Patents by Inventor Asaf Shahar
Asaf Shahar has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11516239Abstract: System, device, and method of adaptive network protection for managed Internet-of-Things (IoT) services. A network traffic monitoring unit monitors data traffic, operations-and-management traffic, and control messages, that relate to cellular communication between an IoT device and a core cellular network. An IoT grouping unit groups multiple IoT devices into a particular IoT group. A baseline behavior determination unit determines a Regular Baseline Cellular Communication Behavior (RBCCB) profile that characterizes the cellular communications that are outgoing from and incoming to each member of the particular IoT group. An outlier detector subsequently detects that a particular IoT device of that particular IoT group, exhibits cellular traffic characteristics that are abnormal relative to the RBCCB profile that was characterized for that particular IoT group.Type: GrantFiled: November 4, 2020Date of Patent: November 29, 2022Assignee: ALLOT LTD.Inventors: Nimrod Dezent, Itai Ephraim Zilbershtein, Asaf Shahar
-
Patent number: 11089049Abstract: A system monitors network activity of an end-user device that communicates with servers over a communications network. The performs analysis of packets of data that are transported via the network. The system detects a first set of communications in which a first server infects the end-user device with a cryptocurrency mining malware; a second set of communications, in which a second server activates the end-user device as an activated cryptocurrency mining bot; and a third set of communications, in which the second server allocates a cryptocurrency mining task to the end-user device and later receives a cryptocurrency mining output from the end-user device. The system determines that the first server is a malicious infecting web-server; that the second server is a malicious Command and Control server of a distributed bot-net of cryptocurrency mining bots; and that the end-user device is an infected and activated and operational cryptocurrency mining bot.Type: GrantFiled: May 24, 2018Date of Patent: August 10, 2021Assignee: ALLOT LTD.Inventors: Alon Hazay, Asaf Shahar
-
Publication number: 20210051167Abstract: System, device, and method of adaptive network protection for managed Internet-of-Things (IoT) services. A network traffic monitoring unit monitors data traffic, operations-and-management traffic, and control messages, that relate to cellular communication between an IoT device and a core cellular network. An IoT grouping unit groups multiple IoT devices into a particular IoT group. A baseline behavior determination unit determines a Regular Baseline Cellular Communication Behavior (RBCCB) profile that characterizes the cellular communications that are outgoing from and incoming to each member of the particular IoT group. An outlier detector subsequently detects that a particular IoT device of that particular IoT group, exhibits cellular traffic characteristics that are abnormal relative to the RBCCB profile that was characterized for that particular IoT group.Type: ApplicationFiled: November 4, 2020Publication date: February 18, 2021Inventors: Nimrod Dezent, Itai Ephraim Zilbershtein, Asaf Shahar
-
Patent number: 10862911Abstract: System, device, and method of adaptive network protection for managed Internet-of-Things (IoT) services. A network traffic monitoring unit monitors data traffic, operations-and-management traffic, and control messages, that relate to cellular communication between an IoT device and a core cellular network. An IoT grouping unit groups multiple IoT devices into a particular IoT group. A baseline behavior determination unit determines a Regular Baseline Cellular Communication Behavior (RBCCB) profile that characterizes the cellular communications that are outgoing from and incoming to each member of the particular IoT group. An outlier detector subsequently detects that a particular IoT device of that particular IoT group, exhibits cellular traffic characteristics that are abnormal relative to the RBCCB profile that was characterized for that particular IoT group.Type: GrantFiled: June 26, 2018Date of Patent: December 8, 2020Assignee: ALLOT LTD.Inventors: Nimrod Dezent, Itai Ephraim Zilbershtein, Asaf Shahar
-
Patent number: 10749798Abstract: System, device, and method of deploying layer-3 transparent cloud-based proxy network element. A virtual network function is defined between a west-side router and an east-side router. A west-side interface receives east-bound traffic from a west-side Virtual LAN. East-bound queries from the west-bound router, are intercepted and responded to by the west-side interface, the response indicating the MAC address of the west-side router instead of the east-side router. The system enables the virtual network function to transparently intercept network traffic, and to selectively apply to such traffic one or more network functions or operations, prior to forwarding the traffic or a modified version thereof to the east-side router, in a Layer-3 transparent manner.Type: GrantFiled: January 8, 2019Date of Patent: August 18, 2020Assignee: ALLOT COMMUNICATIONS LTD.Inventors: Alon Hazay, Asaf Shahar
-
Publication number: 20200220814Abstract: System, device, and method of deploying layer-3 transparent cloud-based proxy network element. A virtual network function is defined between a west-side router and an east-side router. A west-side interface receives east-bound traffic from a west-side Virtual LAN. East-bound queries from the west-bound router, are intercepted and responded to by the west-side interface, the response indicating the MAC address of the west-side router instead of the east-side router. The system enables the virtual network function to transparently intercept network traffic, and to selectively apply to such traffic one or more network functions or operations, prior to forwarding the traffic or a modified version thereof to the east-side router, in a Layer-3 transparent manner.Type: ApplicationFiled: January 8, 2019Publication date: July 9, 2020Inventors: Alon Hazay, Asaf Shahar
-
Publication number: 20190364057Abstract: A system monitors network activity of an end-user device that communicates with servers over a communications network. The performs analysis of packets of data that are transported via the network. The system detects a first set of communications in which a first server infects the end-user device with a cryptocurrency mining malware; a second set of communications, in which a second server activates the end-user device as an activated cryptocurrency mining bot; and a third set of communications, in which the second server allocates a cryptocurrency mining task to the end-user device and later receives a cryptocurrency mining output from the end-user device. The system determines that the first server is a malicious infecting web-server; that the second server is a malicious Command and Control server of a distributed bot-net of cryptocurrency mining bots; and that the end-user device is an infected and activated and operational cryptocurrency mining bot.Type: ApplicationFiled: May 24, 2018Publication date: November 28, 2019Inventors: Alon Hazay, Asaf Shahar
-
Publication number: 20180375887Abstract: System, device, and method of adaptive network protection for managed Internet-of-Things (IoT) services. A network traffic monitoring unit monitors data traffic, operations-and-management traffic, and control messages, that relate to cellular communication between an IoT device and a core cellular network. An IoT grouping unit groups multiple IoT devices into a particular IoT group. A baseline behavior determination unit determines a Regular Baseline Cellular Communication Behavior (RBCCB) profile that characterizes the cellular communications that are outgoing from and incoming to each member of the particular IoT group. An outlier detector subsequently detects that a particular IoT device of that particular IoT group, exhibits cellular traffic characteristics that are abnormal relative to the RBCCB profile that was characterized for that particular IoT group.Type: ApplicationFiled: June 26, 2018Publication date: December 27, 2018Inventors: Nimrod Dezent, Itai Ephraim Zilbershtein, Asaf Shahar
-
Patent number: 9578547Abstract: A method for alleviation of congestion in a mobile communications network includes detecting congested cells in the mobile communications network, identifying subscribers with active data sessions in the congested cells; and optimizing bandwidth usage for at least one of the identified subscribers. A bandwidth optimization system includes a network sampling interface to receive at least subscriber, cell and data session identifiers from a network data packet sampler, where the sampler identifies the identifiers from internal data traffic within a mobile communications network, and a network awareness engine (NAE) to at least cross reference the identifiers with external data traffic output by the mobile communications network to at least detect congested cells and associated subscriber data sessions emanating from the mobile communications network.Type: GrantFiled: August 25, 2015Date of Patent: February 21, 2017Assignee: ALLOT COMMUNICATIONS LTD.Inventors: Andrei Elefant, Amir Hochbaum, Israel Jay Klein, Yaniv Sulkes, Asaf Shahar
-
Patent number: 9391901Abstract: System and method of predictive Internet traffic steering. An Internet steering gateway decouples between traffic classification and traffic steering, and includes: a deep packet inspection (DPI) utility to ascertain an indication of a destination remote application server (RAS) from an initial packet of a data session in a network; a RAS database to store an optimization profile for each RAS; and a steering utility to look-up, based on the RAS addressing information that was determined by the DPI utility inspection of the initial packet of the data session, an indicated RAS in the RAS database. The steering utility steers the data session to an external optimization platform (EOP) based on the associated profile in the RAS database.Type: GrantFiled: November 9, 2015Date of Patent: July 12, 2016Assignee: ALLOT COMMUNICATIONS LTD.Inventor: Asaf Shahar
-
Patent number: 9392126Abstract: A cellular traffic monitoring system includes: a traffic detection function (TDF) module to monitor cellular traffic associated with a cellular subscriber device, and to generate detection output which includes at least one of: a type of an application associated with the cellular traffic of the cellular subscriber device, and a type of the cellular traffic of the cellular subscriber device. The cellular traffic monitoring system further includes a policy charging and enforcement function (PCEF) module to enforce one or more charging rules to the cellular subscriber device, based on the detection output.Type: GrantFiled: November 1, 2015Date of Patent: July 12, 2016Assignee: ALLOT COMMUNICATIONS LTD.Inventors: Alla Goldner, Asaf Shahar
-
Publication number: 20160065474Abstract: System and method of predictive Internet traffic steering. An Internet steering gateway decouples between traffic classification and traffic steering, and includes: a deep packet inspection (DPI) utility to ascertain an indication of a destination remote application server (RAS) from an initial packet of a data session in a network; a RAS database to store an optimization profile for each RAS; and a steering utility to look-up, based on the RAS addressing information that was determined by the DPI utility inspection of the initial packet of the data session, an indicated RAS in the RAS database. The steering utility steers the data session to an external optimization platform (EOP) based on the associated profile in the RAS database.Type: ApplicationFiled: November 9, 2015Publication date: March 3, 2016Inventor: Asaf Shahar
-
Publication number: 20160057292Abstract: A cellular traffic monitoring system includes: a traffic detection function (TDF) module to monitor cellular traffic associated with a cellular subscriber device, and to generate detection output which includes at least one of: a type of an application associated with the cellular traffic of the cellular subscriber device, and a type of the cellular traffic of the cellular subscriber device. The cellular traffic monitoring system further includes a policy charging and enforcement function (PCEF) module to enforce one or more charging rules to the cellular subscriber device, based on the detection output.Type: ApplicationFiled: November 1, 2015Publication date: February 25, 2016Inventors: Alla Goldner, Asaf Shahar
-
Publication number: 20150365847Abstract: A method for alleviation of congestion in a mobile communications network includes detecting congested cells in the mobile communications network, identifying subscribers with active data sessions in the congested cells; and optimizing bandwidth usage for at least one of the identified subscribers. A bandwidth optimization system includes a network sampling interface to receive at least subscriber, cell and data session identifiers from a network data packet sampler, where the sampler identifies the identifiers from internal data traffic within a mobile communications network, and a network awareness engine (NAE) to at least cross reference the identifiers with external data traffic output by the mobile communications network to at least detect congested cells and associated subscriber data sessions emanating from the mobile communications network.Type: ApplicationFiled: August 25, 2015Publication date: December 17, 2015Applicant: Allot Communications Ltd.Inventors: Andrei ELEFANT, Amir HOCHBAUM, Israel Jay KLEIN, Yaniv SULKES, Asaf SHAHAR
-
Patent number: 9210078Abstract: An Internet steering gateway includes a deep packet inspection (DPI) utility for ascertaining an indication of a destination remote application server (RAS) from a first packet of a data session, an RAS database to at least store an optimization profile for each of a multiplicity of the RASs, and a steering utility to steer the data session to one of at least one external optimization platform (EOP) and a RAS as per the optimization profile associated with the indication. A method for optimizing network service delivery, includes inspecting a first packet of a data session with a deep packet inspection (DPI) utility, identifying a destination address for an RAS from the first packet, looking up the RAS in a RAS database as per the destination address; and for a the RAS found in the RAS database, steering the data session in accordance with a profile associated with the RAS.Type: GrantFiled: April 20, 2011Date of Patent: December 8, 2015Assignee: ALLOT COMMUNICATIONS LTD.Inventor: Asaf Shahar
-
Patent number: 9179008Abstract: A cellular traffic monitoring system includes: a traffic detection function (TDF) module to monitor cellular traffic associated with a cellular subscriber device, and to generate detection output which includes at least one of: a type of an application associated with the cellular traffic of the cellular subscriber device, and a type of the cellular traffic of the cellular subscriber device. The cellular traffic monitoring system further includes a policy charging and enforcement function (PCEF) module to enforce one or more charging rules to the cellular subscriber device, based on the detection output.Type: GrantFiled: May 19, 2015Date of Patent: November 3, 2015Assignee: ALLOT COMMUNICATIONS LTD.Inventors: Alla Goldner, Asaf Shahar
-
Patent number: RE48328Abstract: A method for alleviation of congestion in a mobile communications network includes detecting congested cells in the mobile communications network, identifying subscribers with active data sessions in the congested cells; and optimizing bandwidth usage for at least one of the identified subscribers. A bandwidth optimization system includes a network sampling interface to receive at least subscriber, cell and data session identifiers from a network data packet sampler, where the sampler identifies the identifiers from internal data traffic within a mobile communications network, and a network awareness engine (NAE) to at least cross reference the identifiers with external data traffic output by the mobile communications network to at least detect congested cells and associated subscriber data sessions emanating from the mobile communications network.Type: GrantFiled: February 19, 2019Date of Patent: November 24, 2020Assignee: Allot Ltd.Inventors: Andrei Elefant, Amir Hochbaum, Israel Jay Klein, Yaniv Sulkes, Asaf Shahar
-
Patent number: RE48434Abstract: System and method of predictive Internet traffic steering. An Internet steering gateway decouples between traffic classification and traffic steering, and includes: a deep packet inspection (DPI) utility to ascertain an indication of a destination remote application server (RAS) from an initial packet of a data session in a network; a RAS database to store an optimization profile for each RAS; and a steering utility to look-up, based on the RAS addressing information that was determined by the DPI utility inspection of the initial packet of the data session, an indicated RAS in the RAS database. The steering utility steers the data session to an external optimization platform (EOP) based on the associated profile in the RAS database.Type: GrantFiled: July 12, 2018Date of Patent: February 9, 2021Assignee: Allot Ltd.Inventor: Asaf Shahar
-
Patent number: RE48656Abstract: A cellular traffic monitoring system includes: a Traffic Detection Function (TDF) module to monitor cellular traffic associated with a cellular subscriber device, and to generate application detection output indicative of an application used by the cellular subscriber device; an application-based charging module to generate, based on the application detection output of said TDF module, application-based charging data related to said cellular subscriber device; a Policy Charging and Enforcement Function (PCEF) module to enforce one or more charging rules that are Service Data Flow (SDF) based and are related to said cellular subscriber device; an SDF-based charging module to generate SDF-based charging data related to said cellular subscriber device; and a charging correlator module to identify a potential over-charging due to an overlap between the application-based charging data and the SDF-based charging data.Type: GrantFiled: May 2, 2018Date of Patent: July 20, 2021Assignee: Allot LTD.Inventors: Alla Goldner, Asaf Shahar
-
Patent number: RE49512Abstract: A method for alleviation of congestion in a mobile communications network includes detecting congested cells in the mobile communications network, identifying subscribers with active data sessions in the congested cells; and optimizing bandwidth usage for at least one of the identified subscribers. A bandwidth optimization system includes a network sampling interface to receive at least subscriber, cell and data session identifiers from a network data packet sampler, where the sampler identifies the identifiers from internal data traffic within a mobile communications network, and a network awareness engine (NAE) to at least cross reference the identifiers with external data traffic output by the mobile communications network to at least detect congested cells and associated subscriber data sessions emanating from the mobile communications network.Type: GrantFiled: November 23, 2020Date of Patent: April 25, 2023Assignee: Allot Ltd.Inventors: Andrei Elefant, Amir Hochbaum, Israel Jay Klein, Yaniv Sulkes, Asaf Shahar