公开(公告)号：US11314789B2

公开(公告)日：2022-04-26

申请号：US16833762

申请日：2020-03-30

Applicant: Verint Systems Ltd.

Inventor： Eithan Goldfarb

IPC: G06F16/00 ,  G06F16/28 ,  G06F16/29 ,  G06F16/901

Abstract: An anomaly-detection system that gathers information relating to the relationships between entities and represents these relationships in a graph that interconnects each pair of related entities. The graph may represent a computer network, in which each node corresponds to a respective device in the network and each edge between two nodes indicates that the devices represented by the nodes exchanged communication with one another in the past. the system monitors each of the entities in the graph, by continually computing a single-entity anomaly score (SEAS) for the entity. If the SEAS exceeds a first threshold the system generates an alert. Otherwise, the system checks whether the SEAS exceeds a second, lower threshold. If so, the system computes a subgraph anomaly score (SAS) for the entity's subgraph. If the SAS exceeds a SAS threshold, an alert is generated. By computing the SAS in this manner resources are conserved.

公开(公告)号：US20200374685A1

公开(公告)日：2020-11-26

申请号：US16990479

申请日：2020-08-11

Applicant: Verint Systems Ltd.

Inventor： Eithan Goldfarb ,  Doron Breiter ,  Constantin Tanasa ,  Victor Ciochina ,  Nguyen Hoang Nguyen ,  Tymofii Brezhniev

IPC: H04W8/12 ,  H04L29/06 ,  H04W12/02 ,  H04W12/06

Abstract: Methods for obtain identifiers, such as International Mobile Subscriber Identities (IMSIs) and International Mobile Station Equipment Identities (IMEIs), of mobile communication terminals, and associate these identifiers with other items of identifying information provided by users of the terminals. A local interrogation device may be installed that imitates a legitimate base station belonging to a cellular network, at a control checkpoint. Local interrogation devices are connected to a global interrogation device in a hierarchical network, whereby the local interrogation devices are assigned a priority that is higher than that of the global interrogation device. The global interrogation device provides cellular coverage to a larger area that contains the control checkpoints, while the local interrogation devices provide more localized cellular coverage to the control checkpoints.

公开(公告)号：US20200042798A1

公开(公告)日：2020-02-06

申请号：US16531776

申请日：2019-08-05

Applicant: Verint Systems Ltd.

Inventor： Eithan Goldfarb ,  Boaz Dudovich

IPC: G06K9/00 ,  G06T7/292 ,  H04W4/029 ,  H04N7/18

Abstract: A plurality of pairs of video cameras and interrogation devices may be placed in a public place along various paths that a person-of-interest might be expected to move. The person-of-interest is then located in multiple images acquired, collectively, by multiple video cameras. From each of the interrogation devices that are paired with these video cameras, a subset of the captured identifiers is obtained. Candidate identifiers are then restricted to those identifiers that are included in each of the subsets. A given identifier may be rejected as a candidate identifier. To automatically locate the person-of-interest in the images acquired by the “paired” video cameras, a processor may utilize video-tracking techniques to automatically track the person-of-interest, such that the person-of-interest is not “lost.” By virtue of utilizing such tracking techniques, the person-of-interest may be repeatedly located automatically, and with minimal chance of a false detection.

公开(公告)号：US20170310486A1

公开(公告)日：2017-10-26

申请号：US15495067

申请日：2017-04-24

Applicant: Verint Systems Ltd.

Inventor： Eithan Goldfarb

IPC: H04L9/32 ,  H04L29/06 ,  G06F21/33

Abstract: Systems and methods for obtaining authentication vectors issued, for use by a mobile communication terminal, by a Home Location Register (HLR) that serves a cellular communication network independently of any cooperation with the cellular network. Further to obtaining the authentication vectors, a terminal is caused to communicate over a WiFi WLAN using an encryption key derived from the obtained authentication vectors, e.g., per the EAP-SIM or EAP-AKA protocol. Since the encryption key is known, communication from the terminal is decrypted. The authentication vectors may be obtained by (i) an “impersonating” Visitor Location Register (VLR) server that does not serve the cellular network; (ii) an interrogation device which, by imitating a legitimate base station serving the cellular network, solicits the mobile communication terminal to associate with the interrogation device; or (iii) an SS7 probe, which obtains authentication vectors communicated from the HLR server to other entities on the SS7 network.

公开(公告)号：US20160197796A1

公开(公告)日：2016-07-07

申请号：US14989075

申请日：2016-01-06

Applicant: Verint Systems Ltd.

Inventor： Eithan Goldfarb ,  Yuval Altman ,  Naomi Frid ,  Gur Yaari

IPC: H04L12/26

CPC classification number: H04L43/026 ,  H04L43/04 ,  H04L63/0227 ,  H04L63/1416 ,  H04L63/1441 ,  H04L63/30 ,  H04L63/306

Abstract: Methods and systems for analyzing flows of communication packets. A front-end processor associates input packets with flows and forwards each flow to the appropriate unit, typically by querying a flow table that holds a respective classification for each active flow. In general, flows that are not yet classified are forwarded to the classification unit, and the resulting classification is entered in the flow table. Flows that are classified as requested for further analysis are forwarded to an appropriate flow analysis unit. Flows that are classified as not requested for analysis are not subjected to further processing, e.g., discarded or allowed to pass.

Abstract translation: 用于分析通信包流的方法和系统。 前端处理器将输入分组与流相关联，并将每个流转发到适当的单元，通常通过查询为每个活动流保存相应分类的流表。 一般来说，尚未分类的流量被转发到分类单元，并且所得到的分类被输入到流程表中。 被分类为进一步分析的流量被转发到适当的流量分析单元。 分类为不要求进行分析的流量不经过进一步处理，例如丢弃或允许通过。

公开(公告)号：US20150215893A1

公开(公告)日：2015-07-30

申请号：US14604263

申请日：2015-01-23

Applicant: Verint Systems Ltd.

Inventor： Gustavo Litmanovich ,  Eithan Goldfarb

IPC: H04W64/00 ,  H04W72/04

CPC classification number: H04W64/006 ,  G01S5/0252 ,  H04W16/18

Abstract: Systems and methods for fine-resolution mapping of cellular network coverage and capacity are described herein. An example method can include passively monitoring communication of multiple communication terminals in a cellular communication network, extracting from the monitored communication multiple data points and cell identifiers, and mapping an actual geographical coverage of at least a given cell of the cellular network based on the multiple data points. In particular, the multiple data points can comprise geographical positions that are measured and reported by the communication terminals while served by respective cells of the cellular communication network.

Abstract translation: 本文描述了用于蜂窝网络覆盖和容量的精细分辨率映射的系统和方法。 示例性方法可以包括被动地监视蜂窝通信网络中的多个通信终端的通信，从被监控的通信中提取多个数据点和小区标识符，以及基于多个信道映射蜂窝网络的至少一个给定小区的实际地理覆盖 数据点。 具体地，多个数据点可以包括由蜂窝通信网络的各个小区服务时由通信终端测量和报告的地理位置。

公开(公告)号：US20220164813A1

公开(公告)日：2022-05-26

申请号：US17465039

申请日：2021-09-02

Applicant: VERINT SYSTEMS LTD.

Inventor： Gustavo Litmanovich ,  Eithan Goldfarb

IPC: G06Q30/02 ,  H04L67/50 ,  H04L67/306 ,  H04M3/22

Abstract: Methods and systems for creating demographic profiles of mobile communication network users. A demographic classification system analyzes network traffic, so as to estimate the specific combination of application classes installed on a given terminal, and usage patterns of the applications over time. This combination of application classes and their respective usage patterns are a highly personalized choice made by the user, and is therefore used by the system to deduce the user's demographic profile. The demographic classification system operates on monitored network traffic, as opposed to obtaining explicit and accurate information regarding the installed applications from the terminal. The system then deduces the demographic profile of the user from the list of estimated application classes.

公开(公告)号：US10454790B2

公开(公告)日：2019-10-22

申请号：US15935407

申请日：2018-03-26

Applicant: Verint Systems Ltd.

Inventor： Eithan Goldfarb ,  Yuval Altman ,  Naomi Frid ,  Gur Yaari

IPC: H04L12/26 ,  H04L29/06

Abstract: Methods and systems for analyzing flows of communication packets. A front-end processor associates input packets with flows and forwards each flow to the appropriate unit, typically by querying a flow table that holds a respective classification for each active flow. In general, flows that are not yet classified are forwarded to the classification unit, and the resulting classification is entered in the flow table. Flows that are classified as requested for further analysis are forwarded to an appropriate flow analysis unit. Flows that are classified as not requested for analysis are not subjected to further processing, e.g., discarded or allowed to pass.

公开(公告)号：US10117094B2

公开(公告)日：2018-10-30

申请号：US15696729

申请日：2017-09-06

Applicant: Verint Systems Ltd.

Inventor： Eithan Goldfarb

IPC: H04W12/02 ,  H04W12/12 ,  H04L29/06

Abstract: Methods and systems for identifying one or more rogue devices within a wireless communication network over a particular geographic location. A rogue base station detection system receives air interface transmissions from base stations belonging to a wireless communication network, as well as from one or more rogue base stations that do not belong to the network and are used for monitoring (e.g., hacking or eavesdropping) communication terminals communicating in the network. The system typically searches for signaling channels and converts the RF signal into GSM/UMTS messages including overcoming the different encryption methods used. The system than analyzes the received transmissions so as to identify suspicious transmissions that may be transmitted by the rogue base stations.

公开(公告)号：US09788196B2

公开(公告)日：2017-10-10

申请号：US13874332

申请日：2013-04-30

Applicant: Verint Systems Ltd.

Inventor： Eithan Goldfarb

IPC: H04W12/02 ,  H04L29/06 ,  H04W12/12

CPC classification number: H04W12/02 ,  H04L63/1408 ,  H04W12/12

Abstract: Methods and systems for identifying one or more rogue devices within a wireless communication network over a particular geographic location. A rogue base station detection system receives air interface transmissions from base stations belonging to a wireless communication network, as well as from one or more rogue base stations that do not belong to the network and are used for monitoring (e.g., hacking or eavesdropping) communication terminals communicating in the network. The system typically searches for signaling channels and converts the RF signal into GSM/UMTS messages including overcoming the different encryption methods used. The system than analyzes the received transmissions so as to identify suspicious transmissions that may be transmitted by the rogue base stations.