Patents by Inventor Ravid Sagy
Ravid Sagy has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11979421Abstract: In some examples, a system for decorating network traffic flows with outlier scores includes a processor and a memory device to store traffic flows received from a network. The processor is configured to receive a set of traffic flows from the memory device and generate a tree model to split the traffic flows into clusters of traffic flows. Each cluster corresponds with a leaf of the tree model. The processor is further configured to generate machine learning models for each of the clusters of traffic flows separately. For a new traffic flow, the processor is configured to identify a specific one of the machine learning models that corresponds with the new traffic flow, compute an outlier score for the new traffic flow using the identified specific one of the machine learning models, and decorate the new traffic flow with the outlier score.Type: GrantFiled: December 31, 2021Date of Patent: May 7, 2024Assignee: International Business Machines CorporationInventors: Yair Allouche, Aviad Cohen, Ravid Sagy, Ofer Haim Biller, Eitan Daniel Farchi
-
Publication number: 20240143737Abstract: Described are techniques for automated generation of labeled datasets for training an AI model to identify a cyberattack. The techniques include receiving configuration information for simulating a cyberattack against a target computer network. The techniques further include executing a cyberattack simulation, based on the configuration information, against the target computer network, where one or more attack log files containing information related to the cyberattack simulation are generated by resources of the target computer network in response to the cyberattack simulation. The techniques further include generating labeled training data from the one or more attack log files to correspond to specifications of the target computer network, and training an artificial intelligence (AI) model to identify the cyberattack in the target computer network using the labeled training data.Type: ApplicationFiled: October 26, 2022Publication date: May 2, 2024Inventors: Amos Zamir, Yair Allouche, Aviad Cohen, RAVID SAGY
-
Publication number: 20230216870Abstract: In some examples, a system for decorating network traffic flows with outlier scores includes a processor and a memory device to store traffic flows received from a network. The processor is configured to receive a set of traffic flows from the memory device and generate a tree model to split the traffic flows into clusters of traffic flows. Each cluster corresponds with a leaf of the tree model. The processor is further configured to generate machine learning models for each of the clusters of traffic flows separately. For a new traffic flow, the processor is configured to identify a specific one of the machine learning models that corresponds with the new traffic flow, compute an outlier score for the new traffic flow using the identified specific one of the machine learning models, and decorate the new traffic flow with the outlier score.Type: ApplicationFiled: December 31, 2021Publication date: July 6, 2023Inventors: Yair ALLOUCHE, Aviad COHEN, Ravid SAGY, Ofer Haim BILLER, Eitan Daniel FARCHI
-
Patent number: 11546366Abstract: Systems and methods provide a platform for threat information sharing. A method comprises transmitting an access permission request to a blockchain network. The request asks for access to cyber threat information stored in at least one cyber threat information storage system. The information may come from a plurality of organizations. The blockchain network may include a blockchain ledger storing access control information from the plurality of organizations. Upon receipt of a reference to an access permission token generated by the blockchain network using at least one smart contract, a transaction request to the cyber threat information server may be sent. In response to the transaction request including the reference to the access permission token, the requested cyber threat information may be retrieved from the cyber threat information server.Type: GrantFiled: May 8, 2019Date of Patent: January 3, 2023Assignee: International Business Machines CorporationInventors: Yair Allouche, Oded Margalit, Ravid Sagy, Tom Weiss
-
Publication number: 20200358801Abstract: Embodiments of the present systems and methods may provide a platform for threat information sharing.Type: ApplicationFiled: May 8, 2019Publication date: November 12, 2020Inventors: Yair Allouche, Oded Margalit, Ravid Sagy, Tom Weiss
-
Patent number: 10671733Abstract: A blockchain of transactions may be referenced for various purposes and may be later accessed by interested parties for ledger verification or information retrieval. One example method of operation may include one or more of receiving an access request from a requesting device for access to an encryption key associated with a user device, broadcasting the request to peer nodes for approval or disapproval, storing a transaction to a blockchain indicating the approval or disapproval of the request for access to the encryption key, and providing access to the encryption key when the approval is indicated.Type: GrantFiled: May 19, 2017Date of Patent: June 2, 2020Assignee: International Business Machines CorporationInventors: Ronald B. Baker, Ravid Sagy
-
Patent number: 10652256Abstract: A vehicle system, comprising multiple electronic control units (ECUs) configured to manage operation of multiple vehicle components, a controller area network (CAN) bus that provides communication pathways between the multiple ECUs, and a threat validation module configured to receive a message from an electronic control unit (ECU) of the multiple ECUs, wherein the message comprises data of a suspicious message flagged by the ECU, generate a query to determine authenticity of the message, broadcast the query to at least one ECU of the multiple ECUs, listen for responses from the at least one ECU, and determine whether the suspicious message is an actual threat based at least on a count of received responses.Type: GrantFiled: June 20, 2017Date of Patent: May 12, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Yair Allouche, Arndt Kohler, Ravid Sagy, Yaron Wolfsthal
-
Patent number: 10628610Abstract: A method, computer system, and a computer program product for identifying a hacked database is provided. The present invention may include generating a marked account using a plurality of data. The present invention may then include initiating a first transaction using the generated marked account. The present invention may also include determining that a second transaction has occurred using the generated marked account. The present invention may further include receiving notification of the second transaction based on determining that the second transaction occurred.Type: GrantFiled: October 25, 2018Date of Patent: April 21, 2020Assignee: International Business Machines CorporationInventors: Oded Margalit, Ravid Sagy
-
Patent number: 10474843Abstract: A method, computer system, and a computer program product for identifying a hacked database is provided. The present invention may include generating a marked account using a plurality of data. The present invention may then include initiating a first transaction using the generated marked account. The present invention may also include determining that a second transaction has occurred using the generated marked account. The present invention may further include receiving notification of the second transaction based on determining that the second transaction occurred.Type: GrantFiled: May 9, 2017Date of Patent: November 12, 2019Assignee: International Business Machines CorporationInventors: Oded Margalit, Ravid Sagy
-
Publication number: 20190182267Abstract: A system comprising: a software agent stored on a non-transient computer-readable storage medium in a motor vehicle, the software agent comprising instructions that cause a processor in the motor vehicle to: monitor, in real time (i) events occurring in an operating system of the motor vehicle and any application running thereon, (ii) messages transmitted by Electronic Control Units (ECUs) of the motor vehicle over an in-vehicle network of the motor vehicle, and (iii) network activity between the motor vehicle and external network resources; detect suspicious events, messages, and network activity, in the monitored events, messages, and network activity, respectively; repeatedly execute Stateful Event Processing (SEP) on a combination of the detected suspicious events, messages, and network activity; and infer potential computer security threats based on results of the SEP.Type: ApplicationFiled: December 13, 2017Publication date: June 13, 2019Inventors: Derek Aher, Yair Allouche, Jack Hanley, Patrick Hourigan, Ravid Sagy, Mauro Silva
-
Publication number: 20190065784Abstract: A method, computer system, and a computer program product for identifying a hacked database is provided. The present invention may include generating a marked account using a plurality of data. The present invention may then include initiating a first transaction using the generated marked account. The present invention may also include determining that a second transaction has occurred using the generated marked account. The present invention may further include receiving notification of the second transaction based on determining that the second transaction occurred.Type: ApplicationFiled: October 25, 2018Publication date: February 28, 2019Inventors: Oded MARGALIT, Ravid SAGY
-
Publication number: 20180367554Abstract: A vehicle system, comprising multiple electronic control units (ECUs) configured to manage operation of multiple vehicle components, a controller area network (CAN) bus that provides communication pathways between the multiple ECUs, and a threat validation module configured to receive a message from an electronic control unit (ECU) of the multiple ECUs, wherein the message comprises data of a suspicious message flagged by the ECU, generate a query to determine authenticity of the message, broadcast the query to at least one ECU of the multiple ECUs, listen for responses from the at least one ECU, and determine whether the suspicious message is an actual threat based at least on a count of received responses.Type: ApplicationFiled: June 20, 2017Publication date: December 20, 2018Inventors: YAIR ALLOUCHE, ARNDT KOHLER, RAVID SAGY, YARON WOLFSTHAL
-
Publication number: 20180337771Abstract: A blockchain of transactions may be referenced for various purposes and may be later accessed by interested parties for ledger verification or information retrieval. One example method of operation may include one or more of receiving an access request from a requesting device for access to an encryption key associated with a user device, broadcasting the request to peer nodes for approval or disapproval, storing a transaction to a blockchain indicating the approval or disapproval of the request for access to the encryption key, and providing access to the encryption key when the approval is indicated.Type: ApplicationFiled: May 19, 2017Publication date: November 22, 2018Inventors: Ronald B. Baker, Ravid Sagy
-
Publication number: 20180330122Abstract: A method, computer system, and a computer program product for identifying a hacked database is provided. The present invention may include generating a marked account using a plurality of data. The present invention may then include initiating a first transaction using the generated marked account. The present invention may also include determining that a second transaction has occurred using the generated marked account. The present invention may further include receiving notification of the second transaction based on determining that the second transaction occurred.Type: ApplicationFiled: February 9, 2018Publication date: November 15, 2018Inventors: Oded Margalit, Ravid Sagy
-
Publication number: 20180330121Abstract: A method, computer system, and a computer program product for identifying a hacked database is provided. The present invention may include generating a marked account using a plurality of data. The present invention may then include initiating a first transaction using the generated marked account. The present invention may also include determining that a second transaction has occurred using the generated marked account. The present invention may further include receiving notification of the second transaction based on determining that the second transaction occurred.Type: ApplicationFiled: May 9, 2017Publication date: November 15, 2018Inventors: Oded Margalit, Ravid Sagy
-
Patent number: 10068017Abstract: A method obtains a first data item signature for a first data item, the first data item signature comprising an association between a plurality of synch points in the first data item and a corresponding plurality of block signatures. The process attempts to find one of the synch points in a second data item; and, if such a synch point is found, then a block signature of a corresponding block of bits in the second data item is determined. The process ascertains whether the synch point and corresponding block signature from the second data item correspond to a synch point and block signature in the first data item. If a predetermined number of synch points and corresponding block signatures match, the first and second data items are considered to match. In response to said determining, one or more actions associated with the first data item are performed.Type: GrantFiled: March 27, 2015Date of Patent: September 4, 2018Assignee: GLOBAL FILE SYSTEMS HOLDINGS, LLCInventors: Ravid Sagy, Norberto Meijome, David Elkind, Kevin Bermeister
-
Patent number: 10017155Abstract: Embodiments of the present invention disclose a method, computer system, and a computer program product for vehicle software security associated with a vehicle. The present invention may include collecting vehicle data from the vehicle. The present invention may also include collecting mobile device data from an authorized mobile device associated with an authorized operator. The present invention may then include comparing the collected vehicle data with the collected mobile device data. The present invention may further include determining that the collected vehicle data does not match the collected mobile device data. The present invention may include also sending an alert message to a security control application based on determining that the collected vehicle data does not match the collected mobile device data.Type: GrantFiled: February 21, 2017Date of Patent: July 10, 2018Assignee: International Business Machines CorporationInventors: Yair Allouche, Oded Margalit, Ravid Sagy
-
Patent number: 10011248Abstract: Embodiments of the present invention disclose a method, computer system, and a computer program product for vehicle software security associated with a vehicle. The present invention may include collecting vehicle data from the vehicle. The present invention may also include collecting mobile device data from an authorized mobile device associated with an authorized operator. The present invention may then include comparing the collected vehicle data with the collected mobile device data. The present invention may further include determining that the collected vehicle data does not match the collected mobile device data. The present invention may include also sending an alert message to a security control application based on determining that the collected vehicle data does not match the collected mobile device data.Type: GrantFiled: December 26, 2017Date of Patent: July 3, 2018Assignee: International Business Machines CorporationInventors: Yair Allouche, Oded Margalit, Ravid Sagy
-
Patent number: 9900775Abstract: A method, system and computer-usable medium for performing an authorization operation on an Internet of Things (IoT) type device, comprising: providing each of a plurality of IoT type devices with a respective authorization system; receiving a request to share resources at one of the plurality of IoT type devices; determining via the respective authorization system whether the one of the plurality of IoT devices has an IoT resource available for sharing; and, enabling sharing of the IoT resource when the respective authorization system determines that the IoT resource is available for sharing.Type: GrantFiled: September 2, 2015Date of Patent: February 20, 2018Assignee: International Business Machines CorporationInventors: Yossi Gilad, Ayman Jarrous, Ravid Sagy, Alexandra Shulman-Peleg
-
Patent number: 9703869Abstract: A method obtains a first data item signature for a first data item, the first data item signature comprising an association between a plurality of synch points in the first data item and a corresponding plurality of block signatures. The process attempts to find one of the plurality of synch points in a second data item; and, if such a synch point is found, then a block signature of a corresponding block of bits in the second data item is determined by applying a hash function to the corresponding block of bits in the second data item. The process ascertains whether the synch point and corresponding block signature from the second data item correspond to a synch point and block signature in the first data item signature. If a predetermined number of synch points and corresponding block signatures match, the first and second data items are considered to match.Type: GrantFiled: August 5, 2014Date of Patent: July 11, 2017Assignee: Global File Systems Holdings, LLCInventors: Ravid Sagy, Norberto Meijome