公开(公告)号：US11477007B1

公开(公告)日：2022-10-18

申请号：US17229046

申请日：2021-04-13

Applicant: International Business Machines Corporation

Inventor： Omri Soceanu ,  Ehud Aharoni ,  Allon Adir ,  Lev Greenberg ,  Gilad Ezov ,  Ramy Masalha

IPC: H04L9/00

Abstract: An efficient packing method that will optimize use of the homomorphic encryption ciphertext slots, trading-off size, latency, and throughput. Technology for working with tensors (multi-dimensional arrays) in a system that imposes tiles, that is, fixed-size vectors. An example of a system that imposes tiles are homomorphic encryption schemes, where each ciphertext encrypts a vector of some fixed size. The tensors are packed into tiles and then manipulated via operations on those tiles. Also, syntax for notation for describing packing details. This technology interprets the tiles as multi-dimensional arrays, and combines them to cover enough space to hold the tensor. An efficient summation algorithm can then sum over any dimension of this tile tensor construct that exists in the physical or logical addressing space of a computer data memory.

公开(公告)号：US11349859B2

公开(公告)日：2022-05-31

申请号：US16695251

申请日：2019-11-26

Applicant: International Business Machines Corporation

Inventor： Allon Adir ,  Ehud Aharoni ,  Lev Greenberg ,  Omri Soceanu

IPC: H04L9/00 ,  H04L9/40

Abstract: Embodiments may provide techniques to detect cyber-security events in IoT data traffic that provide improved detection accuracy and preservation of privacy. For example, in an embodiment, a method may be implemented in a computer comprising a processor, memory accessible by the processor, and computer program instructions stored in the memory and executable by the processor, the method may comprise collecting a plurality of messages to and from at least one device, extracting metadata features from the collected plurality of messages, generating a time window, determining additional features based on the extracted metadata features present during the time window, detecting behavioral patterns of the at least one device based on the collected plurality of messages, clustering the determined additional features and the detected behavioral patterns present during the time window, and detecting at least one anomaly or type of anomaly using the clustered determined additional features and the detected behavioral patterns.

公开(公告)号：US20170364612A1

公开(公告)日：2017-12-21

申请号：US15182630

申请日：2016-06-15

Applicant: International Business Machines Corporation

Inventor： Henry Broodney ,  Lev Greenberg ,  Michael Masin ,  Evgeny Shindin

IPC: G06F17/50

CPC classification number: G06F17/5009

Abstract: A method, system, and product for simulation of Internet of Things (IoT) environment. The method performed by a simulation node in the IoT environment, which comprises the simulation node and a cloud server connected by a computerized network. The method comprises selecting a simulated IoT device to simulate from a plurality of simulated IoT devices that are being simulated by the simulation node; invoking a real-world model to obtain real-world simulated values; determining a simulated behavior of the selected simulated IoT device by invoking a device model and providing the real-world simulated values thereto, o wherein the simulated behavior comprises transmitting a message to the cloud server; setting a next simulated action of the simulation node to occur at a designated time, wherein the next simulated action is the simulated behavior; and performing the next simulated action at the designated time.

公开(公告)号：US09165090B2

公开(公告)日：2015-10-20

申请号：US13631996

申请日：2012-09-30

Applicant: International Business Machines Corporation

Inventor： Henry Broodney ,  Dolev Dotan ,  Lev Greenberg ,  Michael Masin

IPC: G06F17/50

CPC classification number: G06F17/50 ,  G06F17/5009 ,  G06F17/5086 ,  G06F17/5095

Abstract: A method for concise modeling including receiving a first model mapping a plurality of prototype connections between a plurality of prototype objects, receiving at least one dataset having a plurality of optional objects, each object matching one of the prototype objects, and automatically constructing a second model having at least one of the optional objects mapped according to the first model.

Abstract translation: 一种用于简明建模的方法，包括接收映射多个原型对象之间的多个原型连接的第一模型，接收具有多个可选对象的至少一个数据集，与原型对象之一匹配的每个对象，以及自动构建第二模型 具有根据第一模型映射的至少一个可选对象。

公开(公告)号：US12130889B2

公开(公告)日：2024-10-29

申请号：US17655566

申请日：2022-03-21

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION

Inventor： Nir Drucker ,  Ehud Aharoni ,  Hayim Shaul ,  Allon Adir ,  Lev Greenberg

IPC: G06F18/214 ,  G06N3/04 ,  G06N3/08 ,  H04L9/00

CPC classification number: G06F18/2148 ,  G06N3/04 ,  G06N3/08 ,  H04L9/008

Abstract: A method, a neural network, and a computer program product are provided that optimize training of neural networks using homomorphic encrypted elements and dropout algorithms for regularization. The method includes receiving, via an input to the neural network, a training dataset containing samples that are encrypted using homomorphic encryption. The method also includes determining a packing formation and selecting a dropout technique during training of the neural network based on the packing technique. The method further includes starting with a first packing formation from the training dataset, inputting the first packing formation in an iterative or recursive manner into the neural network using the selected dropout technique, with a next packing formation from the training dataset acting as an initial input that is applied to the neural network for a next iteration, until a stopping metric is produced by the neural network.

公开(公告)号：US20240004993A1

公开(公告)日：2024-01-04

申请号：US17809586

申请日：2022-06-29

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION

Inventor： Boris Rozenberg ,  Yehoshua Sagron ,  Lev Greenberg

IPC: G06F21/55

CPC classification number: G06F21/554 ,  G06F2221/034

Abstract: A method, computer system, and a computer program for malware detection in containerized environments are provided. The method may include monitoring operation of a container image by receiving a plurality of system calls performed during the operation of the container image. The method further includes comparing the plurality of system calls to prior container behavior associated with previous operation of a prior container image, and identifying a deviation from the prior container behavior. The method further includes isolating a subset of the plurality of system calls and classifying the subset to a malware class of a plurality of malware classes.

公开(公告)号：US11675976B2

公开(公告)日：2023-06-13

申请号：US16504274

申请日：2019-07-07

Applicant: International Business Machines Corporation

Inventor： Sigal Asaf ,  Ariel Farkash ,  Lev Greenberg ,  Micha Gideon Moffie

IPC: G06F40/279 ,  G06N5/02 ,  G06F18/22 ,  G06F18/2415

CPC classification number: G06F40/279 ,  G06F18/22 ,  G06F18/2415 ,  G06N5/02

Abstract: Embodiments of the present systems and methods may provide techniques to distinguish between data categories. For example, a method implemented in a computer system may comprise obtaining, at the computer system, a plurality of data strings in different categories, each category having a same string pattern, determining a loose string format and a set of restrictions based on at least one string pattern, classifying the plurality of data strings to respective different categories based on a loose string format of the data strings and on the restrictions on the data strings of the different categories using a classification score indicating utilizing restriction information of other categories when determining the matching of a category, and decreasing the classification score if a mean restriction matching proportion is not part of a category or is a threshold amount above an expected mean restriction matching proportion.

公开(公告)号：US11550567B2

公开(公告)日：2023-01-10

申请号：US17221801

申请日：2021-04-04

Applicant: International Business Machines Corporation

Inventor： Fady Copty ,  Omri Soceanu ,  Lev Greenberg ,  Dov Murik

IPC: G06F8/71 ,  G06F8/33 ,  G06F8/77 ,  H04L67/50

Abstract: The present invention relates to novel techniques for monitoring changes to source code of Infrastructure as Code systems to detect attempted anomalous changes and block such changes from the code. For example, a method may comprise learning a security architecture and history of an infrastructure as code system to be deployed in at least one cloud account, monitoring changes to source code of the infrastructure as code system that are made before deployment of the infrastructure as code system to detect an anomaly, determining whether the detected anomaly affects regulated resources of the infrastructure as code system, and blocking changes to the source code of the infrastructure as code system that produce the detected anomaly that affects regulated resources of the infrastructure as code system.

公开(公告)号：US20200012797A1

公开(公告)日：2020-01-09

申请号：US16029608

申请日：2018-07-08

Applicant: International Business Machines Corporation

Inventor： ALLON ADIR ,  Lev Greenberg ,  Omri Soceanu

IPC: G06F21/60 ,  G06F21/62

Abstract: Embodiments of the present systems and methods may provide techniques for encryption of location information, while preserving a format and semantics of the information. For example, in an embodiment, a computer-implemented method for encrypting data may comprise receiving location data and generating encrypted data from the received location data, wherein the encrypted data preserves the format and semantics of the received location data.

公开(公告)号：US10397259B2

公开(公告)日：2019-08-27

申请号：US15466892

申请日：2017-03-23

Applicant: International Business Machines Corporation

Inventor： Allon Adir ,  Ehud Aharoni ,  Lev Greenberg ,  Rosa Miroshnikov ,  Boris Rozenberg ,  Oded Sofer

IPC: H04L29/06 ,  G06F21/55 ,  G06F21/57

Abstract: A system for detecting cyber security events can include a processor to generate a first set of a plurality of time series and aggregate statistics based on a plurality of properties corresponding to user actions for each user in a set of users. The processor can also separate the set of users into a plurality of clusters based on the first set of the plurality of time series or aggregate statistics for each user and assign an identifier to each of the plurality of clusters. Additionally, the processor can generate a second set of a plurality of time series based on properties of the plurality of clusters, wherein the properties of a cluster correspond to a membership, a diameter, and a centroid and detect an anomaly based on a new value stored in the second set of the time series. Furthermore, the processor can execute a prevention instruction.