公开(公告)号：US20160028631A1

公开(公告)日：2016-01-28

申请号：US14807808

申请日：2015-07-23

Applicant: Verint Systems Ltd.

Inventor： Yitshak Yishay

IPC: H04L12/743 ,  H04L29/12

CPC classification number: H04L45/7453 ,  H04L61/1552 ,  H04L61/2007 ,  H04L61/35

Abstract: Methods and systems for range matching. The system holds a definition of one or more ranges of Internet Protocol (IP) addresses. The definition may specify any desired number of ranges of any suitable size, and some ranges may overlap one another or be contained in one another. The definition may also specify certain returned values and/or relative priorities for the various ranges. In a pre-processing phase, a hash table that is subsequently queried with addresses to be range-matched. The hash table may be updated at run-time. During operation, the system receives addresses (e.g., extracts addresses from monitored communication traffic) and identifies by querying the hash table, for each address, whether the address falls within any of the ranges.

Abstract translation: 范围匹配的方法和系统。 该系统保存一个或多个互联网协议（IP）地址范围的定义。 定义可以指定任何合适尺寸的任何期望数量的范围，并且一些范围可以彼此重叠或彼此包含。 定义还可以指定各种范围的某些返回值和/或相对优先级。 在预处理阶段中，随后查询要与范围匹配的地址的哈希表。 散列表可能会在运行时更新。 在操作期间，系统接收地址（例如，从监视的通信业务提取地址），并通过查询散列表来识别每个地址，地址是否在任何范围内。

公开(公告)号：US20150310014A1

公开(公告)日：2015-10-29

申请号：US14263108

申请日：2014-04-28

Applicant: Verint Systems Ltd.

Inventor： Yitshak Yishay

IPC: G06F17/30

CPC classification number: H04L47/20 ,  G06F17/30864 ,  G06F17/30985 ,  G06N5/047 ,  H04L43/18 ,  H04L47/2483

Abstract: Methods and systems for keyword spotting, i.e., for identifying textual phrases of interest in input data. The input data may be communication packets exchanged in a communication network. A keyword spotting system holds a dictionary (or dictionaries) of textual phrases for searching input data. The input data and the patterns are assigned to multiple different pattern matching algorithms. For example, a share of the traffic is handled by one algorithm and smaller traffic shares may be handled by the others. The system monitors the algorithms performance as they process the data to search for a match. The ratio of traffic splitting among the algorithms is dynamically reassigned or adjusted to maximize the overall performance.

Abstract translation: 用于关键字识别的方法和系统，即用于识别输入数据中感兴趣的文本短语。 输入数据可以是在通信网络中交换的通信分组。 关键字发现系统包含用于搜索输入数据的文本短语的字典（或词典）。 将输入数据和模式分配给多个不同的模式匹配算法。 例如，流量的一部分由一种算法处理，较小的流量份额可由其他算法来处理。 系统在处理数据以搜索匹配时监视算法性能。 动态重新分配或调整算法中流量分配的比例，以最大化整体性能。

公开(公告)号：US11463360B2

公开(公告)日：2022-10-04

申请号：US16853312

申请日：2020-04-20

Applicant: Verint Systems Ltd.

Inventor： Yitshak Yishay

IPC: H04L45/7453 ,  H04L61/5007 ,  H04L61/4552 ,  H04L61/00

Abstract: Methods and systems for range matching. The system holds a definition of one or more ranges of Internet Protocol (IP) addresses. The definition may specify any desired number of ranges of any suitable size, and some ranges may overlap one another or be contained in one another. The definition may also specify certain returned values and/or relative priorities for the various ranges. In a pre-processing phase, a hash table that is subsequently queried with addresses to be range-matched. The hash table may be updated at run-time. During operation, the system receives addresses (e.g., extracts addresses from monitored communication traffic) and identifies by querying the hash table, for each address, whether the address falls within any of the ranges.

公开(公告)号：US11303736B2

公开(公告)日：2022-04-12

申请号：US16927036

申请日：2020-07-13

Applicant: Verint Systems LTD.

Inventor： Yitshak Yishay

IPC: H04L29/06 ,  H04L29/12 ,  H04L12/26 ,  H04L69/163 ,  H04L61/256 ,  H04L43/16 ,  H04L69/28 ,  H04L43/106 ,  H04L43/0876 ,  H04L43/00

Abstract: Methods and systems for monitoring activity on a local area networks (LAN). In particular, embodiments described herein provide systems and methods for associating packets with the devices from which they were communicated, despite the obfuscatory behavior of any network address translators (NAT). A processor first receives packets that were collectively communicated, by a plurality of devices, via a NAT-serviced LAN. The processor aggregates the packets into multiple packet aggregations on a per device basis. Fields that are contained in the respective packet headers of the packets are used. The packet aggregations may be grouped. The embodiments use unencrypted lower-level information (including, for example, IPIDs and domain names), such that aggregation and grouping may be successfully performed even if information in the application layer is encrypted.

公开(公告)号：US11093534B2

公开(公告)日：2021-08-17

申请号：US16587940

申请日：2019-09-30

Applicant: Verint Systems Ltd.

Inventor： Yitshak Yishay

IPC: G06F16/00 ,  G06F16/33

Abstract: An apparatus and techniques for constructing and utilizing a “dynamic dictionary” that is not a compiled dictionary, and therefore does not need to be recompiled in order to be updated. The dynamic dictionary includes respective data structures that represent (i) a management automaton that includes a plurality of management nodes, and (ii) a runtime automaton that is derived from the management automaton and includes a plurality of runtime nodes. The runtime automaton may be used to search input data, such as communication traffic over a network, for keywords of interest, while the management automaton manages the addition of keywords to the dynamic dictionary. Typically, at least two (e.g., exactly two) such dynamic dictionaries are used in combination with a static dictionary.

公开(公告)号：US10972558B2

公开(公告)日：2021-04-06

申请号：US15966010

申请日：2018-04-30

Applicant: Verint Systems LTD.

Inventor： Yitshak Yishay ,  Liran Orevi ,  Itsik Horovitz ,  Aviad Rotem

IPC: G06F15/173 ,  H04L29/08 ,  H04L12/58

Abstract: A monitoring system that receives messages that are exchanged with the application server. Relationships between users are posited in response to the times at which the messages are received. A relationship between two users may be posited in response to receiving, at approximately the same time, two messages from the application server that are destined, respectively, for the two users. The near-simultaneous receipt of the two messages indicates that the two messages were sent from the server at approximately the same time, which, in turn, indicates that the two messages may correlate with one another. Further indication of a correlation between the messages, which may increase the level of confidence with which the relationship between the two users is posited, may be found by examining the respective sizes of the messages, which indicate the message types.

公开(公告)号：US20180332127A1

公开(公告)日：2018-11-15

申请号：US15966010

申请日：2018-04-30

Applicant: Verint Systems LTD.

Inventor： Yitshak Yishay ,  Liren Orevi ,  Itsik Horovitz ,  Aviad Rotem

IPC: H04L29/08

CPC classification number: H04L67/22 ,  H04L67/24 ,  H04L67/306

Abstract: A monitoring system that receives messages that are exchanged with the application server. Relationships between users are posited in response to the times at which the messages are received. A relationship between two users may be posited in response to receiving, at approximately the same time, two messages from the application server that are destined, respectively, for the two users. The near-simultaneous receipt of the two messages indicates that the two messages were sent from the server at approximately the same time, which, in turn, indicates that the two messages may correlate with one another. Further indication of a correlation between the messages, which may increase the level of confidence with which the relationship between the two users is posited, may be found by examining the respective sizes of the messages, which indicate the message types.

公开(公告)号：US20180316638A1

公开(公告)日：2018-11-01

申请号：US15966009

申请日：2018-04-30

Applicant: Verint Systems LTD.

Inventor： Yitshak Yishay ,  Liren Orevi ,  Itsik Horovitz ,  Aviad Rotem

IPC: H04L12/58 ,  H04L29/08

Abstract: A monitoring system that receives messages that are exchanged with the application server. Relationships between users are posited in response to the times at which the messages are received. A relationship between two users may be posited in response to receiving, at approximately the same time, two messages from the application server that are destined, respectively, for the two users. The near-simultaneous receipt of the two messages indicates that the two messages were sent from the server at approximately the same time, which, in turn, indicates that the two messages may correlate with one another. Further indication of a correlation between the messages, which may increase the level of confidence with which the relationship between the two users is posited, may be found by examining the respective sizes of the messages, which indicate the message types.

公开(公告)号：US20180067921A1

公开(公告)日：2018-03-08

申请号：US15704702

申请日：2017-09-14

Applicant: Verint Systems Ltd.

Inventor： Yitshak Yishay

IPC: G06F17/27 ,  G06F21/55 ,  G06F17/30

CPC classification number: G06F17/2735 ,  G06F17/2775 ,  G06F17/30675 ,  G06F17/30985 ,  G06F21/55

Abstract: Methods and systems for keyword spotting, i.e., for identifying textual phrases of interest in input data. In the embodiments described herein, the input data comprises communication packets exchanged in a communication network. The disclosed keyword spotting techniques can be used, for example, in applications such as Data Leakage Prevention (DLP), Intrusion Detection Systems (IDS) or Intrusion Prevention Systems (IPS), and spam e-mail detection. A keyword spotting system holds a dictionary of textual phrases for searching input data. In a communication analytics system, for example, the dictionary defines textual phrases to be located in communication packets—such as e-mail addresses or Uniform Resource Locators (URLs).

公开(公告)号：US20170242844A1

公开(公告)日：2017-08-24

申请号：US15451951

申请日：2017-03-07

Applicant: Verint Systems Ltd.

Inventor： Yitshak Yishay

IPC: G06F17/27 ,  G06F17/30

CPC classification number: G06F17/2735 ,  G06F17/2775 ,  G06F17/30675 ,  G06F17/30985 ,  G06F21/55

Abstract: Methods and systems for keyword spotting, i.e., for identifying textual phrases of interest in input data. In the embodiments described herein, the input data comprises communication packets exchanged in a communication network. The disclosed keyword spotting techniques can be used, for example, in applications such as Data Leakage Prevention (DLP), Intrusion Detection Systems (IDS) or Intrusion Prevention Systems (IPS), and spam e-mail detection. A keyword spotting system holds a dictionary of textual phrases for searching input data. In a communication analytics system, for example, the dictionary defines textual phrases to be located in communication packets—such as e-mail addresses or Uniform Resource Locators (URLs).