公开(公告)号：US20190034631A1

公开(公告)日：2019-01-31

申请号：US16057143

申请日：2018-08-07

Applicant: Verint Systems Ltd.

Inventor： Yuval Altman ,  Assaf Yosef Kere ,  Ido Krupkin ,  Pinhas Rozenblum

IPC: G06F21/56 ,  G06F21/52 ,  H04L29/06

Abstract: Systems and methods for malware detection techniques, which detect malware by identifying the C&C communication between the malware and the remote host. In particular, the disclosed techniques distinguish between request-response transactions that carry C&C communication and request-response transactions of innocent traffic. Individual request-response transactions may be analyzed rather than entire flows, and fine-granularity features examined within the transactions. As such, these methods and systems are highly effective in distinguishing between malware C&C communication and innocent traffic, i.e., in detecting malware with high detection probability and few false alarms.

公开(公告)号：US10061922B2

公开(公告)日：2018-08-28

申请号：US13874339

申请日：2013-04-30

Applicant: Verint Systems Ltd.

Inventor： Yuval Altman ,  Assaf Yosef Kere ,  Ido Krupkin ,  Pinhas Rozenblum

IPC: G06F21/56 ,  H04L29/06 ,  G06F21/52

CPC classification number: G06F21/56 ,  G06F21/52 ,  G06F21/566 ,  H04L63/1425

Abstract: Systems and methods for malware detection techniques, which detect malware by identifying the C&C communication between the malware and the remote host. In particular, the disclosed techniques distinguish between request-response transactions that carry C&C communication and request-response transactions of innocent traffic. Individual request-response transactions may be analyzed rather than entire flows, and fine-granularity features examined within the transactions. As such, these methods and systems are highly effective in distinguishing between malware C&C communication and innocent traffic, i.e., in detecting malware with high detection probability and few false alarms.

公开(公告)号：US09641444B2

公开(公告)日：2017-05-02

申请号：US14604144

申请日：2015-01-23

Applicant: Verint Systems Ltd.

Inventor： Yuval Altman

IPC: H04L12/26 ,  H04L12/851 ,  H04L29/06 ,  H04L12/859

CPC classification number: H04L47/2483 ,  H04L43/10 ,  H04L43/106 ,  H04L47/2475 ,  H04L63/0428 ,  H04L63/306

Abstract: Systems and methods for extracting user identifiers over encrypted communication traffic are provided herein. An example method includes monitoring multiple flows of communication traffic. A sequence of messages is then sent to a user in accordance with a first temporal pattern. A flow whose activity has a second temporal pattern that matches the first pattern is then identified among the monitored flows. The identified flow is then associated with the user.

公开(公告)号：US09306971B2

公开(公告)日：2016-04-05

申请号：US14295758

申请日：2014-06-04

Applicant: Verint Systems, Ltd.

Inventor： Yuval Altman ,  Assaf Yosef Keren ,  Ido Krupkin

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  G06N99/005 ,  H04L63/1441 ,  H04L63/145

Abstract: Malware detection techniques that detect malware by identifying the C&C communication between the malware and the remote host, and distinguish between communication transactions that carry C&C communication and transactions of innocent traffic. The system distinguishes between malware transactions and innocent transactions using malware identification models, which it adapts using machine learning algorithms. However, the number and variety of malicious transactions that can be obtained from the protected network are often too limited for effectively training the machine learning algorithms. Therefore, the system obtains additional malicious transactions from another computer network that is known to be relatively rich in malicious activity. The system is thus able to adapt the malware identification models based on a large number of positive examples—The malicious transactions obtained from both the protected network and the infected network. As a result, the malware identification models are adapted with high speed and accuracy.

Abstract translation: 通过识别恶意软件和远程主机之间的C＆C通信来检测恶意软件的恶意软件检测技术，并区分进行C＆C通信的通信事务和无害流量的交易。 该系统使用恶意软件识别模型区分恶意软件事务和无害事务，它使用机器学习算法进行调整。 然而，可以从受保护的网络获得的恶意交易的数量和种类往往太有限，以有效地训练机器学习算法。 因此，系统从已知相对较丰富的恶意活动的另一计算机网络获得额外的恶意事务。 因此，该系统能够基于大量正面示例来适应恶意软件识别模型 - 从受保护网络和受感染网络获得的恶意交易。 因此，恶意软件识别模型以高速度和准确度进行了调整。

公开(公告)号：US20140325653A1

公开(公告)日：2014-10-30

申请号：US14263097

申请日：2014-04-28

Applicant: Verint Systems Ltd.

Inventor： Yuval Altman ,  Assaf Yosef Keren

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  H04L63/0227

Abstract: Methods and systems for automated generation of malicious traffic signatures, for use in Intrusion Detection Systems (IDS). A rule generation system formulates IDS rules based on traffic analysis results obtained from a network investigation system. The rule generation system then automatically configures the IDS to apply the rules. An analysis process in the network investigation system comprises one or more metadata filters that are indicative of malicious traffic. An operator of the rule generation system is provided with a user interface that is capable of displaying the network traffic filtered in accordance with such filters.

Abstract translation: 用于自动生成恶意流量签名的方法和系统，用于入侵检测系统（IDS）。 规则生成系统根据从网络调查系统获得的流量分析结果制定IDS规则。 规则生成系统然后自动配置IDS以应用规则。 网络调查系统中的分析过程包括指示恶意流量的一个或多个元数据过滤器。 规则生成系统的操作者具有能够显示根据这种过滤器过滤的网络流量的用户界面。

公开(公告)号：US11941626B2

公开(公告)日：2024-03-26

申请号：US17179770

申请日：2021-02-19

Applicant: VERINT SYSTEMS LTD.

Inventor： Yuval Altman ,  Yitshak Yishay ,  Yaron Gvili ,  Hodaya Shabtay

IPC: G06Q20/40 ,  G06Q20/36 ,  H04L9/40

CPC classification number: G06Q20/401 ,  G06Q20/3674 ,  G06Q2220/00 ,  H04L63/0428 ,  H04L63/1408

Abstract: A system and method in which one or more probing transactions are performed by transferring respective amounts of a cryptocurrency to one or more cryptocurrency addresses. The system then monitors and ascertains communications traffic exchanged with one or more IP addresses and that at least one of the probing transactions was downloaded to a particular IP address. The system then generates an output that can indicate an association between a cryptocurrency address of interest and the particular IP address.

公开(公告)号：US11444956B2

公开(公告)日：2022-09-13

申请号：US17221779

申请日：2021-04-03

Applicant: VERINT SYSTEMS LTD.

Inventor： Offri Gil ,  Omer Ziv ,  Yuval Altman ,  Yaron Gvilli ,  Hodaya Shabtay ,  Omri David ,  Yitshak Yishay

IPC: H04L9/40 ,  H04L9/06 ,  G06F16/951 ,  H04L67/104 ,  H04L61/5007 ,  H04L9/00

Abstract: A traffic-monitoring system that monitors encrypted traffic exchanged between IP addresses used by devices and a network, and further receives the user-action details that are passed over the network. By correlating between the times at which the encrypted traffic is exchanged and the times at which the user-action details are received, the system associates the user-action details with the IP addresses. In particular, for each action specified in the user-action details, the system identifies one or more IP addresses that may be the source of the action. Based on the IP addresses, the system may identify one or more users who may have performed the action. The system may correlate between the respective action-times of the encrypted actions and the respective approximate action-times of the indicated actions. The system may hypothesize that the indicated action may correspond to one of the encrypted actions having these action-times.

公开(公告)号：US11316878B2

公开(公告)日：2022-04-26

申请号：US16057143

申请日：2018-08-07

Applicant: Verint Systems Ltd.

Inventor： Yuval Altman ,  Assaf Yosef Kere ,  Ido Krupkin ,  Pinhas Rozenblum

IPC: H04L29/06 ,  G06F21/52 ,  G06F21/56

Abstract: Systems and methods for malware detection techniques, which detect malware by identifying the C&C communication between the malware and the remote host. In particular, the disclosed techniques distinguish between request-response transactions that carry C&C communication and request-response transactions of innocent traffic. Individual request-response transactions may be analyzed rather than entire flows, and fine-granularity features examined within the transactions. As such, these methods and systems are highly effective in distinguishing between malware C&C communication and innocent traffic, i.e., in detecting malware with high detection probability and few false alarms.

公开(公告)号：US20210264421A1

公开(公告)日：2021-08-26

申请号：US17179770

申请日：2021-02-19

Applicant: Verint Systems Ltd.

Inventor： Yuval Altman ,  Yitshak Yishay ,  Yaron Gvili ,  Hodaya Shabtay

IPC: G06Q20/40 ,  H04L29/06 ,  G06Q20/36

Abstract: A system and method in which one or more probing transactions are performed by transferring respective amounts of a cryptocurrency to one or more cryptocurrency addresses. The system then monitors and ascertains communications traffic exchanged with one or more IP addresses and that at least one of the probing transactions was downloaded to a particular IP address. The system then generates an output that can indicate an association between a cryptocurrency address of interest and the particular IP address.

公开(公告)号：US20180295035A1

公开(公告)日：2018-10-11

申请号：US15935407

申请日：2018-03-26

Applicant: Verint Systems Ltd.

Inventor： Eithan Goldfarb ,  Yuval Altman ,  Naomi Frid ,  Gur Yaari

IPC: H04L12/26 ,  H04L29/06

CPC classification number: H04L43/026 ,  H04L43/04 ,  H04L63/0227 ,  H04L63/1416 ,  H04L63/1441 ,  H04L63/30 ,  H04L63/306

Abstract: Methods and systems for analyzing flows of communication packets. A front-end processor associates input packets with flows and forwards each flow to the appropriate unit, typically by querying a flow table that holds a respective classification for each active flow. In general, flows that are not yet classified are forwarded to the classification unit, and the resulting classification is entered in the flow table. Flows that are classified as requested for further analysis are forwarded to an appropriate flow analysis unit. Flows that are classified as not requested for analysis are not subjected to further processing, e.g., discarded or allowed to pass.