Patents by Inventor David Aviv

David Aviv has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Publication number: 20240396932
    Abstract: A method and device for generating application-layer signatures characterizing advanced application-layer attacks are provided. The method includes computing, based on applicative peacetime baseline distributions and attack distributions of applicative attributes included in application-layer transactions directed to a protected entity, an attacker probability of an attacker executing an ongoing application-layer attack; comparing the attacker probability computed for each of the applicative attributes to a dynamic attacker probability threshold; and including in an application-layer signature eligible applicative attributes having an attacker probability higher than the dynamic attacker threshold, wherein the application-layer signature includes an inclusive section and an exclusive section, and wherein the application-layer signature is indicative of an ongoing attack based on one of the exclusive section and the inclusive section.
    Type: Application
    Filed: August 5, 2024
    Publication date: November 28, 2024
    Applicant: Radware Ltd.
    Inventors: Ehud DORON, Alon TAMIR, David AVIV
  • Publication number: 20240396933
    Abstract: A method and device for finetuning application-layer signatures are provided. The method includes operating a false negative (FN) feedback process to finetune the application-layer signature; and operating a false positive (FP) feedback process on the application-layer signature finetuned by the FN feedback process to generate a finetuned application-layer signature to reduce a false negative rate, wherein the finetune feedback process is performed while reducing estimated egress traffic below a predefined threshold and an imposed FP rate below a pre-defined FP rate threshold.
    Type: Application
    Filed: August 5, 2024
    Publication date: November 28, 2024
    Applicant: Radware Ltd.
    Inventors: Ehud DORON, Alon TAMIR, David AVIV
  • Publication number: 20240297899
    Abstract: A system and method for learning attack-safe baselines are provided. The method includes receiving application-layer transactions directed to a protected entity; measuring values of a rate-based attribute and a rate-invariant attribute from the received application-layer transactions; determining, based on the measured rate-based attribute, if the received application-layer transactions represent a normal behavior; computing at least one baseline using application-layer transactions determined to represent the normal behavior; validating the at least one computed baseline using the measured rate-invariant attribute and rate-based attribute; and building a set of baselines based on the at least one validated baseline, wherein the set of baselines are utilized for characterization of DDoS attacks.
    Type: Application
    Filed: December 28, 2023
    Publication date: September 5, 2024
    Applicant: Radware Ltd.
    Inventors: Ehud DORON, Alon TAMIR, David AVIV
  • Publication number: 20240244079
    Abstract: A method of characterization of requests using dynamic applicative signatures. The method comprises determining a plurality of different attributes of requests received during an on-going DDOS attack; clustering at least one attribute of the plurality of different attributes, wherein the clustering is based on values of the plurality of different attributes; obtaining at least one dynamic applicative signature characterizing operation of an application layer flood attack tool; matching the cluster of the at least one attribute to each of the at least one obtained dynamic applicative signature; and causing a mitigation action when there is a match to the at least one obtained dynamic applicative signature.
    Type: Application
    Filed: February 15, 2024
    Publication date: July 18, 2024
    Applicant: Radware Ltd.
    Inventors: Ehud DORON, Koral HAHAM, David AVIV
  • Publication number: 20240239374
    Abstract: Embodiments of the present disclosure relate to behavior planning for autonomous vehicles. The technology described herein selects a preferred trajectory for an autonomous vehicle based on an evaluation of multiple hypothetical trajectories by different components within a planning system. The various components provide an optimization score for each trajectory according to the priorities of the component and scores from multiple components may form a final optimization score. This scoring system allows the competing priorities (e.g., comfort, minimal travel time, fuel economy) of different components to be considered together. In examples, the trajectory with the best combined score may be selected for implementation. As such, an iterative approach that evaluates various factors may be used to identify an optimal or preferred trajectory for an autonomous vehicle when navigating an environment.
    Type: Application
    Filed: March 28, 2024
    Publication date: July 18, 2024
    Inventors: David Nister, Yizhou Wang, Julia Ng, Rotem Aviv, Seungho Lee, Joshua John Bialkowski, Hon Leung Lee, Hermes Lanker, Raul Correal Tezanos, Zhenyi Zhang, Nikolai Smolyanskiy, Alexey Kamenev, Ollin Boer Bohan, Anton Vorontsov, Miguel Sainz Serra, Birgit Henke
  • Publication number: 20240223599
    Abstract: The various disclosed embodiments include a method and system for generating application-layer signatures characterizing advanced application-layer attacks are provided. The method includes determining applicative baseline distributions of attributes included in transactions directed to a protected entity during peacetime; determining attack distributions of applicative attributes included in transactions directed to a protected entity during an on-going application-layer attack; determining, based on the applicative baseline distributions and the attack distributions of applicative attributes, a probability of an attacker executing the on-going application-layer attack to generate an attack using at least one attribute; and generating an application-layer signature designating applicative attributes determined to be eligible based on their respective probabilities, wherein the application-layer signature characterizes behavior of the attacker executing the on-going application-layer attack.
    Type: Application
    Filed: March 1, 2023
    Publication date: July 4, 2024
    Applicant: Radware Ltd.
    Inventors: Ehud DORON, Alon TAMIR, David AVIV
  • Patent number: 12003531
    Abstract: A system and method for detecting cyber-attacks using quantile regression analysis are disclosed. The method includes: identifying at least one hit quantile out of a plurality of quantiles, wherein the at least one identified hit quantile falls within quantile edges of a sample of traffic directed at a protected entity, wherein each of the plurality of quantiles is characterized by a probability distribution of at least one feature of a data stream, each of the plurality of quantiles having a respective probability estimate; updating the probability estimates of the plurality of quantiles when the at least one hit quantile has been identified; and when the probability estimate of the at least one hit quantile is above a threshold, taking an action to mitigate existence of a cyber-attack.
    Type: Grant
    Filed: April 5, 2023
    Date of Patent: June 4, 2024
    Assignee: Radware Ltd.
    Inventors: Lev Medvedovsky, David Aviv
  • Patent number: 11997206
    Abstract: A system and method for identity-based access admission are provided. The method includes generating in a browser of a client device a unique identity key for the browser, wherein the identity key is generated in an internal frame (iFrame) thread, is executed in a main thread of the browser, and wherein the identity key includes a fingerprint characterizing in part the browser and the client device, an internet protocol address of the client device, and a public-encryption key; and registering the identity key with an admission controller, wherein access to a protected entity by the client device is enforced using the identity key.
    Type: Grant
    Filed: September 22, 2021
    Date of Patent: May 28, 2024
    Assignee: RADWARE, LTD.
    Inventors: Alon Tamir, Amir Marmor, David Aviv
  • Publication number: 20240169061
    Abstract: A system and method for learning attack-safe baseline are provided. The method includes receiving application-layer transactions directed to a protected entity; measuring values of a rate-based attribute and a rate-invariant attribute from the received application-layer transactions; determining, based on the measured rate-based attribute, if the received application-layer transactions represent a normal behavior; computing at least one baseline using application-layer transactions determined to represent the normal behavior; and validating the at least one computed baseline using the measured rate-invariant attribute and rate-based attribute.
    Type: Application
    Filed: December 28, 2023
    Publication date: May 23, 2024
    Applicant: Radware Ltd.
    Inventors: Ehud DORON, Alon TAMIR, David AVIV
  • Publication number: 20240171607
    Abstract: A method and system for detecting application layer flood denial-of-service (DDoS) attacks carried by attackers utilizing advanced application layer flood attack tools are provided.
    Type: Application
    Filed: November 23, 2022
    Publication date: May 23, 2024
    Applicant: Radware Ltd.
    Inventors: Ehud DORON, Alon TAMIR, David AVIV
  • Patent number: 11991205
    Abstract: A method and system for protecting cloud-hosted applications against application-layer slow DDoS attacks are provided. The system include a processing circuitry; and a memory connected to the processor, the memory contains instructions that when executed by the processing circuitry, configure the system to: collect telemetries from a plurality of sources deployed in a plurality of public cloud computing platforms, wherein each of the plurality of public cloud computing platforms hosts an instance of a protected cloud-hosted application; provide a set of rate-based and rate-invariant features based on the collected telemetries; evaluate each feature in the set of rate-based and rate-invariant features to determine whether a behavior of each feature and a behavior of the set of rate-based and rate-invariant features indicate a potential application-layer slow DDoS attack; and cause execution of a mitigation action, when an indication of a potential application-layer slow DDoS attack is determined.
    Type: Grant
    Filed: December 23, 2020
    Date of Patent: May 21, 2024
    Assignee: RADWARE, LTD.
    Inventors: Ehud Doron, Nir Ilani, David Aviv, Yotam Ben Ezra, Amit Bismut, Yuriy Arbitman
  • Publication number: 20240163309
    Abstract: A system and method for detecting HTTPS flood cyber-attacks. A method includes deriving traffic features from incoming traffic directed to a protected entity; determining if the derived traffic features represent at least one traffic anomaly, wherein the traffic anomaly is a deviation from at least one baseline, wherein the baseline is a normal distribution of traffic features of legitimate incoming traffic; upon determining that the derived traffic features represent at least one anomaly, determining if the anomaly characterizes an on-going HTTPS flood cyber-attack; upon determining that there is the on-going HTTPS flood cyber-attack, populating a list of suspect source internet protocol (IP) addresses of devices triggered detection of the anomaly; challenging each device in the list of suspect source IP addresses to determine if a challenged device is an attack tool; and causing execution of a mitigation action on each client device determined to be an attack tool.
    Type: Application
    Filed: July 12, 2023
    Publication date: May 16, 2024
    Applicant: Radware Ltd.
    Inventors: David AVIV, Ehud DORON, Gabi NAKIBLY
  • Patent number: 11985116
    Abstract: A system and method for controlling authorization to a protected entity are provided. The method includes: receiving an access request for access to the protected entity, wherein the access request is received from a client device; in response to the access request, causing the client device to perform an admission process that includes performing at least one game; monitoring a distributed database to identify at least one admission transaction designating admission criteria; determining if the admission criteria satisfy a set of conditions for accessing the protected entity; identifying, on the distributed database, completion results of the at least one game, wherein whether the admission criteria satisfies the set of conditions for accessing the protected entity is determined based on the results of the at least one game; and granting access to the protected entity by the client device when the admission criteria satisfies the set of conditions.
    Type: Grant
    Filed: August 20, 2021
    Date of Patent: May 14, 2024
    Assignee: RADWARE, LTD.
    Inventors: Alon Lelcuk, David Aviv
  • Patent number: 11979407
    Abstract: A method for protecting entities against bots is provided. The method includes identifying a request from a client to access a protected entity; selecting an access policy in response to the access request, wherein the access policy includes at least one challenge to be performed by the client; identifying results of the at least one challenge, wherein the results are provided by the client upon completion of the challenge; determining a bias of the client based on the completion results, wherein the determined bias is utilized for a cyber-security assessment of the client; and granting access to the protected entity by the client based on the determined bias.
    Type: Grant
    Filed: May 10, 2023
    Date of Patent: May 7, 2024
    Assignee: RADWARE, LTD.
    Inventors: Alon Lelcuk, David Aviv
  • Publication number: 20240137386
    Abstract: A method for characterizing application layer denial-of-service (DDoS) attacks comprises generating a plurality of dynamic applicative signatures by analyzing at the application layer application layer requests received during an on-going DDoS attack, a dynamic applicative signature characterizing each received request based on frequent application layer attributes appearing in the received requests, wherein the requests are represented as a set of paraphrases, each paraphrase representing a specific aspect of a request's structure, the frequent application layer attributes being determined based on frequency of paraphrases in the set; characterizing each of the received requests based on one of the dynamic applicative signatures, the characterization providing an indication for each request whether a request is generated by an attack tool executing the on-going DDoS attack; and causing a mitigation action on the received request generated by the attack tool based on the generated dynamic applicative signatur
    Type: Application
    Filed: December 26, 2023
    Publication date: April 25, 2024
    Applicant: Radware Ltd.
    Inventors: Ehud DORON, Koral HAHAM, David AVIV
  • Patent number: 11943224
    Abstract: Arrangements for controlling access to a protected entity include receiving a redirected client request to access the protected entity that includes a public key of the client; granting, in response to the received redirected request, access tokens of a first type to a client using the public key of the client; identifying a conversion transaction identifying a request to convert the first type of access tokens with access tokens of a second type, the transaction designating the protected entity; determining a conversion value for converting the first-type access tokens into second-type access tokens based on at least one access parameter; converting, using the conversion value, a first sum of the first-type access tokens into a second sum of second-type access tokens; and granting the client access to the protected entity when the sum of second-type of access tokens is received as a payment from the protected entity.
    Type: Grant
    Filed: July 29, 2022
    Date of Patent: March 26, 2024
    Assignee: RADWARE, LTD.
    Inventors: Alon Lelcuk, David Aviv
  • Publication number: 20240098111
    Abstract: A method and system for mitigating of randomized denial-of-service (DDoS) attacks directed against a protected entity during an attack time period are provided. The method includes receiving a packet during the attack time period; selecting a cluster defining legitimacy characteristics from at least one cluster of packets that best fits the received packet, wherein legitimacy characteristics of a cluster are learned during a peacetime period; determining a legitimacy score for the received packet based on the legitimacy characteristics of the selected cluster; determining based on the legitimacy score if the received packet is not legitimate; and applying a mitigation action on the received packet upon determination that the packet is not legitimate.
    Type: Application
    Filed: September 19, 2022
    Publication date: March 21, 2024
    Applicant: Radware Ltd.
    Inventors: Ehud DORON, Amnon LOTEM, Gal YEHOSHUA, David AVIV
  • Patent number: 11916956
    Abstract: A method and system for generating dynamic applicative signatures of by application layer flood attack tools are provided. The method includes determining a plurality of different attributes of requests received during an on-going DDoS attack; clustering at least one attribute of the plurality of different attributes, wherein the clustering is based on values of the plurality of different attributes; determining clusters of attributes representing most frequent structures of the requests received during the on-going DDoS attack; and generating, based on the determined clusters of attributes, signature of an application layer flood attack tool executing the on-going DDoS attack.
    Type: Grant
    Filed: December 19, 2022
    Date of Patent: February 27, 2024
    Assignee: RADWARE LTD.
    Inventors: Ehud Doron, Koral Haham, David Aviv
  • Publication number: 20240064146
    Abstract: Arrangements for controlling access to a protected entity include receiving a redirected request of the client to access the protected entity that was denied by the protected entity; granting, in response to the received redirected request, access tokens of a first type to the client; identifying a conversion transaction identifying a request to convert the first type of access tokens with access tokens of a second type, wherein the transaction designates at least the protected entity; converting, based on a determined conversion value, a first sum of the first type of access tokens into a second sum of the second type of access tokens wherein the conversion value is determined based on at least one access parameter; and granting the client access to the protected entity when the sum of the second type of access tokens is received as a payment from the protected entity.
    Type: Application
    Filed: October 25, 2023
    Publication date: February 22, 2024
    Applicant: Radware Ltd.
    Inventors: Alon LELCUK, David AVIV
  • Patent number: 11888893
    Abstract: A method and system for characterizing application layer denial-of-service (DDoS) attacks are provided. The method includes generating a dynamic applicative signature by analyzing requests received during an on-going DDoS attack, wherein the dynamic applicative signature characterizes based on frequent applicative attributes appeared from the received; characterizing each incoming request based on the generated dynamic applicative signature, wherein the characterization provides an indication for each incoming request whether an incoming request is generated by an attack tool executing the on-going DDoS attributes; and causing a mitigation action on the incoming request generated by the attack tool based on the generated dynamic applicative signature.
    Type: Grant
    Filed: January 31, 2023
    Date of Patent: January 30, 2024
    Assignee: RADWARE LTD
    Inventors: Ehud Doron, Koral Haham, David Aviv