Search

Yinglian T Te Xie

age ~48

from Saratoga, CA

Also known as:
  • Yinglian Te Xie
  • Yinglian T Xie
  • Yinlian Xie
  • Qifa Ke
  • Xie Yinglian

Yinglian Xie Phones & Addresses

  • Saratoga, CA
  • 20140 Merritt Dr, Cupertino, CA 95014 • (408)8731843
  • Sunnyvale, CA
  • Pittsburgh, PA

Work

  • Position:
    Craftsman/Blue Collar

Education

  • Degree:
    Associate degree or higher

Us Patents

  • Fingerprinting Event Logs For System Management Troubleshooting

    view source
  • US Patent:
    8069374, Nov 29, 2011
  • Filed:
    Feb 27, 2009
  • Appl. No.:
    12/394451
  • Inventors:
    Rina Panigrahy - Sunnyvale CA, US
    Chad Verbowski - Redmond WA, US
    Yinglian Xie - Cupertino CA, US
    Junfeng Yang - New York City NY, US
    Ding Yuan - Champaign IL, US
  • Assignee:
    Microsoft Corporation - Redmond WA
  • International Classification:
    G06F 11/00
  • US Classification:
    714 381, 714 39, 714 45
  • Abstract:
    A technique for automatically detecting and correcting configuration errors in a computing system. In a learning process, recurring event sequences, including e. g. , registry access events, are identified from event logs, and corresponding rules are developed. In a detecting phase, the rules are applied to detected event sequences to identify violations and to recover from failures. Event sequences across multiple hosts can be analyzed. The recurring event sequences are identified efficiently by flattening a hierarchical sequence of the events such as is obtained from the Sequitur algorithm. A trie is generated from the recurring event sequences and edges of nodes of the trie are marked as rule edges or non-rule edges. A rule is formed from a set of nodes connected by rule edges. The rules can be updated as additional event sequences are analyzed.
  • Host Accountability Using Unreliable Identifiers

    view source
  • US Patent:
    8185613, May 22, 2012
  • Filed:
    Jun 8, 2009
  • Appl. No.:
    12/479882
  • Inventors:
    Yinglian Xie - Cupertino CA, US
    Fang Yu - Sunnyvale CA, US
    Martin Abadi - Palo Alto CA, US
  • Assignee:
    Microsoft Corporation - Redmond WA
  • International Classification:
    G06F 17/30
  • US Classification:
    709220, 709224, 709227, 726 23
  • Abstract:
    An IP (Internet Protocol) address is a directly observable identifier of host network traffic in the Internet and a host's IP address can dynamically change. Analysis of traffic (e. g. , network activity or application request) logs may be performed and a host tracking graph may be generated that shows hosts and their bindings to IP addresses over time. A host tracking graph may be used to determine host accountability. To generate a host tracking graph, a host is represented. Host representations may be application-dependent. In an implementation, application-level identifiers (IDs) such as user email IDs, messenger login IDs, social network IDs, or cookies may be used. Each identifier may be associated with a human user. These unreliable IDs can be used to track the activity of the corresponding hosts.
  • Blocking Malicious Activity Using Blacklist

    view source
  • US Patent:
    8387145, Feb 26, 2013
  • Filed:
    Jun 8, 2009
  • Appl. No.:
    12/479860
  • Inventors:
    Yinglian Xie - Cupertino CA, US
    Fang Yu - Sunnyvale CA, US
    Martin Abadi - Palo Alto CA, US
  • Assignee:
    Microsoft Corporation - Redmond WA
  • International Classification:
    G06F 12/14
    G06F 12/16
  • US Classification:
    726 24, 726 25
  • Abstract:
    An IP (Internet Protocol) address is a directly observable identifier of host network traffic in the Internet and a host's IP address can dynamically change. Analysis of traffic (e. g. , network activity or application request) logs may be performed and a host tracking graph may be generated that shows hosts and their bindings to IP addresses over time. A host tracking graph may be used to determine host accountability. This can enable host-based blacklisting instead of the traditional IP address based blacklisting. Host tracking results can be leveraged for forensic analysis to understand an attacker's traces and identify malicious activities in a postmortem fashion. The host tracking information may be used to build a tracklist which can block future attacks.
  • Using Social Graphs To Combat Malicious Attacks

    view source
  • US Patent:
    8434150, Apr 30, 2013
  • Filed:
    Mar 24, 2011
  • Appl. No.:
    13/070497
  • Inventors:
    Yinglian Xie - Cupertino CA, US
    Fang Yu - Sunnyvale CA, US
    Martin Abadi - Palo Alto CA, US
    Eliot C. Gillum - Mountain View CA, US
    Junxian Huang - Ann Arbor MI, US
    Zhuoqing Morley Mao - Ann Arbor MI, US
    Jason D. Walter - San Jose CA, US
    Krishna Vitaldevara - Fremont CA, US
  • Assignee:
    Microsoft Corporation - Redmond WA
  • International Classification:
    H04L 29/06
  • US Classification:
    726 22, 726 4, 726 14, 726 18, 713154, 709206
  • Abstract:
    Detection of user accounts associated with spammer attacks may be performed by constructing a social graph of email users. Biggest connected components (BCC) of the social graph may be used to identify legitimate user accounts, as the majority of the users in the biggest connected components are legitimate users. BCC users may be used to identify more legitimate users. Using degree-based detection techniques and PageRank based detection techniques, the hijacked user accounts and spammer user accounts may be identified. The users' email sending and receiving behaviors may also be examined, and the subgraph structure may be used to detect stealthy attackers. From the social graph analysis, legitimate user accounts, malicious user accounts, and compromised user accounts can be identified.
  • Identifying Malicious Queries

    view source
  • US Patent:
    8495742, Jul 23, 2013
  • Filed:
    May 17, 2010
  • Appl. No.:
    12/780935
  • Inventors:
    Martin Abadi - Palo Alto CA, US
    Yinglian Xie - Cupertino CA, US
    Fang Yu - Sunnyvale CA, US
    John Payyappillil John - Seattle WA, US
  • Assignee:
    Microsoft Corporation - Redmond WA
  • International Classification:
    G06F 11/00
    G06F 12/14
    G06F 12/16
    G08B 23/00
  • US Classification:
    726 24
  • Abstract:
    A framework identifies malicious queries contained in search logs to uncover relationships between the malicious queries and the potential attacks launched by attackers submitting the malicious queries. A small seed set of malicious queries may be used to identify an IP address in the search logs that submitted the malicious queries. The seed set may be expanded by examining all queries in the search logs submitted by the identified IP address. Regular expressions may be generated from the expanded set of queries and used for detecting yet new malicious queries. Upon identifying the malicious queries, the framework may be used to detect attacks on vulnerable websites, spamming attacks, and phishing attacks.
  • Automatic Identification Of Travel And Non-Travel Network Addresses

    view source
  • US Patent:
    8615605, Dec 24, 2013
  • Filed:
    Oct 22, 2010
  • Appl. No.:
    12/909839
  • Inventors:
    Fang Yu - Sunnyvale CA, US
    Yinglian Xie - Cupertino CA, US
    Martin Abadi - Palo Alto CA, US
    Stefan Roberts Savage - Carlsbad CA, US
    Geoffrey Michael Voelker - Del Mar CA, US
  • Assignee:
    Microsoft Corporation - Redmond WA
  • International Classification:
    G06F 15/16
  • US Classification:
    709245, 709224, 709226
  • Abstract:
    A system to automatically classify types of IP addresses associated with a user. Information, such as user names, machine information, IP address, etc. , may be obtained from logs. For each user or host in the logs, home IP addresses are identified from IP addresses where the user or host shows a predetermined level of activity. Travel IP addresses are identified, which are IP addresses at locations greater than a predetermined distance from the home IP addresses, as determined from geolocation data. A pattern analysis may be performed to determine which of the home IP addresses are work IP addresses associated with the user or host. The system may thus provide a classification of a user's or host's associated IP addresses as being one of travel, home, and work IP addresses. From this classification, mobility patterns may be derived, as well as applications to enhance security, advertising, search and network management.
  • Automatically Identifying Dynamic Internet Protocol Addresses

    view source
  • US Patent:
    20080320119, Dec 25, 2008
  • Filed:
    Jun 22, 2007
  • Appl. No.:
    11/821211
  • Inventors:
    Kannan Achan - Mountain View CA, US
    Eliot Gillum - Mountain View CA, US
    Yinglian Xie - Cupertino CA, US
    Fang Yu - San Jose CA, US
  • Assignee:
    Microsoft Corporation - Redmond WA
  • International Classification:
    G06F 15/177
  • US Classification:
    709222
  • Abstract:
    Dynamic IP addresses may be automatically identified and their dynamics patterns may be analyzed. Multi-user IP address blocks are determined as candidates for further analysis. An entropy score is determined for each IP address in every candidate block to distinguish between a dynamic IP and a static IP shared by multiple users. IP addresses with high entropy scores are grouped, and then analyzed, and may be used in various applications, such as spam filtering.
  • Enhanced Security And Performance Of Web Applications

    view source
  • US Patent:
    20090138937, May 28, 2009
  • Filed:
    Nov 23, 2007
  • Appl. No.:
    11/944460
  • Inventors:
    Ulfar Erlingsson - San Francisco CA, US
    Yinglian Xie - Cupertino CA, US
    Ben Livshits - Kirkland WA, US
    Cedric Fournet - Cambridge, GB
  • Assignee:
    MICROSOFT CORPORATION - Redmond WA
  • International Classification:
    H04L 9/00
  • US Classification:
    726 1
  • Abstract:
    A client-side enforcement mechanism may allow application security policies to be specified at a server in a programmatic manner. Servers may specify security policies as JavaScript functions included in a page returned by the server and run before other scripts. At runtime, and during initial loading, the functions are invoked by the client on each page modification to ensure the page conforms to the security policy. As such, before a mutation takes effect, the policy may transform that mutation and the code and data of the page. Replicated code execution may take place at both the client and the server where the server runs its own shadow copy of a client-side application in a trusted execution environment so that the server may check that the method calls coming from the client correspond to a correct execution of the client-side application The redundant execution at the client can be untrusted, but serves to improve the responsiveness and performance of the Web application.

Get Report for Yinglian T Te Xie from Saratoga, CA, age ~48
Control profile