公开(公告)号：US11042880B1

公开(公告)日：2021-06-22

申请号：US14573213

申请日：2014-12-17

Applicant: EMC Corporation

Inventor： Alon Hazan ,  Anatoly Gendelev ,  Marcelo Blatt ,  Alon Kaufman ,  Alex Zaslavsky

IPC: G06Q20/40

Abstract: A method involves performing a mathematical estimation operation identifying a risk score threshold. The operation identifies the risk score threshold as a point on a curve rather than a value of a particular risk score. Such a curve approximates the distribution of risk score values output over a time interval and represents a function embodied by a plot of risk score percentile vs. risk score value. The risk engine, rather than selecting a particular risk score, selects a curve from a family of curves that is known to accurately represent such risk score distributions. For example, the risk engine may choose the curve that provides the best fit to the previous week's risk scores over the family of curves. The risk engine identifies the risk score threshold by finding a risk score value such that the function evaluated at that risk score value produces a specified risk score percentile.

公开(公告)号：US09098699B1

公开(公告)日：2015-08-04

申请号：US14036635

申请日：2013-09-25

Applicant: EMC Corporation

Inventor： Alex Zaslavsky ,  Shachar Israeli ,  Yariv Amar

IPC: H04N7/16 ,  G06F21/55 ,  H04N21/24 ,  H04N21/258

CPC classification number: G06F21/552 ,  G06F2221/2111 ,  H04N21/24 ,  H04N21/25825 ,  H04N21/25833 ,  H04N21/25841 ,  H04N21/2585

Abstract: A technique shares smart television data among subscribing organizations to provide security. The technique involves collecting, by an electronic server apparatus, data elements from multiple smart television devices. The technique further involves performing, by the electronic server apparatus, a set of risk analysis operations to generate risk scores corresponding to the multiple smart television devices. Each risk score (e.g., a numerical value) indicates an amount of risk (e.g., a probability) that a respective smart television device is malicious. The technique further involves providing, by the electronic server apparatus, an ordered list of the multiple smart television devices, the ordered list ranking the multiple television devices based on the risk scores. Information from the ordered list is well suited for use by an anti-fraud service in which subscriber organizations are informed of the information and use the information to identify and stop fraudulent activity in the future.

Abstract translation: 一种技术在订阅组织之间共享智能电视数据以提供安全性。 该技术涉及由电子服务器装置收集来自多个智能电视装置的数据元素。 该技术还包括由电子服务器设备执行一组风险分析操作，以产生与多个智能电视设备相对应的风险评分。 每个风险分数（例如，数值）表示相应的智能电视设备是恶意的风险量（例如概率）。 该技术还包括通过电子服务器设备提供多个智能电视设备的有序列表，该排序列表基于风险分数对多个电视设备进行排名。 来自有序列表的信息非常适合于反欺诈服务使用，其中向用户组织通知信息，并使用该信息来识别和停止未来的欺诈活动。

公开(公告)号：US10454939B1

公开(公告)日：2019-10-22

申请号：US15198692

申请日：2016-06-30

Applicant: EMC Corporation

Inventor： Shay Amram ,  Alex Zaslavsky ,  Carmit Sahar

IPC: H04L29/06

Abstract: There is disclosed in one embodiment a method comprising the step of determining, access rights granted to a first user that enables access to a computerized resource. The method also comprises the step of comparing the access rights granted to the first user against access rights granted to a second user associated with the first user. The method further comprises the step of providing a warning when the comparison indicates that the first user has excessive access rights over the second user.

公开(公告)号：US10142308B1

公开(公告)日：2018-11-27

申请号：US14319175

申请日：2014-06-30

Applicant: EMC Corporation

Inventor： Zohar Duchin ,  Alex Zaslavsky ,  Ika Bar-Menachem ,  Shachar Israeli

IPC: H04L29/06

Abstract: There is disclosed a technique for use in authentication. In one embodiment, the technique comprises receiving behavioral information associated with a user. The technique also comprises performing an analysis based on the behavioral information. The technique further comprises determining whether to authenticate the user based on the analysis.

公开(公告)号：US10902428B1

公开(公告)日：2021-01-26

申请号：US14970903

申请日：2015-12-16

Applicant: EMC Corporation

Inventor： Shay Amram ,  Alma Zohar ,  Anatoly Gendelev ,  Christina Tkachenko ,  Alex Zaslavsky

IPC: G06Q20/40 ,  G06Q20/10 ,  G06Q20/20

Abstract: Techniques of risk-based authentication involve adjusting a risk engine used by a recipient entity based on feedback acquired from multiple entities. Along these lines, both a recipient risk engine and one or more donor risk engines perform risk-based authentication for which respective feedback is generated. The feedback indicates whether certain transaction requests predicted to be fraudulent are confirmed to be fraudulent. The recipient risk engine is then adjusted based on the feedback created for itself, the feedback created for any of the donor risk engines, or some combination thereof.

公开(公告)号：US10013694B1

公开(公告)日：2018-07-03

申请号：US14144007

申请日：2013-12-30

Applicant: EMC Corporation

Inventor： Shachar Israeli ,  Ereli Eran ,  Alex Zaslavsky ,  Marcelo Blatt

IPC: G06Q20/40 ,  G06Q50/00

CPC classification number: G06Q20/4016 ,  G06Q50/01

Abstract: An improved technique involves inputting data in postings from social media or news websites into a risk engine. A posting extraction device continually observes postings aggregated in social media and news websites, such as Twitter, Facebook, CNN, and the like. The posting extraction device parses postings that contain specified keywords such as “credit card,” “account number,” and the like. The posting extraction device also parses these postings for metadata such as user identifiers, times, and locations. The posting extraction device then stores the parsed information in a transaction database that is accessed by an adaptive authentication engine for risk score assignment.

公开(公告)号：US09690937B1

公开(公告)日：2017-06-27

申请号：US14672849

申请日：2015-03-30

Applicant: EMC Corporation

Inventor： Zohar Duchin ,  Alon Kaufman ,  Alex Zaslavsky ,  Martin Rosa ,  Luan Nguyen

IPC: H04L29/00 ,  G06F21/56 ,  H04L29/06

CPC classification number: G06F21/562 ,  G06F21/552 ,  G06F2221/034 ,  G06F2221/2139 ,  H04L63/1416 ,  H04L63/20

Abstract: A computer-implemented technique provides rules for use in a malicious activity detection system. The technique involves performing evaluation operations on a plurality of malicious activity detection rules. The technique further involves ranking the plurality of malicious activity detection rules in an order based on results of the evaluation operations (e.g., sorting the rules systematically in an order based on measures such as precision, recall, correlation to other rules already in use, etc.). The technique further involves, based on the order of the plurality of malicious activity detection rules, providing a malicious activity detection rule report which recommends a set of malicious activity detection rules of the plurality of malicious activity detection rules for use in the malicious activity detection system.

公开(公告)号：US09438626B1

公开(公告)日：2016-09-06

申请号：US13920500

申请日：2013-06-18

Applicant: EMC Corporation

Inventor： Ido Zilberberg ,  Lior Asher ,  Alex Zaslavsky ,  Marcelo Blatt

IPC: H04L29/06 ,  G06F21/55

CPC classification number: H04L63/20 ,  G06F21/552 ,  H04L63/0263 ,  H04L63/1416 ,  H04L63/1441 ,  H04L2463/144

Abstract: Methods, apparatus and articles of manufacture for risk scoring for internet protocol networks are provided herein. A method includes identifying a network to which a first network element belongs, wherein said first network element comprises corresponding risk-related information, determining each of one or more network elements previously identified as belonging to the network, and calculating a risk score assigned to the network, wherein said calculating comprises aggregating (i) the risk-related information corresponding to the first network element and (ii) risk-related information corresponding to each of the one or more network elements previously identified as belonging to the network.

Abstract translation: 本文提供了互联网协议网络风险评分的方法，装置和制造。 一种方法包括识别第一网络元件所属的网络，其中所述第一网络元件包括对应的风险相关信息，确定先前识别为属于网络的一个或多个网络元素中的每一个，以及计算分配给该网络的风险分数 网络，其中所述计算包括聚合（i）对应于第一网络元件的风险相关信息和（ii）与先前识别为属于网络的一个或多个网络元素中的每一个对应的风险相关信息。

公开(公告)号：US09330416B1

公开(公告)日：2016-05-03

申请号：US14144019

申请日：2013-12-30

Applicant: EMC Corporation

Inventor： Alex Zaslavsky ,  Daniel Hassan ,  Yafit Levi-Maor ,  Liron Liptz ,  Anatoly Gendelev

IPC: G07B17/00 ,  G07F19/00 ,  G06Q40/00 ,  G06F7/04 ,  G06F15/16 ,  G06F17/30 ,  G06Q10/00 ,  G06Q40/04 ,  G06Q20/10 ,  G06Q20/00 ,  G06Q40/02 ,  G06F21/00

CPC classification number: G06Q40/12 ,  G06F21/00 ,  G06F21/552 ,  G06F21/577 ,  G06F2221/2117 ,  G06Q10/00 ,  G06Q20/00 ,  G06Q20/10 ,  G06Q20/4016 ,  G06Q40/00 ,  G06Q40/02 ,  G06Q40/04

Abstract: An improved technique involves identifying other transactions for investigation from entries in a database that involve a particular actor involved in a known fraudulent transaction. From a transaction log listing transactions, a server generates a database of transaction entries which identify transactions from the transaction log, each transaction entry (i) describing an activity and (ii) identifying a set of actors involved in that activity. Based on a known fraudulent transaction involving a particular actor, the server finds a set of transaction entries from the database which involve the particular actor. From the found set of transaction entries, the server identifies other transactions for investigation.

Abstract translation: 一种改进的技术涉及从涉及参与已知欺诈交易的特定行为者的数据库中的条目识别用于调查的其他交易。 从事务日志列出事务，服务器生成事务条目数据库，其识别事务日志中的事务，每个事务条目（i）描述活动，以及（ii）识别该活动中涉及的一组角色。 基于涉及特定行为者的已知欺诈交易，服务器从涉及特定行为者的数据库中查找一组交易条目。 从找到的一组交易条目，服务器识别其他交易进行调查。

公开(公告)号：US10148673B1

公开(公告)日：2018-12-04

申请号：US14870218

申请日：2015-09-30

Applicant: EMC Corporation

Inventor： Zohar Duchin ,  Alon Kaufman ,  Oleg Freylafert ,  Lior Asher ,  Alex Zaslavsky

IPC: H04L29/06

Abstract: Techniques of operating intrusion detection systems provide a recommendation of an intrusion detection rule to an administrator of an intrusion detection system based on the experience of another administrator that has used the rule in another intrusion detection system. For example, suppose that electronic circuitry receives a numerical rating from a first intrusion detection system that indicates whether an intrusion detection rule was effective in identifying malicious activity when used in the first intrusion detection system. Based on the received rating and attributes of the first intrusion detection system, the electronic circuitry generates a predicted numerical rating that indicates whether the intrusion detection rule is likely to be effective in identifying malicious communications when used in a second intrusion detection system. If the predicted numerical rating is sufficiently high, then the electronic circuitry transmits a message to the second intrusion detection system recommending the intrusion detection rule for use in the second intrusion detection system.