Abstract: A system and method for identifying infection of unwanted software on an electronic device is disclosed. A software agent configured to generate a bait and is installed on the electronic device. The bait can simulate a situation in which the user performs a login session and submits personal information or it may just contain artificial sensitive information. Parameters may be inserted into the bait such as the identity of the electronic device that the bait is installed upon. The output of the electronic device is monitored and analyzed for attempts of transmitting the bait. The output is analyzed by correlating the output with the bait and can be done by comparing information about the bait with the traffic over a computer network in order to decide about the existence and the location of unwanted software.

Abstract: A system and method for identifying infection of unwanted software on an electronic device is disclosed. A software agent configured to generate a bait and is installed on the electronic device. The bait can simulate a situation in which the user performs a login session and submits personal information or it may just contain artificial sensitive information. Parameters may be inserted into the bait such as the identity of the electronic device that the bait is installed upon. The output of the electronic device is monitored and analyzed for attempts of transmitting the bait. The output is analyzed by correlating the output with the bait and can be done by comparing information about the bait with the traffic over a computer network in order to decide about the existence and the location of unwanted software.

Abstract: Methods and systems reduce exposure to a dictionary attack while verifying whether data transmitted over a computer network is a password. In one aspect, a method includes performing a search of network traffic based, at least in part, on a weak validation using a Bloom filter based on an organizational password file, determining the existence of a password in the network traffic based only on the weak validation, and determining whether to block, alert, or quarantine the network traffic based at least in part on the existence of the password in the network traffic.

Abstract: A system for network content monitoring and control, comprising: a transport data monitor, connectable to a point in a network, for monitoring data being transported past said point, a signature extractor, associated with said transport data monitor, for extracting a derivation of said data, said derivation being indicative of content of said payload, a database of preobtained signatures of content whose movements it is desired to monitor, and a comparator for comparing said derivation with said preobtained signatures, thereby to determine whether said payload comprises any of said content whose movements it is desired to monitor. The monitoring result may be used in bandwidth control on the network to restrict transport of the content it is desired to control.

Abstract: Apparatus for transcranial imaging comprises an ultrasound source, placed in conjunction with a cranium, producing ultrasound at one or more ultrasound wavelengths that are focused on a location of interest within the cranium. The ultrasound generates RF radiation using the acousto-electric effect and a radio receiver detects the resulting radio frequency radiation emanating from the location of interest. Different types of brain tissue, as well as healthy and diseased tissue, produce different amplitudes of RF radiation, which can be detected as the location of interest is scanned over the volume of the brain, and used to produce an image of the brain.

Abstract: A method for automatically embedding information in a digital text, said method comprising: identifying a plurality of positions, in said digital text, that are suitable for introducing modifications into said digital text; identifying modifications suitable for introduction into at least some of said suitable positions in said digital text; selecting at least some of said identified modifications for introduction into said digital text, said selection of said modifications being operable to represent said information; and performing said selected modifications on said digital text, thereby to embed said information.

Abstract: A method for mitigating false positive type errors while applying an information leak prevention policy to identify important information and to prevent outward leakage. A positive criterion is defined for a positive set, and a negative criterion for a negative set of benign traffic. An ambiguity set contains items showing indications for both positive and negative sets. An ambiguity resolution criterion allows ambiguous items to be placed in/removed from the positive set or negative set. Each information item is searched for matches with the positive set. Each item in the positive set is checked for membership in the ambiguity set. The ambiguity resolution criteria are used for each member of the ambiguity set and to remove items from the positive set accordingly. The leak prevention policy is applied for all items remaining in the positive set thus protecting the important information.

Abstract: A method for mitigating false positive type errors while applying an information leak prevention policy, the method comprising the computer implemented steps of: defining at least one positive criterion for a positive set, wherein the positive criterion comprises at least one indicator of a possible breach of the information leak prevention policy; defining at least one negative criterion for a negative set, wherein the negative criterion comprises at least one indicator of benign traffic; establishing an ambiguity set in association with an intersection between the positive set and the negative set, such that information items in the intersection enter the ambiguity set; defining at least one ambiguity resolution criterion for resolving the ambiguity; monitoring and analyzing electronic traffic, where each information item in the traffic is searched for matches with the positive set; checking for membership of each item in the positive set in the ambiguity set; resolving ambiguities using one of the ambiguit

Abstract: A system and method for identifying infection of unwanted software on an electronic device is disclosed. A software agent configured to generate a bait and is installed on the electronic device. The bait can simulate a situation in which the user performs a login session and submits personal information or it may just contain artificial sensitive information. Parameters may be inserted into the bait such as the identity of the electronic device that the bait is installed upon. The output of the electronic device is monitored and analyzed for attempts of transmitting the bait. The output is analyzed by correlating the output with the bait and can be done by comparing information about the bait with the traffic over a computer network in order to decide about the existence and the location of unwanted software.

Abstract: A system and method for determining an intent of a sender in transmitting electronic information in order to prevent unauthorized dissemination of electronic information is disclosed. The system and method facilitate cost-effective handling of dissemination events and comprise a traffic analyzer configured to analyze descriptors of the electronic information and parameters of the transmission of the electronic information in order to determine the intent of the sender. By determining the intent of the sender, it is possible to effectively quarantine the electronic information before it is disseminated.

Abstract: A method and a system for information management and control is presented, based on modular and abstract description of the information. Identifiers are used to identify features of interest in the information and information use policies are assigned directly or indirectly on the basis of the identifiers, allowing for flexible and efficient policy management and enforcement, in that a policy can be defined with a direct relationship to the actual information content of digital data items. The information content can be of various kinds: e.g., textual documents, numerical spreadsheets, audio and video files, pictures and images, drawings etc. The system can provide protection against information policy breaches such as information misuse, unauthorized distribution and leakage, and for information tracking.

Abstract: A system for network content monitoring and control, comprising: a transport data monitor, connectable to a point in a network, for monitoring data being transported past said point, a signature extractor, associated with said transport data monitor, for extracting a derivation of said data, said derivation being indicative of content of said payload, a database of preobtained signatures of content whose movements it is desired to monitor, and a comparator for comparing said derivation with said preobtained signatures, thereby to determine whether said payload comprises any of said content whose movements it is desired to monitor. The monitoring result may be used in bandwidth control on the network to restrict transport of the content it is desired to control.

Abstract: A system for external monitoring of networked digital file sharing to track predetermined data content, the system comprising: at least one surveillance element for deployment over said network, said surveillance elements comprising: surveillance functionality for searching said digital file sharing and identification functionality associated with said search functionality for identification of said predetermined data content, therewith to determine whether a given file sharing system is distributing said predetermined data content.

Abstract: A system for network content monitoring and control, comprising: a transport data monitor, connectable to a point in a network, for monitoring data being transported past said point, a signature extractor, associated with said transport data monitor, for extracting a derivation of said data, said derivation being indicative of content of said payload, a database of preobtained signatures of content whose movements it is desired to monitor, and a comparator for comparing said derivation with said preobtained signatures, thereby to determine whether said payload comprises any of said content whose movements it is desired to monitor. The monitoring result may be used in bandwidth control on the network to restrict transport of the content it is desired to control.

Abstract: A system for external monitoring of networked digital file sharing to track predetermined data content, the system comprising: at least one surveillance element for deployment over said network, said surveillance elements comprising: surveillance functionality for searching said digital file sharing and identification functionality associated with said search functionality for identification of said predetermined data content, therewith to determine whether a given file sharing system is distributing said predetermined data content.

Abstract: A method for computer workstation based information protection is presented, the method comprises: a) monitoring user's actions on the computer workstation, b) analysis of the actions in respect to a pre-defined policy to determine whether the actions prejudice information to which the policy applies, and c) executing the policy in accordance with the results of the analysis to prevent or modify or restrict or monitor or log the actions.

Abstract: A method for computer workstation based information protection is presented, the method comprises: a) monitoring user's actions on the computer workstation, b) analysis of the actions in respect to a pre-defined policy to determine whether the actions prejudice information to which the policy applies, and c) executing the policy in accordance with the results of the analysis to prevent or modify or restrict or monitor or log the actions.

Abstract: A method for automatically embedding information in a digital text, said method comprising: identifying a plurality of positions, in said digital text, that are suitable for introducing modifications into said digital text; identifying modifications suitable for introduction into at least some of said suitable positions in said digital text; selecting at least some of said identified modifications for introduction into said digital text, said selection of said modifications being operable to represent said information; and performing said selected modifications on said digital text, thereby to embed said information.

Abstract: A method for detecting an information item within an information sequence obtained from a digital medium, said information item comprising any one of a specified set of prestored information items, comprising: transforming each of the set of prestored information items into a respective representation, in accordance with a predetermined transformation format; transforming the information sequence obtained from the digital medium, in accordance with the transformation format; and determining the presence of one or more of the prestored information items within the transformed information sequence, utilizing the respective representation, wherein the information items are divided into sets, and applying a security policy that depends on the number of detected information items that belong to the same set.

Abstract: A method for detecting an information item within an information sequence obtained from a digital medium, the information item comprising any one of a specified set of prestored information items, comprises: transforming each of the set of prestored information items into a respective representation, in accordance with a predetermined transformation format; transforming the information sequence obtained from the digital medium, in accordance with the transformation format; and determining the presence of one or more of the prestored information items within the transformed information sequence, utilizing the respective representation.