公开(公告)号：US11368464B2

公开(公告)日：2022-06-21

申请号：US16698970

申请日：2019-11-28

Applicant: salesforce.com, inc.

Inventor： Ankur Gupta ,  Anuj Gargeya Malkapuram

IPC: H04L9/40

Abstract: An online system monitors resources utilization by users connecting with the online system and detects unauthorized resource utilization. The online system collects samples of browser attributes from browsers interacting with the online system. The online system determines statistics describing the browser attributes based on the collected samples for that user. The online system receives values of browser attributes for a new request received from a user and determines a browser score indicating a likelihood that the new request was sent from a new client device different from the client devices used by the user during the time interval. If the online system determines that the score indicates that the new request was sent by the new client device, the online system takes mitigating actions to control the unauthorized resource utilization, for example, by requesting credentials for authenticating the request.

公开(公告)号：US20210168147A1

公开(公告)日：2021-06-03

申请号：US16698970

申请日：2019-11-28

Applicant: salesforce.com, inc.

Inventor： Ankur Gupta ,  Anuj Gargeya Malkapuram

IPC: H04L29/06

Abstract: An online system monitors resources utilization by users connecting with the online system and detects unauthorized resource utilization. The online system collects samples of browser attributes from browsers interacting with the online system. The online system determines statistics describing the browser attributes based on the collected samples for that user. The online system receives values of browser attributes for a new request received from a user and determines a browser score indicating a likelihood that the new request was sent from a new client device different from the client devices used by the user during the time interval. If the online system determines that the score indicates that the new request was sent by the new client device, the online system takes mitigating actions to control the unauthorized resource utilization, for example, by requesting credentials for authenticating the request.

公开(公告)号：US11637841B2

公开(公告)日：2023-04-25

申请号：US16725819

申请日：2019-12-23

Applicant: salesforce.com, inc.

Inventor： John Seymour ,  Anuj Gargeya Malkapuram ,  Prashant Dwarkadas Agrawal

IPC: H04L29/06 ,  H04L9/40 ,  G06F11/32 ,  G06F11/30

Abstract: Techniques are disclosed relating to reporting for network events within a computer network. A computer system may access a set of data corresponding to a particular network event within a computer network, where the set of data includes captured attributes of the particular network event. The computer system may then calculate, using the set of data, a security score indicative of suspiciousness of the event and an actionability score that is based on an extent to which of a particular group of attributes are missing from the set of data. The computer system may determine, based on the two scores, a combined score for the event. The computer system may then report a notification for the event, based on the combined score. Such techniques may decrease a number of reported events for a network, which may advantageously allow resources to be focused on a smaller set of events.

公开(公告)号：US20210136059A1

公开(公告)日：2021-05-06

申请号：US16675094

申请日：2019-11-05

Applicant: salesforce.com, inc.

Inventor： Ankur Gupta ,  Anuj Gargeya Malkapuram

IPC: H04L29/06

Abstract: An online system monitors resources utilization by users connecting with the online system and detects unauthorized resource utilization caused by sharing of sessions. The online system collects samples of browser attributes from browsers interacting with the online system. The online system determines a score indicating a difference between two samples of browser attributes taken at different times. The online system uses the score to determine whether the two samples of browser attributes in the same session were received from different browsers. If the online system detects unauthorized resource utilization if the two samples are determined to be from two different browsers. The online system takes mitigating actions, for example, by invalidating the session or requiring users to re-enter credentials.

公开(公告)号：US12047373B2

公开(公告)日：2024-07-23

申请号：US16675094

申请日：2019-11-05

Applicant: salesforce.com, inc.

Inventor： Ankur Gupta ,  Anuj Gargeya Malkapuram

IPC: H04L9/40

CPC classification number: H04L63/0853 ,  H04L63/0876 ,  H04L63/10 ,  H04L63/1425

Abstract: An online system monitors resources utilization by users connecting with the online system and detects unauthorized resource utilization caused by sharing of sessions. The online system collects samples of browser attributes from browsers interacting with the online system. The online system determines a score indicating a difference between two samples of browser attributes taken at different times. The online system uses the score to determine whether the two samples of browser attributes in the same session were received from different browsers. If the online system detects unauthorized resource utilization if the two samples are determined to be from two different browsers. The online system takes mitigating actions, for example, by invalidating the session or requiring users to re-enter credentials.

公开(公告)号：US20230244766A1

公开(公告)日：2023-08-03

申请号：US17589617

申请日：2022-01-31

Applicant: salesforce.com, inc.

Inventor： Vijay Erramilli ,  Regunathan Radhakrishnan ,  Anuj Gargeya Malkapuram

IPC: G06F21/31

CPC classification number: G06F21/316

Abstract: A method and system of authenticating a user logon builds a user logon profile with a plurality of user logon features gathered during at least one successful attempted user logon, determines a logon feature novelty score for each feature, receives a user logon request for authentication and extracts current user logon features, retrieves corresponding logon feature novelty scores, determines a first distance function score for the corresponding logon feature novelty scores of the current user logon features, builds a failed logon attempt database, determines a failed logon feature novelty score, extracts the failed logon feature novelty scores corresponding to current user logon features, determines a second distance function score for the corresponding failed logon feature novelty scores of the current user logon features, and determining to one of allow or deny the user logon request based on at least one of the first distance function score and the second distance function score.

公开(公告)号：US11567850B2

公开(公告)日：2023-01-31

申请号：US16589430

申请日：2019-10-01

Applicant: salesforce.com, inc.

Inventor： Ankur Gupta ,  Anuj Gargeya Malkapuram

IPC: G06F11/00 ,  G06F11/30 ,  G06N3/08 ,  G06N3/04 ,  G06F11/34 ,  G06F11/07

Abstract: An encoder receives an application log file including component values and encodes the component values into lists of preliminary encoded values. The lists of preliminary encoded values are combined into a combined list of preliminary encoded values. An encoder-decoder neural network is trained to encode the combined list of preliminary encoded values into a list of collectively encoded values, to decode the list of collectively encoded values into a list of decoded values, and to optimize a metric measuring the encoder-decoder neural network's functioning, in response to receiving the combined list of preliminary encoded values. The trained encoder-decoder neural network receives combined lists of preliminary encoded values for application log files and encodes the combined lists of preliminary encoded values into lists of collectively encoded values. The lists of collectively encoded values are sent to a detector, thereby enabling the detector to detect an application event associated with the application log files.

公开(公告)号：US11954189B2

公开(公告)日：2024-04-09

申请号：US17589617

申请日：2022-01-31

Applicant: salesforce.com, inc.

Inventor： Vijay Erramilli ,  Regunathan Radhakrishnan ,  Anuj Gargeya Malkapuram

IPC: G06F21/31

CPC classification number: G06F21/316

Abstract: A method and system of authenticating a user logon builds a user logon profile with a plurality of user logon features gathered during at least one successful attempted user logon, determines a logon feature novelty score for each feature, receives a user logon request for authentication and extracts current user logon features, retrieves corresponding logon feature novelty scores, determines a first distance function score for the corresponding logon feature novelty scores of the current user logon features, builds a failed logon attempt database, determines a failed logon feature novelty score, extracts the failed logon feature novelty scores corresponding to current user logon features, determines a second distance function score for the corresponding failed logon feature novelty scores of the current user logon features, and determining to one of allow or deny the user logon request based on at least one of the first distance function score and the second distance function score.

公开(公告)号：US20210194896A1

公开(公告)日：2021-06-24

申请号：US16725819

申请日：2019-12-23

Applicant: salesforce.com, inc.

Inventor： John Seymour ,  Anuj Gargeya Malkapuram ,  Prashant Dwarkadas Agrawal

IPC: H04L29/06 ,  G06F11/30 ,  G06F11/32

Abstract: Techniques are disclosed relating to reporting for network events within a computer network. A computer system may access a set of data corresponding to a particular network event within a computer network, where the set of data includes captured attributes of the particular network event. The computer system may then calculate, using the set of data, a security score indicative of suspiciousness of the event and an actionability score that is based on an extent to which of a particular group of attributes are missing from the set of data. The computer system may determine, based on the two scores, a combined score for the event. The computer system may then report a notification for the event, based on the combined score. Such techniques may decrease a number of reported events for a network, which may advantageously allow resources to be focused on a smaller set of events.

公开(公告)号：US20210097385A1

公开(公告)日：2021-04-01

申请号：US16589430

申请日：2019-10-01

Applicant: salesforce.com, inc.

Inventor： Ankur Gupta ,  Anuj Gargeya Malkapuram

IPC: G06N3/08 ,  G06F11/30 ,  G06F11/34 ,  G06N3/04

Abstract: An encoder receives an application log file including component values and encodes the component values into lists of preliminary encoded values. The lists of preliminary encoded values are combined into a combined list of preliminary encoded values. An encoder-decoder neural network is trained to encode the combined list of preliminary encoded values into a list of collectively encoded values, to decode the list of collectively encoded values into a list of decoded values, and to optimize a metric measuring the encoder-decoder neural network's functioning, in response to receiving the combined list of preliminary encoded values. The trained encoder-decoder neural network receives combined lists of preliminary encoded values for application log files and encodes the combined lists of preliminary encoded values into lists of collectively encoded values. The lists of collectively encoded values are sent to a detector, thereby enabling the detector to detect an application event associated with the application log files.