Patents by Inventor Michael Liljenstam
Michael Liljenstam has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11882453Abstract: Arrangements are provided for identifying a second fraudulent subscription replacing a first fraudulent subscription. A method is performed by a fraudulent subscription detection system. The method includes obtaining notification of the first fraudulent subscription having been identified in a SIM box. The method comprises obtaining historical network data of the first fraudulent subscription. The method com includes prises generating a model based on the historical network data. The method includes identifying the second fraudulent subscription replacing the first fraudulent subscription in the SIM box upon providing live network data as input to the model. The method includes providing an identification of the second fraudulent subscription to at least one of a subscription manager entity and a user interface of a Manual Analysis component.Type: GrantFiled: November 20, 2018Date of Patent: January 23, 2024Assignee: Telefonaktiebolaget LM Ericsson (Publ)Inventors: Christine Edman, Michael Liljenstam, Vasileios Giannokostas, Andrås Méhes
-
Publication number: 20240015554Abstract: According to some embodiments, a method performed by a network node for validating minimization of drive test (MDT) reports comprises: receiving a MDT report generated by a wireless device: determining to perform validation on the received MDT report: correlating the MDT report with MDT reports from one or more wireless devices in proximity to the wireless device to determine a first correlation value; determining a trust score for the MDT report based on one or more correlation values, the one or more correlation values at least comprising the first correlation value; determining whether the trust score is below a validation threshold; and upon determining the trust score is below the validation threshold, performing a corrective action with respect to the received MDT report.Type: ApplicationFiled: November 11, 2020Publication date: January 11, 2024Inventors: Hasan FAROOQ, Julien FORGEAT, Michael LILJENSTAM, Meral SHIRAZIPOUR
-
Patent number: 11838308Abstract: The present disclosure relates to a computer-implemented method and an apparatus for classifying anomalies of one or more feature-associated anomalies in network data traffic between devices in a first part of a network and devices in a second part of the network. The method comprises retrieving at least one network data traffic sample and determining one or more feature-associated anomaly scores for the retrieved at least one network data traffic sample. The method further comprises determining feature importance of each feature of a feature-associated anomaly score and classifying one or more anomalies based on the determined one or more feature-associated anomaly scores and the determined feature importance.Type: GrantFiled: September 28, 2022Date of Patent: December 5, 2023Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (publ)Inventors: Jakob Sternby, Michael Liljenstam, Erik Thormarker
-
Patent number: 11829468Abstract: A neural network having one or more public parts and one or more confidential parts is trained to perform a primary task. A deployment instantiation of the neural network is trained based on optimal performance of the primary task, and based on sub-optimal performance of the primary task conditioned on the confidential parts of the deployment instantiation being inaccessible. An adversary instantiation of the neural network is trained based on optimal performance of the primary task conditioned on the public parts being identical for the deployment instantiation and for the adversary instantiation, and conditioned on the confidential parts of the deployment instantiation being inaccessible. The training of the deployment instantiation and the training of the adversary instantiation are based on a plurality of training data samples, and are performed iteratively by alternating between the training of the deployment instantiation and the training of the adversary instantiation.Type: GrantFiled: December 18, 2020Date of Patent: November 28, 2023Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (publ)Inventors: Jakob Sternby, Björn Johansson, Michael Liljenstam
-
Patent number: 11606416Abstract: Embodiments include methods for managed machine learning (ML) in a communication network, such as by one or more first network functions (NFs) of the communication network. Such methods include determining whether processing of an ML model in the communication network should be distributed to one or more user equipment (UEs) operating in the communication network, based on characteristics of the respective UEs. Such methods also include, based on determining that the processing of the ML model should be distributed to the one or more UEs, establishing trusted execution environments (TEEs) in the respective UEs and distributing the ML model for processing in the respective TEEs. Other embodiments include complementary methods for UEs, as well as UEs and NFs (or communication networks) configured to perform such methods.Type: GrantFiled: March 31, 2021Date of Patent: March 14, 2023Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Viktor Berggren, Henrik Rydén, Michael Liljenstam
-
Patent number: 11582249Abstract: The present disclosure relates to a computer-implemented method and an apparatus for classifying anomalies of one or more feature-associated anomalies in network data traffic between devices in a first part of a network and devices in a second part of the network. The method comprises retrieving at least one network data traffic sample and determining one or more feature-associated anomaly scores for the retrieved at least one network data traffic sample. The method further comprises determining feature importance of each feature of a feature-associated anomaly score and classifying one or more anomalies based on the determined one or more feature-associated anomaly scores and the determined feature importance.Type: GrantFiled: November 27, 2019Date of Patent: February 14, 2023Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (publ)Inventors: Jakob Sternby, Michael Liljenstam, Erik Thormarker
-
Publication number: 20230029134Abstract: The present disclosure relates to a computer-implemented method and an apparatus for classifying anomalies of one or more feature-associated anomalies in network data traffic between devices in a first part of a network and devices in a second part of the network. The method comprises retrieving at least one network data traffic sample and determining one or more feature-associated anomaly scores for the retrieved at least one network data traffic sample. The method further comprises determining feature importance of each feature of a feature-associated anomaly score and classifying one or more anomalies based on the determined one or more feature-associated anomaly scores and the determined feature importance.Type: ApplicationFiled: September 28, 2022Publication date: January 26, 2023Inventors: Jakob Sternby, Michael Liljenstam, Erik Thormarker
-
Publication number: 20220351024Abstract: A method determines outlier inputs for a machine learning system. The method includes receiving a classification and activation values of a trained classifier or a first input processed by the trained classifier, determining whether an entropy score derived from the first input is below a threshold entropy-based distance metric, and changing the classification in response to the entropy score not being below the threshold.Type: ApplicationFiled: June 24, 2019Publication date: November 3, 2022Applicant: Telefonaktiebolaget LM Ericsson (publ)Inventors: Ali S. KHAYRALLAH, Meral SHIRAZIPOUR, Julien FORGEAT, Michael LILJENSTAM
-
Publication number: 20220321647Abstract: Embodiments include methods for managed machine learning (ML) in a communication network, such as by one or more first network functions (NFs) of the communication network. Such methods include determining whether processing of an ML model in the communication network should be distributed to one or more user equipment (UEs) operating in the communication network, based on characteristics of the respective UEs. Such methods also include, based on determining that the processing of the ML model should be distributed to the one or more UEs, establishing trusted execution environments (TEEs) in the respective UEs and distributing the ML model for processing in the respective TEEs. Other embodiments include complementary methods for UEs, as well as UEs and NFs (or communication networks) configured to perform such methods.Type: ApplicationFiled: March 31, 2021Publication date: October 6, 2022Inventors: VIktor Berggren, Henrik Rydén, Michael Liljenstam
-
Patent number: 11444964Abstract: The present disclosure relates to a method and an apparatus for training a model for detecting anomalies in network data traffic between devices in a first part of a network and devices in a second part of the network. The method comprises collecting feature samples of network data traffic at a monitoring point between a first and a second part of the network, and training the model for detecting anomalies on the collected feature samples using a plurality of anomaly detection, AD, trees. The training comprises creating the plurality of AD trees using respective subsets of the collected feature samples, at least some of the AD tree comprising subspace selection nodes and anomaly-catching nodes to a predetermined AD tree depth limit.Type: GrantFiled: June 4, 2019Date of Patent: September 13, 2022Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (publ)Inventors: Jakob Sternby, Vasileios Giannokostas, Michael Liljenstam, Erik Thormarker
-
Publication number: 20220197994Abstract: A computer-implemented machine learning method is disclosed for training of a neural network to perform a primary task. The method comprises determining the neural network to comprise one or more public parts and one or more confidential parts, training a deployment instantiation of the neural network based on optimal performance of the primary task, and based on sub-optimal performance of the primary task conditioned on the confidential parts of the deployment instantiation being inaccessible, and training an adversary instantiation of the neural network based on optimal performance of the primary task conditioned on the public parts being identical for the deployment instantiation and for the adversary instantiation, and conditioned on the confidential parts of the deployment instantiation being inaccessible.Type: ApplicationFiled: December 18, 2020Publication date: June 23, 2022Inventors: Jakob Sternby, Björn Johansson, Michael Liljenstam
-
Patent number: 11227033Abstract: An efficient obfuscation of program control flow, comprising obscuring a control execution flow through a plurality of code blocks of a computer program. It involves obtaining a secret key, initializing a state variable based on the secret key, generating a switching value by processing the state variable through an encoding function, and selecting a code block from among a set of code blocks using the switching value. It further involves executing the block code, which comprises updating the state variable based on a present value of the state variable, and repeating the steps of generating a switching value, selecting a code block, and executing the code block to control execution flow through the set of code blocks.Type: GrantFiled: July 25, 2017Date of Patent: January 18, 2022Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Björn Johansson, Patrik Lantz, Michael Liljenstam
-
Patent number: 11210135Abstract: A method to obscure a control execution flow in a computer program includes initializing a state variable, q, and a switching variable, selecting a code block for execution using a present value of the switching variable, executing the code block, updating the state variable based on a present value of the state variable and a block-dependent constant that is associated with the code block to generate an updated state variable, and by applying a state update function to the updated state variable, and updating the switching variable by processing the state variable through a non-injective output function that generates a new value of the switching variable based on the state variable. The operations of selecting the code block, executing the code block, updating the state variable and updating the switching variable are repeated to control execution flow.Type: GrantFiled: May 29, 2018Date of Patent: December 28, 2021Assignee: Telefonaktiebolaget LM Ericsson (publ)Inventors: Björn Johansson, Patrik Lantz, Michael Liljenstam
-
Publication number: 20210160266Abstract: The present disclosure relates to a computer-implemented method and an apparatus for classifying anomalies of one or more feature-associated anomalies in network data traffic between devices in a first part of a network and devices in a second part of the network. The method comprises retrieving at least one network data traffic sample and determining one or more feature-associated anomaly scores for the retrieved at least one network data traffic sample. The method further comprises determining feature importance of each feature of a feature-associated anomaly score and classifying one or more anomalies based on the determined one or more feature-associated anomaly scores and the determined feature importance.Type: ApplicationFiled: November 27, 2019Publication date: May 27, 2021Inventors: Jakob Sternby, Michael Liljenstam, Erik Thormarker
-
Publication number: 20200396616Abstract: Arrangements are provided for identifying a second fraudulent subscription replacing a first fraudulent subscription. A method is performed by a fraudulent subscription detection system. The method includes obtaining notification of the first fraudulent subscription having been identified in a SIM box. The method comprises obtaining historical network data of the first fraudulent subscription. The method com includes prises generating a model based on the historical network data. The method includes identifying the second fraudulent subscription replacing the first fraudulent subscription in the SIM box upon providing live network data as input to the model. The method includes providing an identification of the second fraudulent subscription to at least one of a subscription manager entity and a user interface of a Manual Analysis component.Type: ApplicationFiled: November 20, 2018Publication date: December 17, 2020Inventors: Christine EDMAN, Michael LILJENSTAM, Vasileios GIANNOKOSTAS, Andrås MÉHES
-
Publication number: 20200389476Abstract: The present disclosure relates to a method and an apparatus for training a model for detecting anomalies in network data traffic between devices in a first part of a network and devices in a second part of the network. The method comprises collecting feature samples of network data traffic at a monitoring point between a first and a second part of the network, and training the model for detecting anomalies on the collected feature samples using a plurality of anomaly detection, AD, trees. The training comprises creating the plurality of AD trees using respective subsets of the collected feature samples, at least some of the AD tree comprising subspace selection nodes and anomaly-catching nodes to a predetermined AD tree depth limit.Type: ApplicationFiled: June 4, 2019Publication date: December 10, 2020Inventors: Jakob Sternby, Vasileios Giannokostas, Michael Liljenstam, Erik Thormarker
-
Publication number: 20200151007Abstract: A method to obscure a control execution flow in a computer program includes initializing a state variable, q, and a switching variable, selecting a code block for execution using a present value of the switching variable, executing the code block, updating the state variable based on a present value of the state variable and a block-dependent constant that is associated with the code block to generate an updated state variable, and by applying a state update function to the updated state variable, and updating the switching variable by processing the state variable through a non-injective output function that generates a new value of the switching variable based on the state variable. The operations of selecting the code block, executing the code block, updating the state variable and updating the switching variable are repeated to control execution flow.Type: ApplicationFiled: May 29, 2018Publication date: May 14, 2020Inventors: Björn JOHANSSON, Patrik LANTZ, Michael LILJENSTAM
-
Publication number: 20190228137Abstract: An efficient obfuscation of program control flow, comprising obscuring a control execution flow through a plurality of code blocks of a computer program. It involves obtaining a secret key, initializing a state variable based on the secret key, generating a switching value by processing the state variable through an encoding function, and selecting a code block from among a set of code blocks using the switching value. It further involves executing the block code, which comprises updating the state variable based on a present value of the state variable, and repeating the steps of generating a switching value, selecting a code block, and executing the code block to control execution flow through the set of code blocks.Type: ApplicationFiled: July 25, 2017Publication date: July 25, 2019Inventors: Björn JOHANSSON, Patrik LANTZ, Michael LILJENSTAM
-
Patent number: 10219158Abstract: This disclosure relates to methods and apparatuses for protection of control plane functionality of a network node of a communications network providing wireless communication to a mobile terminal. The network node is configured to support control plane signaling with the mobile terminal. A communication context for the mobile terminal is maintained, wherein the communication context is associated with a control signaling message exchange between the mobile terminal and the network node. One method includes establishing, for a received message, a communication context to which it belongs; determining, in relation to information in the established communication context, the received message to be a message conforming to a protection rule or a message violating a protection rule; and handling the message in accordance with rules of a protection policy. Related network nodes, computer programs, and computer program products are disclosed.Type: GrantFiled: February 21, 2014Date of Patent: February 26, 2019Assignee: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL)Inventors: Michael Liljenstam, Prajwol Kumar Nakarmi, Oscar Ohlsson, Mats Näslund
-
Patent number: 9942159Abstract: A node in a first network domain and a method performed thereby for transmitting a data packet to a VPN client in a second network domain, the node and the VPN client being part of a VPN, wherein the first and second network domain are connected by means of a third network domain are provided. The method comprises receiving, from an application server, a first packet comprising a first IP header and a payload; and determining a DCSP. The method further comprises adding a second header comprising the determined DCSP and an IP address of a VPN client resulting in a second packet and encrypting the second packet. Further the method comprises adding a third header to the encrypted second packet resulting in a third packet, the third header comprising a destination address of a node in the second network domain, and transmitting the third packet in an IP tunnel terminating at the node in the second network domain.Type: GrantFiled: January 28, 2014Date of Patent: April 10, 2018Assignee: TELEFONAKTIEBOLAGET LM ERICSSONInventors: Henrik Basilier, Göran Eneroth, Michael Liljenstam, Linus Andersson, Björn Bodén, Kyösti Toivanen