Patents by Inventor Shelly Hershkovitz
Shelly Hershkovitz has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11683294Abstract: A method by one or more network devices communicatively coupled to a web application layer proxy for profiling parameters of web application layer requests received by the web application layer proxy while preserving privacy. The method includes obtaining masked parameter values associated with a parameter in the web application layer requests, where the masked parameter values associated with the parameter are generated by the web application layer proxy based on masking parameter values associated with the parameter while preserving lengths of the parameter values associated with the parameter and character types of characters in the parameter values associated with the parameter, generating the profile of the parameter based on analyzing the masked parameter values associated with the parameter, and providing the profile of the parameter to the web application layer proxy.Type: GrantFiled: December 30, 2019Date of Patent: June 20, 2023Assignee: IMPERVA, INC.Inventors: Itsik Mantin, Shelly Hershkovitz, Amichai Shulman, Nitzan Niv
-
Patent number: 11601400Abstract: A method by a computing device implementing an attack analyzer for processing malicious events. The method includes determining a first set of features describing a malicious event detected by a firewall, determining a set of distances using a non-Euclidean distance function and the first set of features, wherein the non-Euclidean distance function is used to determine geographic origin similarity between different Internet Protocol addresses included in the first and second set of features, generating a statistical distribution object using the set of distances, wherein the statistical distribution object includes information describing a cluster that includes at least the malicious event and one or more other malicious events that are determined to be similar to the malicious event in terms of geographic origin, and transmitting information describing the cluster to a management console for presentation to an administrator on a graphical user interface.Type: GrantFiled: November 23, 2021Date of Patent: March 7, 2023Assignee: Imperva, Inc.Inventors: Gilad Yehudai, Itsik Mantin, Lior Fisch, Shelly Hershkovitz, Amichai Shulman, Moran Rachel Ambar
-
Publication number: 20220086125Abstract: A method by a computing device implementing an attack analyzer for processing malicious events. The method includes determining a first set of features describing a malicious event detected by a firewall, determining a set of distances using a non-Euclidean distance function and the first set of features, wherein the non-Euclidean distance function is used to determine geographic origin similarity between different Internet Protocol addresses included in the first and second set of features, generating a statistical distribution object using the set of distances, wherein the statistical distribution object includes information describing a cluster that includes at least the malicious event and one or more other malicious events that are determined to be similar to the malicious event in terms of geographic origin, and transmitting information describing the cluster to a management console for presentation to an administrator on a graphical user interface.Type: ApplicationFiled: November 23, 2021Publication date: March 17, 2022Applicant: Imperva, Inc.Inventors: Gilad Yehudai, Itsik Mantin, Lior Fisch, Shelly Hershkovitz, Amichai Shulman, Moran Rachel Ambar
-
Patent number: 11218448Abstract: A method of processing malicious events in a network infrastructure determines features of malicious events detected by a firewall of an attack analyzer. Example features may indicate an origin of an attack, a target of the attack, or a type of a malicious event. The attack analyzer determines distances, e.g., using a non-Euclidean distance function, between features of a given malicious event and features of statistical distribution objects (SDOs). The SDOs describe clusters of previously detected malicious events. The attack analyzer may select one of the SDOs that has features similar to those of the given malicious event. The attack analyzer can update the SDOs by including an alert of the given malicious event with an existing cluster or generating a new cluster including the alert. The attack analyzer may transmit information describing the clusters of the SDOs to a management console.Type: GrantFiled: June 5, 2018Date of Patent: January 4, 2022Assignee: IMPERVA, INC.Inventors: Gilad Yehudai, Itsik Mantin, Lior Fisch, Shelly Hershkovitz, Amichai Shulman, Moran Rachel Ambar
-
Patent number: 11063960Abstract: According to one embodiment, a web application layer attack detector (AD) is coupled between an HTTP client and a web application server. Responsive to receipt of a set of packets from the HTTP client carrying a web application layer message that violates a condition of a security rule, the AD transmits an alert package to an automatic attribute value generation and rule feedback module (AVGRFM). The AVGRFM uses the alert package, and optionally other alert packages from the same AD or other ADs, to automatically generate a new set of attribute values for each of a set of attribute identifiers for use, by the AD or other ADs, in a different security rule than the violated security rule. The new set of attribute values may be used in an attack specific rule to detect a previously unknown web application layer attack.Type: GrantFiled: August 8, 2017Date of Patent: July 13, 2021Assignee: Imperva, Inc.Inventors: Tal Arieh Be'ery, Shelly Hershkovitz, Nitzan Niv, Amichai Shulman
-
Publication number: 20210203642Abstract: A method by one or more network devices communicatively coupled to a web application layer proxy for profiling parameters of web application layer requests received by the web application layer proxy while preserving privacy. The method includes obtaining masked parameter values associated with a parameter in the web application layer requests, where the masked parameter values associated with the parameter are generated by the web application layer proxy based on masking parameter values associated with the parameter while preserving lengths of the parameter values associated with the parameter and character types of characters in the parameter values associated with the parameter, generating the profile of the parameter based on analyzing the masked parameter values associated with the parameter, and providing the profile of the parameter to the web application layer proxy.Type: ApplicationFiled: December 30, 2019Publication date: July 1, 2021Applicant: Imperva, Inc.Inventors: Itsik MANTIN, Shelly HERSHKOVITZ, Amichai SHULMAN, Nitzan NIV
-
Publication number: 20190372934Abstract: A method of processing malicious events in a network infrastructure determines features of malicious events detected by a firewall of an attack analyzer. Example features may indicate an origin of an attack, a target of the attack, or a type of a malicious event. The attack analyzer determines distances, e.g., using a non-Euclidean distance function, between features of a given malicious event and features of statistical distribution objects (SDOs). The SDOs describe clusters of previously detected malicious events. The attack analyzer may select one of the SDOs that has features similar to those of the given malicious event. The attack analyzer can update the SDOs by including an alert of the given malicious event with an existing cluster or generating a new cluster including the alert. The attack analyzer may transmit information describing the clusters of the SDOs to a management console.Type: ApplicationFiled: June 5, 2018Publication date: December 5, 2019Inventors: Gilad Yehudai, Itsik Mantin, Lior Fisch, Shelly Hershkovitz, Amichai Shulman, Moran Rachel Ambar
-
Publication number: 20170339165Abstract: According to one embodiment, a web application layer attack detector (AD) is coupled between an HTTP client and a web application server. Responsive to receipt of a set of packets from the HTTP client carrying a web application layer message that violates a condition of a security rule, the AD transmits an alert package to an automatic attribute value generation and rule feedback module (AVGRFM). The AVGRFM uses the alert package, and optionally other alert packages from the same AD or other ADs, to automatically generate a new set of attribute values for each of a set of attribute identifiers for use, by the AD or other ADs, in a different security rule than the violated security rule. The new set of attribute values may be used in an attack specific rule to detect a previously unknown web application layer attack.Type: ApplicationFiled: August 8, 2017Publication date: November 23, 2017Inventors: Tal Arieh BE'ERY, Shelly HERSHKOVITZ, Nitzan NIV, Amichai SHULMAN
-
Patent number: 9762592Abstract: According to one embodiment, a web application layer attack detector (AD) is coupled between an HTTP client and a web application server. Responsive to receipt of a set of packets from the HTTP client carrying a web application layer message that violates a condition of a security rule, the AD transmits an alert package to an automatic attribute value generation and rule feedback module (AVGRFM). The AVGRFM uses the alert package, and optionally other alert packages from the same AD or other ADs, to automatically generate a new set of attribute values for each of a set of attribute identifiers for use, by the AD or other ADs, in a different security rule than the violated security rule. The new set of attribute values may be used in an attack specific rule to detect a previously unknown web application layer attack.Type: GrantFiled: April 1, 2015Date of Patent: September 12, 2017Assignee: Imperva, Inc.Inventors: Tal Arieh Be'ery, Shelly Hershkovitz, Nitzan Niv, Amichai Shulman
-
Publication number: 20150207806Abstract: According to one embodiment, a web application layer attack detector (AD) is coupled between an HTTP client and a web application server. Responsive to receipt of a set of packets from the HTTP client carrying a web application layer message that violates a condition of a security rule, the AD transmits an alert package to an automatic attribute value generation and rule feedback module (AVGRFM). The AVGRFM uses the alert package, and optionally other alert packages from the same AD or other ADs, to automatically generate a new set of attribute values for each of a set of attribute identifiers for use, by the AD or other ADs, in a different security rule than the violated security rule. The new set of attribute values may be used in an attack specific rule to detect a previously unknown web application layer attack.Type: ApplicationFiled: April 1, 2015Publication date: July 23, 2015Inventors: Tal Arieh BE'ERY, Shelly HERSHKOVITZ, Nitzan NIV, Amichai SHULMAN
-
Patent number: 9027136Abstract: According to one embodiment, a web application layer attack detector (AD) is coupled between an HTTP client and a web application server. Responsive to receipt of a set of packets from the HTTP client carrying a web application layer message that violates a condition of a security rule, the AD transmits an alert package to an automatic attribute value generation and rule feedback module (AVGRFM). The AVGRFM uses the alert package, and optionally other alert packages from the same AD or other ADs, to automatically generate a new set of attribute values for each of a set of attribute identifiers for use, by the AD or other ADs, in a different security rule than the violated security rule. The new set of attribute values may be used in an attack specific rule to detect a previously unknown web application layer attack.Type: GrantFiled: July 22, 2013Date of Patent: May 5, 2015Assignee: Imperva, Inc.Inventors: Tal Arieh Be'ery, Shelly Hershkovitz, Nitzan Niv, Amichai Shulman
-
Patent number: 9009832Abstract: According to one embodiment, a computing device is coupled to a set of web application layer attack detectors (ADs), which are coupled between HTTP clients and web application servers. The computing device automatically learns a new condition shared by a plurality of alert packages reported by the set of ADs due to a triggering of one or more rules that is indicative of a web application layer attack. The computing device automatically generates a new set of attribute values by analyzing the plurality of alert packages to identify the condition shared by the plurality of alert packages, and transmits the new set of attribute values for delivery to the set of ADs for a different rule to be used to protect against the web application layer attack from the HTTP clients or any other HTTP client.Type: GrantFiled: July 22, 2013Date of Patent: April 14, 2015Assignee: Imperva, Inc.Inventors: Tal Arieh Be'ery, Shelly Hershkovitz, Nitzan Niv, Amichai Shulman
-
Patent number: 8997232Abstract: According to one embodiment, a computing device is coupled to a set of web application layer attack detectors (AD), which are coupled between HTTP clients and web application servers. The computing device learns a new set of attribute values for a set of attribute identifiers for each of a sequence of rules through an iterative process having a plurality of iterations. The iterative process begins with an attack specific rule, and the sequence of rules includes an attacker specific rule and another attack specific rule. Each iteration includes receiving a current alert package from one of the ADs sent responsive to a set of packets carrying a web application layer request meeting a condition of a current rule used by the AD, automatically generating a new set of attribute values based upon the current alert package, and transmitting the new set of attribute values to the set of ADs.Type: GrantFiled: July 22, 2013Date of Patent: March 31, 2015Assignee: Imperva, Inc.Inventors: Tal Arieh Be'ery, Shelly Hershkovitz, Nitzan Niv, Amichai Shulman
-
Publication number: 20140317739Abstract: According to one embodiment, a computing device is coupled to a set of web application layer attack detectors (AD), which are coupled between HTTP clients and web application servers. The computing device learns a new set of attribute values for a set of attribute identifiers for each of a sequence of rules through an iterative process having a plurality of iterations. The iterative process begins with an attack specific rule, and the sequence of rules includes an attacker specific rule and another attack specific rule. Each iteration includes receiving a current alert package from one of the ADs sent responsive to a set of packets carrying a web application layer request meeting a condition of a current rule used by the AD, automatically generating a new set of attribute values based upon the current alert package, and transmitting the new set of attribute values to the set of ADs.Type: ApplicationFiled: July 22, 2013Publication date: October 23, 2014Applicant: IMPERVA, INC.Inventors: Tal Arieh Be'ery, Shelly Hershkovitz, Nitzan Niv, Amichai Shulman
-
Publication number: 20140317740Abstract: According to one embodiment, a computing device is coupled to a set of web application layer attack detectors (ADs), which are coupled between HTTP clients and web application servers. The computing device automatically learns a new condition shared by a plurality of alert packages reported by the set of ADs due to a triggering of one or more rules that is indicative of a web application layer attack. The computing device automatically generates a new set of attribute values by analyzing the plurality of alert packages to identify the condition shared by the plurality of alert packages, and transmits the new set of attribute values for delivery to the set of ADs for a different rule to be used to protect against the web application layer attack from the HTTP clients or any other HTTP client.Type: ApplicationFiled: July 22, 2013Publication date: October 23, 2014Applicant: IMPERVA, INC.Inventors: Tal Arieh Be'ery, Shelly Hershkovitz, Nitzan Niv, Amichai Shulman
-
Publication number: 20140317738Abstract: According to one embodiment, a web application layer attack detector (AD) is coupled between an HTTP client and a web application server. Responsive to receipt of a set of packets from the HTTP client carrying a web application layer message that violates a condition of a security rule, the AD transmits an alert package to an automatic attribute value generation and rule feedback module (AVGRFM). The AVGRFM uses the alert package, and optionally other alert packages from the same AD or other ADs, to automatically generate a new set of attribute values for each of a set of attribute identifiers for use, by the AD or other ADs, in a different security rule than the violated security rule. The new set of attribute values may be used in an attack specific rule to detect a previously unknown web application layer attack.Type: ApplicationFiled: July 22, 2013Publication date: October 23, 2014Applicant: IMPERVA, INC.Inventors: Tal Arieh Be'ery, Shelly Hershkovitz, Nitzan Niv, Amichai Shulman