Patents by Inventor Asaf Shabtai

Asaf Shabtai has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20240143767
    Abstract: A system for performing an assessment of the robustness and resilience of an examined original ML model against model extraction attacks includes a computerized device having at least one processor, which is adapted to: train multiple candidate models MC with the external dataset D for each of the specified candidate learning algorithms a in Alg, where each candidate substitute model is trained on a subset of D corresponding to the evaluated ith query limit of the query budget constraint Q; evaluate the performance of each substitute model MC according to different evaluation methods ?Evaluation; and calculate the robustness of each substitute model, where smaller difference or high agreement/similarity rate between the performance of the original model and the substitute model indicates that the original and substitute models are similar to each other.
    Type: Application
    Filed: October 30, 2023
    Publication date: May 2, 2024
    Inventors: Yuval ELOVICI, Oleg BRODT, Asaf SHABTAI, Edita GROLMAN, David MIMRAN, Michael KHAVKIN
  • Patent number: 11909754
    Abstract: A security assessment system is configured to provide a duplicated environment which duplicates an assessment target system comprising a plurality of physical components. The security assessment system includes a duplicated environment design circuitry and a duplicated environment construction circuitry. The duplicated environment design circuitry is configured to select a duplication level based on constraints specified by a user in order to design the duplicated environment to produce a designed result indicative of a duplicated environment design. The duplication level is indicative of any one of a simulation sub-module, an emulation sub-module, and a physical sub-module which are for reproducing the physical components of the assessment target system. The duplicated environment construction circuitry is configured to construct the duplicated environment based on the designed result. The duplicated environment includes components which are duplicated by one of the duplication level.
    Type: Grant
    Filed: March 14, 2018
    Date of Patent: February 20, 2024
    Assignees: NEC CORPORATION, B.G. Negev Technologies and Applications Ltd., at Ben-Gurion University
    Inventors: Masaki Inokuchi, Yoshinobu Ohta, Ron Bitton, Orly Stan, Asaf Shabtai, Yuval Elovici
  • Patent number: 11783048
    Abstract: A security assessment system is configured to provide a duplicated environment which duplicates an assessment target system comprising a plurality of physical components. The security assessment system includes a duplicated environment design circuitry and a duplicated environment construction circuitry. The duplicated environment design circuitry is configured to select a duplication level based on constraints specified by a user and effects associated with the physical components in order to design the duplicated environment to produce a designed result indicative of a duplicated environment design. The duplication level is indicative of any one of a simulation sub-module, an emulation sub-module, and a physical sub-module which are for reproducing the physical components of the assessment target system. The duplicated environment construction circuitry is configured to construct the duplicated environment based on the designed result.
    Type: Grant
    Filed: March 14, 2018
    Date of Patent: October 10, 2023
    Assignees: NEC CORPORATION, B. G. Negev Technologies and Applications Ltd., at Ben-Gurion University
    Inventors: Masaki Inokuchi, Yoshinobu Ohta, Ron Bitton, Orly Stan, Tomer Gluck, Asaf Shabtai, Yuval Elovici
  • Publication number: 20230214496
    Abstract: The knowledge generation apparatus (2000) obtains a plural pieces of attack result information (100), which includes a configuration of an attack performed on the computer environment, a configuration of the computer environment attacked, and a result of the attack. By comparing the obtained attack result information (100), the knowledge generation apparatus (2000) detects environment conditions, which is regarding the configuration of the computer environment that are necessary for the success of the attack. The knowledge generation apparatus (2000) performs selection on the detected environment conditions based on a selection rule (200), and generates the knowledge information (300) that includes the selected environment conditions. The selection rule represents a rule for determining whether to include the environment condition in the knowledge information (300), with respect to a feature of a set of attacks that are affected by the environment condition.
    Type: Application
    Filed: May 29, 2020
    Publication date: July 6, 2023
    Applicants: NEC Corporation, B. G. Negev Technologies and Applications Ltd., at Ben-Gurion University
    Inventors: Masaki INOKUCHI, Tomohiko YAGYU, Yuval ELOVICI, Asaf SHABTAI, Ron BITTON, Noam MOSCOVICH
  • Patent number: 11695794
    Abstract: A system for analyzing and clustering darknet traffic streams with word embeddings, comprising a data processing module which collects packets that are sent to non-existing IP addresses that belong to darknet's taps (blackholes) that are deployed over the internet: a port embedding module for performing port sequence embeddings by using a word embedding algorithm on the port sequences extracted from the data processing module while transforming the port sequences into a meaningful numerical feature vectors: a clustering module for performing temporal clustering of the feature vectors over time; and an alert logic and visualization module visualizes the data and provides alerts regarding a cluster that an analyst classified as malicious in the past.
    Type: Grant
    Filed: April 2, 2020
    Date of Patent: July 4, 2023
    Assignee: DEUTSCHE TELEKOM AG
    Inventors: Dvir Cohen, Asaf Shabtai, Yuval Elovici, Yisroel Avraham Mirsky, Rami Puzis, Tobias Martin, Manuel Kamp
  • Patent number: 11620158
    Abstract: A master-slave scheduling system, comprising (a) a master DRL unit comprising: (i) a queue containing a plurality of item-representations; (ii) a master policy module configured to select a single item-representation from the queue and submit to the slave unit; (iii) a master DRL agent configured to (a) train the master policy module; and (b) receive an updated item-representation from the slave unit, and update the queue; (b) The slave DRL unit comprising: (i) a slave policy module receiving a single item-representation, selecting a single task entry and submitting to a slave environment for performance; (ii) a slave DRL agent configured to: (a) train the slave policy module; (b) receive an item-representation from the master DRL unit, and submit to the slave policy module; (c) receive an updated item-representation from the slave's environment, and submit the same to the master DRL unit; and (iii) the slave DRL agent.
    Type: Grant
    Filed: January 14, 2021
    Date of Patent: April 4, 2023
    Assignee: B.G. NEGEV TECHNOLOGIES & APPLICATIONS LTD. AT BEN-GURION UNIVERSITY
    Inventors: Gilad Katz, Asaf Shabtai, Yoni Birman, Ziv Ido
  • Publication number: 20230076045
    Abstract: An optimized limited-area WiFi network includes a plurality of Internet connectable devices, a wireless router for facilitating Internet connectivity, and a dynamically positionable signal coverage enhancer configured with an onboard processor, a signal coverage enhancing element, and mobile means. The signal coverage enhancer is repositionable, by the mobile means in response to a command signal transmitted by the processor, to a determined location of the limited-area WiFi network that is sufficiently close to one or more of the devices, such that an amplified signal produced by the signal coverage enhancing element which amplifies a wireless signal transmitted by the router maintains uninterrupted Internet operation of the to one or more devices.
    Type: Application
    Filed: September 2, 2022
    Publication date: March 9, 2023
    Inventors: Yuval ELOVICI, Oleg BRODT, Asaf SHABTAI, Rami PUZIS, David MIMRAN
  • Patent number: 11601452
    Abstract: Described embodiments include a system that includes a monitoring agent, configured to automatically monitor usage of a computing device by a user, and a processor. The processor is configured to compute, based on the monitoring, a score indicative of a cyber-security awareness of the user, and to generate an output indicative of the score.
    Type: Grant
    Filed: October 21, 2019
    Date of Patent: March 7, 2023
    Assignee: B.G. NEGEV TECHNOLOGIES AND APPLICATIONS LTD.
    Inventors: Asaf Shabtai, Rami Puzis, Lior Rokach, Liran Orevi, Genady Malinsky, Ziv Katzir, Ron Bitton
  • Publication number: 20230040982
    Abstract: An attack information processing apparatus (10) includes an extraction unit (11) configured to extract first and second attack knowledge pieces indicating conditions of a cyber attack from first and second attack information pieces including descriptions of the cyber attack, a determination unit (12) configured to determine similarity between the first and second attack information pieces, and a complementing unit (13) configured to complement the first attack knowledge piece with the second attack knowledge piece based on the determined similarity.
    Type: Application
    Filed: January 17, 2020
    Publication date: February 9, 2023
    Applicants: NEC CORPORATION, B. G. Negev Technologies and Applications Ltd., at Ben-Gurion University
    Inventors: Masaki INOKUCHI, Tomohiko YAGYU, Asaf SHABTAI, Yuval ELOVICI, Ron BITTON, Hodaya BINYAMINI
  • Patent number: 11539743
    Abstract: Systems and methods are provided for detecting anomalous messages on a multipoint serial communications bus by extracting features from a first and a second message, including a time delay between the first and the second messages and, for each message, a sender address, a recipient address, a bus number, and a word count. A message transition pattern including the extracted features is generated. A probability of occurrence of the message transition pattern is determined by comparing the message transition pattern to a pattern dictionary, and the second message is determined to be anomalous when the probability is less than a predetermined threshold.
    Type: Grant
    Filed: December 13, 2018
    Date of Patent: December 27, 2022
    Assignee: B. G. NEGEV TECHNOLOGIES AND APPLICATIONS LTD.
    Inventors: Asaf Shabtai, Yisroel Avraham Mirsky, Naor Kalbo, Yuval Elovici
  • Publication number: 20220230070
    Abstract: An automatic computer implemented method for making classification decisions to provide a desired policy that optimizes multi-objective tasks with contradicting constrains. Time and resources constrains that correspond to a predetermined level of acceptable cost are defined, as well as a cost function that represents the acceptable cost while considering the constrains. A plurality of analysis and processing modules are deployed in a computational environment, for processing data associated with the computational environment and returning results, along with indications regarding the level of confidence of the results. providing at least one agent for evaluating the results returned by each module, using a neural network being trained to dynamically determine when the level of confidence is sufficient, using one module, and if found insufficient, using more modules.
    Type: Application
    Filed: May 14, 2020
    Publication date: July 21, 2022
    Inventors: Asaf Shabtai, Gilad Katz, Yoni Birman, Shaked Hindi
  • Publication number: 20220101062
    Abstract: A system for bias estimation in Artificial Intelligence (AI) models using a pre-trained unsupervised deep neural network, comprising a bias vector generator implemented by at least one processor that executes an unsupervised DNN with a predetermined loss function. The bias vector generator is adapted to store a given ML model to be examined, with predetermined features; store a test-set of one or more test data samples being input data samples; receive a feature vector consisting of one or more input samples; output a bias vector indicating the degree of bias for each feature, according to said one or more input samples. The system also comprises a post-processor which is adapted to receive a set of bias vectors generated by said bias vector generator; process said bias vectors; calculate a bias estimation for every feature of said ML model, based on predictions of said ML model; provide a final bias estimation for each examined feature.
    Type: Application
    Filed: September 6, 2021
    Publication date: March 31, 2022
    Inventors: Sebastian Fischer, Ronald Fromm, Amit Hacmon, Yuval Elovici, Asaf Shabtai, Edita Grolman, Oleg Brodt
  • Publication number: 20220076080
    Abstract: A system for the assessment of robustness and fairness of AI-based ML models, comprising a data/model profiler for creating an evaluation profile in the form of data and model profiles, based on the dataset and the properties of the ML model; a test recommendation engine that receives data and model profiles from the data/model profiler and recommends the relevant tests to be performed; a test repository that contains all the tests that can be examined; a test execution environment for gathering data related to all the tests that were recommended by the test recommendation engine; a final fairness score aggregation module for aggregating the executed tests results into a final fairness score of the examined model and dataset.
    Type: Application
    Filed: September 6, 2021
    Publication date: March 10, 2022
    Inventors: Amit Hacmon, Yuval Elovici, Asaf Shabtai, Edita Grolman, Oleg Brodt, Sebastian Fischer, Ronald Fromm
  • Patent number: 11201882
    Abstract: A method of monitoring network traffic in a communication network with a sentinel module to detect malicious activity is described. A gateway sentinel module receives network traffic directed through a gateway installed for a local distribution of the network, the gateway connecting the local distribution of the network to a core of the network. Malicious activity in the local distribution is detected based on a combination of: a local machine-learning model for identifying malicious activity in the local distribution, the local machine-learning model modelling network traffic from the local distribution; and a global machine-learning model. The global machine-learning model models network traffic from a plurality of local distributions of the network based training data from a plurality of local sentinel modules executed on a respective plurality of computing nodes. The computing nodes respectively receive network traffic from the plurality of location distributions.
    Type: Grant
    Filed: November 29, 2018
    Date of Patent: December 14, 2021
    Assignees: NEC Corporation Of America, B.G. Negev Technologies & Applications Ltd., at Ben-Gurion University
    Inventors: Yisroel Avraham Mirsky, Oleg Brodt, Asaf Shabtai, Yuval Elovici, Masayuki Nakae
  • Publication number: 20210357508
    Abstract: A system for testing Machine Learning (ML) and deep learning models for robustness, and durability against adversarial bias and privacy attacks, comprising a Project Repository for storing metadata of ongoing projects each of which having a defined project policy, and created ML models and data sources being associated with the ongoing projects; a Secure Data Repository, for storing training and testing datasets and models used in each project for evaluating the robustness of the each project; a Data/Model Profiler for creating a profile, based on the settings and configurations of the datasets and the models; a Test Recommendation Engine for recommending the relevant and most indicative attacks/tests for each examined model and for creating indicative and effective test suites; a Test/Attack Ontology module for storing all attacks/tests with their metadata and mapping the attacks/tests to their corresponding settings and configurations; an Attack Repository for storing the implemented tests/attacks.
    Type: Application
    Filed: May 14, 2021
    Publication date: November 18, 2021
    Inventors: Yuval ELOVICI, Asaf SHABTAI, Oleg BRODT, David MIMRAN, Michael KHAVKIN, Edita GROLMAN
  • Publication number: 20210250370
    Abstract: A security assessment system is configured to provide a duplicated environment which duplicates an assessment target system comprising a plurality of physical components. The security assessment system includes a duplicated environment design circuitry and a duplicated environment construction circuitry, The duplicated environment design circuitry is configured to select a duplication level based on constraints specified by a user in order to design the duplicated environment to produce a designed result indicative of a duplicated environment design. The duplication level is indicative of any one of a simulation sub-module, an emulation sub-module, and a physical sub-module which are for reproducing the physical components of the assessment target system. The duplicated environment construction circuitry is configured to construct the duplicated environment based on the designed result.
    Type: Application
    Filed: March 14, 2018
    Publication date: August 12, 2021
    Applicants: NEC CORPORATION, B. G. Negev Technologies and Applications Ltd.,at Ben-Gurion University.
    Inventors: Masaki INOKUCHI, Yoshinobu OHTA, Ron BITTON, Orly STAN, Asaf SHABTAI, Yuval ELOVICI
  • Publication number: 20210243213
    Abstract: An information collection system includes: a side-channel information processing unit that derives load information to estimate an impact on the availability of a target machine for active scanning by using side-channel data; an allow list generation unit that generates an allow list including a scan timing and a scan range in which the availability is not affected, the allow list generation unit generating the allow list based on the load information; and an allow list storage unit that stores the allow list. An active scan of the target machine is executed by referencing the allow list stored in the allow list storage unit to collect asset information of the target machine.
    Type: Application
    Filed: June 12, 2018
    Publication date: August 5, 2021
    Applicants: NEC CORPORATION, B.G. Negev Technologies and Applications Ltd., at Ben-Gurion University
    Inventors: Yoshiyuki YAMADA, Masaki INOKUCHI, Yoshinobu OHTA, Yuval ELOVICI, Asaf SHABTAI, Ron BITTON
  • Patent number: 11068593
    Abstract: A method for detecting anomalous ADS-B messages in airplanes and air-traffic control system, comprising: extracting features from application level data, which is information broadcasted in said ADS-B messages, contextual data and flight plans; analyzing said extracted features and computing relative measures of a flight based on said extracted features; training a machine learning model to represent a benign ADS-B messages; applying said machine learning model on said extracted features thereby deriving a reputation score for said ADS-B message; issuing a decision based on said score, thereby recognizing an attack and issuing an alarm regarded said recognized attack.
    Type: Grant
    Filed: August 2, 2018
    Date of Patent: July 20, 2021
    Assignee: B. G. NEGEV TECHNOLOGIES AND APPLICATIONS LTD., AT BEN-GURION UNIVERSITY
    Inventors: Asaf Shabtai, Idan Habler
  • Publication number: 20210216366
    Abstract: A master-slave scheduling system, comprising (a) a master DRL unit comprising: (i) a queue containing a plurality of item-representations; (ii) a master policy module configured to select a single item-representation from the queue and submit to the slave unit; (iii) a master DRL agent configured to (a) train the master policy module; and (b) receive an updated item-representation from the slave unit, and update the queue; (b) The slave DRL unit comprising: (i) a slave policy module receiving a single item-representation, selecting a single task entry and submitting to a slave environment for performance; (ii) a slave DRL agent configured to: (a) train the slave policy module; (b) receive an item-representation from the master DRL unit, and submit to the slave policy module; (c) receive an updated item-representation from the slave's environment, and submit the same to the master DRL unit; and (iii) the slave DRL agent.
    Type: Application
    Filed: January 14, 2021
    Publication date: July 15, 2021
    Inventors: Gilad KATZ, Asaf SHABTAI, Yoni BIRMAN, Ziv IDO
  • Publication number: 20210042423
    Abstract: A security assessment system is configured to provide a duplicated environment which duplicates an assessment target system comprising a plurality of physical components. The security assessment system includes a duplicated environment design circuitry and a duplicated environment construction circuitry. The duplicated environment design circuitry is configured to select a duplication level based on constraints specified by a user and effects associated with the physical components in order to design the duplicated environment to produce a designed result indicative of a duplicated environment design. The duplication level is indicative of any one of a simulation sub-module, an emulation sub-module, and a physical sub-module which are for reproducing the physical components of the assessment target system. The duplicated environment construction circuitry is configured to construct the duplicated environment based on the designed result.
    Type: Application
    Filed: March 14, 2018
    Publication date: February 11, 2021
    Applicants: NEC CORPORATION, B. G. Negev Technologies and Applications Ltd., at Ben-Gurion University
    Inventors: Masaki INOKUCHI, Yoshinobu OHTA, Ron BITTON, Orly STAN, Tomer GLUCK, Asaf SHABTAI, Yuval ELOVICI