Abstract: A method and system for determining a cost to allow a blockchain-based admission to a protected entity. The method includes identifying, in a blockchain network, a conversion transaction identifying a conversion of a first-type of access tokens with access tokens of a second-type, wherein the transaction designates at least the protected entity; determining a conversion value for converting the first-type of access tokens into the second-type access tokens, wherein the conversion value is determined based on at least one access parameter; and converting, based on the determined conversion value, a first sum of the first-type access tokens into a second sum of the second-type access-tokens, wherein a client spends the second sum of the second-type access tokens to access the protected entity, the determined conversion value is the access cost to the protected entity.

Abstract: A method and system for perimeter defense of a network are provided. The method comprises receiving, at a system deployed in a perimeter of the network, traffic to or from the network, wherein the network includes a plurality of protection resources; determining, based on the received traffic, at least one potential cyber-attack; and upon determining the at least one potential cyber-attack, causing a mitigation reconfiguration of at least one protection resource of the plurality of protection resources, wherein the mitigation reconfiguration includes reconfiguring each of the at least one protection resource to mitigate the at least one potential cyber-attack.

Abstract: A method and system for protecting cloud-hosted applications against application-layer slow distributed denial-of-service (DDoS) attacks. The comprising collecting telemetries from a plurality of sources deployed in at least one cloud computing platform hosting a protected cloud-hosted application; providing a set of rate-based and rate-invariant features based on the collected telemetries; evaluating each feature in the set of rate-based and rate-invariant features to determine whether a behavior of each feature and a behavior of the set of rate-based and rate-invariant features indicate a potential application-layer slow DDoS attack; and causing execution of a mitigation action, when an indication of a potential application-layer slow DDoS attack is determined.

Abstract: A method for detecting hypertext transfer protocol secure (HTTPS) flood denial-of-service (DDoS) attacks. The method estimating traffic telemetries of at least ingress traffic directed to a protected entity; providing at least one rate-base feature and at least one rate-invariant feature based on the estimated traffic telemetries, wherein the rate-base feature and the rate-invariant feature demonstrate a normal behavior of HTTPS traffic directed to the protected entity; evaluating the at least one rate-base feature and the at least one rate-invariant feature with respect to at least one baseline to determine whether the behavior of the at least HTTPS traffic indicates a potential HTTPS flood DDoS attack; and causing execution of a mitigation action when an indication of a potential HTTPS flood DDoS attack is determined.

Abstract: A method for protecting entities against bots is provided. The method includes identifying a request from a client to access a protected entity; selecting an access policy in response to the access request, wherein the access policy includes at least one challenge to be performed by the client; identifying results of the at least one challenge, wherein the results are provided by the client upon completion of the challenge; determining a bias of the client based on the completion results, wherein the determined bias is utilized for a cyber-security assessment of the client; and granting access to the protected entity by the client based on the determined bias.

Abstract: A method and system for matching event sequences for predictive detection of cyber-attacks are discussed. The method comprises receiving a reference event sequence and a query event sequence; converting the reference event sequence to a first step-value list and the query event sequence to a second step-value list; and matching the first and second step-value lists to identify at least one optimal common pattern.

Abstract: A method for generating a decision table for selecting an optimal path out of a plurality of data paths between a client and a destination server connected through a network system, each of the plurality of data paths is connected to a router configured with a unique internet protocol (IP) address is provided. The method includes for each subnet IP address of the remote destination server and each of the plurality of data paths, measuring a network proximity; factoring the network proximity measured for each of the plurality of data paths; and ranking the plurality of data paths based on a decision function computed using the factored network proximity.

Abstract: A method and system for hardening cloud security policies of a cloud computing platform are presented.

Abstract: A method and system for controlling multi-tiered mitigation of cyber-attacks.

Abstract: A method and a trust broker system for blockchain-based anti-bot protection are provided. The method includes identifying, on a blockchain network, a request from a client to access a protected entity; selecting an access policy in response to the access request, wherein the access policy includes at least one game to be performed by the client; causing execution of the at least one game defined in the access policy; identifying, on the blockchain network, results of the at least one game, wherein the results are deposited by the client upon completion of the game; determining a bias of the client based on the completion results, wherein the determined bias is utilized for a cyber-security assessment of the client, wherein the determined bias for the client is maintained on the blockchain network; and granting or denying access to the protected entity by the client based on the determined bias.

Abstract: A method and system for generating optimization instructions for accelerating traffic between a client and a server. The method includes receiving intercepted responses, wherein each intercepted response is sent by the server in response to a request for content from the client; analyzing the received responses to determine at least a context of each response; compiling at least one optimization instruction based on the determined contexts of the responses; and saving the compiled at least one optimization instruction in a storage device.

Abstract: A method and system for matching event sequences for predictive detection of cyber-attacks are discussed. The method comprises receiving a reference event sequence and a query event sequence; converting the reference event sequence to a first step-value list and the query event sequence to a second step-value list; and matching the first and second step-value lists to identify at least one optimal common pattern.

Abstract: A method and system for detecting domain name system (DNS) recursive cyber-attacks are presented. The system includes learning a plurality of baselines of at least rates and rate invariants of DNS features; monitoring DNS traffic directed to and from a DNS resolver, wherein the DNS resolver is communicatively connected between at least one client and at least one name server; analyzing the monitored DNS traffic using at least one detection function to detect an anomaly based in part on at least one baseline of the plurality of learnt baselines; and upon detection of at least one anomaly, performing at least one mitigation action to filter out incoming DNS queries to a domain name under attack.

Abstract: A system and method for identifying botnets. The method includes determining a network event proximity based on collected network data, where the network data relates to at least one network device; determining time density of the network data; determining trend patterns of the network data; and determining, based on the network event proximity, time density, and trend patterns, when a botnet activity is present within the network data.

Abstract: A method and system for protecting a cloud computing platform against cyber-attacks are provided. The method includes gathering cloud logs from a cloud computing platform; analyzing, by a plurality of detectors, the cloud logs to detect at least one suspicious behavior, wherein each of the at least one suspicious behavior is identified by a suspect indicator; sequencing suspect indicators into attack sequences; scoring each of the attack sequences with an attack score, wherein each attack is scored using a scoring model; and alerting on each attack sequence having a score higher than a predefined threshold.

Abstract: A system and method for optimized stream management are provided. The method includes retrieving priority data; determining, in real-time, a current priority tree based on the retrieved priority data, wherein the priority tree includes at least one node representing a stream; identifying, based on the retrieved priority data, at least one relative weight of the at least one node; determining an effective weight based on each identified relative weight; and filling a buffer based on the current priority tree and the at least one effective weight.

Abstract: A method and system for load balancing over a cluster of authentication, authorization and accounting (AAA) servers. The method performs a distribution of AAA requests among AAA servers having an active AAA connection with an AAA client. The method includes establishing TCP connections with a plurality of AAA servers, using a TCP connection request received from at least one AAA client; opening AAA connections with a plurality of AAA servers, using an AAA connection request received from at least one AAA client, and distributing AAA requests to AAA servers with an active AAA connection according to a predefined load balancing algorithm. The method is further capable of multiplexing outbound messages and requests received from a plurality of AAA servers. The AAA protocol supported by the method includes, but is not limited to, a Diameter protocol, a lightweight directory access protocol (LDAP), and the likes.

Abstract: A system for computing an optimal deployment of at least one web application in a multi-datacenter system comprising a collector for collecting performance measurements with regard to a web application executed in the multi-datacenter system and grouping the performance measurements according to locations of a plurality of clients accessing the web application; a data repository for maintaining at least a performance table including at least the performance measurements grouped according to the plurality of client locations and a service level agreement (SLA) guaranteed to clients in the plurality of client locations; and an analyzer for processing at least information stored in the performance table for generating a recommendation on an optimal deployment of the web application in at least one combination of datacenters in the multi-datacenter system by computing an expected SLA that can be guaranteed to the clients in each combination of datacenters.

Abstract: A system and method for accelerating content deliver over a content delivery network (CDN) are provided. In an embodiment, the method includes determining, based on a received hypertext transfer protocol (HTTP) request, a PUSH list, wherein the PUSH list includes at least one resource that can be immediately provided to a web browser without requesting the at least one resource from an origin server; and issuing, based on the PUSH list, at least one PUSH resource designator to an edge proxy, wherein each PUSH resource designator indicates one of the at least one resource, wherein the edge proxy is commutatively connected in geographic proximity to a client running the web browser, wherein the origin server and the edge proxy communicate over the CDN.

Abstract: A method and system for detecting domain name system (DNS) recursive cyber-attacks are presented. The system includes learning a plurality of baselines of at least rates and rate invariants of DNS features; monitoring DNS traffic directed to and from a DNS resolver, wherein the DNS resolver is communicatively connected between at least one client and at least one name server; analyzing the monitored DNS traffic using at least one detection function to detect an anomaly based in part on at least one baseline of the plurality of learnt baselines; and upon detection of at least one anomaly, performing at least one mitigation action to filter out incoming DNS queries to a domain name under attack.