Abstract: Systems, devices, and methods of protecting electronic or Internet-connected devices against fraudulent and malicious activities. A Data Collector and Mediator Unit monitors network traffic, and generates datasets of network traffic; each dataset includes network traffic monitored within a time-slot having a particular fixed time-length. A Predictor Unit includes a Features Extractor, to extract features from the datasets; and a Machine Learning (ML) unit, to run the extracted features through a ML model and to classify a particular traffic-portion as being either (I) an anomalous traffic-portion that is associated with fraudulent or malicious activity, or (II) a non-anomalous traffic-portion that is not-associated with fraudulent or malicious activity. The ML unit operates on both (i) anomalies in traffic patterns, and (ii) anomalies of user behavior and/or device behavior.

Abstract: System, method, and apparatus of securing and managing Internet-connected devices and networks. A wireless communication router is installed at a customer venue, and provides Internet access to multiple Internet-connected devices via a wireless communication network that is served by the router. A monitoring and effecting unit of the router performs analysis of traffic that passes through the router; identifies which Internet-connected devices send or receive data; and selectively enforces traffic-related rules based on policies stored in the router. Optionally, the monitoring and effecting unit is pre-installed in the router in a disabled mode; and is later activated after the router was deployed at a customer venue. Optionally, the router notifies the Internet Service Provider the number and type of Internet-connected devices that are served by the router.

Abstract: Systems, devices, and methods of measuring directional latency and congestion in a communication network. A Uni-Directional Latency Determination Unit is connected in a communication network, located between an end-user device and a server. It monitors packets transported between the end-user device and the server, and it estimates a uni-directional latency of packet transport from the end-user device to the server or from the server to the end-user device. It utilizes a Transmission Control Protocol (TCP) Header and Timestamp Analyzer, to perform an analysis of data contained in timestamps of TCP packet headers of transported packets; and particularly, it analyzes data contained in a TSval field of such TCP packet headers. Congestion mitigation operations are accordingly deployed or activated.

Abstract: System, device, and method of cellular congestion management without cell awareness. A system defines applications as important or non-important. The system measures and monitors parameters related to cellular traffic, and remotely generates an estimate that a first User Equipment (UE) is experiencing cellular traffic congestion. A Deep Packet Inspection (DPI) Engine determines that the first UE is utilizing a first communication flow associated with an Important Application, and is also utilizing a second communication flow associated with a Non-Important Application. Filtering pass-through bitrate limits are enforced, selectively and remotely, on communication flows of the first UE, by enforcing a reduced bitrate limit on the second communication flow that is associated with a Non-Important Application, and by not enforcing a reduced bitrate limit on the first communication flow that is associated with an Important Application.

Abstract: Systems, devices, and methods of classifying encrypted network communications. A Traffic Monitoring Unit operates to monitor network traffic, and to capture HTTPS-encrypted packets that are exchanged over an HTTPS connection between an end-user device and a web server. An HTTPS Traffic Classification Unit operates to detect discrete HTTPS-encrypted objects within that HTTPS connection, and to classify those discrete HTTPS-encrypted objects based on at least one of: a first Analysis Model that classifies HTTPS-encrypted objects based on a type of content that is represented in the HTTPS-encrypted object; a second Analysis Model that classifies HTTPS-encrypted objects based on a type of server-side application that is associated with the HTTPS-encrypted object. Each Analysis Model utilizes Machine Learning (ML), Deep Learning (DL), Artificial Intelligence (AI), or Statistical and Mathematical Analysis (SMA).

Abstract: System, device, and method of adaptive network protection for managed Internet-of-Things (IoT) services. A network traffic monitoring unit monitors data traffic, operations-and-management traffic, and control messages, that relate to cellular communication between an IoT device and a core cellular network. An IoT grouping unit groups multiple IoT devices into a particular IoT group. A baseline behavior determination unit determines a Regular Baseline Cellular Communication Behavior (RBCCB) profile that characterizes the cellular communications that are outgoing from and incoming to each member of the particular IoT group. An outlier detector subsequently detects that a particular IoT device of that particular IoT group, exhibits cellular traffic characteristics that are abnormal relative to the RBCCB profile that was characterized for that particular IoT group.

Abstract: Systems, devices, and methods for resolving the original private Internet Protocol (IP) address of a User Equipment (UE) device in a cellular communication network; particularly where the UE device is behind a Network Address Translation (NAT) service which replaces the original private IP address of the UE device with a replacement public IP address. An IP address resolver performs an active resolution process which injects a new IP packet to the network, or performs a passive or comparison-based resolution process which compares headers of IP packets, to determine a pair of (i) an original private IP address of a particular UE device, and (ii) a replacement public IP address that is assigned to the UE device by a User Plane Function (UPF) unit. The correlation data or IP address mapping data is provided to servers or applications, to enable them to provide services to the UE device using its original private IP address.

Abstract: Detecting, mitigating and isolating a Signaling Storm, particularly in 5G communication networks. A Control Plane signal probe is connected at a first network node located between a Radio Access Network and a 5G Core Network, to monitor control messages originating from 5G-capable devices. A User Plane signal probe is connected at a second network node located between the 5G Core Network and remote entities to which the 5G-capable devices are sending messages, to monitor control messages passing through the second network node. An Inventory Management sub-system stores data correlating between 5G-capable devices and IMSI numbers. A Protector Unit is configured to receive (i) data collected by the Control Plane signal probe, and (ii) data collected by the User Plane signal probe, and (iii) a subset of IMSI numbers. The Protector Unit performs Machine Learning analysis, and detects and quarantines particular 5G-capable devices that are compromised or malfunctioning.

Abstract: Method, device, and system for providing hot reservation for in-line deployed network functions with multiple network interfaces. A system includes a first Network Function (NF) unit, connected to an ingress router and to an egress router; and a second NF unit, connected to the ingress router and to the egress router. The first NF unit is initially configured as a controlling NF. The second NF unit is initially configured as a backup NF. The two NF units periodically exchange keep-alive messages via the two routers. The second NF unit, operating as the backup NF, automatically triggers a switchover if the second NF unit did not receive a keep-alive message from the first NF unit for at least a pre-defined time-period. Additionally or alternatively, the controlling NF initiates a switchover if the maintenance status parameters of the backup NF are better than those of the controlling NF.

Abstract: System, device, and method of differentiating between streaming live-video flows and streaming non-live-video flows. A system includes a Live-Video/Non-Live-Video detector unit, connected and operable between a core cellular network and an entry node of the Internet. It monitors data packets exchanged over the core cellular network and over the Internet between a User Equipment (UE) device and a destination device. It determines that a particular communication flow between the UE device and the destination device is a streaming video communication flow. It further determines whether that streaming video communication flow is either (i) a streaming Live-Video communication flow or (ii) a streaming Non-Live-Video communication flow.

Abstract: System, device, and method for providing distributed quality-of-service control and policy enforcement. A tree hierarchy representation is constructed for distributed enforcement of a Quality-of-Service (QoS) policy on incoming packets that are intended for transmission towards a destination, by at least two separate Processing Units (PUs) that separately process different packets that are intended for transmission towards that destination. A cross-PU Instances Synchronization Unit automatically determines that a first PU caused modification of a first set of instances of parent-child Policy Objects that are utilized by the first PU, and dynamically causes a corresponding modification to a second set of instances of parent-child Policy Objects that are utilized by a second PU. The QoS policy is enforced, on a packet-by-packet basis, by different member entities of the tree hierarchy representation, to achieve the overall QoS policy.

Abstract: A system monitors network activity of an end-user device that communicates with servers over a communications network. The performs analysis of packets of data that are transported via the network. The system detects a first set of communications in which a first server infects the end-user device with a cryptocurrency mining malware; a second set of communications, in which a second server activates the end-user device as an activated cryptocurrency mining bot; and a third set of communications, in which the second server allocates a cryptocurrency mining task to the end-user device and later receives a cryptocurrency mining output from the end-user device. The system determines that the first server is a malicious infecting web-server; that the second server is a malicious Command and Control server of a distributed bot-net of cryptocurrency mining bots; and that the end-user device is an infected and activated and operational cryptocurrency mining bot.

Abstract: System, method, and apparatus of securing and managing Internet-connected devices and networks. A wireless communication router is installed at a customer venue, and provides Internet access to multiple Internet-connected devices via a wireless communication network that is served by the router. A monitoring and effecting unit of the router performs analysis of traffic that passes through the router; identifies which Internet-connected devices send or receive data; and selectively enforces traffic-related rules based on policies stored in the router. Optionally, the monitoring and effecting unit is pre-installed in the router in a disabled mode; and is later activated after the router was deployed at a customer venue. Optionally, the router notifies the Internet Service Provider the number and type of Internet-connected devices that are served by the router.

Abstract: System, device, and method of adaptive network protection for managed Internet-of-Things (IoT) services. A network traffic monitoring unit monitors data traffic, operations-and-management traffic, and control messages, that relate to cellular communication between an IoT device and a core cellular network. An IoT grouping unit groups multiple IoT devices into a particular IoT group. A baseline behavior determination unit determines a Regular Baseline Cellular Communication Behavior (RBCCB) profile that characterizes the cellular communications that are outgoing from and incoming to each member of the particular IoT group. An outlier detector subsequently detects that a particular IoT device of that particular IoT group, exhibits cellular traffic characteristics that are abnormal relative to the RBCCB profile that was characterized for that particular IoT group.

Abstract: Method, device, and system for providing hot reservation for in-line deployed network functions with multiple network interfaces. A system includes a first Network Function (NF) unit, connected to an ingress router and to an egress router; and a second NF unit, connected to the ingress router and to the egress router. The first NF unit is initially configured as a controlling NF. The second NF unit is initially configured as a backup NF. The two NF units periodically exchange keep-alive messages via the two routers. The second NF unit, operating as the backup NF, automatically triggers a switchover if the second NF unit did not receive a keep-alive message from the first NF unit for at least a pre-defined time-period. Additionally or alternatively, the controlling NF initiates a switchover if the maintenance status parameters of the backup NF are better than those of the controlling NF.

Abstract: A method for alleviation of congestion in a mobile communications network includes detecting congested cells in the mobile communications network, identifying subscribers with active data sessions in the congested cells; and optimizing bandwidth usage for at least one of the identified subscribers. A bandwidth optimization system includes a network sampling interface to receive at least subscriber, cell and data session identifiers from a network data packet sampler, where the sampler identifies the identifiers from internal data traffic within a mobile communications network, and a network awareness engine (NAE) to at least cross reference the identifiers with external data traffic output by the mobile communications network to at least detect congested cells and associated subscriber data sessions emanating from the mobile communications network.

Abstract: System and method of predictive Internet traffic steering. An Internet steering gateway decouples between traffic classification and traffic steering, and includes: a deep packet inspection (DPI) utility to ascertain an indication of a destination remote application server (RAS) from an initial packet of a data session in a network; a RAS database to store an optimization profile for each RAS; and a steering utility to look-up, based on the RAS addressing information that was determined by the DPI utility inspection of the initial packet of the data session, an indicated RAS in the RAS database. The steering utility steers the data session to an external optimization platform (EOP) based on the associated profile in the RAS database.

Abstract: A cellular traffic monitoring system includes: a Traffic Detection Function (TDF) module to monitor cellular traffic associated with a cellular subscriber device, and to generate application detection output indicative of an application used by the cellular subscriber device; an application-based charging module to generate, based on the application detection output of said TDF module, application-based charging data related to said cellular subscriber device; a Policy Charging and Enforcement Function (PCEF) module to enforce one or more charging rules that are Service Data Flow (SDF) based and are related to said cellular subscriber device; an SDF-based charging module to generate SDF-based charging data related to said cellular subscriber device; and a charging correlator module to identify a potential over-charging due to an overlap between the application-based charging data and the SDF-based charging data.

Abstract: A method for alleviation of congestion in a mobile communications network includes detecting congested cells in the mobile communications network, identifying subscribers with active data sessions in the congested cells; and optimizing bandwidth usage for at least one of the identified subscribers. A bandwidth optimization system includes a network sampling interface to receive at least subscriber, cell and data session identifiers from a network data packet sampler, where the sampler identifies the identifiers from internal data traffic within a mobile communications network, and a network awareness engine (NAE) to at least cross reference the identifiers with external data traffic output by the mobile communications network to at least detect congested cells and associated subscriber data sessions emanating from the mobile communications network.

Abstract: A cellular traffic monitoring system includes: a traffic detection function (TDF) module to monitor cellular traffic associated with a cellular subscriber device, and to generate detection output which includes at least one of: a type of an application associated with the cellular traffic of the cellular subscriber device, and a type of the cellular traffic of the cellular subscriber device. The cellular traffic monitoring system further includes a policy charging and enforcement function (PCEF) module to enforce one or more charging rules to the cellular subscriber device, based on the detection output.