distributed security system can include instances of a compute engine that can execute either locally in security agents on client devices or as cloud instances in a security network. Event data can be processed by elements of the distributed security system according to centrally-defined ontological definitions and/or configurations. Bounding managers of local security agents can control how much event data is sent to the security network. A storage engine in the security network can store event data received from client devices, can route event data to other elements of the security network, including cloud instances of the compute engine. An experimentation engine of the security network can also at least temporarily adjust other elements of the distributed security system during experiments or tests.
Several ways are provided for a viewer of a movie to create a deep tag, that is, a bookmark for a segment of the movie. The deep tag can be associated with descriptive text and sent to an address provided by the viewer, either an e-mail address or an instant messaging address. Additionally, before the deep tag is created, it can be checked whether the content owner of the movie is known. If known, the content owner's rules, if any, regarding deep tagging are followed. If unknown, a set of registered content owners can be alerted of the presence of new content. When ownership of the new content is established, the already-created deep tags can be updated in accordance with the content owner's rules, if any, regarding deep tagging.
G06F 3/048 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI]
G06F 16/78 - Recherche de données caractérisée par l’utilisation de métadonnées, p.ex. de métadonnées ne provenant pas du contenu ou de métadonnées générées manuellement
G06F 16/783 - Recherche de données caractérisée par l’utilisation de métadonnées, p.ex. de métadonnées ne provenant pas du contenu ou de métadonnées générées manuellement utilisant des métadonnées provenant automatiquement du contenu
G11B 27/034 - Montage électronique de signaux d'information analogiques numérisés, p.ex. de signaux audio, vidéo sur disques
H04N 7/173 - Systèmes à secret analogiques; Systèmes à abonnement analogiques à deux voies, p.ex. l'abonné envoyant un signal de sélection du programme
H04N 21/2547 - Facturation de tiers, p.ex. facturation d'un publicitaire
H04N 21/258 - Gestion de données liées aux clients ou aux utilisateurs finaux, p.ex. gestion des capacités des clients, préférences ou données démographiques des utilisateurs, traitement des multiples préférences des utilisateurs finaux pour générer des données co
H04N 21/262 - Ordonnancement de la distribution de contenus ou de données additionnelles, p.ex. envoi de données additionnelles en dehors des périodes de pointe, mise à jour de modules de logiciel, calcul de la fréquence de transmission de carrousel, retardement d
H04N 21/2743 - Hébergement vidéo de données téléchargées à partir du dispositif client
H04N 21/4786 - Services additionnels, p.ex. affichage de l'identification d'un appelant téléphonique ou application d'achat communication par messages électroniques
H04N 21/4788 - Services additionnels, p.ex. affichage de l'identification d'un appelant téléphonique ou application d'achat communication avec d'autres utilisateurs, p.ex. discussion en ligne
H04N 21/8355 - Génération de données de protection, p.ex. certificats impliquant des données sur l’utilisation, p.ex. nombre de copies ou de visualisations autorisées
H04N 21/845 - Structuration du contenu, p.ex. décomposition du contenu en segments temporels
86.
AUTO-CLASSIFICATION SYSTEM AND METHOD WITH DYNAMIC USER FEEDBACK
In an auto-classification system, example documents whose content exemplifies a content category or classification can be imported into a classification model. The classification model is tested to assess accuracy. Based on the testing, metrics or other information can be provided as feedback to a user. The user can iteratively refine the classification model and keep re-running the classifications to view how each change to the classification model improves accuracy. If no user refinement is desired, the auto-classification system classifies documents utilizing the classification model. This technology enhances the overall transparency and defensibility of the auto-classification process.
A distributed security system can include instances of a compute engine that can execute either locally in security agents on client devices or as cloud instances in a security network. Event data can be processed by elements of the distributed security system according to centrally-defined ontological definitions and/or configurations. Bounding managers of local security agents can control how much event data is sent to the security network. A storage engine in the security network can store event data received from client devices, can route event data to other elements of the security network, including cloud instances of the compute engine. An experimentation engine of the security network can also at least temporarily adjust other elements of the distributed security system during experiments or tests.
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Computer security consulting; consulting in the field of
information technology; computer security and network
security consulting, namely, consultation in the fields of
protecting data and information from unauthorized access,
identifying malware on computer systems, identifying the
source and genealogy of malware, and identifying the
objectives of computer system attackers; computer security
consultancy in the field of scanning and penetration testing
of computers and networks to assess information security
vulnerability; maintenance and updating of computer software
relating to computer and network security and prevention of
computer risks; computer security consultancy for protecting
data and information from unauthorized access, namely,
developing plans for improving computer and network security
and preventing criminal activity; cloud computing featuring
software for detecting breaches for use in computer and
network security; cloud computing services featuring
software for authorizing access to databases in the field of
computer and network security; computer services, namely,
online scanning, detecting, quarantining, and eliminating
viruses, worms, trojans, spyware, adware, malware and
unauthorized data and programs on computers, networks, and
electronic devices; computer systems analysis; monitoring of
computer systems for protecting data and information from
unauthorized access; computer security consultancy for
protecting data and information from unauthorized access;
computer technology consulting in the field of systems for
the surveillance and monitoring of vulnerability and
security problems in computer hardware, networks, and
software; computer security consultancy for protecting data
and information from unauthorized access in the field of
endpoint protection software or curated cyberthreat data for
computer security assurance and identification of malicious
intrusions into computers, computer networks or computer
endpoints; software as a service (SAAS) services featuring
software for ensuring the security of computers and computer
networks; software as a service (SAAS) services, namely,
hosting software for use by others for detecting, blocking,
and removing computer viruses and threats; application
service provider (ASP) featuring non-downloadable computer
software for ensuring the security of computers and computer
networks; computer services, namely, acting as an
application service provider in the field of knowledge
management to host computer application software for
creating databases of information and data related to
malware and computer and network security; computer security
consultancy in the field of administration of digital keys
and digital certificates.
89.
Systems, methods, and computer program products for inter-modal processing and messaging communication responsive to electronic mail
Inter-modal messaging communication is described. In one embodiment, a method of communication includes receiving an electronic mail message to be distributed and determining whether the electronic mail message is a multi-modal distribution message. Respective portions of the message may be separated for each mode of distribution. The separated portions may represent portions to be delivered by SMS messaging and facsimile, for example. The method further includes the steps of transmitting a short message comprising the short message portion of the mail message and establishing a conversation comprising conversation attributes. The conversation attributes are referenced, in certain aspects, to maintain a conversation between an originator of the received electronic mail message and a distribution address of short message portion of the mail message. For example, upon receipt of a short message in reply, the short message may be forwarded to an originator of the conversation.
H04L 51/214 - Surveillance ou traitement des messages en utilisant le transfert sélectif
H04L 51/52 - Messagerie d'utilisateur à utilisateur dans des réseaux à commutation de paquets, transmise selon des protocoles de stockage et de retransmission ou en temps réel, p.ex. courriel pour la prise en charge des services des réseaux sociaux
H04L 51/58 - Adaptation des messages pour la communication sans fil
H04M 1/72436 - Interfaces utilisateur spécialement adaptées aux téléphones sans fil ou mobiles avec des moyens de soutien local des applications accroissant la fonctionnalité avec des moyens interactifs de gestion interne des messages pour la messagerie textuelle, p.ex. SMS ou courriel
H04N 1/00 - Balayage, transmission ou reproduction de documents ou similaires, p.ex. transmission de fac-similés; Leurs détails
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Business administration services; business services, namely,
administration of a program for enabling participants to
receive expedited investigative and remediation services in
the field of data security, computer security and network
security. Computer security consulting; consulting in the field of
information technology; computer security and network
security consulting, namely, consultation in the fields of
protecting data and information from unauthorized access,
identifying malware on computer systems, identifying the
source and genealogy of malware, and identifying the
objectives of computer system attackers; computer security
consultancy in the field of scanning and penetration testing
of computers and networks to assess information security
vulnerability; maintenance and updating of computer software
relating to computer and network security and prevention of
computer risks; computer security consultancy for protecting
data and information from unauthorized access, namely,
developing plans for improving computer and network security
and preventing criminal activity; cloud computing featuring
software for detecting breeches for use in computer and
network security; cloud computing services featuring
software for authorizing access to databases in the field of
computer and network security; computer services, namely,
online scanning, detecting, quarantining, and eliminating
viruses, worms, trojans, spyware, adware, malware and
unauthorized data and programs on computers, networks, and
electronic devices; computer systems analysis; monitoring of
computer systems for protecting data and information from
unauthorized access; computer security consultancy for
protecting data and information from unauthorized access;
computer technology consulting in the field of systems for
the surveillance and monitoring of vulnerability and
security problems in computer hardware, networks, and
software; computer security consultancy for protecting data
and information from unauthorized access in the field of
endpoint protection software or curated cyberthreat data for
computer security assurance and identification of malicious
intrusions into computers, computer networks or computer
endpoints; software as a service (SAAS) services featuring
software for ensuring the security of computers and computer
networks; software as a service (SAAS) services, namely,
hosting software for use by others for detecting, blocking,
and removing computer viruses and threats; application
service provider (ASP) featuring non-downloadable computer
software for ensuring the security of computers and computer
networks; computer services, namely, acting as an
application service provider in the field of knowledge
management to host computer application software for
creating databases of information and data related to
malware and computer and network security; computer security
consultancy in the field of administration of digital keys
and digital certificates.
91.
Firewall System for Controlling Data Flow Between Computing Resources
A firewall receives a flow of data from a first computing resource destined to a second computing resource and searches, in a memory, a prefix tree data structure, the prefix data structure comprising a linked plurality of nodes corresponding to normalized criteria for each of a plurality of rules, for any rule in the plurality of rules that applies to controlling the received flow of data between the first computing resource and the second computing resource. If the search is successful, a set of rules in the prefix tree data structure is identified that apply to controlling the received flow of data from the first computing resource to the second computing resource in response to the searching. One of those rules in the set is then selected to control the received flow of data from the first computing resource to the second computing resource. Action is taken with respect to the received flow of data, for example, allowing or denying transmission of the received flow of data from the first computing resource to the second computing resource, according to the selected rule.
A documentation generation engine coupled to a mutation handler are provided, configured to traverse a knowledge base to derive selective views. Organizations may configure a documentation generator application running on generator hosts to summarize records of a knowledge base storing institutional knowledge, and relationships therebetween, as human-readable reference documents. It is undesired for the documentation generator to query the knowledge base on a naive basis in response to updates in order to derive views required to generate updated documentation. Therefore, example embodiments of the present disclosure provide a query-writing framework which describes a schema organizing these records for human readability and describing relationships of these records to other records of interest, from which a set of queries may be derived which cause a knowledge base to return all records topically related by a schema of a query-writing framework, while minimizing excess querying unnecessarily amplifying computational workload and network traffic.
An event query host can include one or more processors configured to process an event stream indicating events that occurred on one or more computing devices. The event stream comprises event data that is associated with occurrences of events on the one or more computing devices. The event query host can forward the event data to a first query engine and to a second query engine. The first query engine can determine, based on a set of query definitions, that the forwarded event data is associated with a first query to be executed by the first query engine, and so executes the first query instance associated with the first query. The second query engine can also determine, based on the set of query definitions, that the forwarded event data is associated with a second query to be executed by the second query engine, and so executes the second query instance associated with the second query.
A digital security system can store data associated with entities in resolver trees. If the digital security system determines that two resolver trees are likely representing the same entity, the digital security system can use a merge operation to merge the resolver trees into a single resolver tree that represents the entity. The single resolver tree can include a merge node indicating a merge identifier of the merge operation. Nodes containing information merged into the resolver tree from another resolver tree during the merge operation can be tagged with the corresponding merge identifier. Accordingly, if the merge operation is to be undone, for instance if subsequent information indicates that the entries are likely separate entities, the resolver tree can be unmerged and the nodes tagged with the merge identifier can be restored to a separate resolver tree.
G06F 16/22 - Indexation; Structures de données à cet effet; Structures de stockage
G06F 7/14 - Interclassement, c. à d. association d'au moins deux séries de supports d'enregistrement, chacun étant rangé dans le même ordre de succession, en vue de former une série unique rangée dans le même ordre de succession
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
(1) Computer security consulting; consulting in the field of information technology; computer security and network security consulting, namely, consultation in the fields of protecting data and information from unauthorized access, identifying malware on computer systems, identifying the source and genealogy of malware, and identifying the objectives of computer system attackers; computer security consultancy in the field of scanning and penetration testing of computers and networks to assess information security vulnerability; maintenance and updating of computer software relating to computer and network security and prevention of computer risks; computer security consultancy for protecting data and information from unauthorized access, namely, developing plans for improving computer and network security and preventing criminal activity; cloud computing featuring software for detecting breaches for use in computer and network security; cloud computing services featuring software for authorizing access to databases in the field of computer and network security; computer services, namely, online scanning, detecting, quarantining, and eliminating viruses, worms, trojans, spyware, adware, malware and unauthorized data and programs on computers, networks, and electronic devices; computer systems analysis; monitoring of computer systems for protecting data and information from unauthorized access; computer security consultancy for protecting data and information from unauthorized access; computer technology consulting in the field of systems for the surveillance and monitoring of vulnerability and security problems in computer hardware, networks, and software; computer security consultancy for protecting data and information from unauthorized access in the field of endpoint protection software or curated cyberthreat data for computer security assurance and identification of malicious intrusions into computers, computer networks or computer endpoints; software as a service (SAAS) services featuring software for ensuring the security of computers and computer networks; software as a service (SAAS) services, namely, hosting software for use by others for detecting, blocking, and removing computer viruses and threats; application service provider (ASP) featuring non-downloadable computer software for ensuring the security of computers and computer networks; computer services, namely, acting as an application service provider in the field of knowledge management to host computer application software for creating databases of information and data related to malware and computer and network security; computer security consultancy in the field of administration of digital keys and digital certificates.
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
(1) Business administration services; business services, namely, administration of a program for enabling participants to receive expedited investigative and remediation services in the field of data security, computer security and network security.
(2) Computer security consulting; consulting in the field of information technology; computer security and network security consulting, namely, consultation in the fields of protecting data and information from unauthorized access, identifying malware on computer systems, identifying the source and genealogy of malware, and identifying the objectives of computer system attackers; computer security consultancy in the field of scanning and penetration testing of computers and networks to assess information security vulnerability; maintenance and updating of computer software relating to computer and network security and prevention of computer risks; computer security consultancy for protecting data and information from unauthorized access, namely, developing plans for improving computer and network security and preventing criminal activity; cloud computing featuring software for detecting breeches for use in computer and network security; cloud computing services featuring software for authorizing access to databases in the field of computer and network security; computer services, namely, online scanning, detecting, quarantining, and eliminating viruses, worms, trojans, spyware, adware, malware and unauthorized data and programs on computers, networks, and electronic devices; computer systems analysis; monitoring of computer systems for protecting data and information from unauthorized access; computer security consultancy for protecting data and information from unauthorized access; computer technology consulting in the field of systems for the surveillance and monitoring of vulnerability and security problems in computer hardware, networks, and software; computer security consultancy for protecting data and information from unauthorized access in the field of endpoint protection software or curated cyberthreat data for computer security assurance and identification of malicious intrusions into computers, computer networks or computer endpoints; software as a service (SAAS) services featuring software for ensuring the security of computers and computer networks; software as a service (SAAS) services, namely, hosting software for use by others for detecting, blocking, and removing computer viruses and threats; application service provider (ASP) featuring non-downloadable computer software for ensuring the security of computers and computer networks; computer services, namely, acting as an application service provider in the field of knowledge management to host computer application software for creating databases of information and data related to malware and computer and network security; computer security consultancy in the field of administration of digital keys and digital certificates.
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
(1) Business analysis, research and information services; business consulting services in the field of information technology (IT) and cloud computing; compilation and systemization of information into computer databases; database management services; business data analysis; data processing services; conducting and arranging trade show exhibitions for commercial and advertising purposes in the fields of technology, cloud computing, web services, software, software as a service (SaaS), artificial intelligence, software development, game development, databases, data processing and analytics, data storage, data warehousing, data archiving, data and information security, networking, mobile computing, and the Internet of Things (IoT).
(2) Design and development of computer hardware and software; cloud computing services, namely, consulting services in the field of cloud computing; computer services, namely, cloud hosting provider services; hosting of digital content on the Internet; computer services, namely, cloud hosting of electronic databases and virtual computing environments; database development services, namely, administering and maintaining databases and virtual computing environments for others in the nature of providing virtual computer systems and virtual computer environment through cloud computing and maintenance of online databases therein; electronic data storage; rental of web servers and co-location servers for containerized data centers of others; Application service provider (ASP), namely, hosting computer software applications and databases of others; computer services, namely, application service provider in the nature of hosting, managing, administering, maintaining, monitoring to improve scalability and performance, data encrypting, data decrypting, data replicating and backing up databases and cloud computing environments for others; data and application migration services; data mining services; electronic data backup and data restoration services in the nature of recovery of computer data; remote online backup of computer data; data encryption and decryption services; data warehousing; technical support services, namely, troubleshooting of computer software problems; software as a service (SaaS) services featuring software for collecting, editing, modifying, organizing, synchronizing, integrating, monitoring, transmitting, storage and sharing of data and information.
98.
METHOD, SYSTEM AND COMPUTER PROGRAM PRODUCT FOR DISTRIBUTED VIDEO EDITING
A network editor comprises a central location with stored videos such as movies that can be edited by editors at remote locations. An editor receives a representation of a video and specifies edits relative to the representation, enabling the editor to use a device lacking sufficient processing capability to edit the video directly, and also reducing the volume of information transmitted between the central location and the remote editor. The central location is able to provide the edited movie in a format suitable to the display capabilities of the viewing device of the viewer requesting the edited video.
H04N 5/272 - Moyens pour insérer une image de premier plan dans une image d'arrière plan, c. à d. incrustation, effet inverse
H04N 5/765 - Circuits d'interface entre un appareil d'enregistrement et un autre appareil
H04N 5/77 - Circuits d'interface entre un appareil d'enregistrement et un autre appareil entre un appareil d'enregistrement et une caméra de télévision
H04N 7/173 - Systèmes à secret analogiques; Systèmes à abonnement analogiques à deux voies, p.ex. l'abonné envoyant un signal de sélection du programme
H04N 21/2343 - Traitement de flux vidéo élémentaires, p.ex. raccordement de flux vidéo ou transformation de graphes de scènes MPEG-4 impliquant des opérations de reformatage de signaux vidéo pour la distribution ou la mise en conformité avec les requêtes des utilisateurs finaux ou les exigences des dispositifs des utilisateurs finaux
H04N 21/426 - Structure de client; Structure de périphérique de client Éléments internes de client
H04N 21/4402 - Traitement de flux élémentaires vidéo, p.ex. raccordement d'un clip vidéo récupéré d'un stockage local avec un flux vidéo en entrée ou rendu de scènes selon des graphes de scène MPEG-4 impliquant des opérations de reformatage de signaux vidéo pour la redistribution domestique, le stockage ou l'affichage en temps réel
H04N 21/472 - Interface pour utilisateurs finaux pour la requête de contenu, de données additionnelles ou de services; Interface pour utilisateurs finaux pour l'interaction avec le contenu, p.ex. pour la réservation de contenu ou la mise en place de rappels, pour la requête de notification d'événement ou pour la transformation de contenus affichés
An ad in a movie can be a static ad having a position in the movie that cannot be moved, or a dynamic ad having a position in the movie that can be changed. When a viewer wishes to skip a portion of the movie containing the ad, the playback system determines whether the ad is static or dynamic. If the ad is static, only the portion of the movie preceding the static ad can be skipped; the ad is unskippable. This technique is referred to as “bounceback” since the end of the skip bounces back to the start of the static ad. If the ad is dynamic, it is moved to after the end of the skip. This technique is referred to as “slip-ad” since the ad slips to later in the movie. When a movie has multiple ads, some can be static and some can be dynamic.
G11B 27/00 - Montage; Indexation; Adressage; Minutage ou synchronisation; Contrôle; Mesure de l'avancement d'une bande
G11B 27/031 - Montage électronique de signaux d'information analogiques numérisés, p.ex. de signaux audio, vidéo
G11B 27/30 - Indexation; Adressage; Minutage ou synchronisation; Mesure de l'avancement d'une bande en utilisant une information détectable sur le support d'enregistrement en utilisant des signaux d'information enregistrés par le même procédé que pour l'enregistrement principal sur la même piste que l'enregistrement principal
H04H 20/10 - Dispositions pour le remplacement ou la commutation des informations lors de la radiodiffusion ou de la distribution
H04H 60/33 - Dispositions de contrôle du comportement ou des opinions des utilisateurs
H04H 60/59 - Dispositions caractérisées par des composants spécialement adaptés à la surveillance, l'identification ou la reconnaissance, couverts par les groupes ou vidéo
H04H 60/66 - Dispositions pour des services utilisant les résultats du contrôle, de l'identification ou de la reconnaissance, couverts par les groupes ou pour utiliser les résultats côté distributeurs
H04N 5/76 - Enregistrement du signal de télévision
H04N 5/85 - Enregistrement du signal de télévision utilisant l'enregistrement optique sur des disques ou sur des tambours
H04N 7/16 - Systèmes à secret analogiques; Systèmes à abonnement analogiques
H04N 7/173 - Systèmes à secret analogiques; Systèmes à abonnement analogiques à deux voies, p.ex. l'abonné envoyant un signal de sélection du programme
H04N 9/804 - Transformation du signal de télévision pour l'enregistrement, p.ex. modulation, changement de fréquence; Transformation inverse pour la reproduction comportant une modulation par impulsions codées pour les composantes du signal d'image en couleurs
H04N 9/82 - Transformation du signal de télévision pour l'enregistrement, p.ex. modulation, changement de fréquence; Transformation inverse pour la reproduction les composantes individuelles des signaux d'image en couleurs n'étant enregistrées que simultanément
H04N 21/2343 - Traitement de flux vidéo élémentaires, p.ex. raccordement de flux vidéo ou transformation de graphes de scènes MPEG-4 impliquant des opérations de reformatage de signaux vidéo pour la distribution ou la mise en conformité avec les requêtes des utilisateurs finaux ou les exigences des dispositifs des utilisateurs finaux
H04N 21/2547 - Facturation de tiers, p.ex. facturation d'un publicitaire
H04N 21/2743 - Hébergement vidéo de données téléchargées à partir du dispositif client
H04N 21/436 - Interfaçage d'un réseau de distribution local, p.ex. communication avec un autre STB ou à l'intérieur de la maison
H04N 21/4402 - Traitement de flux élémentaires vidéo, p.ex. raccordement d'un clip vidéo récupéré d'un stockage local avec un flux vidéo en entrée ou rendu de scènes selon des graphes de scène MPEG-4 impliquant des opérations de reformatage de signaux vidéo pour la redistribution domestique, le stockage ou l'affichage en temps réel
H04N 21/442 - Surveillance de procédés ou de ressources, p.ex. détection de la défaillance d'un dispositif d'enregistrement, surveillance de la bande passante sur la voie descendante, du nombre de visualisations d'un film, de l'espace de stockage disponible dans l
H04N 21/472 - Interface pour utilisateurs finaux pour la requête de contenu, de données additionnelles ou de services; Interface pour utilisateurs finaux pour l'interaction avec le contenu, p.ex. pour la réservation de contenu ou la mise en place de rappels, pour la requête de notification d'événement ou pour la transformation de contenus affichés
H04N 21/475 - Interface pour utilisateurs finaux pour acquérir des données d'utilisateurs finaux, p.ex. numéro d'identification personnel [PIN] ou données de préférences
A bus filter driver and security agent components configured to retrieve and analyze firmware images are described herein. The bus filter driver may attach to a bus device associated with a memory component and retrieve a firmware image of firmware stored on the memory component. The bus filter driver may also retrieve hardware metadata. A kernel-mode component of the security agent may then retrieve the firmware image and hardware metadata from the bus filter driver and provide the firmware image and hardware metadata to a user-mode component of the security agent for security analysis. The security agent components may then provide results of the analysis and/or the firmware image and hardware metadata to a remote security service to determine a security status for the firmware.
H04L 29/06 - Commande de la communication; Traitement de la communication caractérisés par un protocole
G06F 13/42 - Protocole de transfert pour bus, p.ex. liaison; Synchronisation
G06F 21/44 - Authentification de programme ou de dispositif
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
