公开(公告)号：US11575625B2

公开(公告)日：2023-02-07

申请号：US15966009

申请日：2018-04-30

Applicant: Verint Systems LTD.

Inventor： Yitshak Yishay ,  Liren Orevi ,  Itsik Horovitz ,  Aviad Rotem

IPC: G06F15/16 ,  H04L51/046 ,  H04L67/306 ,  H04L51/216 ,  H04L51/234 ,  H04L67/50

Abstract: A monitoring system that receives messages that are exchanged with the application server. Relationships between users are posited in response to the times at which the messages are received. A relationship between two users may be posited in response to receiving, at approximately the same time, two messages from the application server that are destined, respectively, for the two users. The near-simultaneous receipt of the two messages indicates that the two messages were sent from the server at approximately the same time, which, in turn, indicates that the two messages may correlate with one another. Further indication of a correlation between the messages, which may increase the level of confidence with which the relationship between the two users is posited, may be found by examining the respective sizes of the messages, which indicate the message types.

公开(公告)号：US20220368713A1

公开(公告)日：2022-11-17

申请号：US17531723

申请日：2021-11-20

Applicant: VERINT SYSTEMS LTD.

Inventor： Yitshak Yishay ,  Vadim Pogulievsky

IPC: H04L9/40

Abstract: Methods and systems to identify the domain names that can potentially be used for delivering instructions to a bot, before bots on a computer network succeed in obtaining the instructions. The system maintains a device rating for each device that reflects a likelihood that the device is infected by malware. The system also maintains a domain-name rating for each device that reflects a likelihood that the domain name is malicious. When a device attempts to access a particular domain name, the domain-name rating of the domain name is updated in light of the device rating of the device, and/or update the device rating of the device in light of the domain-name rating.

公开(公告)号：US20220038547A1

公开(公告)日：2022-02-03

申请号：US17372437

申请日：2021-07-10

Applicant: VERINT SYSTEMS LTD.

Inventor： Yitshak Yishay ,  Liran Orevi ,  Itsik Horovitz ,  Aviad Rotem

IPC: H04L29/08 ,  H04L12/58

Abstract: A monitoring system that receives messages that are exchanged with the application server. Relationships between users are posited in response to the times at which the messages are received. A relationship between two users may be posited in response to receiving, at approximately the same time, two messages from the application server that are destined, respectively, for the two users. The near-simultaneous receipt of the two messages indicates that the two messages were sent from the server at approximately the same time, which, in turn, indicates that the two messages may correlate with one another. Further indication of a correlation between the messages, which may increase the level of confidence with which the relationship between the two users is posited, may be found by examining the respective sizes of the messages, which indicate the message types.

公开(公告)号：US20210152512A1

公开(公告)日：2021-05-20

申请号：US17159544

申请日：2021-01-27

Applicant: Verint Systems Ltd.

Inventor： Offri Gil ,  Pinchas Birenbaum ,  Yitshak Yishay

IPC: H04L12/58 ,  G06N20/00 ,  G06K9/62

Abstract: Systems and methods for passive monitoring of computer communication that does not require performing any decryption. A monitoring system receives the traffic exchanged with each relevant application server, and identifies, in the traffic, sequences of messages—or “n-grams”—that appear to belong to a communication session between a pair of users. Subsequently, based on the numbers and types of identified n-grams, the system identifies each pair of users that are likely to be related to one another via the application, in that these users used the application to communicate (actively and/or passively) with one another. The system may identify those sequences of messages that, by virtue of the sizes of the messages in the sequence, and/or other properties of the messages that are readily discernable, indicate a possible user-pair relationship.

公开(公告)号：US09798714B2

公开(公告)日：2017-10-24

申请号：US15451951

申请日：2017-03-07

Applicant: Verint Systems Ltd.

Inventor： Yitshak Yishay

IPC: G06F17/27 ,  G06F17/30

CPC classification number: G06F17/2735 ,  G06F17/2775 ,  G06F17/30675 ,  G06F17/30985 ,  G06F21/55

Abstract: Methods and systems for keyword spotting, i.e., for identifying textual phrases of interest in input data. In the embodiments described herein, the input data comprises communication packets exchanged in a communication network. The disclosed keyword spotting techniques can be used, for example, in applications such as Data Leakage Prevention (DLP), Intrusion Detection Systems (IDS) or Intrusion Prevention Systems (IPS), and spam e-mail detection. A keyword spotting system holds a dictionary of textual phrases for searching input data. In a communication analytics system, for example, the dictionary defines textual phrases to be located in communication packets—such as e-mail addresses or Uniform Resource Locators (URLs).

公开(公告)号：US09690873B2

公开(公告)日：2017-06-27

申请号：US14167074

申请日：2014-01-29

Applicant: Verint Systems Ltd.

Inventor： Yitshak Yishay

IPC: G06F17/30 ,  H04L29/06

CPC classification number: G06F17/30985 ,  H04L63/0245 ,  H04L63/1408

Abstract: Methods and systems for locating occurrences of a search pattern in a body of text. A processor searches the text for one or more occurrences of a pattern. Both the text and the pattern comprise symbols of some alphabet. In preparation for the search, the processor defines a respective bit-map for each alphabet symbol. Using the bit-maps, the processor carries out a highly efficient process of searching the text for occurrences of the pattern. The processor then scans the pattern backwards using the bit-maps, symbol by symbol, attempting to match the symbols of the pattern to the corresponding symbols of the text. If a match is not found, the processor calculates the size of the jump to the next position in the text based on the accumulated results of the evaluations up to the current position.

公开(公告)号：US20210075874A1

公开(公告)日：2021-03-11

申请号：US17099963

申请日：2020-11-17

Applicant: Verint Systems LTD.

Inventor： Yitshak Yishay ,  Liran Orevi ,  Itsik Horovitz ,  Aviad Rotem

IPC: H04L29/08 ,  H04L12/58

Abstract: A monitoring system that receives messages that are exchanged with the application server. Relationships between users are posited in response to the times at which the messages are received. A relationship between two users may be posited in response to receiving, at approximately the same time, two messages from the application server that are destined, respectively, for the two users. The near-simultaneous receipt of the two messages indicates that the two messages were sent from the server at approximately the same time, which, in turn, indicates that the two messages may correlate with one another. Further indication of a correlation between the messages, which may increase the level of confidence with which the relationship between the two users is posited, may be found by examining the respective sizes of the messages, which indicate the message types.

公开(公告)号：US20210006559A1

公开(公告)日：2021-01-07

申请号：US16916433

申请日：2020-06-30

Applicant: Verint Systems Ltd.

Inventor： Yitshak Yishay ,  Omer Ziv ,  Itsik Horovitz ,  Shlomo Rothschild

IPC: H04L29/06

Abstract: A system for identifying related pairs of information items. In a context, monitoring devices acquire various information items by monitoring people over time. Such information items may include imaged features of the people, alphanumeric identifiers such as IMSIs, and/or the certain types of events. The system identifies, based on the monitored information, indications of relatedness, each of which indicates that a respective pair of the information items may be related to one another with respect to certain predefined criteria. For example, the processor may identify instances of copresence, in each of which a pair of information items were exhibited at approximately the same time and at approximately the same location. In response to identifying a sufficient number of indications of relatedness for any particular pair, the processor may hypothesize that the pair are related to one another.

公开(公告)号：US20200344330A1

公开(公告)日：2020-10-29

申请号：US16927036

申请日：2020-07-13

Applicant: Verint Systems LTD.

Inventor： Yitshak Yishay

IPC: H04L29/06 ,  H04L29/12 ,  H04L12/26

Abstract: Methods and systems for monitoring activity on a local area networks (LAN). In particular, embodiments described herein provide systems and methods for associating packets with the devices from which they were communicated, despite the obfuscatory behavior of any network address translators (NAT). A processor first receives packets that were collectively communicated, by a plurality of devices, via a NAT-serviced LAN. The processor aggregates the packets into multiple packet aggregations on a per device basis. Fields that are contained in the respective packet headers of the packets are used. The packet aggregations may be grouped. The embodiments use unencrypted lower-level information (including, for example, IPIDs and domain names), such that aggregation and grouping may be successfully performed even if information in the application layer is encrypted.

公开(公告)号：US10546008B2

公开(公告)日：2020-01-28

申请号：US15299729

申请日：2016-10-21

Applicant: Verint Systems Ltd.

Inventor： Yitshak Yishay

IPC: G06F7/00 ,  G06F17/30 ,  G06F16/35 ,  H04L29/06 ,  G06F16/36

Abstract: An apparatus and techniques for constructing and utilizing a “dynamic dictionary” that is not a compiled dictionary, and therefore does not need to be recompiled in order to be updated. The dynamic dictionary includes respective data structures that represent (i) a management automaton that includes a plurality of management nodes, and (ii) a runtime automaton that is derived from the management automaton and includes a plurality of runtime nodes. The runtime automaton may be used to search input data, such as communication traffic over a network, for keywords of interest, while the management automaton manages the addition of keywords to the dynamic dictionary. Typically, at least two (e.g., exactly two) such dynamic dictionaries are used in combination with a static dictionary.