Abstract: Systems, devices, and methods of protecting electronic or Internet-connected devices against fraudulent and malicious activities. A Data Collector and Mediator Unit monitors network traffic, and generates datasets of network traffic; each dataset includes network traffic monitored within a time-slot having a particular fixed time-length. A Predictor Unit includes a Features Extractor, to extract features from the datasets; and a Machine Learning (ML) unit, to run the extracted features through a ML model and to classify a particular traffic-portion as being either (I) an anomalous traffic-portion that is associated with fraudulent or malicious activity, or (II) a non-anomalous traffic-portion that is not-associated with fraudulent or malicious activity. The ML unit operates on both (i) anomalies in traffic patterns, and (ii) anomalies of user behavior and/or device behavior.

Abstract: Systems, devices, and methods of protecting electronic or Internet-connected devices against fraudulent and malicious activities. A Data Collector and Mediator Unit monitors network traffic, and generates datasets of network traffic; each dataset includes network traffic monitored within a time-slot having a particular fixed time-length. A Predictor Unit includes a Features Extractor, to extract features from the datasets; and a Machine Learning (ML) unit, to run the extracted features through a ML model and to classify a particular traffic-portion as being either (I) an anomalous traffic-portion that is associated with fraudulent or malicious activity, or (II) a non-anomalous traffic-portion that is not-associated with fraudulent or malicious activity. The ML unit operates on both (i) anomalies in traffic patterns, and (ii) anomalies of user behavior and/or device behavior.

Abstract: System, device, and method of detecting and mitigating Domain Name Server (DNS) tunneling attacks in a communication network. A system includes a Data Collector Unit, to monitor outbound Domain Name System (DNS) queries that are outgoing from a communication network or from an end-user device, towards an entry node of the Internet or towards a firewall unit or towards a trusted DNS server. The Data Collector Unit generates datasets of outbound DNS queries, each dataset corresponding to outbound DNS queries that are associated with a particular time-slot. A DNS Tunneling Attack Detector Unit includes a feature extractor, to extract Machine Learning (ML) features from each dataset of outbound DNS queries; and also a ML unit, to run the extracted features through a ML model, and to classify a particular outbound DNS query as belonging to a DNS tunneling attack based on ML-based analysis and classification of the extracted features.

Abstract: Systems, devices, and methods for resolving the original private Internet Protocol (IP) address of a User Equipment (UE) device in a cellular communication network; particularly where the UE device is behind a Network Address Translation (NAT) service which replaces the original private IP address of the UE device with a replacement public IP address. An IP address resolver performs an active resolution process which injects a new IP packet to the network, or performs a passive or comparison-based resolution process which compares headers of IP packets, to determine a pair of (i) an original private IP address of a particular UE device, and (ii) a replacement public IP address that is assigned to the UE device by a User Plane Function (UPF) unit. The correlation data or IP address mapping data is provided to servers or applications, to enable them to provide services to the UE device using its original private IP address.

Abstract: Detecting, mitigating and isolating a Signaling Storm, particularly in 5G communication networks. A Control Plane signal probe is connected at a first network node located between a Radio Access Network and a 5G Core Network, to monitor control messages originating from 5G-capable devices. A User Plane signal probe is connected at a second network node located between the 5G Core Network and remote entities to which the 5G-capable devices are sending messages, to monitor control messages passing through the second network node. An Inventory Management sub-system stores data correlating between 5G-capable devices and IMSI numbers. A Protector Unit is configured to receive (i) data collected by the Control Plane signal probe, and (ii) data collected by the User Plane signal probe, and (iii) a subset of IMSI numbers. The Protector Unit performs Machine Learning analysis, and detects and quarantines particular 5G-capable devices that are compromised or malfunctioning.

Abstract: Method, device, and system for providing hot reservation for in-line deployed network functions with multiple network interfaces. A system includes a first Network Function (NF) unit, connected to an ingress router and to an egress router; and a second NF unit, connected to the ingress router and to the egress router. The first NF unit is initially configured as a controlling NF. The second NF unit is initially configured as a backup NF. The two NF units periodically exchange keep-alive messages via the two routers. The second NF unit, operating as the backup NF, automatically triggers a switchover if the second NF unit did not receive a keep-alive message from the first NF unit for at least a pre-defined time-period. Additionally or alternatively, the controlling NF initiates a switchover if the maintenance status parameters of the backup NF are better than those of the controlling NF.

Abstract: System, device, and method of differentiating between streaming live-video flows and streaming non-live-video flows. A system includes a Live-Video/Non-Live-Video detector unit, connected and operable between a core cellular network and an entry node of the Internet. It monitors data packets exchanged over the core cellular network and over the Internet between a User Equipment (UE) device and a destination device. It determines that a particular communication flow between the UE device and the destination device is a streaming video communication flow. It further determines whether that streaming video communication flow is either (i) a streaming Live-Video communication flow or (ii) a streaming Non-Live-Video communication flow.

Abstract: System, device, and method for providing distributed quality-of-service control and policy enforcement. A tree hierarchy representation is constructed for distributed enforcement of a Quality-of-Service (QoS) policy on incoming packets that are intended for transmission towards a destination, by at least two separate Processing Units (PUs) that separately process different packets that are intended for transmission towards that destination. A cross-PU Instances Synchronization Unit automatically determines that a first PU caused modification of a first set of instances of parent-child Policy Objects that are utilized by the first PU, and dynamically causes a corresponding modification to a second set of instances of parent-child Policy Objects that are utilized by a second PU. The QoS policy is enforced, on a packet-by-packet basis, by different member entities of the tree hierarchy representation, to achieve the overall QoS policy.

Abstract: System, device, and method for providing distributed quality-of-service control and policy enforcement. A tree hierarchy representation is constructed for distributed enforcement of a Quality-of-Service (QoS) policy on incoming packets that are intended for transmission towards a destination, by at least two separate Processing Units (PUs) that separately process different packets that are intended for transmission towards that destination. A cross-PU Instances Synchronization Unit automatically determines that a first PU caused modification of a first set of instances of parent-child Policy Objects that are utilized by the first PU, and dynamically causes a corresponding modification to a second set of instances of parent-child Policy Objects that are utilized by a second PU. The QoS policy is enforced, on a packet-by-packet basis, by different member entities of the tree hierarchy representation, to achieve the overall QoS policy.

Abstract: Method, device, and system for providing hot reservation for in-line deployed network functions with multiple network interfaces. A system includes a first Network Function (NF) unit, connected to an ingress router and to an egress router; and a second NF unit, connected to the ingress router and to the egress router. The first NF unit is initially configured as a controlling NF. The second NF unit is initially configured as a backup NF. The two NF units periodically exchange keep-alive messages via the two routers. The second NF unit, operating as the backup NF, automatically triggers a switchover if the second NF unit did not receive a keep-alive message from the first NF unit for at least a pre-defined time-period. Additionally or alternatively, the controlling NF initiates a switchover if the maintenance status parameters of the backup NF are better than those of the controlling NF.

Abstract: Method, device, and system for providing hot reservation for in-line deployed network functions with multiple network interfaces. A system includes a first Network Function (NF) unit, connected to an ingress router and to an egress router; and a second NF unit, connected to the ingress router and to the egress router. The first NF unit is initially configured as a controlling NF. The second NF unit is initially configured as a backup NF. The two NF units periodically exchange keep-alive messages via the two routers. The second NF unit, operating as the backup NF, automatically triggers a switchover if the second NF unit did not receive a keep-alive message from the first NF unit for at least a pre-defined time-period. Additionally or alternatively, the controlling NF initiates a switchover if the maintenance status parameters of the backup NF are better than those of the controlling NF.

Abstract: Detecting, mitigating and isolating a Signaling Storm, particularly in 5G communication networks. A Control Plane signal probe is connected at a first network node located between a Radio Access Network and a 5G Core Network, to monitor control messages originating from 5G-capable devices. A User Plane signal probe is connected at a second network node located between the 5G Core Network and remote entities to which the 5G-capable devices are sending messages, to monitor control messages passing through the second network node. An Inventory Management sub-system stores data correlating between 5G-capable devices and IMSI numbers. A Protector Unit is configured to receive (i) data collected by the Control Plane signal probe, and (ii) data collected by the User Plane signal probe, and (iii) a subset of IMSI numbers. The Protector Unit performs Machine Learning analysis, and detects and quarantines particular 5G-capable devices that are compromised or malfunctioning.