公开(公告)号：US20240396932A1

公开(公告)日：2024-11-28

申请号：US18794606

申请日：2024-08-05

Applicant: Radware Ltd.

Inventor： Ehud DORON ,  Alon TAMIR ,  David AVIV

IPC: H04L9/40

Abstract: A method and device for generating application-layer signatures characterizing advanced application-layer attacks are provided. The method includes computing, based on applicative peacetime baseline distributions and attack distributions of applicative attributes included in application-layer transactions directed to a protected entity, an attacker probability of an attacker executing an ongoing application-layer attack; comparing the attacker probability computed for each of the applicative attributes to a dynamic attacker probability threshold; and including in an application-layer signature eligible applicative attributes having an attacker probability higher than the dynamic attacker threshold, wherein the application-layer signature includes an inclusive section and an exclusive section, and wherein the application-layer signature is indicative of an ongoing attack based on one of the exclusive section and the inclusive section.

公开(公告)号：US20240169061A1

公开(公告)日：2024-05-23

申请号：US18398997

申请日：2023-12-28

Applicant: Radware Ltd.

Inventor： Ehud DORON ,  Alon TAMIR ,  David AVIV

IPC: G06F21/56 ,  G06N20/00

CPC classification number: G06F21/56 ,  G06N20/00 ,  G06F2221/034

Abstract: A system and method for learning attack-safe baseline are provided. The method includes receiving application-layer transactions directed to a protected entity; measuring values of a rate-based attribute and a rate-invariant attribute from the received application-layer transactions; determining, based on the measured rate-based attribute, if the received application-layer transactions represent a normal behavior; computing at least one baseline using application-layer transactions determined to represent the normal behavior; and validating the at least one computed baseline using the measured rate-invariant attribute and rate-based attribute.

公开(公告)号：US11991205B2

公开(公告)日：2024-05-21

申请号：US17132677

申请日：2020-12-23

Applicant: RADWARE, LTD.

Inventor： Ehud Doron ,  Nir Ilani ,  David Aviv ,  Yotam Ben Ezra ,  Amit Bismut ,  Yuriy Arbitman

IPC: H04L29/06 ,  H04L9/40 ,  H04L67/02

CPC classification number: H04L63/1458 ,  H04L63/0209 ,  H04L63/101 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/20 ,  H04L67/02 ,  H04L2463/141

Abstract: A method and system for protecting cloud-hosted applications against application-layer slow DDoS attacks are provided. The system include a processing circuitry; and a memory connected to the processor, the memory contains instructions that when executed by the processing circuitry, configure the system to: collect telemetries from a plurality of sources deployed in a plurality of public cloud computing platforms, wherein each of the plurality of public cloud computing platforms hosts an instance of a protected cloud-hosted application; provide a set of rate-based and rate-invariant features based on the collected telemetries; evaluate each feature in the set of rate-based and rate-invariant features to determine whether a behavior of each feature and a behavior of the set of rate-based and rate-invariant features indicate a potential application-layer slow DDoS attack; and cause execution of a mitigation action, when an indication of a potential application-layer slow DDoS attack is determined.

公开(公告)号：US20230283609A1

公开(公告)日：2023-09-07

申请号：US18315318

申请日：2023-05-10

Applicant: Radware Ltd.

Inventor： Alon LELCUK ,  David AVIV

IPC: H04L9/40 ,  G06Q20/38 ,  H04L9/06 ,  H04L9/32

CPC classification number: H04L63/10 ,  H04L63/1441 ,  H04L63/20 ,  G06Q20/3823 ,  H04L9/0637 ,  H04L9/3213 ,  H04L2463/144 ,  H04L9/50

Abstract: A method for protecting entities against bots is provided. The method includes identifying a request from a client to access a protected entity; selecting an access policy in response to the access request, wherein the access policy includes at least one challenge to be performed by the client; identifying results of the at least one challenge, wherein the results are provided by the client upon completion of the challenge; determining a bias of the client based on the completion results, wherein the determined bias is utilized for a cyber-security assessment of the client; and granting access to the protected entity by the client based on the determined bias.

公开(公告)号：US20230262096A1

公开(公告)日：2023-08-17

申请号：US18302851

申请日：2023-04-19

Applicant: Radware Ltd.

Inventor： Adi RAFF ,  Amnon LOTEM ,  Yaniv AMRAM ,  Leo REZNIK ,  Tal HALPERN ,  Nissim PARIENTE

IPC: H04L9/40 ,  H04L41/28

CPC classification number: H04L63/20 ,  H04L41/28 ,  H04L63/0263 ,  H04L63/101

Abstract: Arrangement for hardening cloud security policies of a cloud computing platform includes analyzing a plurality of permission usage maps, one for each cloud entity of a plurality of cloud entities included in the computing platform to discover at least one hardening gap, wherein each hardening gap is at least a difference between permissions granted and permissions used by one of the cloud entities, wherein each of the permission usage maps represents the permissions granted to a respective one of the cloud entities and the permissions used by that respective at least one of the cloud entities; for each discovered hardening gap, computing a risk score designating a potential risk reduction achieved by addressing the hardening gap; generating at least one hardening recommendation for the at least one hardening gap and its respective computed risk score; and applying the at least one hardening recommendation, thereby hardening the cloud computing platform.

公开(公告)号：US11606387B2

公开(公告)日：2023-03-14

申请号：US16227912

申请日：2018-12-20

Applicant: RADWARE, LTD.

Inventor： Ehud Doron ,  Yotam Ben Ezra ,  David Aviv

IPC: H04L9/40 ,  G06N20/00

Abstract: A system and method for reducing a time to mitigate distributed denial of service (DDoS) attacks are provided. The method includes receiving a plurality of attack feeds on at least one protected object in a secured environment; analyzing the plurality of attack feeds to determine characteristics of a DDoS attack against the secure environment; determining a set of optimal mitigation resources assigned to the secured environment; selecting, based on the set of optimal mitigation resources and the attack characteristics, at least one optimal workflow scheme; and initiating a proactive mitigation action by setting each mitigation resource in the set of optimal mitigation resources according to the selected optimal workflow scheme.

公开(公告)号：US11552989B1

公开(公告)日：2023-01-10

申请号：US17456329

申请日：2021-11-23

Applicant: RADWARE LTD.

Inventor： Ehud Doron ,  Koral Haham ,  David Aviv

IPC: H04L9/40

Abstract: A method and system for characterizing application layer flood denial-of-service (DDoS) attacks carried by advanced application layer flood attack tools. The method comprises receiving an indication on an on-going DDoS attack directed toward a protected entity; analyzing requests received during the on-going DDoS attack to determine a plurality of different attributes of the received requests; generating a dynamic applicative multi-paraphrase signature by clustering at least one value of the plurality of different attributes, wherein the multi-paraphrase signature characterizes requests with different attributes as generated by an advanced application layer flood attack tool executing the on-going DDoS attack; and characterizing each incoming request based on the multi-paraphrase signature, wherein the characterization provides an indication for each incoming request whether a request is generated by the attack tool.

公开(公告)号：US11363044B2

公开(公告)日：2022-06-14

申请号：US16453035

申请日：2019-06-26

Applicant: RADWARE, LTD.

Inventor： Ehud Doron ,  Lev Medvedovsky ,  David Aviv ,  Eyal Rundstein ,  Ronit Lubitch Greenberg ,  Avishay Balderman

IPC: H04L29/06 ,  H04L9/40

Abstract: A method for detecting hypertext transfer protocol secure (HTTPS) flood denial-of-service (DDoS) attacks. The method estimating traffic telemetries of at least ingress traffic directed to a protected entity; providing at least one rate-base feature and at least one rate-invariant feature based on the estimated traffic telemetries, wherein the rate-base feature and the rate-invariant feature demonstrate a normal behavior of HTTPS traffic directed to the protected entity; evaluating the at least one rate-base feature and the at least one rate-invariant feature with respect to at least one baseline to determine whether the behavior of the at least HTTPS traffic indicates a potential HTTPS flood DDoS attack; and causing execution of a mitigation action when an indication of a potential HTTPS flood DDoS attack is determined.

公开(公告)号：US20210226988A1

公开(公告)日：2021-07-22

申请号：US17138029

申请日：2020-12-30

Applicant: RADWARE, LTD.

Inventor： David AVIV ,  Doron SHAVIT ,  Benny ROCHWERGER

IPC: H04L29/06

Abstract: A system, and method therefor for disaggregated detection denial-of-service (DDoS) are provided. The system includes a plurality of detectors deployed on a plurality of network nodes, wherein each network node is connected to an edge network, wherein one detector of the plurality of detectors is deployed in each of the plurality of network nodes, wherein each of the plurality of detectors is configured to detect and characterize at least a DDoS attack by analyzing telemetries received by the respective network node in which the detector is deployed.

公开(公告)号：US10924484B2

公开(公告)日：2021-02-16

申请号：US15994434

申请日：2018-05-31

Applicant: RADWARE, LTD.

Inventor： Alon Lelcuk ,  David Aviv

IPC: H04L29/06 ,  G06Q20/38 ,  H04L9/06 ,  H04L9/32

Abstract: A method and system for determining a cost to allow a blockchain-based admission to a protected entity. The method includes identifying, in a blockchain network, a conversion transaction identifying a conversion of a first-type of access tokens with access tokens of a second-type, wherein the transaction designates at least the protected entity; determining a conversion value for converting the first-type of access tokens into the second-type access tokens, wherein the conversion value is determined based on at least one access parameter; and converting, based on the determined conversion value, a first sum of the first-type access tokens into a second sum of the second-type access-tokens, wherein a client spends the second sum of the second-type access tokens to access the protected entity, the determined conversion value is the access cost to the protected entity.