公开(公告)号：US20170195352A1

公开(公告)日：2017-07-06

申请号：US15392367

申请日：2016-12-28

Applicant: Verint Systems LTD.

Inventor： Yitshak Yishay ,  Vadim Pogulievsky

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  H04L61/1511 ,  H04L63/145

Abstract: Methods and systems to identify the domain names that can potentially be used for delivering instructions to a bot, before bots on a computer network succeed in obtaining the instructions. The system maintains a device rating for each device that reflects a likelihood that the device is infected by malware. The system also maintains a domain-name rating for each device that reflects a likelihood that the domain name is malicious. When a device attempts to access a particular domain name, the domain-name rating of the domain name is updated in light of the device rating of the device, and/or update the device rating of the device in light of the domain-name rating.

公开(公告)号：US20170195234A1

公开(公告)日：2017-07-06

申请号：US15411369

申请日：2017-01-20

Applicant: Verint Systems Ltd.

Inventor： Yitshak Yishay

IPC: H04L12/813 ,  H04L12/26 ,  H04L12/851 ,  G06N5/04 ,  G06F17/30

CPC classification number: H04L47/20 ,  G06F16/90344 ,  G06F16/951 ,  G06N5/047 ,  H04L43/18 ,  H04L47/2483

Abstract: Methods and systems for keyword spotting, i.e., for identifying textual phrases of interest in input data. The input data may be communication packets exchanged in a communication network. A keyword spotting system holds a dictionary (or dictionaries) of textual phrases for searching input data. The input data and the patterns are assigned to multiple different pattern matching algorithms. For example, a share of the traffic is handled by one algorithm and smaller traffic shares may be handled by the others. The system monitors the algorithms performance as they process the data to search for a match. The ratio of traffic splitting among the algorithms is dynamically reassigned or adjusted to maximize the overall performance.

公开(公告)号：US09628580B2

公开(公告)日：2017-04-18

申请号：US14527894

申请日：2014-10-30

Applicant: Verint Systems Ltd.

Inventor： Yitshak Yishay ,  Eithan Goldfarb

IPC: G06F15/173 ,  H04L29/08 ,  H04L29/06

CPC classification number: H04L67/2842 ,  G06F12/0813 ,  G06F2212/154 ,  G06F2212/60 ,  G06F2212/62 ,  H04L43/062 ,  H04L63/1408 ,  H04L63/1416 ,  H04L67/02 ,  H04L67/22

Abstract: Embodiments that are described herein provide improved methods and systems for analyzing network traffic. The disclosed embodiments enable an analytics system to perform complex processing to only new, first occurrences of received content, while refraining from processing duplicate instances of that content. In a typical embodiment, the analytics results regarding the first occurring content are reported and cached in association with the content. For any duplicate instance of the content, the analytics results are retrieved from the cache without re-processing of the duplicate content. When using the disclosed techniques, the system still processes all first occurring content but not duplicate instances of content that was previously received and processed. In the embodiments described herein, input data comprises communication packets exchanged in a communication network.

公开(公告)号：US20150213126A1

公开(公告)日：2015-07-30

申请号：US14604137

申请日：2015-01-23

Applicant: Verint Systems Ltd.

Inventor： Yitshak Yishay

IPC: G06F17/30

CPC classification number: G06F17/30675 ,  H04L63/1416

Abstract: Systems and methods for spotting keywords in data packets are provided. In particular, input data is received to be searched for occurrences of a set of patterns, the input data being divided into multiple segments. Then the input data and the patterns are assigned to first and second pattern matching algorithms, the first pattern matching algorithm is configured to search only within each of the segments, and the second pattern matching algorithm is configured to search across boundaries between adjacent segments. Then the input data is searched using the first and second pattern matching algorithms.

Abstract translation: 提供了在数据包中查找关键字的系统和方法。 特别地，接收输入数据以搜索一组模式的出现，该输入数据被分成多个段。 然后将输入数据和模式分配给第一和第二模式匹配算法，第一模式匹配算法被配置为仅在每个段内搜索，并且第二模式匹配算法被配置为搜索相邻段之间的边界。 然后使用第一和第二模式匹配算法搜索输入数据。

公开(公告)号：US11888879B2

公开(公告)日：2024-01-30

申请号：US17531723

申请日：2021-11-20

Applicant: VERINT SYSTEMS LTD.

Inventor： Yitshak Yishay ,  Vadim Pogulievsky

IPC: H04L9/40 ,  H04L61/4511

CPC classification number: H04L63/1425 ,  H04L63/145 ,  H04L61/4511

Abstract: Methods and systems to identify the domain names that can potentially be used for delivering instructions to a bot, before bots on a computer network succeed in obtaining the instructions. The system maintains a device rating for each device that reflects a likelihood that the device is infected by malware. The system also maintains a domain-name rating for each device that reflects a likelihood that the domain name is malicious. When a device attempts to access a particular domain name, the domain-name rating of the domain name is updated in light of the device rating of the device, and/or update the device rating of the device in light of the domain-name rating.

公开(公告)号：US11442973B2

公开(公告)日：2022-09-13

申请号：US16658323

申请日：2019-10-21

Applicant: Verint Systems Ltd.

Inventor： Yitshak Yishay ,  Shlomo Rothschild

IPC: G06F16/33 ,  G06F16/31

Abstract: A system for storing document collections in a manner that facilitates efficient querying. Each document vector is hashed, by applying a suitable hash function to the components of the vector. The hash function maps the vector to a particular hash value, corresponding to a particular hyperbox in the multidimensional space to which the vectors belong. The vector, or a pointer to the vector, is then stored in a hash table in association with the vector's hash value. Subsequently, given a document of interest, documents similar to the document of interest may be found by hashing the vector of the document of interest, and then returning the vectors that are associated, in the hash table, with the resulting hash value.

公开(公告)号：US11386135B2

公开(公告)日：2022-07-12

申请号：US16752955

申请日：2020-01-27

Applicant: Verint Systems Ltd.

Inventor： Yitshak Yishay

IPC: G06F7/00 ,  G06F16/35 ,  H04L9/40 ,  G06F16/36

Abstract: An apparatus and techniques for constructing and utilizing a “dynamic dictionary” that is not a compiled dictionary, and therefore does not need to be recompiled in order to be updated. The dynamic dictionary includes respective data structures that represent (i) a management automaton that includes a plurality of management nodes, and (ii) a runtime automaton that is derived from the management automaton and includes a plurality of runtime nodes. The runtime automaton may be used to search input data, such as communication traffic over a network, for keywords of interest, while the management automaton manages the addition of keywords to the dynamic dictionary. Typically, at least two (e.g., exactly two) such dynamic dictionaries are used in combination with a static dictionary.

公开(公告)号：US11336609B2

公开(公告)日：2022-05-17

申请号：US17159544

申请日：2021-01-27

Applicant: Verint Systems Ltd.

Inventor： Offri Gil ,  Pinchas Birenbaum ,  Yitshak Yishay

IPC: G06F15/16 ,  H04L51/48 ,  G06N20/00 ,  G06K9/62 ,  H04L51/00

Abstract: Systems and methods for passive monitoring of computer communication that does not require performing any decryption. A monitoring system receives the traffic exchanged with each relevant application server, and identifies, in the traffic, sequences of messages—or “n-grams”—that appear to belong to a communication session between a pair of users. Subsequently, based on the numbers and types of identified n-grams, the system identifies each pair of users that are likely to be related to one another via the application, in that these users used the application to communicate (actively and/or passively) with one another. The system may identify those sequences of messages that, by virtue of the sizes of the messages in the sequence, and/or other properties of the messages that are readily discernable, indicate a possible user-pair relationship.

公开(公告)号：US20220038466A1

公开(公告)日：2022-02-03

申请号：US17221779

申请日：2021-04-03

Applicant: VERINT SYSTEMS LTD.

Inventor： Offri Gil ,  Omer Ziv ,  Yuval Altman ,  Yaron Gvilli ,  Hodaya Shabtay ,  Omri David ,  Yitshak Yishay

IPC: H04L29/06 ,  H04L29/12 ,  H04L9/06 ,  G06F16/951 ,  H04L29/08

Abstract: A traffic-monitoring system that monitors encrypted traffic exchanged between IP addresses used by devices and a network, and further receives the user-action details that are passed over the network. By correlating between the times at which the encrypted traffic is exchanged and the times at which the user-action details are received, the system associates the user-action details with the IP addresses. In particular, for each action specified in the user-action details, the system identifies one or more IP addresses that may be the source of the action. Based on the IP addresses, the system may identify one or more users who may have performed the action. The system may correlate between the respective action-times of the encrypted actions and the respective approximate action-times of the indicated actions. The system may hypothesize that the indicated action may correspond to one of the encrypted actions having these action-times.

公开(公告)号：US11212302B2

公开(公告)日：2021-12-28

申请号：US15392367

申请日：2016-12-28

Applicant: Verint Systems LTD.

Inventor： Yitshak Yishay ,  Vadim Pogulievsky

IPC: H04L29/06 ,  H04L29/12

Abstract: Methods and systems to identify the domain names that can potentially be used for delivering instructions to a bot, before bots on a computer network succeed in obtaining the instructions. The system maintains a device rating for each device that reflects a likelihood that the device is infected by malware. The system also maintains a domain-name rating for each device that reflects a likelihood that the domain name is malicious. When a device attempts to access a particular domain name, the domain-name rating of the domain name is updated in light of the device rating of the device, and/or update the device rating of the device in light of the domain-name rating.