-
公开(公告)号:US20210152512A1
公开(公告)日:2021-05-20
申请号:US17159544
申请日:2021-01-27
Applicant: Verint Systems Ltd.
Inventor: Offri Gil , Pinchas Birenbaum , Yitshak Yishay
Abstract: Systems and methods for passive monitoring of computer communication that does not require performing any decryption. A monitoring system receives the traffic exchanged with each relevant application server, and identifies, in the traffic, sequences of messages—or “n-grams”—that appear to belong to a communication session between a pair of users. Subsequently, based on the numbers and types of identified n-grams, the system identifies each pair of users that are likely to be related to one another via the application, in that these users used the application to communicate (actively and/or passively) with one another. The system may identify those sequences of messages that, by virtue of the sizes of the messages in the sequence, and/or other properties of the messages that are readily discernable, indicate a possible user-pair relationship.
-
公开(公告)号:US11444956B2
公开(公告)日:2022-09-13
申请号:US17221779
申请日:2021-04-03
Applicant: VERINT SYSTEMS LTD.
Inventor: Offri Gil , Omer Ziv , Yuval Altman , Yaron Gvilli , Hodaya Shabtay , Omri David , Yitshak Yishay
IPC: H04L9/40 , H04L9/06 , G06F16/951 , H04L67/104 , H04L61/5007 , H04L9/00
Abstract: A traffic-monitoring system that monitors encrypted traffic exchanged between IP addresses used by devices and a network, and further receives the user-action details that are passed over the network. By correlating between the times at which the encrypted traffic is exchanged and the times at which the user-action details are received, the system associates the user-action details with the IP addresses. In particular, for each action specified in the user-action details, the system identifies one or more IP addresses that may be the source of the action. Based on the IP addresses, the system may identify one or more users who may have performed the action. The system may correlate between the respective action-times of the encrypted actions and the respective approximate action-times of the indicated actions. The system may hypothesize that the indicated action may correspond to one of the encrypted actions having these action-times.
-
公开(公告)号:US20190215293A1
公开(公告)日:2019-07-11
申请号:US16228929
申请日:2018-12-21
Applicant: Verint Systems LTD.
Inventor: Offri Gil , Pinhas Birenbaum , Itzhak Yishai
CPC classification number: H04L51/28 , G06K9/6257 , G06N20/00 , H04L51/16
Abstract: Systems and methods for passive monitoring of computer communication that does not require performing any decryption. A monitoring system receives the traffic exchanged with each relevant application server, and identifies, in the traffic, sequences of messages—or “n-grams”—that appear to belong to a communication session between a pair of users. Subsequently, based on the numbers and types of identified n-grams, the system identifies each pair of users that are likely to be related to one another via the application, in that these users used the application to communicate (actively and/or passively) with one another. The system may identify those sequences of messages that, by virtue of the sizes of the messages in the sequence, and/or other properties of the messages that are readily discernable, indicate a possible user-pair relationship.
-
公开(公告)号:US20200304519A1
公开(公告)日:2020-09-24
申请号:US16823421
申请日:2020-03-19
Applicant: Verint Systems Ltd.
Inventor: Offri Gil , Omer Ziv , Yuval Altman
IPC: H04L29/06 , H04L29/12 , H04L29/08 , H04L9/06 , G06F16/951
Abstract: A traffic-monitoring system that monitors encrypted traffic exchanged between IP addresses used by devices and a network, and further receives the user-action details that are passed over the network. By correlating between the times at which the encrypted traffic is exchanged and the times at which the user-action details are received, the system associates the user-action details with the IP addresses. In particular, for each action specified in the user-action details, the system identifies one or more IP addresses that may be the source of the action. Based on the IP addresses, the system may identify one or more users who may have performed the action. The system may correlate between the respective action-times of the encrypted actions and the respective approximate action-times of the indicated actions. The system may hypothesize that the indicated action may correspond to one of the encrypted actions having these action-times.
-
Patent Agency Ranking
公开(公告)号:US11336609B2
公开(公告)日:2022-05-17
申请号:US17159544
申请日:2021-01-27
Applicant: Verint Systems Ltd.
Inventor: Offri Gil , Pinchas Birenbaum , Yitshak Yishay
Abstract: Systems and methods for passive monitoring of computer communication that does not require performing any decryption. A monitoring system receives the traffic exchanged with each relevant application server, and identifies, in the traffic, sequences of messages—or “n-grams”—that appear to belong to a communication session between a pair of users. Subsequently, based on the numbers and types of identified n-grams, the system identifies each pair of users that are likely to be related to one another via the application, in that these users used the application to communicate (actively and/or passively) with one another. The system may identify those sequences of messages that, by virtue of the sizes of the messages in the sequence, and/or other properties of the messages that are readily discernable, indicate a possible user-pair relationship.
-
公开(公告)号:US20220038466A1
公开(公告)日:2022-02-03
申请号:US17221779
申请日:2021-04-03
Applicant: VERINT SYSTEMS LTD.
Inventor: Offri Gil , Omer Ziv , Yuval Altman , Yaron Gvilli , Hodaya Shabtay , Omri David , Yitshak Yishay
IPC: H04L29/06 , H04L29/12 , H04L9/06 , G06F16/951 , H04L29/08
Abstract: A traffic-monitoring system that monitors encrypted traffic exchanged between IP addresses used by devices and a network, and further receives the user-action details that are passed over the network. By correlating between the times at which the encrypted traffic is exchanged and the times at which the user-action details are received, the system associates the user-action details with the IP addresses. In particular, for each action specified in the user-action details, the system identifies one or more IP addresses that may be the source of the action. Based on the IP addresses, the system may identify one or more users who may have performed the action. The system may correlate between the respective action-times of the encrypted actions and the respective approximate action-times of the indicated actions. The system may hypothesize that the indicated action may correspond to one of the encrypted actions having these action-times.
-
公开(公告)号:US10999295B2
公开(公告)日:2021-05-04
申请号:US16823421
申请日:2020-03-19
Applicant: Verint Systems Ltd.
Inventor: Offri Gil , Omer Ziv , Yuval Altman , Yaron Gvili , Hodaya Shabtay , Omri David , Yitshak Yishay
IPC: H04L29/06 , H04L29/12 , H04L9/06 , G06F16/951 , H04L29/08
Abstract: A traffic-monitoring system that monitors encrypted traffic exchanged between IP addresses used by devices and a network, and further receives the user-action details that are passed over the network. By correlating between the times at which the encrypted traffic is exchanged and the times at which the user-action details are received, the system associates the user-action details with the IP addresses. In particular, for each action specified in the user-action details, the system identifies one or more IP addresses that may be the source of the action. Based on the IP addresses, the system may identify one or more users who may have performed the action. The system may correlate between the respective action-times of the encrypted actions and the respective approximate action-times of the indicated actions. The system may hypothesize that the indicated action may correspond to one of the encrypted actions having these action-times.
-
公开(公告)号:US10958613B2
公开(公告)日:2021-03-23
申请号:US16228929
申请日:2018-12-21
Applicant: Verint Systems LTD.
Inventor: Offri Gil , Pinchas Birenbaum , Yitshak Yishay
Abstract: Systems and methods for passive monitoring of computer communication that does not require performing any decryption. A monitoring system receives the traffic exchanged with each relevant application server, and identifies, in the traffic, sequences of messages—or “n-grams”—that appear to belong to a communication session between a pair of users. Subsequently, based on the numbers and types of identified n-grams, the system identifies each pair of users that are likely to be related to one another via the application, in that these users used the application to communicate (actively and/or passively) with one another. The system may identify those sequences of messages that, by virtue of the sizes of the messages in the sequence, and/or other properties of the messages that are readily discernable, indicate a possible user-pair relationship.
-
公开(公告)号:US20200042897A1
公开(公告)日:2020-02-06
申请号:US16527373
申请日:2019-07-31
Applicant: Verint Systems LTD.
Inventor: Gal Fridman , Offri Gil , Omer Ziv
Abstract: Machine learning techniques for classifying encrypted traffic with a high degree of accuracy. The techniques do not require decrypting any traffic and may not require any manually-labeled traffic samples. An automated system uses an application of interest to perform a large number of user actions of various types. The system further records, in a log, the respective times at which the actions were performed. The system further receives the encrypted traffic exchanged between the system and the application server, and records properties of this traffic in a time series. Subsequently, by correlating between the times in the log and the times at which the traffic was received, the system matches each of the user actions with a corresponding portion of the traffic, which is assumed to have been generated by the user action. The system thus automatically builds a labeled training set, which may be used to train a network-traffic classifier.
-
-
-
-
-
-
-
-
Search Results
9
records
(took 0.02 seconds)
