INDUCTIVE LEARNING AND INDUCTIVE FORGETTING FOR BOLSTERING MACHINE-LEARNING MODEL PERFORMANCE
Granted: March 17, 2022
Application Number:
20220083901
Systems and methods are described for training a machine learning model using intelligently selected multiclass vectors. According to an embodiment, an un-labeled feature vector is selected from a set of feature vectors. A model classified cluster and a confidence score are obtained by classifying an un-labeled feature vector using a machine-learning model. A determination is made regarding whether the confidence score is greater than a threshold. When the determination is affirmative:…
INTELLIGENT VECTOR SELECTION BY IDENTIFYING HIGH MACHINE-LEARNING MODEL SKEPTICISM
Granted: March 17, 2022
Application Number:
20220083900
Systems and methods are described for training a machine learning model using intelligently selected multiclass vectors. According to an embodiment, a processing resource of a computer system receives a set of feature vectors. For each feature vector of the set of feature vectors: (i) the feature vector is classified as one of multiple classes using a machine-learning model trained for multiclass classification; and (ii) a prediction skepticism metric, representing a degree of prediction…
REAL-TIME MINIMAL VECTOR LABELING SCHEME FOR SUPERVISED MACHINE LEARNING
Granted: March 17, 2022
Application Number:
20220083815
Systems and methods are described for training a machine learning model using intelligently selected multiclass vectors. According to an embodiment, a set of un-labeled feature vectors are received. The set of feature vectors are grouped into clusters within a vector space having fewer dimensions than the first set of feature vectors by applying a homomorphic dimensionality reduction algorithm to the set of feature vectors and performing centroid-based clustering. An optimal set of…
CONVEX OPTIMIZED STOCHASTIC VECTOR SAMPLING BASED REPRESENTATION OF GROUND TRUTH
Granted: March 17, 2022
Application Number:
20220083810
Systems and methods are described for training a machine learning model using intelligently selected multiclass vectors. According to an embodiment, a processing resource of a computing system receives a first set of un-labeled feature vectors. The first set feature vectors are homomorphically translated using a T-Distributed Stochastic Neighbor Embedding (t-SNE) algorithm to obtain a second set of feature vectors with reduced dimensionality. The second set of feature vectors are…
ADAPTIVE FILTERING OF MALWARE USING MACHINE-LEARNING BASED CLASSIFICATION AND SANDBOXING
Granted: March 3, 2022
Application Number:
20220067146
Systems and methods for adaptive filtering of malware using a machine-learning model and sandboxing are provided. According to one embodiment, a processing resource of a sandbox appliance receives a file. A feature vector associated with the file is generated by extracting multiple static features from the file. The file is classified based on the feature vector by applying a machine-learning model. When the classification of the file is unknown, representing insufficient information is…
INTRUSION DETECTION IN A WIRELESS NETWORK USING LOCATION INFORMATION OF WIRELESS DEVICES
Granted: December 30, 2021
Application Number:
20210409953
Systems and methods for detecting and/or preventing intrusions in a wireless network based on location information of wireless devices are provided. According to one embodiment, a database is maintained by a wireless network security system that includes historical location information and a media access control (MAC) address for multiple wireless devices observed by wireless access points (APs) of a wireless network of an enterprise. Information regarding one or more probe signals…
AUTOMATIC TAGGING OF CLOUD RESOURCES FOR IMPLEMENTING SECURITY POLICIES
Granted: December 30, 2021
Application Number:
20210409486
Systems and methods for automatically tagging cloud resources that are spread across multiple cloud platforms are provided. According to one embodiment, information regarding each cloud provider of multiple cloud providers associated with a cloud environment used by a private network is received by a cloud-tagging orchestrator service of the private network. For each cloud resource of a plurality of cloud resources hosted by the cloud providers on behalf of the private network: (i)…
LEVERAGING NETWORK SECURITY SCANNING TO OBTAIN ENHANCED INFORMATION REGARDING AN ATTACK CHAIN INVOLVING A DECOY FILE
Granted: December 30, 2021
Application Number:
20210409446
Systems and methods for identifying a source of an attack chain based on network security scanning events triggered by movement of a decoy file are provided. A decoy file is stored on a deception host deployed by a deception-based intrusion detection system (IDS) within a private network. The decoy file contains therein a traceable object that is detectable by network security scanning performed by multiple network security devices protecting the private network. Information regarding an…
MULTI-FACTOR AUTHENTICATION FOR ACCESSING AN ELECTRONIC MAIL
Granted: December 9, 2021
Application Number:
20210385183
Systems and methods for facilitating secure access to email messages based on multi-factor authentication are provided. According to one embodiment, an electronic mail (email) addressed to an email recipient is received by a mail transfer agent (MTA) associated with a mail server. A security policy is assigned to the email by the MTA based on one or both of metadata associated with the email and content of the email. When the security policy calls for multi-factor authentication of the…
COMPILING DOMAIN-SPECIFIC LANGUAGE CODE TO GENERATE EXECUTABLE CODE TARGETING AN APPROPRIATE TYPE OF PROCESSOR OF A NETWORK DEVICE
Granted: November 18, 2021
Application Number:
20210357194
Systems and methods for programming a network device using a domain-specific language (DSL) are provided. According to one embodiment, source code in a form of a DSL, describing a slow-path task that is to be performed by a network device, is received by a processing resource. A determination is made regarding one or more types of processors are available within the network device to implement the slow-path task. For each portion of the source code, a preferred type of processor is…
FACILITATING SECURE UNLOCKING OF A COMPUTING DEVICE
Granted: September 30, 2021
Application Number:
20210303667
Systems and methods for facilitating secure unlocking of a computing device based on user-defined rules are provided. According to one embodiment, a request to unlock a client device is received by a security agent running on the client device. Responsive to the request, information regarding a set of operating characteristics of the client device is obtained by the security agent. One or more authentication mechanisms of multiple authentication mechanisms available on the client device…
HARDWARE ACCELERATION DEVICE FOR DENIAL-OF-SERVICE ATTACK IDENTIFICATION AND MITIGATION
Granted: September 30, 2021
Application Number:
20210306373
Systems and methods for providing an integrated or Smart NIC-based hardware accelerator for a network security device to facilitate identification and mitigation of DoS attacks is provided. According to one embodiment, a processor of a network security device receives an application layer protocol request from a client, directed to a domain hosted by various servers and protected by the network security device. The application layer protocol request is parsed to extract a domain name and…
MACHINE-LEARNING BASED APPROACH FOR DYNAMICALLY GENERATING INCIDENT-SPECIFIC PLAYBOOKS FOR A SECURITY ORCHESTRATION, AUTOMATION AND RESPONSE (SOAR) PLATFORM
Granted: September 30, 2021
Application Number:
20210306352
Systems and methods for a machine-learning based approach for dynamically generating incident-specific playbooks for a security orchestration and automated response (SOAR) platform are provided. The SOAR platform captures information regarding execution of a sequence of actions performed by analysts responsive to a first incident of a first type. The captured information is fed into a machine-learning model. When a second incident, observed by the SOAR platform, is similar in nature to…
PORTABLE, HARDWARE-BASED AUTHENTICATION CLIENT TO ENFORCE USER-TO-SITE NETWORK ACCESS CONTROL RESTRICTIONS
Granted: September 30, 2021
Application Number:
20210306300
Systems and methods for a portable, hardware-based authentication client solution that enforces user-to-site network access control restrictions is provided. According to various embodiments of the present disclosure, the authentication client device maintains a list of pre-authorized client devices. The authentication client device is assigned to a particular user of an enterprise network and paired with a firewall appliance. A connection establishment request for establishing a…
AVOIDING ASYMETRIC ROUTING IN AN SDWAN BY DYNAMICALLY SETTING BGP ATTRIBUTES WITHIN ROUTING INFORMATION ADVERTISED BY AN SDWAN APPLIANCE
Granted: September 30, 2021
Application Number:
20210306261
Systems and methods are described for automatically controlling network routing between downstream side and upstream side of a communication network to enforce symmetric routing. According to one embodiment, a Software-Defined Wide Area Network (SDWAN) controller of a network device associated with a spoke site of an SDWAN manages links forming the SDWAN. The controller receives information regarding route maps, including a preferred route-map and an un-preferred route-map. Further, the…
ACTIVE PATH DETECTION FOR ON-DEMAND NETWORK LINKS IN A SOFTWARE-DEFINED WIDE AREA NETWORK (SDWAN)
Granted: September 30, 2021
Application Number:
20210306247
Systems and methods are described for active path detection for on-demand network links in an SDWAN. According to one embodiment, on establishment of an on-demand network link between a first spoke device and a second spoke device of an SDWAN, the first spoke creates a health check object and periodically measures a metric representing a latency between the first and second spokes. Responsive to receipt of a packet via the on-demand network link, the first spoke determines whether the…
CAPTURING AND CORRELATING MULTIPLE SOURCES OF DEBUGGING INFORMATION RELATING TO A NETWORK RESOURCE VIA A BROWSER EXTENSION
Granted: September 30, 2021
Application Number:
20210306226
Systems and methods for capturing and correlating multiple sources of debugging information relating to a network resource and a client device via a browser extension are provided. A browser extension integrated within a browser running on a client device, receives a request to initiate capturing of debugging information relating to a potential bug associated with a network resource with which an end user is interacting via the browser, and in response to the first request, starts…
MACHINE-LEARNING BASED APPROACH FOR MALWARE SAMPLE CLUSTERING
Granted: September 30, 2021
Application Number:
20210304013
Systems and methods for a machine learning based approach for identification of malware using static analysis and a machine-learning based automatic clustering of malware are provided. According to various embodiments of the present disclosure, a processing resource of a computer system receives a potential malware sample. A plurality of feature vectors is extracted from the potential malware sample and is converted into an input vector. A byte sequence is generated by walking a…
MACHINE-LEARNING BASED APPROACH FOR CLASSIFICATION OF ENCRYPTED NETWORK TRAFFIC
Granted: September 30, 2021
Application Number:
20210303984
Systems and methods for a machine-learning based approach for classification of encrypted network traffic data are provided. According to various embodiment of the present disclosure, a network security device receives a stream of packets representing a network flow. Metadata relating to the stream of packets is determined. Application layer payload data of one or more packets of the stream of packets is matched against string patterns and regular expression patterns. Statistics relating…
DETECTING MALICIOUS BEHAVIOR IN A NETWORK USING SECURITY ANALYTICS BY ANALYZING PROCESS INTERACTION RATIOS
Granted: September 30, 2021
Application Number:
20210303682
Systems and methods for detecting malicious behavior in a network by analyzing process interaction ratios (PIRs) are provided. According to one embodiment, information regarding historical process activity is maintained. The historical process activity includes information regarding various processes hosted by computing devices of a private network. Information regarding process activity within the private network is received for a current observation period. For each process, for each…
