Patents by Inventor Chaim Spielman
Chaim Spielman has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20210185080Abstract: In one example, the present disclosure describes various methods, computer-readable media, and apparatuses for supporting social engineering attack prevention based on early detection and remediation of various types of social engineering attacks which may be initiated within various contexts. In one example, supporting social engineering attack prevention may include identifying a workflow to be protected, identifying, for the workflow, a set of valid resources of the workflow where the set of valid resources includes a set of artifacts and a set of templates, identifying, from a dataset associated with the workflow and based on the set of artifacts, a communication associated with the workflow, determining, based on an analysis of the communication based on the set of templates, that the communication is malicious, and initiating, based on the determination that the communication is malicious, a remediation action.Type: ApplicationFiled: December 11, 2019Publication date: June 17, 2021Inventors: Wei Wang, Mikhail Istomin, Chaim Spielman, Christina Monteleone, Kenneth Walsh, Carol Pincock
-
Patent number: 10797974Abstract: Generation of behavior profiling reports is provided for enterprise server devices in a network of enterprise server devices, as well as generation and association of severity scores for behavior profiling reports generated for enterprise server devices included in the network of enterprise server devices. A method can comprise receiving historical security event data representing historical security events of a first device and owner data representing an owner of the first device, and, as a function of the historical security event data and the owner data, an anomalous contact established between the first device and the second device can be identified. Further, in response to identifying the existence of the anomalous contact, the second device can be depicted on a connected graph of anomalous contacts established by the first device.Type: GrantFiled: June 17, 2019Date of Patent: October 6, 2020Assignee: AT&T INTELLECTUAL PROPERTY I, L.P.Inventors: Paul Giura, Stanislav Nurilov, Makonnen Sankore, Chaim Spielman
-
Patent number: 10516595Abstract: A network device that operates as an analysis platform for analysis of event data records that can provide a flexible approach to event data record aggregation. For example, aggregation can be flexibly turned on or off and dynamically adjusted based on event record volume and other factors such as network capacity or throughput. Devices that are instructed to aggregate records can also be instructed to archive the raw records, e.g., to maintain a full fidelity log of events. Devices can further be instructed to utilize a mixed queue approach to determine an order to deliver those records that includes both older records and newer records.Type: GrantFiled: September 11, 2018Date of Patent: December 24, 2019Assignee: AT&T INTELLECTUAL PROPERTY I, L.P.Inventors: Daniel G. Sheleheda, Samuel Norman Alexander, John H. Hardenbergh, Joseph Harten, James Pace, Chaim Spielman
-
Publication number: 20190312796Abstract: Generation of behavior profiling reports is provided for enterprise server devices in a network of enterprise server devices, as well as generation and association of severity scores for behavior profiling reports generated for enterprise server devices included in the network of enterprise server devices. A method can comprise receiving historical security event data representing historical security events of a first device and owner data representing an owner of the first device, and, as a function of the historical security event data and the owner data, an anomalous contact established between the first device and the second device can be identified. Further, in response to identifying the existence of the anomalous contact, the second device can be depicted on a connected graph of anomalous contacts established by the first device.Type: ApplicationFiled: June 17, 2019Publication date: October 10, 2019Inventors: Paul Giura, Stanislav Nurilov, Makonnen Sankore, Chaim Spielman
-
Patent number: 10367704Abstract: Generation of behavior profiling reports is provided for enterprise server devices in a network of enterprise server devices, as well as generation and association of severity scores for behavior profiling reports generated for enterprise server devices included in the network of enterprise server devices. A method can comprise receiving historical security event data representing historical security events of a first device and owner data representing an owner of the first device, and, as a function of the historical security event data and the owner data, an anomalous contact established between the first device and the second device can be identified. Further, in response to identifying the existence of the anomalous contact, the second device can be depicted on a connected graph of anomalous contacts established by the first device.Type: GrantFiled: July 12, 2016Date of Patent: July 30, 2019Assignee: AT&T INTELLECTUAL PROPERTY I, L.P.Inventors: Paul Giura, Stanislav Nurilov, Makonnen Sankore, Chaim Spielman
-
Publication number: 20190007296Abstract: A network device that operates as an analysis platform for analysis of event data records that can provide a flexible approach to event data record aggregation. For example, aggregation can be flexibly turned on or off and dynamically adjusted based on event record volume and other factors such as network capacity or throughput. Devices that are instructed to aggregate records can also be instructed to archive the raw records, e.g., to maintain a full fidelity log of events. Devices can further be instructed to utilize a mixed queue approach to determine an order to deliver those records that includes both older records and newer records.Type: ApplicationFiled: September 11, 2018Publication date: January 3, 2019Inventors: Daniel G. Sheleheda, Samuel Norman Alexander, John H. Hardenbergh, Joseph Harten, James Pace, Chaim Spielman
-
Patent number: 10103964Abstract: A network device that operates as an analysis platform for analysis of event data records that can provide a flexible approach to event data record aggregation. For example, aggregation can be flexibly turned on or off and dynamically adjusted based on event record volume and other factors such as network capacity or throughput. Devices that are instructed to aggregate records can also be instructed to archive the raw records, e.g., to maintain a full fidelity log of events. Devices can further be instructed to utilize a mixed queue approach to determine an order to deliver those records that includes both older records and newer records.Type: GrantFiled: June 17, 2016Date of Patent: October 16, 2018Assignee: AT&T INTELLECTUAL PROPERTY I, L.P.Inventors: Daniel G. Sheleheda, Samuel Norman Alexander, John H. Hardenbergh, Joseph Harten, James Pace, Chaim Spielman
-
Publication number: 20180019932Abstract: Generation of behavior profiling reports is provided for enterprise server devices in a network of enterprise server devices, as well as generation and association of severity scores for behavior profiling reports generated for enterprise server devices included in the network of enterprise server devices. A method can comprise receiving historical security event data representing historical security events of a first device and owner data representing an owner of the first device, and, as a function of the historical security event data and the owner data, an anomalous contact established between the first device and the second device can be identified. Further, in response to identifying the existence of the anomalous contact, the second device can be depicted on a connected graph of anomalous contacts established by the first device.Type: ApplicationFiled: July 12, 2016Publication date: January 18, 2018Inventors: Paul Giura, Stanislav Nurilov, Makonnen Sankore, Chaim Spielman
-
Publication number: 20170366440Abstract: A network device that operates as an analysis platform for analysis of event data records that can provide a flexible approach to event data record aggregation. For example, aggregation can be flexibly turned on or off and dynamically adjusted based on event record volume and other factors such as network capacity or throughput. Devices that are instructed to aggregate records can also be instructed to archive the raw records, e.g., to maintain a full fidelity log of events. Devices can further be instructed to utilize a mixed queue approach to determine an order to deliver those records that includes both older records and newer records.Type: ApplicationFiled: June 17, 2016Publication date: December 21, 2017Inventors: Daniel G. Sheleheda, Samuel Norman Alexander, John H. Hardenbergh, Joseph Harten, James Pace, Chaim Spielman
-
Patent number: 9444836Abstract: Methods, systems, and computer-readable media for identifying potential threats on a network based on anomalous behavior in communication between endpoints are provided. Traffic data for a network is accumulated over some period of time. The traffic data is grouped by one or more keys, such as source IP address, and sets of metric values are calculated for the keys. A mixture distribution, such as a negative binomial mixture distribution, is fitted to each set of metric values, and outlying metric values are determined based on the mixture distribution(s). A list of outliers is then generated comprising key values having outlying metric values in one or more of the sets of metric values.Type: GrantFiled: February 29, 2016Date of Patent: September 13, 2016Assignee: AT&T Intellectual Property I, L.P.Inventors: Jeremy Wright, John Hogoboom, Chaim Spielman
-
Publication number: 20160182552Abstract: Methods, systems, and computer-readable media for identifying potential threats on a network based on anomalous behavior in communication between endpoints are provided. Traffic data for a network is accumulated over some period of time. The traffic data is grouped by one or more keys, such as source IP address, and sets of metric values are calculated for the keys. A mixture distribution, such as a negative binomial mixture distribution, is fitted to each set of metric values, and outlying metric values are determined based on the mixture distribution(s). A list of outliers is then generated comprising key values having outlying metric values in one or more of the sets of metric values.Type: ApplicationFiled: February 29, 2016Publication date: June 23, 2016Applicant: AT&T Intellectual Property I, L.P.Inventors: Jeremy Wright, John Hogoboom, Chaim Spielman
-
Patent number: 9276949Abstract: Methods, systems, and computer-readable media for identifying potential threats on a network based on anomalous behavior in communication between endpoints are provided. Traffic data for a network is accumulated over some period of time. The traffic data is grouped by one or more keys, such as source IP address, and sets of metric values are calculated for the keys. A mixture distribution, such as a negative binomial mixture distribution, is fitted to each set of metric values, and outlying metric values are determined based on the mixture distribution(s). A list of outliers is then generated comprising key values having outlying metric values in one or more of the sets of metric values.Type: GrantFiled: September 2, 2013Date of Patent: March 1, 2016Assignee: AT&T Intellectual Property I, L.P.Inventors: Jeremy Wright, John Hogoboom, Chaim Spielman
-
Patent number: 9055012Abstract: A method and system for determining whether an IP address is part of a bot-network are provided. The IP-address-aggregate associated with the IP address of an e-mail sender is determined. The IP-address-aggregate is associated with an IP-address-aggregate-category based on the current SMTP traffic characteristics of the IP-address-aggregate and the known SMTP traffic characteristics of an IP-address-aggregate-category. A bot-likelihood score of the IP-address-aggregate-category is then associated with IP-address-aggregate. IP-address-aggregate-categories can be established based on historical SMTP traffic characteristics of the IP-address-aggregates. The IP-address-aggregates are grouped based on SMTP characteristics, and the IP-address-aggregate-categories are defined based on a selection of IP-address-aggregates with similar SMTP traffic characteristics that are diagnostic of spam bots vs. non-botnet-controllers spammers.Type: GrantFiled: April 5, 2013Date of Patent: June 9, 2015Assignee: AT&T Intellectual Property I, L.P.Inventors: Willa Kay Ehrlich, David A. Hoeflin, Danielle Liu, Chaim Spielman, Stephen Wood
-
Publication number: 20140007237Abstract: Methods, systems, and computer-readable media for identifying potential threats on a network based on anomalous behavior in communication between endpoints are provided. Traffic data for a network is accumulated over some period of time. The traffic data is grouped by one or more keys, such as source IP address, and sets of metric values are calculated for the keys. A mixture distribution, such as a negative binomial mixture distribution, is fitted to each set of metric values, and outlying metric values are determined based on the mixture distribution(s). A list of outliers is then generated comprising key values having outlying metric values in one or more of the sets of metric values.Type: ApplicationFiled: September 2, 2013Publication date: January 2, 2014Applicant: AT&T Intellectual Property I, L.P.Inventors: Jeremy Wright, John Hogoboom, Chaim Spielman
-
Patent number: 8528088Abstract: Methods, systems, and computer-readable media for identifying potential threats on a network based on anomalous behavior in communication between endpoints are provided. Traffic data for a network is accumulated over some period of time. The traffic data is grouped by one or more keys, such as source IP address, and sets of metric values are calculated for the keys. A mixture distribution, such as a negative binomial mixture distribution, is fitted to each set of metric values, and outlying metric values are determined based on the mixture distribution(s). A list of outliers is then generated comprising key values having outlying metric values in one or more of the sets of metric values.Type: GrantFiled: May 26, 2011Date of Patent: September 3, 2013Assignee: AT&T Intellectual Property I, L.P.Inventors: Jeremy Wright, John Hogoboom, Chaim Spielman
-
Patent number: 8516104Abstract: Method and apparatus for processing traffic of interest in a network is described. In one example, a baseline profile and at least one threshold is computed using initial aggregated volume data for the traffic of interest. Aggregated volume counts for time periods in a time interval are obtained. Differences between the aggregated volume counts for the time periods and values of the baseline profile for corresponding time periods are computed. An alarm is triggered for each of the differences that exceeds the at least one threshold.Type: GrantFiled: December 22, 2005Date of Patent: August 20, 2013Assignee: AT&T Intellectual Property II, L.P.Inventors: Danielle Liu, Chaim Spielman
-
Patent number: 8516573Abstract: Method and apparatus for port sweep detection in a network is described. In one example, log data is obtained for a period of time. The log data is associated with a plurality of devices in the network. The log data is processed to identify connection requests from a source key for a port at a number of target internet protocol (IP) addresses. An alarm is generated if the number of target IP addresses associated with the connection requests from the source key exceeds a threshold.Type: GrantFiled: December 22, 2005Date of Patent: August 20, 2013Assignee: AT&T Intellectual Property II, L.P.Inventors: Philip E. Brown, Jeanette LaRosa, Chaim Spielman
-
Patent number: 8438638Abstract: A method and system for determining whether an IP address is part of a bot-network are provided. The IP-address-aggregate associated with the IP address of an e-mail sender is determined. The IP-address-aggregate is associated with an IP-address-aggregate-category based on the current SMTP traffic characteristics of the IP-address-aggregate and the known SMTP traffic characteristics of an IP-address-aggregate-category. A bot-likelihood score of the IP-address-aggregate-category is then associated with IP-address-aggregate. IP-address-aggregate-categories can be established based on historical SMTP traffic characteristics of the IP-address-aggregates. The IP-address-aggregates are grouped based on SMTP characteristics, and the IP-address-aggregate-categories are defined based on a selection of IP-address-aggregates with similar SMTP traffic characteristics that are diagnostic of spam bots vs. non-botnet-controllers spammers.Type: GrantFiled: April 8, 2010Date of Patent: May 7, 2013Assignee: AT&T Intellectual Property I, L.P.Inventors: Willa Ehrlich, David Hoeflin, Danielle Liu, Chaim Spielman, Stephen K. Wood
-
Publication number: 20120304288Abstract: Methods, systems, and computer-readable media for identifying potential threats on a network based on anomalous behavior in communication between endpoints are provided. Traffic data for a network is accumulated over some period of time. The traffic data is grouped by one or more keys, such as source IP address, and sets of metric values are calculated for the keys. A mixture distribution, such as a negative binomial mixture distribution, is fitted to each set of metric values, and outlying metric values are determined based on the mixture distribution(s). A list of outliers is then generated comprising key values having outlying metric values in one or more of the sets of metric values.Type: ApplicationFiled: May 26, 2011Publication date: November 29, 2012Inventors: Jeremy Wright, John Hogoboom, Chaim Spielman
-
Patent number: 8117655Abstract: A method, system and apparatus for detecting anomalous web proxy activity by end-users are disclosed. The techniques include analyzing records from a web proxy log and determining whether the records contain anomalous end-user activity by inspecting a uniform resource locator and a connect instruction included therein. The techniques also include generating an alert in response to the analysis.Type: GrantFiled: December 14, 2009Date of Patent: February 14, 2012Assignee: AT&T Intellectual Property II, LPInventor: Chaim Spielman