Patents by Inventor Giora Engel
Giora Engel has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 10645110Abstract: A method for computer system forensics includes receiving an identification of at least one host computer that has exhibited an anomalous behavior, in a computer network comprising multiple host computers. Respective images of the host computers in the network are assembled using image information collected with regard to the host computers. A comparison is made between at least one positive image of the at least one host computer, assembled using the image information collected following occurrence of the anomalous behavior, and one or more negative images assembled using the image information collected with respect to one or more of the host computers not exhibiting the anomalous behavior. Based on the comparison, a forensic indicator of the anomalous behavior is extracted from the positive and negative images.Type: GrantFiled: April 18, 2018Date of Patent: May 5, 2020Assignee: PALO ALTO NETWORKS (ISRAEL ANALYTICS) LTD.Inventors: Michael Mumcuoglu, Giora Engel, Eyal Firstenberg
-
Patent number: 10356106Abstract: A method for network monitoring includes intercepting, in an anomaly detection module, a first data packet transmitted over a network in accordance with a predefined protocol to or from an entity on the network. Both a network address that is assigned to the entity and a strong identity, which is incorporated in the first data packet in accordance with the predefined protocol, of the entity are extracted from the intercepted first data packet. An association is recorded between the network address and the strong identity. Second data packets transmitted over the network are intercepted, containing the network address. Responsively to the recorded association and the network address, the second data packets are associated with the strong identity. The associated second data packets are analyzed in order to detect anomalous behavior and to attribute the anomalous behavior to the entity.Type: GrantFiled: March 21, 2016Date of Patent: July 16, 2019Assignee: PALO ALTO NETWORKS (ISRAEL ANALYTICS) LTD.Inventors: Giora Engel, Michael Mumcuoglu
-
Publication number: 20180367556Abstract: A method for computer system forensics includes receiving an identification of at least one host computer that has exhibited an anomalous behavior, in a computer network comprising multiple host computers. Respective images of the host computers in the network are assembled using image information collected with regard to the host computers. A comparison is made between at least one positive image of the at least one host computer, assembled using the image information collected following occurrence of the anomalous behavior, and one or more negative images assembled using the image information collected with respect to one or more of the host computers not exhibiting the anomalous behavior. Based on the comparison, a forensic indicator of the anomalous behavior is extracted from the positive and negative images.Type: ApplicationFiled: April 18, 2018Publication date: December 20, 2018Inventors: Michael Mumcuoglu, Giora Engel, Eyal Firstenberg
-
Patent number: 10075461Abstract: A method for monitoring includes defining a plurality of different types of administrative activities in a computer system. Each administrative activity in the plurality includes an action performed by one of the computers in the system that can be invoked only by a user having an elevated level of privileges in the system. The administrative activities performed by at least a group of the computers in the system are tracked automatically. Upon detecting that a given computer in the system has performed an anomalous combination of at least two of the different types of administrative activities, an action is initiated to inhibit malicious exploitation of the given computer.Type: GrantFiled: May 31, 2015Date of Patent: September 11, 2018Assignee: PALO ALTO NETWORKS (ISRAEL ANALYTICS) LTD.Inventors: Michael Mumcuoglu, Giora Engel, Yaron Neuman, Eyal Firstenberg
-
Patent number: 9979742Abstract: A method for computer system forensics includes receiving an identification of an anomalous message transmitted by a host computer in a computer network comprising multiple host computers. Messages transmitted by the host computers are monitored so as to detect, for each monitored message, a respective process that initiated the message. Responsively to the identification, a forensic indicator is extracted of the respective process that initiated the anomalous message.Type: GrantFiled: October 6, 2016Date of Patent: May 22, 2018Assignee: Palo Alto Networks (Israel Analytics) Ltd.Inventors: Michael Mumcuoglu, Giora Engel, Eyal Firstenberg
-
Patent number: 9979739Abstract: A method for computer system forensics includes receiving an identification of at least one host computer (26) that has exhibited an anomalous behavior, in a computer network (24) comprising multiple host computers. Respective images (68) of the host computers in the network are assembled using image information collected with regard to the host computers. A comparison is made between at least one positive image of the at least one host computer, assembled using the image information collected following occurrence of the anomalous behavior, and one or more negative images assembled using the image information collected with respect to one or more of the host computers not exhibiting the anomalous behavior. Based on the comparison, a forensic indicator of the anomalous behavior is extracted from the positive and negative images.Type: GrantFiled: January 15, 2014Date of Patent: May 22, 2018Assignee: Palo Alto Networks (Israel Analytics) Ltd.Inventors: Michael Mumcuoglu, Giora Engel, Eyal Firstenberg
-
Publication number: 20170054744Abstract: A method for monitoring includes defining a plurality of different types of administrative activities in a computer system. Each administrative activity in the plurality includes an action performed by one of the computers in the system that can be invoked only by a user having an elevated level of privileges in the system. The administrative activities performed by at least a group of the computers in the system are tracked automatically. Upon detecting that a given computer in the system has performed an anomalous combination of at least two of the different types of administrative activities, an action is initiated to inhibit malicious exploitation of the given computer.Type: ApplicationFiled: May 31, 2015Publication date: February 23, 2017Inventors: Michael Mumcuoglu, Giora Engel, Yaron Neuman, Eyal Firstenberg
-
Publication number: 20170026395Abstract: A method for computer system forensics includes receiving an identification of a time of occurrence of an anomalous event in a computer network including multiple host computers. Logs of activity of entities in the computer network are collected. A comparison is made between first entries in at least one of the logs collected within a predefined time interval of the time of the occurrence of the anomalous event, and second entries in the at least one of the logs collected outside the predefined time interval. Based on the comparison, a forensic indicator associated with the anomalous event is extracted from the logs.Type: ApplicationFiled: October 6, 2016Publication date: January 26, 2017Inventors: Michael Mumcuoglu, Giora Engel, Eyal Firstenberg
-
Publication number: 20170026398Abstract: A method for computer system forensics includes receiving an identification of an anomalous message transmitted by a host computer in a computer network comprising multiple host computers. Messages transmitted by the host computers are monitored so as to detect, for each monitored message, a respective process that initiated the message. Responsively to the identification, a forensic indicator is extracted of the respective process that initiated the anomalous message.Type: ApplicationFiled: October 6, 2016Publication date: January 26, 2017Inventors: Michael Mumcuoglu, Giora Engel, Eyal Firstenberg
-
Publication number: 20160234167Abstract: A method for network monitoring includes intercepting, in an anomaly detection module, a first data packet transmitted over a network in accordance with a predefined protocol to or from an entity on the network. Both a network address that is assigned to the entity and a strong identity, which is incorporated in the first data packet in accordance with the predefined protocol, of the entity are extracted from the intercepted first data packet. An association is recorded between the network address and the strong identity. Second data packets transmitted over the network are intercepted, containing the network address. Responsively to the recorded association and the network address, the second data packets are associated with the strong identity. The associated second data packets are analyzed in order to detect anomalous behavior and to attribute the anomalous behavior to the entity.Type: ApplicationFiled: March 21, 2016Publication date: August 11, 2016Inventors: Giora Engel, Michael Mumcuoglu
-
Publication number: 20150358344Abstract: A method for computer system forensics includes receiving an identification of at least one host computer (26) that has exhibited an anomalous behavior, in a computer network (24) comprising multiple host computers. Respective images (68) of the host computers in the network are assembled using image information collected with regard to the host computers. A comparison is made between at least one positive image of the at least one host computer, assembled using the image information collected following occurrence of the anomalous behavior, and one or more negative images assembled using the image information collected with respect to one or more of the host computers not exhibiting the anomalous behavior. Based on the comparison, a forensic indicator of the anomalous behavior is extracted from the positive and negative images.Type: ApplicationFiled: January 15, 2014Publication date: December 10, 2015Applicant: LIGHT CYBER LTD.Inventors: Michael Mumcuoglu, Giora Engel, Eyal Firstenberg
-
Publication number: 20140165207Abstract: A method and system for detecting anomalous action within a computer network is provided herein. The method starts with collecting raw data from at least one probe sensor that is associated with at least one router, switch or at least one server which are part of the computer network. Next, the raw data is being parsed and analyzed and meta-data is created from the raw data. Computer network actions are being identified based on existing knowledge about network protocols. The meta-data is associated with entities by analyzing the identified network actions and correlating between different computer network actions. Finally, creating at least one statistical model of the respective computer network said model including network actions' behavior pattern and online or batch detection of anomalous network actions associated with entities based on the statistical models.Type: ApplicationFiled: July 25, 2012Publication date: June 12, 2014Applicant: LIGHT CYBER LTD.Inventors: Giora Engel, Michael Mumcouglu
-
Patent number: 8593506Abstract: A panoramic image is generated from a sequence of input frames captured by a camera that translates relative to a scene having at least two points at different distances from the camera. A processor (13) is responsive to optical flow between corresponding points in temporally different input frames for computing flow statistics for at least portions of some of the input frames and for computing respective stitching costs between some of the portions and respective neighboring portions thereof. A selection unit (18) selects a sequence of portions and respective neighboring portions that minimizes a cost function that is a function of the flow statistics and stitching costs. A stitching unit (21) stitches the selected portions and respective neighboring portions so as to form a panoramic image of the scene, which may then be displayed or post-processed.Type: GrantFiled: March 13, 2008Date of Patent: November 26, 2013Assignee: Yissum Research Development Company of the Hebrew University of JerusalemInventors: Shmuel Peleg, Alex Rav-Acha, Giora Engel
-
Publication number: 20120315839Abstract: A method for monitoring an audience, includes receiving transmissions over the air, in accordance with a standard communication protocol, from one or more wireless communication devices (24) belonging to members (26) of the audience at a location. The transmissions are analyzed in order to derive a characteristic of the audience.Type: ApplicationFiled: December 29, 2010Publication date: December 13, 2012Applicant: METERLIVE LTD.Inventors: Michael Mumcuoglu, Giora Engel
-
Publication number: 20110043604Abstract: A panoramic image is generated from a sequence of input frames captured by a camera that translates relative to a scene having at least two points at different distances from the camera. A processor (13) is responsive to optical flow between corresponding points in temporally different input frames for computing flow statistics for at least portions of some of the input frames and for computing respective stitching costs between some of the portions and respective neighboring portions thereof. A selection unit (18) selects a sequence of portions and respective neighboring portions that minimizes a cost function that is a function of the flow statistics and stitching costs. A stitching unit (21) stitches the selected portions and respective neighboring portions so as to form a panoramic image of the scene, which may then be displayed or post-processed.Type: ApplicationFiled: March 13, 2008Publication date: February 24, 2011Applicant: Yissum Research Development Company of the Hebrew University of JerusalemInventors: Shmuel Peleg, Alex Rav-Acha, Giora Engel