公开(公告)号：US10915629B2

公开(公告)日：2021-02-09

申请号：US15802262

申请日：2017-11-02

Applicant: PAYPAL, INC.

Inventor： Michael Dymshits ,  David Tolpin ,  Eli Strajnik ,  Benjamin Hillel Myara ,  Liron Ben Kimon

IPC: G06F21/55 ,  G06F21/64 ,  G06F21/60 ,  G06F16/903

Abstract: Systems and methods for detecting data exfiltration using domain name system (DNS) queries include, in various embodiments, performing operations that include parsing a DNS query to determine whether that DNS query is likely to contain hidden data that is being exfiltrated from a system or network. Statistical methods can be used to analyze the DNS query to determine a likelihood whether each of a plurality of segments of the DNS query are indicative of data exfiltration methods. If one or multiple DNS queries are deemed suspicious based on the analysis, a security action on the DNS query can be performed, including sending an alert and/or blocking the DNS query from being forwarded.

公开(公告)号：US20190130100A1

公开(公告)日：2019-05-02

申请号：US15802262

申请日：2017-11-02

Applicant: PAYPAL, INC.

Inventor： Michael Dymshits ,  David Tolpin ,  Eli Strajnik ,  Benjamin Hillel Myara ,  Liron Ben Kimon

IPC: G06F21/55 ,  G06F21/60 ,  G06F21/64 ,  G06F17/30

Abstract: Systems and methods for detecting data exfiltration using domain name system (DNS) queries include, in various embodiments, performing operations that include parsing a DNS query to determine whether that DNS query is likely to contain hidden data that is being exfiltrated from a system or network. Statistical methods can be used to analyze the DNS query to determine a likelihood whether each of a plurality of segments of the DNS query are indicative of data exfiltration methods. If one or multiple DNS queries are deemed suspicious based on the analysis, a security action on the DNS query can be performed, including sending an alert and/or blocking the DNS query from being forwarded.

公开(公告)号：US11687769B2

公开(公告)日：2023-06-27

申请号：US15639580

申请日：2017-06-30

Applicant: PayPal, Inc.

Inventor： David Tolpin ,  Benjamin Hillel Myara ,  Michael Dymshits

IPC: G06N3/08 ,  G06N20/00 ,  G06N3/082 ,  G06N3/045 ,  G06Q30/06 ,  G06F16/35

CPC classification number: G06N3/08 ,  G06F16/35 ,  G06N3/045 ,  G06N3/082 ,  G06N20/00 ,  G06Q30/06

Abstract: Machine learning techniques can be used to train a classifier, in some embodiments, to accurately detect similarities between different records of user activity for a same user. When more recent data is received, newer data can be analyzed by selectively removing particular sub-groups of data to see if there is any particular data that accounts for a large difference (e.g. when run through a classifier that has been trained to produce similar results for known activity data from a same user). If a sub-group of data is identified as being significantly different from other user data, this may indicate an account breach. Advanced machine learning techniques described herein may be applicable to a variety of different environments.

公开(公告)号：US11410047B2

公开(公告)日：2022-08-09

申请号：US16237114

申请日：2018-12-31

Applicant: PAYPAL, INC.

Inventor： Liron Florens Ben Kimon ,  Michael Dymshits ,  Albert Zelmanovitch ,  Dan Ayash

IPC: G06N3/08 ,  G06Q20/38

Abstract: Systems and methods for anomaly detection includes accessing first data comprising a plurality of historical reversion transactions. A plurality of legitimate transactions are determined from the plurality of historical reversion transactions. An autoencoder is trained using the plurality of legitimate transactions to generate a trained autoencoder capable of measuring a given transaction for similarity to the plurality of legitimate transactions. A first reconstructed transaction is generated by the trained autoencoder using a first transaction. The first transaction is determined to be anomalous based on a reconstruction difference between the first transaction and the first reconstructed transaction.

公开(公告)号：US20190130254A1

公开(公告)日：2019-05-02

申请号：US15794832

申请日：2017-10-26

Applicant: Paypal, Inc.

Inventor： David Tolpin ,  Amit Batzir ,  Nofar Betzalel ,  Michael Dymshits ,  Benjamin Hillel Myara ,  Liron Ben Kimon

IPC: G06N3/04 ,  G06N3/08

Abstract: Anomalies in a data set may be difficult to detect when individual items are not gross outliers from a population average. Disclosed is an anomaly detector that includes neural networks such as an auto-encoder and a discriminator. The auto-encoder and the discriminator may be trained on a training set that does not include anomalies. During training, an auto-encoder generates an internal representation from the training set, and reconstructs the training set from the internal representation. The training continues until data loss in the reconstructed training set is below a configurable threshold. The discriminator may be trained until the internal representation is constrained to a multivariable unit normal. Once trained, the auto-encoder and discriminator identify anomalies in the evaluation set. The identified anomalies in an evaluation set may be linked to transaction, security breach or population trends, but broadly, disclosed techniques can be used to identify anomalies in any suitable population.

公开(公告)号：US11455517B2

公开(公告)日：2022-09-27

申请号：US15794832

申请日：2017-10-26

Applicant: PAYPAL, INC.

Inventor： David Tolpin ,  Amit Batzir ,  Nofar Betzalel ,  Michael Dymshits ,  Benjamin Hillel Myara ,  Liron Ben Kimon

IPC: G06N3/04 ,  G06N3/08

Abstract: Anomalies in a data set may be difficult to detect when individual items are not gross outliers from a population average. Disclosed is an anomaly detector that includes neural networks such as an auto-encoder and a discriminator. The auto-encoder and the discriminator may be trained on a training set that does not include anomalies. During training, an auto-encoder generates an internal representation from the training set, and reconstructs the training set from the internal representation. The training continues until data loss in the reconstructed training set is below a configurable threshold. The discriminator may be trained until the internal representation is constrained to a multivariable unit normal. Once trained, the auto-encoder and discriminator identify anomalies in the evaluation set. The identified anomalies in an evaluation set may be linked to transaction, security breach or population trends, but broadly, disclosed techniques can be used to identify anomalies in any suitable population.

公开(公告)号：US20200210849A1

公开(公告)日：2020-07-02

申请号：US16237114

申请日：2018-12-31

Applicant: PAYPAL, INC.

Inventor： Liron Florens Ben Kimon ,  Michael Dymshits ,  Albert Zelmanovitch ,  Dan Ayash

IPC: G06N3/08 ,  G06Q20/38

Abstract: Systems and methods for anomaly detection includes accessing first data comprising a plurality of historical reversion transactions. A plurality of legitimate transactions are determined from the plurality of historical reversion transactions. An autoencoder is trained using the plurality of legitimate transactions to generate a trained autoencoder capable of measuring a given transaction for similarity to the plurality of legitimate transactions. A first reconstructed transaction is generated by the trained autoencoder using a first transaction. The first transaction is determined to be anomalous based on a reconstruction difference between the first transaction and the first reconstructed transaction.

公开(公告)号：US20190108449A1

公开(公告)日：2019-04-11

申请号：US15726166

申请日：2017-10-05

Applicant: PAYPAL, INC.

Inventor： Raoul Christopher Johnson ,  Omri Moshe Lahav ,  Michael Dymshits ,  David Tolpin

IPC: G06N5/02 ,  G06F17/30 ,  G06N99/00

Abstract: Aspects of the present disclosure involve systems, methods, devices, and the like for generating compact tree representations applicable to machine learning. In one embodiment, a system is introduced that can retrieve a decision tree structure to generate a compact tree representation model. The compact tree representation model may come in the form of a matrix design to maintain the relationships expressed by the decision tree structure.

公开(公告)号：US20220058493A1

公开(公告)日：2022-02-24

申请号：US17361316

申请日：2021-06-28

Applicant: PAYPAL, INC.

Inventor： Raoul Christopher Johnson ,  Omri Moshe Lahav ,  Michael Dymshits ,  David Tolpin

IPC: G06N5/02 ,  G06N20/00 ,  G06F16/22

Abstract: Aspects of the present disclosure involve systems, methods, devices, and the like for generating compact tree representations applicable to machine learning. In one embodiment, a system is introduced that can retrieve a decision tree structure to generate a compact tree representation model. The compact tree representation model may come in the form of a matrix design to maintain the relationships expressed by the decision tree structure.

公开(公告)号：US20190188379A1

公开(公告)日：2019-06-20

申请号：US15845199

申请日：2017-12-18

Applicant: PayPal, Inc.

Inventor： Michael Dymshits ,  Benjamin Hillel Myara

IPC: G06F21/56

CPC classification number: G06F21/56 ,  G06F21/566 ,  G06F2221/033

Abstract: The systems and methods that detect a malicious process using count vectors are provided. Count vectors store a number and types of system calls that a process executed in a configurable time interval. The count vectors are provided to a temporal convolution network and a spatial convolution network. The temporal convolution network generates a temporal output by passing the count vectors through temporal filters that identify temporal features of the process. The spatial convolution network generates a spatial output by passing the count vectors through spatial filters that identify spatial features of the process. The temporal output and the spatial output are merged into a summary representation of the process. The malware detection system uses the summary representation to determine that the process as a malicious process.