公开(公告)号：US20220174008A1

公开(公告)日：2022-06-02

申请号：US17518879

申请日：2021-11-04

Applicant: VERINT SYSTEMS LTD.

Inventor： Haim Zlatokrilov ,  Genady Malinsky ,  Yigal Weinberger

IPC: H04L45/74 ,  H04L61/2514 ,  H04L9/40 ,  H04L43/106 ,  H04L61/5007 ,  H04L61/256 ,  H04L69/16

Abstract: An apparatus for monitoring a plurality of devices that use a plurality of networks includes a network interface and a processor. The processor is configured to receive, via the network interface, a plurality of packets that were collectively communicated, from the devices, via all of the networks, to aggregate the packets, using at least one field that is included in respective packet headers of the packets, into a plurality of packet aggregations, such that all of the packets in each one of the packet aggregations were collectively communicated from no more than one of the devices, to group the packet aggregations into a plurality of groups, such that there is a one-to-one correspondence between the groups and the devices, in that all of the packets in each of the groups were collectively communicated from a different respective one of the devices, and to generate an output in response thereto.

公开(公告)号：US20190052713A1

公开(公告)日：2019-02-14

申请号：US16165216

申请日：2018-10-19

Applicant: VERINT SYSTEMS LTD.

Inventor： Haim Zlatokrilov

IPC: H04L29/08 ,  H04L12/859 ,  H04L12/851

Abstract: A monitoring system monitors traffic flows that are exchanged over a communication network. The system characterizes the flows in terms of their temporal traffic features, and uses this characterization to identify communication devices that participate in the same communication session. By identifying the communication devices that serve as endpoints in the same session, the system establishes correlations between the users of these communication devices. The monitoring system characterizes the flows using traffic features such as flow start time, flow end time, inter-burst time and burst size, and/or statistical properties of such features. The system typically generates compressed-form representations (“signatures”) for the traffic flows based on the temporal traffic features, and finds matching flows by finding similarities between signatures.

公开(公告)号：US11196670B2

公开(公告)日：2021-12-07

申请号：US16549703

申请日：2019-08-23

Applicant: Verint Systems, Ltd.

Inventor： Haim Zlatokrilov ,  Genady Malinsky ,  Yigal Weinberger

IPC: H04L12/741 ,  H04L29/12 ,  H04L29/06 ,  H04L12/26

Abstract: An apparatus for monitoring a plurality of devices that use a plurality of networks includes a network interface and a processor. The processor is configured to receive, via the network interface, a plurality of packets that were collectively communicated, from the devices, via all of the networks, to aggregate the packets, using at least one field that is included in respective packet headers of the packets, into a plurality of packet aggregations, such that all of the packets in each one of the packet aggregations were collectively communicated from no more than one of the devices, to group the packet aggregations into a plurality of groups, such that there is a one-to-one correspondence between the groups and the devices, in that all of the packets in each of the groups were collectively communicated from a different respective one of the devices, and to generate an output in response thereto.

公开(公告)号：US10432521B2

公开(公告)日：2019-10-01

申请号：US15416153

申请日：2017-01-26

Applicant: Verint Systems Ltd.

Inventor： Haim Zlatokrilov ,  Genady Malinsky ,  Yigal Weinberger

IPC: H04L12/741 ,  H04L12/26 ,  H04L29/12 ,  H04L29/06

Abstract: An apparatus for monitoring a plurality of devices that use a plurality of networks includes a network interface and a processor. The processor is configured to receive, via the network interface, a plurality of packets that were collectively communicated, from the devices, via all of the networks, to aggregate the packets, using at least one field that is included in respective packet headers of the packets, into a plurality of packet aggregations, such that all of the packets in each one of the packet aggregations were collectively communicated from no more than one of the devices, to group the packet aggregations into a plurality of groups, such that there is a one-to-one correspondence between the groups and the devices, in that all of the packets in each of the groups were collectively communicated from a different respective one of the devices, and to generate an output in response thereto.

公开(公告)号：US20170222922A1

公开(公告)日：2017-08-03

申请号：US15416153

申请日：2017-01-26

Applicant: Verint Systems Ltd.

Inventor： Haim Zlatokrilov ,  Genady Malinsky ,  Yigal Weinberger

IPC: H04L12/741 ,  H04L29/12 ,  H04L12/26 ,  H04L29/06

CPC classification number: H04L45/74 ,  H04L43/106 ,  H04L61/2007 ,  H04L61/2514 ,  H04L61/256 ,  H04L63/30 ,  H04L69/16

Abstract: An apparatus for monitoring a plurality of devices that use a plurality of networks includes a network interface and a processor. The processor is configured to receive, via the network interface, a plurality of packets that were collectively communicated, from the devices, via all of the networks, to aggregate the packets, using at least one field that is included in respective packet headers of the packets, into a plurality of packet aggregations, such that all of the packets in each one of the packet aggregations were collectively communicated from no more than one of the devices, to group the packet aggregations into a plurality of groups, such that there is a one-to-one correspondence between the groups and the devices, in that all of the packets in each of the groups were collectively communicated from a different respective one of the devices, and to generate an output in response thereto.

公开(公告)号：US20200059431A1

公开(公告)日：2020-02-20

申请号：US16549703

申请日：2019-08-23

Applicant: Verint Systems, Ltd.

Inventor： Haim Zlatokrilov ,  Genady Malinsky ,  Yigal Weinberger

IPC: H04L12/741 ,  H04L29/06 ,  H04L29/12 ,  H04L12/26

Abstract: An apparatus for monitoring a plurality of devices that use a plurality of networks includes a network interface and a processor. The processor is configured to receive, via the network interface, a plurality of packets that were collectively communicated, from the devices, via all of the networks, to aggregate the packets, using at least one field that is included in respective packet headers of the packets, into a plurality of packet aggregations, such that all of the packets in each one of the packet aggregations were collectively communicated from no more than one of the devices, to group the packet aggregations into a plurality of groups, such that there is a one-to-one correspondence between the groups and the devices, in that all of the packets in each of the groups were collectively communicated from a different respective one of the devices, and to generate an output in response thereto.

公开(公告)号：US10142426B2

公开(公告)日：2018-11-27

申请号：US15084408

申请日：2016-03-29

Applicant: VERINT SYSTEMS LTD.

Inventor： Haim Zlatokrilov

IPC: H04L29/08 ,  H04L12/851 ,  H04L12/859

Abstract: A monitoring system monitors traffic flows that are exchanged over a communication network. The system characterizes the flows in terms of their temporal traffic features, and uses this characterization to identify communication devices that participate in the same communication session. By identifying the communication devices that serve as endpoints in the same session, the system establishes correlations between the users of these communication devices. The monitoring system characterizes the flows using traffic features such as flow start time, flow end time, inter-burst time and burst size, and/or statistical properties of such features. The system typically generates compressed-form representations (“signatures”) for the traffic flows based on the temporal traffic features, and finds matching flows by finding similarities between signatures.

公开(公告)号：US20160285978A1

公开(公告)日：2016-09-29

申请号：US15084408

申请日：2016-03-29

Applicant: VERINT SYSTEMS LTD.

Inventor： Haim Zlatokrilov

IPC: H04L29/08 ,  H04L12/859 ,  H04L12/851

CPC classification number: H04L67/146 ,  H04L47/2475 ,  H04L47/2483

Abstract: A monitoring system monitors traffic flows that are exchanged over a communication network. The system characterizes the flows in terms of their temporal traffic features, and uses this characterization to identify communication devices that participate in the same communication session. By identifying the communication devices that serve as endpoints in the same session, the system establishes correlations between the users of these communication devices. The monitoring system characterizes the flows using traffic features such as flow start time, flow end time, inter-burst time and burst size, and/or statistical properties of such features. The system typically generates compressed-form representations (“signatures”) for the traffic flows based on the temporal traffic features, and finds matching flows by finding similarities between signatures.

Abstract translation: 监视系统监视通过通信网络交换的业务流。 该系统根据其时间业务特征来描述流，并且使用该表征来识别参与相同通信会话的通信设备。 通过识别在同一会话中用作端点的通信设备，系统建立这些通信设备的用户之间的相关性。 监测系统利用诸如流动起始时间，流动结束时间，突发间时间和突发大小之类的流量特征和/或这些特征的统计特性来表征流量。 该系统通常基于时间流量特征生成用于业务流的压缩形式表示（“签名”），并且通过查找签名之间的相似性来找到匹配流。