Patents by Inventor David Aviv
David Aviv has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20240137386Abstract: A method for characterizing application layer denial-of-service (DDoS) attacks comprises generating a plurality of dynamic applicative signatures by analyzing at the application layer application layer requests received during an on-going DDoS attack, a dynamic applicative signature characterizing each received request based on frequent application layer attributes appearing in the received requests, wherein the requests are represented as a set of paraphrases, each paraphrase representing a specific aspect of a request's structure, the frequent application layer attributes being determined based on frequency of paraphrases in the set; characterizing each of the received requests based on one of the dynamic applicative signatures, the characterization providing an indication for each request whether a request is generated by an attack tool executing the on-going DDoS attack; and causing a mitigation action on the received request generated by the attack tool based on the generated dynamic applicative signaturType: ApplicationFiled: December 26, 2023Publication date: April 25, 2024Applicant: Radware Ltd.Inventors: Ehud DORON, Koral HAHAM, David AVIV
-
Patent number: 11943224Abstract: Arrangements for controlling access to a protected entity include receiving a redirected client request to access the protected entity that includes a public key of the client; granting, in response to the received redirected request, access tokens of a first type to a client using the public key of the client; identifying a conversion transaction identifying a request to convert the first type of access tokens with access tokens of a second type, the transaction designating the protected entity; determining a conversion value for converting the first-type access tokens into second-type access tokens based on at least one access parameter; converting, using the conversion value, a first sum of the first-type access tokens into a second sum of second-type access tokens; and granting the client access to the protected entity when the sum of second-type of access tokens is received as a payment from the protected entity.Type: GrantFiled: July 29, 2022Date of Patent: March 26, 2024Assignee: RADWARE, LTD.Inventors: Alon Lelcuk, David Aviv
-
Publication number: 20240098111Abstract: A method and system for mitigating of randomized denial-of-service (DDoS) attacks directed against a protected entity during an attack time period are provided. The method includes receiving a packet during the attack time period; selecting a cluster defining legitimacy characteristics from at least one cluster of packets that best fits the received packet, wherein legitimacy characteristics of a cluster are learned during a peacetime period; determining a legitimacy score for the received packet based on the legitimacy characteristics of the selected cluster; determining based on the legitimacy score if the received packet is not legitimate; and applying a mitigation action on the received packet upon determination that the packet is not legitimate.Type: ApplicationFiled: September 19, 2022Publication date: March 21, 2024Applicant: Radware Ltd.Inventors: Ehud DORON, Amnon LOTEM, Gal YEHOSHUA, David AVIV
-
Patent number: 11926346Abstract: In various examples, a yield scenario may be identified for a first vehicle. A wait element is received that encodes a first path for the first vehicle to traverse a yield area and a second path for a second vehicle to traverse the yield area. The first path is employed to determine a first trajectory in the yield area for the first vehicle based at least on a first location of the first vehicle at a time and the second path is employed to determine a second trajectory in the yield area for the second vehicle based at least on a second location of the second vehicle at the time. To operate the first vehicle in accordance with a wait state, it may be determined whether there is a conflict between the first trajectory and the second trajectory, where the wait state defines a yielding behavior for the first vehicle.Type: GrantFiled: August 5, 2021Date of Patent: March 12, 2024Assignee: NVIDIA CorporationInventors: Fangkai Yang, David Nister, Yizhou Wang, Rotem Aviv, Julia Ng, Birgit Henke, Hon Leung Lee, Yunfei Shi
-
Patent number: 11927502Abstract: In various examples, sensor data recorded in the real-world may be leveraged to generate transformed, additional, sensor data to test one or more functions of a vehicle—such as a function of an AEB, CMW, LDW, ALC, or ACC system. Sensor data recorded by the sensors may be augmented, transformed, or otherwise updated to represent sensor data corresponding to state information defined by a simulation test profile for testing the vehicle function(s). Once a set of test data has been generated, the test data may be processed by a system of the vehicle to determine the efficacy of the system with respect to any number of test criteria. As a result, a test set including additional or alternative instances of sensor data may be generated from real-world recorded sensor data to test a vehicle in a variety of test scenarios—including those that may be too dangerous to test in the real-world.Type: GrantFiled: April 28, 2020Date of Patent: March 12, 2024Assignee: NVIDIA CorporationInventors: Jesse Hong, Urs Muller, Bernhard Firner, Zongyi Yang, Joyjit Daw, David Nister, Roberto Giuseppe Luca Valenti, Rotem Aviv
-
Patent number: 11916956Abstract: A method and system for generating dynamic applicative signatures of by application layer flood attack tools are provided. The method includes determining a plurality of different attributes of requests received during an on-going DDoS attack; clustering at least one attribute of the plurality of different attributes, wherein the clustering is based on values of the plurality of different attributes; determining clusters of attributes representing most frequent structures of the requests received during the on-going DDoS attack; and generating, based on the determined clusters of attributes, signature of an application layer flood attack tool executing the on-going DDoS attack.Type: GrantFiled: December 19, 2022Date of Patent: February 27, 2024Assignee: RADWARE LTD.Inventors: Ehud Doron, Koral Haham, David Aviv
-
Publication number: 20240064146Abstract: Arrangements for controlling access to a protected entity include receiving a redirected request of the client to access the protected entity that was denied by the protected entity; granting, in response to the received redirected request, access tokens of a first type to the client; identifying a conversion transaction identifying a request to convert the first type of access tokens with access tokens of a second type, wherein the transaction designates at least the protected entity; converting, based on a determined conversion value, a first sum of the first type of access tokens into a second sum of the second type of access tokens wherein the conversion value is determined based on at least one access parameter; and granting the client access to the protected entity when the sum of the second type of access tokens is received as a payment from the protected entity.Type: ApplicationFiled: October 25, 2023Publication date: February 22, 2024Applicant: Radware Ltd.Inventors: Alon LELCUK, David AVIV
-
Patent number: 11888893Abstract: A method and system for characterizing application layer denial-of-service (DDoS) attacks are provided. The method includes generating a dynamic applicative signature by analyzing requests received during an on-going DDoS attack, wherein the dynamic applicative signature characterizes based on frequent applicative attributes appeared from the received; characterizing each incoming request based on the generated dynamic applicative signature, wherein the characterization provides an indication for each incoming request whether an incoming request is generated by an attack tool executing the on-going DDoS attributes; and causing a mitigation action on the incoming request generated by the attack tool based on the generated dynamic applicative signature.Type: GrantFiled: January 31, 2023Date of Patent: January 30, 2024Assignee: RADWARE LTDInventors: Ehud Doron, Koral Haham, David Aviv
-
Publication number: 20230283609Abstract: A method for protecting entities against bots is provided. The method includes identifying a request from a client to access a protected entity; selecting an access policy in response to the access request, wherein the access policy includes at least one challenge to be performed by the client; identifying results of the at least one challenge, wherein the results are provided by the client upon completion of the challenge; determining a bias of the client based on the completion results, wherein the determined bias is utilized for a cyber-security assessment of the client; and granting access to the protected entity by the client based on the determined bias.Type: ApplicationFiled: May 10, 2023Publication date: September 7, 2023Applicant: Radware Ltd.Inventors: Alon LELCUK, David AVIV
-
Patent number: 11750632Abstract: A method for detecting DoS attacks using an encrypted communication protocol includes estimating traffic telemetries of packets of at least ingress traffic passing over an insecure network that is directed to a protected entity by analyzing TCP headers of the packets, the packets using an encrypted version of a non-encrypted communication protocol, the packets being intended for the protected entity; providing at least one rate-based feature and at least one rate-invariant feature based on the estimated traffic telemetries, wherein the rate-based feature and the rate-invariant feature demonstrate a normal behavior of the traffic; and executing a mitigation action when a potential flood DoS attack using the encrypted communication protocol is detected by an evaluation of each of the at least one rate-based feature and the at least one rate-invariant feature with respect to respective baselines to determine whether the behavior of the ingress traffic indicates a potential flood DoS attack.Type: GrantFiled: May 31, 2022Date of Patent: September 5, 2023Assignee: RADWARE, LTD.Inventors: Ehud Doron, Lev Medvedovsky, David Aviv, Eyal Rundstein, Ronit Lubitch Greenberg, Avishay Balderman
-
Publication number: 20230254341Abstract: A system and method for detecting cyber-attacks using quantile regression analysis are disclosed. The method includes: identifying at least one hit quantile out of a plurality of quantiles, wherein the at least one identified hit quantile falls within quantile edges of a sample of traffic directed at a protected entity, wherein each of the plurality of quantiles is characterized by a probability distribution of at least one feature of a data stream, each of the plurality of quantiles having a respective probability estimate; updating the probability estimates of the plurality of quantiles when the at least one hit quantile has been identified; and when the probability estimate of the at least one hit quantile is above a threshold, taking an action to mitigate existence of a cyber-attack.Type: ApplicationFiled: April 5, 2023Publication date: August 10, 2023Applicant: Radware Ltd.Inventors: Lev MEDVEDOVSKY, David AVIV
-
Publication number: 20230224321Abstract: A method and system for generating dynamic applicative signatures of by application layer flood attack tools are provided. The method includes determining a plurality of different attributes of requests received during an on-going DDoS attack; clustering at least one attribute of the plurality of different attributes, wherein the clustering is based on values of the plurality of different attributes; determining clusters of attributes representing most frequent structures of the requests received during the on-going DDoS attack; and generating, based on the determined clusters of attributes, signature of an application layer flood attack tool executing the on-going DDoS attack.Type: ApplicationFiled: December 19, 2022Publication date: July 13, 2023Applicant: Radware Ltd.Inventors: Ehud DORON, Koral HAHAM, David AVIV
-
Publication number: 20230216885Abstract: A method and system for detecting client-side cross-site scripting exploitation attacks according to an embodiment are disclosed. The method includes downloading an access list from a remote server; capturing a request to access an external resource, wherein the request is initiated by a script executed over the web browser, wherein the external web resource is external to the web browser executed on a client device; determining, based on the access list, if the requested external web resource can be accessed; and applying a mitigation action on the request to access the external web resource when it is determined that the external web resource cannot be accessed.Type: ApplicationFiled: December 29, 2022Publication date: July 6, 2023Applicant: Radware Ltd.Inventors: Alon TAMIR, Amir MARMOR, David AVIV
-
Publication number: 20230208857Abstract: A method and system for detecting and mitigation a cyber-attack scanner are provided. The method includes determining if a source network address designated in a received packet is suspicious as of a cyber-attack scanner, wherein the determination is based on a likelihood that the source address was previously frequently encountered; upon determining that the source network address is suspicious, determining diversity of destination network addresses sent by a source having the suspicious network address; and upon determining that the destination network addresses are diversified, generating an alarm indicating that a source network address is a cyber-attack scanner, wherein a cyber-attack scanner is a device to identify destination network addresses in a protected entity that be exploit for at least a cyber-attack scanner.Type: ApplicationFiled: December 28, 2021Publication date: June 29, 2023Applicant: Radware, Ltd.Inventors: Lev MEDVEDOVSKY, David AVIV
-
Publication number: 20230188560Abstract: A method and system for characterizing application layer denial-of-service (DDoS) attacks are provided. The method includes generating a dynamic applicative signature by analyzing requests received during an on-going DDoS attack, wherein the dynamic applicative signature characterizes based on frequent applicative attributes appeared from the received; characterizing each incoming request based on the generated dynamic applicative signature, wherein the characterization provides an indication for each incoming request whether an incoming request is generated by an attack tool executing the on-going DDoS attributes; and causing a mitigation action on the incoming request generated by the attack tool based on the generated dynamic applicative signature.Type: ApplicationFiled: January 31, 2023Publication date: June 15, 2023Applicant: Radware Ltd.Inventors: Ehud DORON, Koral HAHAM, David AVIV
-
Patent number: 11677753Abstract: A method for protecting entities against bots is provided. The method includes identifying a request from a client to access a protected entity; selecting an access policy in response to the access request, wherein the access policy includes at least one challenge to be performed by the client; identifying results of the at least one challenge, wherein the results are provided by the client upon completion of the challenge; determining a bias of the client based on the completion results, wherein the determined bias is utilized for a cyber-security assessment of the client; and granting access to the protected entity by the client based on the determined bias.Type: GrantFiled: August 3, 2020Date of Patent: June 13, 2023Assignee: RADWARE LTD.Inventors: Alon Lelcuk, David Aviv
-
Patent number: 11652843Abstract: A system and method for detecting cyber-attacks using quantile regression analysis are disclosed. The method includes identifying at least one hit quantile out of a plurality of quantiles, wherein at least one sample of traffic directed at a protected entity falls within quantile edges of the at least one identified hit quantile, wherein each of the plurality of quantiles is characterized by a probability distribution of at least one feature of a data stream, each of the plurality of quantiles having a respective probability estimate of bytes to fall into it; updating the probability estimates of the plurality of quantiles when the hit quantile has been identified; determining if the probability estimate of the at least one hit quantile is above a threshold; and detecting a cyber-attack when the probability estimate of the at least one hit quantile is above the threshold.Type: GrantFiled: December 31, 2020Date of Patent: May 16, 2023Assignee: RADWARE LTD.Inventors: Lev Medvedovsky, David Aviv
-
Patent number: 11632391Abstract: A system and method for out-of-path detection of cyber-attacks are provided. The method includes receiving, by a detector, a plurality of data feeds from a plurality of data sources, wherein the detector is communicatively connected to the plurality of data sources; processing, by the detector, the plurality of received data feeds to generate enriched Flow data sets; analyzing the enriched Flow data sets to detect a potential cyber-attack; and upon detection of a potential cyber-attack, providing indication to each network entity of the network entities that is under attack.Type: GrantFiled: December 6, 2018Date of Patent: April 18, 2023Assignee: RADWARE LTD.Inventors: Ehud Doron, Yotam Ben Ezra, David Aviv
-
Publication number: 20230091851Abstract: A system and method for identity-based access admission are provided. The method includes generating in a browser of a client device a unique identity key for the browser, wherein the identity key is generated in an internal frame (iFrame) thread, is executed in a main thread of the browser, and wherein the identity key includes a fingerprint characterizing in part the browser and the client device, an internet protocol address of the client device, and a public-encryption key; and registering the identity key with an admission controller, wherein access to a protected entity by the client device is enforced using the identity key.Type: ApplicationFiled: September 22, 2021Publication date: March 23, 2023Applicant: RADWARE. LTDInventors: Alon TAMIR, Amir MARMOR, David AVIV
-
Patent number: 11606387Abstract: A system and method for reducing a time to mitigate distributed denial of service (DDoS) attacks are provided. The method includes receiving a plurality of attack feeds on at least one protected object in a secured environment; analyzing the plurality of attack feeds to determine characteristics of a DDoS attack against the secure environment; determining a set of optimal mitigation resources assigned to the secured environment; selecting, based on the set of optimal mitigation resources and the attack characteristics, at least one optimal workflow scheme; and initiating a proactive mitigation action by setting each mitigation resource in the set of optimal mitigation resources according to the selected optimal workflow scheme.Type: GrantFiled: December 20, 2018Date of Patent: March 14, 2023Assignee: RADWARE LTD.Inventors: Ehud Doron, Yotam Ben Ezra, David Aviv