Patents by Inventor Boris Lifshitz

Boris Lifshitz has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 11943245
    Abstract: Systems, devices, and methods of protecting electronic or Internet-connected devices against fraudulent and malicious activities. A Data Collector and Mediator Unit monitors network traffic, and generates datasets of network traffic; each dataset includes network traffic monitored within a time-slot having a particular fixed time-length. A Predictor Unit includes a Features Extractor, to extract features from the datasets; and a Machine Learning (ML) unit, to run the extracted features through a ML model and to classify a particular traffic-portion as being either (I) an anomalous traffic-portion that is associated with fraudulent or malicious activity, or (II) a non-anomalous traffic-portion that is not-associated with fraudulent or malicious activity. The ML unit operates on both (i) anomalies in traffic patterns, and (ii) anomalies of user behavior and/or device behavior.
    Type: Grant
    Filed: July 5, 2021
    Date of Patent: March 26, 2024
    Assignee: ALLOT LTD.
    Inventors: Jose Maria Vega, Julio Torres de la Fuente, Boris Lifshitz
  • Publication number: 20230007024
    Abstract: Systems, devices, and methods of protecting electronic or Internet-connected devices against fraudulent and malicious activities. A Data Collector and Mediator Unit monitors network traffic, and generates datasets of network traffic; each dataset includes network traffic monitored within a time-slot having a particular fixed time-length. A Predictor Unit includes a Features Extractor, to extract features from the datasets; and a Machine Learning (ML) unit, to run the extracted features through a ML model and to classify a particular traffic-portion as being either (I) an anomalous traffic-portion that is associated with fraudulent or malicious activity, or (II) a non-anomalous traffic-portion that is not-associated with fraudulent or malicious activity. The ML unit operates on both (i) anomalies in traffic patterns, and (ii) anomalies of user behavior and/or device behavior.
    Type: Application
    Filed: July 5, 2021
    Publication date: January 5, 2023
    Inventors: Jose Maria Vega, Julio Torres de la Fuente, Boris Lifshitz
  • Publication number: 20220407870
    Abstract: System, device, and method of detecting and mitigating Domain Name Server (DNS) tunneling attacks in a communication network. A system includes a Data Collector Unit, to monitor outbound Domain Name System (DNS) queries that are outgoing from a communication network or from an end-user device, towards an entry node of the Internet or towards a firewall unit or towards a trusted DNS server. The Data Collector Unit generates datasets of outbound DNS queries, each dataset corresponding to outbound DNS queries that are associated with a particular time-slot. A DNS Tunneling Attack Detector Unit includes a feature extractor, to extract Machine Learning (ML) features from each dataset of outbound DNS queries; and also a ML unit, to run the extracted features through a ML model, and to classify a particular outbound DNS query as belonging to a DNS tunneling attack based on ML-based analysis and classification of the extracted features.
    Type: Application
    Filed: June 17, 2021
    Publication date: December 22, 2022
    Inventors: Jose MarĂ­a Vega, Borja Ruiz Amantegui, Boris Lifshitz
  • Patent number: 11483278
    Abstract: Systems, devices, and methods for resolving the original private Internet Protocol (IP) address of a User Equipment (UE) device in a cellular communication network; particularly where the UE device is behind a Network Address Translation (NAT) service which replaces the original private IP address of the UE device with a replacement public IP address. An IP address resolver performs an active resolution process which injects a new IP packet to the network, or performs a passive or comparison-based resolution process which compares headers of IP packets, to determine a pair of (i) an original private IP address of a particular UE device, and (ii) a replacement public IP address that is assigned to the UE device by a User Plane Function (UPF) unit. The correlation data or IP address mapping data is provided to servers or applications, to enable them to provide services to the UE device using its original private IP address.
    Type: Grant
    Filed: October 24, 2021
    Date of Patent: October 25, 2022
    Assignee: ALLOT LTD.
    Inventor: Boris Lifshitz
  • Patent number: 11323884
    Abstract: Detecting, mitigating and isolating a Signaling Storm, particularly in 5G communication networks. A Control Plane signal probe is connected at a first network node located between a Radio Access Network and a 5G Core Network, to monitor control messages originating from 5G-capable devices. A User Plane signal probe is connected at a second network node located between the 5G Core Network and remote entities to which the 5G-capable devices are sending messages, to monitor control messages passing through the second network node. An Inventory Management sub-system stores data correlating between 5G-capable devices and IMSI numbers. A Protector Unit is configured to receive (i) data collected by the Control Plane signal probe, and (ii) data collected by the User Plane signal probe, and (iii) a subset of IMSI numbers. The Protector Unit performs Machine Learning analysis, and detects and quarantines particular 5G-capable devices that are compromised or malfunctioning.
    Type: Grant
    Filed: August 20, 2019
    Date of Patent: May 3, 2022
    Assignee: ALLOT LTD.
    Inventors: Boris Lifshitz, Itai Weissman, Itai Ephraim Zilbershtein, Nimrod Dezent
  • Patent number: 11323310
    Abstract: Method, device, and system for providing hot reservation for in-line deployed network functions with multiple network interfaces. A system includes a first Network Function (NF) unit, connected to an ingress router and to an egress router; and a second NF unit, connected to the ingress router and to the egress router. The first NF unit is initially configured as a controlling NF. The second NF unit is initially configured as a backup NF. The two NF units periodically exchange keep-alive messages via the two routers. The second NF unit, operating as the backup NF, automatically triggers a switchover if the second NF unit did not receive a keep-alive message from the first NF unit for at least a pre-defined time-period. Additionally or alternatively, the controlling NF initiates a switchover if the maintenance status parameters of the backup NF are better than those of the controlling NF.
    Type: Grant
    Filed: October 22, 2020
    Date of Patent: May 3, 2022
    Assignee: ALLOT LTD.
    Inventors: Itai Ephraim Zilbershtein, Nimrod Dezent, Alon Hazay, Itai Weissman, Boris Lifshitz
  • Patent number: 11240544
    Abstract: System, device, and method of differentiating between streaming live-video flows and streaming non-live-video flows. A system includes a Live-Video/Non-Live-Video detector unit, connected and operable between a core cellular network and an entry node of the Internet. It monitors data packets exchanged over the core cellular network and over the Internet between a User Equipment (UE) device and a destination device. It determines that a particular communication flow between the UE device and the destination device is a streaming video communication flow. It further determines whether that streaming video communication flow is either (i) a streaming Live-Video communication flow or (ii) a streaming Non-Live-Video communication flow.
    Type: Grant
    Filed: May 2, 2021
    Date of Patent: February 1, 2022
    Assignee: ALLOT LTD.
    Inventors: Aviya Vaidberg, Boris Lifshitz, Elad Moadim
  • Patent number: 11121976
    Abstract: System, device, and method for providing distributed quality-of-service control and policy enforcement. A tree hierarchy representation is constructed for distributed enforcement of a Quality-of-Service (QoS) policy on incoming packets that are intended for transmission towards a destination, by at least two separate Processing Units (PUs) that separately process different packets that are intended for transmission towards that destination. A cross-PU Instances Synchronization Unit automatically determines that a first PU caused modification of a first set of instances of parent-child Policy Objects that are utilized by the first PU, and dynamically causes a corresponding modification to a second set of instances of parent-child Policy Objects that are utilized by a second PU. The QoS policy is enforced, on a packet-by-packet basis, by different member entities of the tree hierarchy representation, to achieve the overall QoS policy.
    Type: Grant
    Filed: November 7, 2019
    Date of Patent: September 14, 2021
    Assignee: ALLOT LTD.
    Inventors: Lior Plat, Idan Bariach, Michal Rapaport, Liran Sinay, Itai Weissman, Boris Lifshitz
  • Publication number: 20210144096
    Abstract: System, device, and method for providing distributed quality-of-service control and policy enforcement. A tree hierarchy representation is constructed for distributed enforcement of a Quality-of-Service (QoS) policy on incoming packets that are intended for transmission towards a destination, by at least two separate Processing Units (PUs) that separately process different packets that are intended for transmission towards that destination. A cross-PU Instances Synchronization Unit automatically determines that a first PU caused modification of a first set of instances of parent-child Policy Objects that are utilized by the first PU, and dynamically causes a corresponding modification to a second set of instances of parent-child Policy Objects that are utilized by a second PU. The QoS policy is enforced, on a packet-by-packet basis, by different member entities of the tree hierarchy representation, to achieve the overall QoS policy.
    Type: Application
    Filed: November 7, 2019
    Publication date: May 13, 2021
    Inventors: Lior Plat, Idan Bariach, Michal Rapaport, Liran Sinay, Itai Weissman, Boris Lifshitz
  • Publication number: 20210044476
    Abstract: Method, device, and system for providing hot reservation for in-line deployed network functions with multiple network interfaces. A system includes a first Network Function (NF) unit, connected to an ingress router and to an egress router; and a second NF unit, connected to the ingress router and to the egress router. The first NF unit is initially configured as a controlling NF. The second NF unit is initially configured as a backup NF. The two NF units periodically exchange keep-alive messages via the two routers. The second NF unit, operating as the backup NF, automatically triggers a switchover if the second NF unit did not receive a keep-alive message from the first NF unit for at least a pre-defined time-period. Additionally or alternatively, the controlling NF initiates a switchover if the maintenance status parameters of the backup NF are better than those of the controlling NF.
    Type: Application
    Filed: October 22, 2020
    Publication date: February 11, 2021
    Inventors: Itai Ephraim Zilbershtein, Nimrod Dezent, Alon Hazay, Itai Weissman, Boris Lifshitz
  • Patent number: 10833981
    Abstract: Method, device, and system for providing hot reservation for in-line deployed network functions with multiple network interfaces. A system includes a first Network Function (NF) unit, connected to an ingress router and to an egress router; and a second NF unit, connected to the ingress router and to the egress router. The first NF unit is initially configured as a controlling NF. The second NF unit is initially configured as a backup NF. The two NF units periodically exchange keep-alive messages via the two routers. The second NF unit, operating as the backup NF, automatically triggers a switchover if the second NF unit did not receive a keep-alive message from the first NF unit for at least a pre-defined time-period. Additionally or alternatively, the controlling NF initiates a switchover if the maintenance status parameters of the backup NF are better than those of the controlling NF.
    Type: Grant
    Filed: June 24, 2019
    Date of Patent: November 10, 2020
    Assignee: ALLOT LTD.
    Inventors: Itai Ephraim Zilbershtein, Nimrod Dezent, Alon Hazay, Itai Weissman, Boris Lifshitz
  • Publication number: 20190380037
    Abstract: Detecting, mitigating and isolating a Signaling Storm, particularly in 5G communication networks. A Control Plane signal probe is connected at a first network node located between a Radio Access Network and a 5G Core Network, to monitor control messages originating from 5G-capable devices. A User Plane signal probe is connected at a second network node located between the 5G Core Network and remote entities to which the 5G-capable devices are sending messages, to monitor control messages passing through the second network node. An Inventory Management sub-system stores data correlating between 5G-capable devices and IMSI numbers. A Protector Unit is configured to receive (i) data collected by the Control Plane signal probe, and (ii) data collected by the User Plane signal probe, and (iii) a subset of IMSI numbers. The Protector Unit performs Machine Learning analysis, and detects and quarantines particular 5G-capable devices that are compromised or malfunctioning.
    Type: Application
    Filed: August 20, 2019
    Publication date: December 12, 2019
    Inventors: Boris Lifshitz, Itai Weissman, Itai Ephraim Zilbershtein, Nimrod Dezent