公开(公告)号：US20170104778A1

公开(公告)日：2017-04-13

申请号：US15291331

申请日：2016-10-12

Applicant: Verint Systems Ltd. ,  B. G. NEGEV TECHNOLOGIES AND APPLICATIONS LTD.

Inventor： Asaf Shabtai ,  Rami Puzis ,  Lior Rokach ,  Liran Orevi ,  Genady Malinsky ,  Ziv Katzir ,  Ron Bitton

IPC: H04L29/06 ,  G06N99/00

CPC classification number: H04L63/1425 ,  G06F21/552 ,  G06F2221/034 ,  G06N20/00 ,  H04L63/1408 ,  H04L63/1441

Abstract: Described embodiments include a system that includes a monitoring agent, configured to automatically monitor usage of a computing device by a user, and a processor. The processor is configured to compute, based on the monitoring, a score indicative of a cyber-security awareness of the user, and to generate an output indicative of the score.

公开(公告)号：US11601452B2

公开(公告)日：2023-03-07

申请号：US16658797

申请日：2019-10-21

Applicant: Verint Systems Ltd.

Inventor： Asaf Shabtai ,  Rami Puzis ,  Lior Rokach ,  Liran Orevi ,  Genady Malinsky ,  Ziv Katzir ,  Ron Bitton

IPC: H04L9/40 ,  G06N20/00 ,  G06F21/55

Abstract: Described embodiments include a system that includes a monitoring agent, configured to automatically monitor usage of a computing device by a user, and a processor. The processor is configured to compute, based on the monitoring, a score indicative of a cyber-security awareness of the user, and to generate an output indicative of the score.

公开(公告)号：US11303652B2

公开(公告)日：2022-04-12

申请号：US17154135

申请日：2021-01-21

Applicant: Verint Systems Ltd.

Inventor： Ziv Katzir ,  Gershon Celniker ,  Hed Kovetz

IPC: H04L29/06 ,  G06N20/00 ,  G06N20/10 ,  G06N5/00

Abstract: Embodiments for generating appropriate data sets for learning to identify user actions. A user uses one or more applications over a suitable period of time. As the user uses the applications, a monitoring device, acting as a “man-in-the-middle,” intermediates the exchange of encrypted communication between the applications and the servers that serve the applications. The monitoring device obtains, for each action performed by the user, two corresponding (bidirectional) flows of communication: an encrypted flow, and an unencrypted flow. Since the unencrypted flow indicates the type of action that was performed by the user, the correspondence between the encrypted flow and the unencrypted flow may be used to automatically label the encrypted flow, without decrypting the encrypted flow. Features of the encrypted communication may then be stored in association with the label to automatically generate appropriately-sized learning set for each application of interest.

公开(公告)号：US20160189160A1

公开(公告)日：2016-06-30

申请号：US14980811

申请日：2015-12-28

Applicant: Verint Systems Ltd.

Inventor： Ziv Katzir

IPC: G06Q20/40

CPC classification number: G06Q20/4014 ,  G06Q20/0855

Abstract: Methods and systems for deanonymizing digital currency users and transactions. The deanonymization system monitors communication sessions that are conducted in a communication network. From among the monitored sessions, the system detects sessions in which users carry out digital currency transactions. Having detected such a session, the system attempts to deanonymize the user, i.e., to correlate the digital currency pseudonym given in the session with some other information that is indicative of the user. The system may determined the identity of the terminal on which the user conducts the session, and uses the identity of the terminal to establish a correlation between the pseudonym and the user. In some cases the terminal is known to belong to a specific user.

Abstract translation: 对数字货币用户和交易进行脱名的方法和系统。 脱离系统监视在通信网络中进行的通信会话。 在受监视的会话中，系统检测用户执行数字货币交易的会话。 在检测到这样的会话之后，系统尝试对用户进行去匿名，即将会话中给出的数字货币假名与指示用户的一些其它信息相关联。 系统可以确定用户进行会话的终端的身份，并且使用终端的身份来建立假名和用户之间的相关性。 在某些情况下，终端被称为属于特定用户。

公开(公告)号：US20210168158A1

公开(公告)日：2021-06-03

申请号：US17154135

申请日：2021-01-21

Applicant: Verint Systems Ltd.

Inventor： Ziv Katzir ,  Gershon Celnicker ,  Hed Kovetz

IPC: H04L29/06 ,  G06N20/00

Abstract: Embodiments for generating appropriate data sets for learning to identify user actions. A user uses one or more applications over a suitable period of time. As the user uses the applications, a monitoring device, acting as a “man-in-the-middle,” intermediates the exchange of encrypted communication between the applications and the servers that serve the applications. The monitoring device obtains, for each action performed by the user, two corresponding (bidirectional) flows of communication: an encrypted flow, and an unencrypted flow. Since the unencrypted flow indicates the type of action that was performed by the user, the correspondence between the encrypted flow and the unencrypted flow may be used to automatically label the encrypted flow, without decrypting the encrypted flow. Features of the encrypted communication may then be stored in association with the label to automatically generate appropriately-sized learning set for each application of interest.

公开(公告)号：US20200169571A1

公开(公告)日：2020-05-28

申请号：US16694020

申请日：2019-11-25

Applicant: Verint Systems Ltd.

Inventor： Ziv Katzir ,  Gershon Celnicker ,  Hed Kovetz

IPC: H04L29/06 ,  G06N20/00

Abstract: Embodiments for generating appropriate data sets for learning to identify user actions. A user uses one or more applications over a suitable period of time. As the user uses the applications, a monitoring device, acting as a “man-in-the-middle,” intermediates the exchange of encrypted communication between the applications and the servers that serve the applications. The monitoring device obtains, for each action performed by the user, two corresponding (bidirectional) flows of communication: an encrypted flow, and an unencrypted flow. Since the unencrypted flow indicates the type of action that was performed by the user, the correspondence between the encrypted flow and the unencrypted flow may be used to automatically label the encrypted flow, without decrypting the encrypted flow. Features of the encrypted communication may then be stored in association with the label to automatically generate appropriately-sized learning set for each application of interest.

公开(公告)号：US10944763B2

公开(公告)日：2021-03-09

申请号：US16694020

申请日：2019-11-25

Applicant: Verint Systems Ltd.

Inventor： Ziv Katzir ,  Gershon Celnicker ,  Hed Kovetz

IPC: H04L29/06 ,  G06N20/00 ,  G06N20/10 ,  G06N5/00

Abstract: Embodiments for generating appropriate data sets for learning to identify user actions. A user uses one or more applications over a suitable period of time. As the user uses the applications, a monitoring device, acting as a “man-in-the-middle,” intermediates the exchange of encrypted communication between the applications and the servers that serve the applications. The monitoring device obtains, for each action performed by the user, two corresponding (bidirectional) flows of communication: an encrypted flow, and an unencrypted flow. Since the unencrypted flow indicates the type of action that was performed by the user, the correspondence between the encrypted flow and the unencrypted flow may be used to automatically label the encrypted flow, without decrypting the encrypted flow. Features of the encrypted communication may then be stored in association with the label to automatically generate appropriately-sized learning set for each application of interest.

公开(公告)号：US10454958B2

公开(公告)日：2019-10-22

申请号：US15291331

申请日：2016-10-12

Applicant: Verint Systems Ltd. ,  B. G. NEGEV TECHNOLOGIES AND APPLICATIONS LTD.

Inventor： Asaf Shabtai ,  Rami Puzis ,  Lior Rokach ,  Liran Orevi ,  Genady Malinsky ,  Ziv Katzir ,  Ron Bitton

IPC: H04L29/06 ,  G06N20/00 ,  G06F21/55

Abstract: Described embodiments include a system that includes a monitoring agent, configured to automatically monitor usage of a computing device by a user, and a processor. The processor is configured to compute, based on the monitoring, a score indicative of a cyber-security awareness of the user, and to generate an output indicative of the score.

公开(公告)号：US20200053114A1

公开(公告)日：2020-02-13

申请号：US16658797

申请日：2019-10-21

Applicant: Verint Systems Ltd.

Inventor： Asaf Shabtai ,  Rami Puzis ,  Lior Rokach ,  Liran Orevi ,  Genady Malinsky ,  Ziv Katzir ,  Ron Bitton

IPC: H04L29/06 ,  G06F21/55 ,  G06N20/00

Abstract: Described embodiments include a system that includes a monitoring agent, configured to automatically monitor usage of a computing device by a user, and a processor. The processor is configured to compute, based on the monitoring, a score indicative of a cyber-security awareness of the user, and to generate an output indicative of the score.

公开(公告)号：US20180260705A1

公开(公告)日：2018-09-13

申请号：US15911223

申请日：2018-03-05

Applicant: Verint Systems Ltd.

Inventor： Rami Puzis ,  Asaf Shabtai ,  Gershon Celniker ,  Liron Rosenfeld ,  Ziv Katzir ,  Edita Grolman

IPC: G06N3/08 ,  G06N3/04

CPC classification number: G06N3/08 ,  G06N3/0454 ,  G06Q30/02 ,  H04L67/22 ,  H04W4/21

Abstract: Methods and systems for analyzing encrypted traffic, such as to identify, or “classify,” the user actions that generated the traffic. Such classification is performed, even without decrypting the traffic, based on features of the traffic. Such features may include statistical properties of (i) the times at which the packets in the traffic were received, (ii) the sizes of the packets, and/or (iii) the directionality of the packets. To classify the user actions, a processor receives the encrypted traffic and ascertains the types (or “classes”) of user actions that generated the traffic. Unsupervised or semi-supervised transfer-learning techniques may be used to perform the classification process. Using transfer-learning techniques facilitates adapting to different runtime environments, and to changes in the patterns of traffic generated in these runtime environments, without requiring the large amount of time and resources involved in conventional supervised-learning techniques.