Patents by Inventor David Aviv

David Aviv has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 12659347
    Abstract: A method and system for detecting client-side cross-site scripting exploitation attacks according to an embodiment are disclosed. The method includes downloading an access list from a remote server; capturing a request to access an external resource, wherein the request is initiated by a script executed over the web browser, wherein the external web resource is external to the web browser executed on a client device; determining, based on the access list, if the requested external web resource can be accessed; and applying a mitigation action on the request to access the external web resource when it is determined that the external web resource cannot be accessed.
    Type: Grant
    Filed: December 29, 2022
    Date of Patent: June 16, 2026
    Assignee: Radware Ltd.
    Inventors: Alon Tamir, Amir Marmor, David Aviv
  • Publication number: 20260155977
    Abstract: A system and method for defending against AI-driven web traffic interference is provided. The system and method include: receiving, by an agent, a secret device ID and a web token provided by an authentication server; receiving an instruction to modify a request to a web service stored in a web server; embedding within a WebAssembly (WASM) component executed by the agent, a first portion of an encryption key and a second portion of the encryption key; transmitting the second portion of the encryption key to the authentication server; assembling, at runtime within the WASM component, an actual encryption key by combining the first portion and the second portion of the encryption key; encrypting, using the actual encryption key, the web token in the WASM component to generate a plurality of authentication tokens; and sending a request with the generated plurality of authentication tokens to the authentication server.
    Type: Application
    Filed: December 3, 2025
    Publication date: June 4, 2026
    Applicant: c/o Radware Ltd.
    Inventors: Amir MARMOR, David AVIV
  • Publication number: 20260155956
    Abstract: A system and method for defending against ATO attacks is presented. The method includes receiving, by an agent, a secret device ID and a web token provided by an authentication server; receiving an instruction to modify a request to a web service; embedding, within WASM component executed by the agent, a first portion of an encryption key and a second portion of the encryption key; transmitting the second portion of the encryption key to the authentication server; assembling, at runtime within the WASM component, an actual encryption key by combining the first portion and the second portion of the encryption key; encrypting, using the actual encryption key, the web token in the WASM component to generate an authentication token; including the generated authentication token as a session cookie in an HTTP request sent to a web server; and sending the request with the generated authentication token to the authentication.
    Type: Application
    Filed: December 3, 2025
    Publication date: June 4, 2026
    Applicant: c/o Radware Ltd.
    Inventors: David AVIV, Amir MARMOR
  • Patent number: 12647455
    Abstract: A method and system for defending AI agents against prompt injection attacks is provided. The method and system include: monitoring, in real-time, a plurality of prompts and a plurality of action sequences for a plurality of AI agents, wherein an action sequence is a series of actions intended to be performed by the AI agent based on at least a corresponding prompt; and for each AI agent, computing a semantic distance metric between each prompt and each action sequence, comparing the computed semantic distance metric to a learned baseline semantic distance computed for the AI agent; and causing an execution of a mitigation action when the computed semantic distance metric deviates from the baseline semantic distance.
    Type: Grant
    Filed: July 30, 2025
    Date of Patent: June 2, 2026
    Assignee: Radware, Ltd.
    Inventors: Gabi Nakibly, David Aviv, Zvika Babo
  • Publication number: 20260127274
    Abstract: In some implementations, the device may include instantiating a plurality of agents configured to communicate with a plurality of security tools deployed in the organization, where each of the plurality security tools defends against a different type of cyber-incident. In addition, the device may include receiving, by an agent of the plurality of agents, an input request from a respective security tool, where the input request includes at least a traffic pattern; generating, by the agent, a prompt for an AI model based on at least the input request the prompt when processed by the AI model returns at least instructions to modify at least one security policy set with the security tool; and feeding, by the agent, the at least instructions to the security tool, where the at least instructions, when executed by the security tool, causes the security tool to modify each of the least one security policy in real-time.
    Type: Application
    Filed: November 1, 2024
    Publication date: May 7, 2026
    Applicant: Radware Ltd.
    Inventor: David AVIV
  • Patent number: 12580953
    Abstract: A system and method for detecting HTTPS flood cyber-attacks. A method includes deriving traffic features from incoming traffic directed to a protected entity; determining if the derived traffic features represent at least one traffic anomaly, wherein the traffic anomaly is a deviation from at least one baseline, wherein the baseline is a normal distribution of traffic features of legitimate incoming traffic; upon determining that the derived traffic features represent at least one anomaly, determining if the anomaly characterizes an on-going HTTPS flood cyber-attack; upon determining that there is the on-going HTTPS flood cyber-attack, populating a list of suspect source internet protocol (IP) addresses of devices triggered detection of the anomaly; challenging each device in the list of suspect source IP addresses to determine if a challenged device is an attack tool; and causing execution of a mitigation action on each client device determined to be an attack tool.
    Type: Grant
    Filed: July 12, 2023
    Date of Patent: March 17, 2026
    Assignee: Radware, Ltd.
    Inventors: David Aviv, Ehud Doron, Gabi Nakibly
  • Patent number: 12563050
    Abstract: A method and system for detecting and mitigation a cyber-attack scanner are provided. The method includes determining if a source network address designated in a received packet is suspicious as of a cyber-attack scanner, wherein the determination is based on a likelihood that the source address was previously frequently encountered; upon determining that the source network address is suspicious, determining diversity of destination network addresses sent by a source having the suspicious network address; and upon determining that the destination network addresses are diversified, generating an alarm indicating that a source network address is a cyber-attack scanner, wherein a cyber-attack scanner is a device to identify destination network addresses in a protected entity that be exploit for at least a cyber-attack scanner.
    Type: Grant
    Filed: December 28, 2021
    Date of Patent: February 24, 2026
    Assignee: Radware Ltd.
    Inventors: Lev Medvedovsky, David Aviv
  • Publication number: 20250373649
    Abstract: A system and method for validating a domain name system (DNS) query using a DNS challenge. The method includes sending a response to a first source Internet protocol (IP) address, wherein the response has a modified domain name that includes a first token, the first source IP address, and an original domain name; determining receipt of a return query for the modified domain name, wherein the return query is received from a second source IP address; upon receipt of the return query, determining a second token for the return query by executing a function with respect to the first source IP address in the modified domain name; and validating the return query by comparing the first token and the determined second token, wherein the first token is extracted from the modified domain name of the return query.
    Type: Application
    Filed: May 29, 2024
    Publication date: December 4, 2025
    Applicant: Radware Ltd.
    Inventors: Gabi NAKIBLY, David AVIV, Noam DROR, Moshe ITSHAK
  • Patent number: 12483591
    Abstract: A method and system for detecting a denial of service (DoS) attack when packets used in the DoS attack are user datagram protocol (UDP) packets, are disclosed. The method includes obtaining values from an application header of a UDP packet; and when, based on use of at least one modified probabilistic Bloom filter (PMBF) for a destination to which the UDP packet indicates that it is destined, the obtained values are not values expected to be found in a UDP packet destined for the destination: increasing an uncommon per sample (ups) estimate for the PMBF; and when the increased uncommon per sample estimate is greater than an upper ups threshold: setting an alarm state to on; suspending update of the PMBF counters; and initiating a mitigation action at least with respect to the UDP packet.
    Type: Grant
    Filed: November 29, 2023
    Date of Patent: November 25, 2025
    Assignee: Radware Ltd.
    Inventors: Lev Medvedovsky, Gabi Nakibly, David Aviv
  • Patent number: 12348556
    Abstract: An out-of-path defense platform protecting against excessive utilization of a cloud service providing a cloud hosted application comprising a controller communicatively coupled to a detector and a mitigator; wherein the detector receives telemetries from sources that are configured to collect telemetries related to the traffic between end user devices and an edge network that distributes traffic for the cloud hosted application, the telemetries being out-of-path information for traffic to and from the cloud-hosted application, wherein a portion of the telemetries relate to operation of a portion of a cloud computing platform hosting the cloud-hosted application, and detects, using the collected telemetries and a learned normal utilization behavior of each cloud service for the cloud-hosted application, excessive utilization of a cloud service by the cloud hosted application; and wherein the controller, upon detection of the excessive utilization, causes mitigation, by the mitigator, of the excessive utilizati
    Type: Grant
    Filed: March 15, 2021
    Date of Patent: July 1, 2025
    Assignee: Radware Ltd.
    Inventors: Ehud Doron, Nir Ilani, David Aviv, Yotam Ben Ezra, Amit Bismut
  • Publication number: 20250175495
    Abstract: A method and system for detecting a denial of service (DOS) attack when packets used in the DOS attack are user datagram protocol (UDP) packets, are disclosed. The method includes obtaining values from an application header of a UDP packet; and when, based on use of at least one modified probabilistic Bloom filter (PMBF) for a destination to which the UDP packet indicates that it is destined, the obtained values are not values expected to be found in a UDP packet destined for the destination: increasing an uncommon per sample (ups) estimate for the PMBF; and when the increased uncommon per sample estimate is greater than an upper ups threshold: setting an alarm state to on; suspending update of the PMBF counters; and initiating a mitigation action at least with respect to the UDP packet.
    Type: Application
    Filed: November 29, 2023
    Publication date: May 29, 2025
    Applicant: Radware Ltd.
    Inventors: Lev MEDVEDOVSKY, Gabi NAKIBLY, David AVIV
  • Publication number: 20250141901
    Abstract: Apparatus for filtering transactions transmitted from a source to a protected entity, comprising: a transaction filter enforcer which receives a layer 7 transaction destined for a protected application prior to the transaction possibly being supplied to the protected entity; and an evaluator receiving the transaction from the enforcer; the enforcer routing the transaction to the protected entity when the transaction does not receive a determination as being malicious from the evaluator; the evaluator including at least a model that determines a score indicative of the maliciousness of the transaction based on input from at least one trained model, the transaction being supplied to each of the at least one trained model, each of which is a model from a set of model types, the model types including an anomaly model and an attack model; the enforcer operating in real-time and the evaluator operating in at least near real-time.
    Type: Application
    Filed: December 27, 2024
    Publication date: May 1, 2025
    Applicant: Radware Ltd.
    Inventors: Amnon LOTEM, David AVIV, Doron SHAVIT, Orly Stan BENCHETRIT
  • Patent number: 12289341
    Abstract: A method of characterization of requests using dynamic applicative signatures. The method comprises determining a plurality of different attributes of requests received during an on-going DDoS attack; clustering at least one attribute of the plurality of different attributes, wherein the clustering is based on values of the plurality of different attributes; obtaining at least one dynamic applicative signature characterizing operation of an application layer flood attack tool; matching the cluster of the at least one attribute to each of the at least one obtained dynamic applicative signature; and causing a mitigation action when there is a match to the at least one obtained dynamic applicative signature.
    Type: Grant
    Filed: February 15, 2024
    Date of Patent: April 29, 2025
    Assignee: RADWARE LTD.
    Inventors: Ehud Doron, Koral Haham, David Aviv
  • Publication number: 20250103704
    Abstract: A system and method for detecting document object model cross-site scripting (DOM-XSS) vulnerability. The method includes identifying at least one data flow in a client-side code, wherein each of the at least one data flow is between an attacker-controllable source and a security sensitive sink, wherein the client-side code includes a DOM representation of a web page; injecting an indicator string in the attacker-controllable source of the client-side code; executing an injected client-side code, wherein the injected client-side code includes the indicator string; detecting the indicator string in the security sensitive sink of the at least one data flow; and performing mitigation action upon detecting the indicator string.
    Type: Application
    Filed: September 21, 2023
    Publication date: March 27, 2025
    Applicant: Radware Ltd.
    Inventors: Amir MARMOR, David AVIV, Gabi NAKIBLY
  • Patent number: 12199984
    Abstract: Arrangements for controlling access to a protected entity include receiving a redirected request of the client to access the protected entity that was denied by the protected entity; granting, in response to the received redirected request, access tokens of a first type to the client; identifying a conversion transaction identifying a request to convert the first type of access tokens with access tokens of a second type, wherein the transaction designates at least the protected entity; converting, based on a determined conversion value, a first sum of the first type of access tokens into a second sum of the second type of access tokens wherein the conversion value is determined based on at least one access parameter; and granting the client access to the protected entity when the sum of the second type of access tokens is received as a payment from the protected entity.
    Type: Grant
    Filed: October 25, 2023
    Date of Patent: January 14, 2025
    Assignee: Radware Ltd.
    Inventors: Alon Lelcuk, David Aviv
  • Patent number: 12184690
    Abstract: A method for characterizing application layer denial-of-service (DDoS) attacks comprises generating a plurality of dynamic applicative signatures by analyzing at the application layer application layer requests received during an on-going DDoS attack, a dynamic applicative signature characterizing each received request based on frequent application layer attributes appearing in the received requests, wherein the requests are represented as a set of paraphrases, each paraphrase representing a specific aspect of a request's structure, the frequent application layer attributes being determined based on frequency of paraphrases in the set; characterizing each of the received requests based on one of the dynamic applicative signatures, the characterization providing an indication for each request whether a request is generated by an attack tool executing the on-going DDoS attack; and causing a mitigation action on the received request generated by the attack tool based on the generated dynamic applicative signatur
    Type: Grant
    Filed: December 26, 2023
    Date of Patent: December 31, 2024
    Assignee: Radware Ltd.
    Inventors: Ehud Doron, Koral Haham, David Aviv
  • Publication number: 20240396932
    Abstract: A method and device for generating application-layer signatures characterizing advanced application-layer attacks are provided. The method includes computing, based on applicative peacetime baseline distributions and attack distributions of applicative attributes included in application-layer transactions directed to a protected entity, an attacker probability of an attacker executing an ongoing application-layer attack; comparing the attacker probability computed for each of the applicative attributes to a dynamic attacker probability threshold; and including in an application-layer signature eligible applicative attributes having an attacker probability higher than the dynamic attacker threshold, wherein the application-layer signature includes an inclusive section and an exclusive section, and wherein the application-layer signature is indicative of an ongoing attack based on one of the exclusive section and the inclusive section.
    Type: Application
    Filed: August 5, 2024
    Publication date: November 28, 2024
    Applicant: Radware Ltd.
    Inventors: Ehud DORON, Alon TAMIR, David AVIV
  • Publication number: 20240396933
    Abstract: A method and device for finetuning application-layer signatures are provided. The method includes operating a false negative (FN) feedback process to finetune the application-layer signature; and operating a false positive (FP) feedback process on the application-layer signature finetuned by the FN feedback process to generate a finetuned application-layer signature to reduce a false negative rate, wherein the finetune feedback process is performed while reducing estimated egress traffic below a predefined threshold and an imposed FP rate below a pre-defined FP rate threshold.
    Type: Application
    Filed: August 5, 2024
    Publication date: November 28, 2024
    Applicant: Radware Ltd.
    Inventors: Ehud DORON, Alon TAMIR, David AVIV
  • Publication number: 20240297899
    Abstract: A system and method for learning attack-safe baselines are provided. The method includes receiving application-layer transactions directed to a protected entity; measuring values of a rate-based attribute and a rate-invariant attribute from the received application-layer transactions; determining, based on the measured rate-based attribute, if the received application-layer transactions represent a normal behavior; computing at least one baseline using application-layer transactions determined to represent the normal behavior; validating the at least one computed baseline using the measured rate-invariant attribute and rate-based attribute; and building a set of baselines based on the at least one validated baseline, wherein the set of baselines are utilized for characterization of DDoS attacks.
    Type: Application
    Filed: December 28, 2023
    Publication date: September 5, 2024
    Applicant: Radware Ltd.
    Inventors: Ehud DORON, Alon TAMIR, David AVIV
  • Publication number: 20240244079
    Abstract: A method of characterization of requests using dynamic applicative signatures. The method comprises determining a plurality of different attributes of requests received during an on-going DDOS attack; clustering at least one attribute of the plurality of different attributes, wherein the clustering is based on values of the plurality of different attributes; obtaining at least one dynamic applicative signature characterizing operation of an application layer flood attack tool; matching the cluster of the at least one attribute to each of the at least one obtained dynamic applicative signature; and causing a mitigation action when there is a match to the at least one obtained dynamic applicative signature.
    Type: Application
    Filed: February 15, 2024
    Publication date: July 18, 2024
    Applicant: Radware Ltd.
    Inventors: Ehud DORON, Koral HAHAM, David AVIV