公开(公告)号：US11455517B2

公开(公告)日：2022-09-27

申请号：US15794832

申请日：2017-10-26

Applicant: PAYPAL, INC.

Inventor： David Tolpin ,  Amit Batzir ,  Nofar Betzalel ,  Michael Dymshits ,  Benjamin Hillel Myara ,  Liron Ben Kimon

IPC: G06N3/04 ,  G06N3/08

Abstract: Anomalies in a data set may be difficult to detect when individual items are not gross outliers from a population average. Disclosed is an anomaly detector that includes neural networks such as an auto-encoder and a discriminator. The auto-encoder and the discriminator may be trained on a training set that does not include anomalies. During training, an auto-encoder generates an internal representation from the training set, and reconstructs the training set from the internal representation. The training continues until data loss in the reconstructed training set is below a configurable threshold. The discriminator may be trained until the internal representation is constrained to a multivariable unit normal. Once trained, the auto-encoder and discriminator identify anomalies in the evaluation set. The identified anomalies in an evaluation set may be linked to transaction, security breach or population trends, but broadly, disclosed techniques can be used to identify anomalies in any suitable population.

公开(公告)号：US10915629B2

公开(公告)日：2021-02-09

申请号：US15802262

申请日：2017-11-02

Applicant: PAYPAL, INC.

Inventor： Michael Dymshits ,  David Tolpin ,  Eli Strajnik ,  Benjamin Hillel Myara ,  Liron Ben Kimon

IPC: G06F21/55 ,  G06F21/64 ,  G06F21/60 ,  G06F16/903

Abstract: Systems and methods for detecting data exfiltration using domain name system (DNS) queries include, in various embodiments, performing operations that include parsing a DNS query to determine whether that DNS query is likely to contain hidden data that is being exfiltrated from a system or network. Statistical methods can be used to analyze the DNS query to determine a likelihood whether each of a plurality of segments of the DNS query are indicative of data exfiltration methods. If one or multiple DNS queries are deemed suspicious based on the analysis, a security action on the DNS query can be performed, including sending an alert and/or blocking the DNS query from being forwarded.

公开(公告)号：US20190130100A1

公开(公告)日：2019-05-02

申请号：US15802262

申请日：2017-11-02

Applicant: PAYPAL, INC.

Inventor： Michael Dymshits ,  David Tolpin ,  Eli Strajnik ,  Benjamin Hillel Myara ,  Liron Ben Kimon

IPC: G06F21/55 ,  G06F21/60 ,  G06F21/64 ,  G06F17/30

Abstract: Systems and methods for detecting data exfiltration using domain name system (DNS) queries include, in various embodiments, performing operations that include parsing a DNS query to determine whether that DNS query is likely to contain hidden data that is being exfiltrated from a system or network. Statistical methods can be used to analyze the DNS query to determine a likelihood whether each of a plurality of segments of the DNS query are indicative of data exfiltration methods. If one or multiple DNS queries are deemed suspicious based on the analysis, a security action on the DNS query can be performed, including sending an alert and/or blocking the DNS query from being forwarded.

公开(公告)号：US11100568B2

公开(公告)日：2021-08-24

申请号：US15852331

申请日：2017-12-22

Applicant: PAYPAL, INC.

Inventor： Benjamin Hillel Myara ,  David Tolpin

IPC: G06Q30/00 ,  G06Q30/06 ,  H04L29/06 ,  H04L29/08 ,  G06F40/30 ,  G06Q30/02

Abstract: Methods and systems for creating and analyzing low-dimensional representation of webpage sequences are described. Network traffic history data associated with a particular website is retrieved and a word embedding algorithm is applied to the network traffic history data to produce a low dimensional embedding. A prediction model is created based on the low-dimensional embedding. Browsing activity on the particular website is monitored. A set of sessions in the current browsing activity is flagged based on a result of applying the prediction model to the monitored browsing activity.

公开(公告)号：US10706148B2

公开(公告)日：2020-07-07

申请号：US15845199

申请日：2017-12-18

Applicant: PayPal, Inc.

Inventor： Michael Dymshits ,  Benjamin Hillel Myara

IPC: G06F21/56

Abstract: The systems and methods that detect a malicious process using count vectors are provided. Count vectors store a number and types of system calls that a process executed in a configurable time interval. The count vectors are provided to a temporal convolution network and a spatial convolution network. The temporal convolution network generates a temporal output by passing the count vectors through temporal filters that identify temporal features of the process. The spatial convolution network generates a spatial output by passing the count vectors through spatial filters that identify spatial features of the process. The temporal output and the spatial output are merged into a summary representation of the process. The malware detection system uses the summary representation to determine that the process as a malicious process.

公开(公告)号：US12079860B2

公开(公告)日：2024-09-03

申请号：US17409576

申请日：2021-08-23

Applicant: PayPal, Inc.

Inventor： Benjamin Hillel Myara ,  David Tolpin

IPC: G06Q30/00 ,  G06F40/30 ,  G06Q30/0204 ,  G06Q30/0251 ,  G06Q30/0601 ,  H04L9/40 ,  H04L67/02 ,  H04L67/14 ,  H04L67/145 ,  H04L67/50

CPC classification number: G06Q30/0641 ,  G06F40/30 ,  G06Q30/0204 ,  G06Q30/0251 ,  G06Q30/0601 ,  G06Q30/0633 ,  H04L63/14 ,  H04L63/1425 ,  H04L67/02 ,  H04L67/14 ,  H04L67/145 ,  H04L67/535

Abstract: Methods and systems for creating and analyzing low-dimensional representation of webpage sequences are described. Network traffic history data associated with a particular website is retrieved and a word embedding algorithm is applied to the network traffic history data to produce a low dimensional embedding. A prediction model is created based on the low-dimensional embedding. Browsing activity on the particular website is monitored. A set of sessions in the current browsing activity is flagged based on a result of applying the prediction model to the monitored browsing activity.

公开(公告)号：US20210383459A1

公开(公告)日：2021-12-09

申请号：US17409576

申请日：2021-08-23

Applicant: PayPal, Inc.

Inventor： Benjamin Hillel Myara ,  David Tolpin

IPC: G06Q30/06 ,  H04L29/06 ,  H04L29/08 ,  G06F40/30 ,  G06Q30/02

Abstract: Methods and systems for creating and analyzing low-dimensional representation of webpage sequences are described. Network traffic history data associated with a particular website is retrieved and a word embedding algorithm is applied to the network traffic history data to produce a low dimensional embedding. A prediction model is created based on the low-dimensional embedding. Browsing activity on the particular website is monitored. A set of sessions in the current browsing activity is flagged based on a result of applying the prediction model to the monitored browsing activity.

公开(公告)号：US20190188379A1

公开(公告)日：2019-06-20

申请号：US15845199

申请日：2017-12-18

Applicant: PayPal, Inc.

Inventor： Michael Dymshits ,  Benjamin Hillel Myara

IPC: G06F21/56

CPC classification number: G06F21/56 ,  G06F21/566 ,  G06F2221/033

Abstract: The systems and methods that detect a malicious process using count vectors are provided. Count vectors store a number and types of system calls that a process executed in a configurable time interval. The count vectors are provided to a temporal convolution network and a spatial convolution network. The temporal convolution network generates a temporal output by passing the count vectors through temporal filters that identify temporal features of the process. The spatial convolution network generates a spatial output by passing the count vectors through spatial filters that identify spatial features of the process. The temporal output and the spatial output are merged into a summary representation of the process. The malware detection system uses the summary representation to determine that the process as a malicious process.

公开(公告)号：US20190005408A1

公开(公告)日：2019-01-03

申请号：US15639580

申请日：2017-06-30

Applicant: PayPal, Inc.

Inventor： David Tolpin ,  Benjamin Hillel Myara ,  Michael Dymshits

IPC: G06N99/00 ,  G06F17/30 ,  G06Q30/06

Abstract: Machine learning techniques can be used to train a classifier, in some embodiments, to accurately detect similarities between different records of user activity for a same user. When more recent data is received, newer data can be analyzed by selectively removing particular sub-groups of data to see if there is any particular data that accounts for a large difference (e.g. when run through a classifier that has been trained to produce similar results for known activity data from a same user). If a sub-group of data is identified as being significantly different from other user data, this may indicate an account breach. Advanced machine learning techniques described herein may be applicable to a variety of different environments.

公开(公告)号：US20250022042A1

公开(公告)日：2025-01-16

申请号：US18794296

申请日：2024-08-05

Applicant: PayPal, Inc.

Inventor： Benjamin Hillel Myara ,  David Tolpin

IPC: G06Q30/0601 ,  G06F40/30 ,  G06Q30/0204 ,  G06Q30/0251 ,  H04L9/40 ,  H04L67/02 ,  H04L67/14 ,  H04L67/145 ,  H04L67/50

Abstract: Methods and systems for creating and analyzing low-dimensional representation of webpage sequences are described. Network traffic history data associated with a particular website is retrieved and a word embedding algorithm is applied to the network traffic history data to produce a low dimensional embedding. A prediction model is created based on the low-dimensional embedding. Browsing activity on the particular website is monitored. A set of sessions in the current browsing activity is flagged based on a result of applying the prediction model to the monitored browsing activity.