Patents by Inventor Shmuel Regev
Shmuel Regev has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11652852Abstract: A security manager configured to generate a plurality of learned security policies and provide at least one learned security policy and a security agent to a client machine for enforcement of the at least one learned security policy by the security agent on the client machine. The security manager configured to receive alerts from the security agent indicating anomalous behavior on the client machine.Type: GrantFiled: December 9, 2020Date of Patent: May 16, 2023Assignee: International Business Machines CorporationInventors: Alexandra Shulman-Peleg, Shmuel Regev, Ron Peleg, Shahar Kohanim, Zohar Basil
-
Publication number: 20210120045Abstract: A security manager configured to generate a plurality of learned security policies and provide at least one learned security policy and a security agent to a client machine for enforcement of the at least one learned security policy by the security agent on the client machine. The security manager configured to receive alerts from the security agent indicating anomalous behavior on the client machine.Type: ApplicationFiled: December 9, 2020Publication date: April 22, 2021Inventors: Alexandra Shulman-Peleg, Shmuel Regev, Ron Peleg, Shahar Kohanim, Zohar Basil
-
Patent number: 10965717Abstract: A security manager configured to generate a plurality of learned security policies and provide at least one learned security policy and a security agent to a client machine for enforcement of the at least one learned security policy by the security agent on the client machine. The security manager configured to receive alerts from the security agent indicating anomalous behavior on the client machine.Type: GrantFiled: November 6, 2019Date of Patent: March 30, 2021Assignee: International Business Machines CorporationInventors: Alexandra Shulman-Peleg, Shmuel Regev, Ron Peleg, Shahar Kohanim, Zohar Basil
-
Patent number: 10805300Abstract: A computer security method including preventing access by a computer in a first computer network to a resource at a location within the first computer network responsive to the computer accessing a computer-readable document retrieved from a second computer network, wherein a reference to the resource is associated with the computer-readable document.Type: GrantFiled: July 23, 2018Date of Patent: October 13, 2020Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Shmuel Regev, Amit Klein
-
Publication number: 20200076861Abstract: A security manager configured to generate a plurality of learned security policies and provide at least one learned security policy and a security agent to a client machine for enforcement of the at least one learned security policy by the security agent on the client machine. The security manager configured to receive alerts from the security agent indicating anomalous behavior on the client machine.Type: ApplicationFiled: November 6, 2019Publication date: March 5, 2020Inventors: Alexandra Shulman-Peleg, Shmuel Regev, Ron Peleg, Shahar Kohanim, Zohar Basil
-
Patent number: 10560487Abstract: A security manager configured to generate a plurality of learned security policies and provide at least one learned security policy and a security agent to a client machine for enforcement of the at least one learned security policy by the security agent on the client machine. The security manager configured to receive alerts from the security agent indicating anomalous behavior on the client machine.Type: GrantFiled: July 26, 2017Date of Patent: February 11, 2020Assignee: International Business Machines CorporationInventors: Alexandra Shulman-Peleg, Shmuel Regev, Ron Peleg, Shahar Kohanim, Zohar Basil
-
Publication number: 20190036978Abstract: A security manager configured to generate a plurality of learned security policies and provide at least one learned security policy and a security agent to a client machine for enforcement of the at least one learned security policy by the security agent on the client machine. The security manager configured to receive alerts from the security agent indicating anomalous behavior on the client machine.Type: ApplicationFiled: July 26, 2017Publication date: January 31, 2019Inventors: Alexandra Shulman-Peleg, Shmuel Regev, Ron Peleg, Shahar Kohanim, Zohar Basil
-
Publication number: 20180332044Abstract: A computer security method including preventing access by a computer in a first computer network to a resource at a location within the first computer network responsive to the computer accessing a computer-readable document retrieved from a second computer network, wherein a reference to the resource is associated with the computer-readable document.Type: ApplicationFiled: July 23, 2018Publication date: November 15, 2018Inventors: Shmuel REGEV, Amit KLEIN
-
Patent number: 10069833Abstract: A computer security method including detecting access, by a computer in a first computer network, to a computer-readable document, determining whether the computer-readable document was retrieved from a second computer network, identifying a reference, associated with the computer-readable document, to a resource at a location within the first computer network, and preventing access by the computer to the resource at the location within the first computer network responsive to determining that the computer-readable document was retrieved from the second computer network.Type: GrantFiled: November 29, 2015Date of Patent: September 4, 2018Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Shmuel Regev, Amit Klein
-
Patent number: 9881156Abstract: Detecting heap spraying on a computer by determining that values of characteristics of a plurality of requests to allocate portions of heap memory are consistent with benchmark values of the characteristics, wherein the benchmark values of the characteristics are associated with heap spraying; and performing a computer-security-related remediation action responsive to determining that the values of the characteristics are consistent with the benchmark values of the characteristics.Type: GrantFiled: April 4, 2016Date of Patent: January 30, 2018Assignee: International Business Machines CorporationInventors: Zohar Basil, Amit Klein, Ron Peleg, Shmuel Regev
-
Patent number: 9842206Abstract: Detecting computer anomalies by determining probabilities of encountering call stack configurations at various depths, the call stacks being associated with software application instances on computers having the same operating system, where snapshots of the call stacks are recorded on the computers responsive to detecting predefined software application events, determining entropies of call stack configurations at various call stack depths using their associated probabilities, determining stack frame rarity scores of call stack configurations at various depths based on their associated stack frame entropies in accordance with a predefined rarity function, determining a call stack rarity score of any given call stack configuration as the maximum stack frame rarity score of the given configuration, and detecting an anomaly associated with any given one of the computers where any of the snapshots recorded on the given computer is of a call stack whose call stack rarity score meets a predefined anomaly condition.Type: GrantFiled: November 22, 2015Date of Patent: December 12, 2017Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Ron Peleg, Amir Ronen, Tamer Salman, Shmuel Regev, Ehud Aharoni
-
Patent number: 9817971Abstract: Detecting computer anomalies by determining probabilities of encountering call stack configurations at various depths, the call stacks being associated with software application instances on computers having the same operating system, where snapshots of the call stacks are recorded on the computers responsive to detecting predefined software application events, determining entropies of call stack configurations at various call stack depths using their associated probabilities, determining stack frame rarity scores of call stack configurations at various depths based on their associated stack frame entropies in accordance with a predefined rarity function, determining a call stack rarity score of any given call stack configuration as the maximum stack frame rarity score of the given configuration, and detecting an anomaly associated with any given one of the computers where any of the snapshots recorded on the given computer is of a call stack whose call stack rarity score meets a predefined anomaly condition.Type: GrantFiled: October 29, 2015Date of Patent: November 14, 2017Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Ron Peleg, Amir Ronen, Tamer Salman, Shmuel Regev, Ehud Aharoni
-
Patent number: 9785790Abstract: Protecting a computer security application by executing the computer security application on a computer in a first namespace associated with an operating system of the computer, and creating a second namespace associated with the operating system of the computer, where the second namespace is accessible to the computer security application, and where the first namespace is inaccessible from the second namespace.Type: GrantFiled: December 15, 2015Date of Patent: October 10, 2017Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Shmuel Regev, Shahar Kohanim, Shai Barlev
-
Patent number: 9703959Abstract: Dynamic verification of a computer software application execution path by detecting execution of a target instruction of a computer software application, wherein the computer software application is configured to generate a token at an instruction near a waypoint instruction of the computer software application, and wherein the waypoint instruction lies along an execution path that leads to the target instruction. Determining, responsive to detecting execution of the target instruction, whether a token exists. Performing a computer-security-related remediation action responsive to determining that the token does not exist.Type: GrantFiled: August 7, 2014Date of Patent: July 11, 2017Assignee: International Business Machines CorporationInventors: Amit Klein, Shmuel Regev
-
Publication number: 20170169238Abstract: Protecting a computer security application by executing the computer security application on a computer in a first namespace associated with an operating system of the computer, and creating a second namespace associated with the operating system of the computer, where the second namespace is accessible to the computer security application, and where the first namespace is inaccessible from the second namespace.Type: ApplicationFiled: December 15, 2015Publication date: June 15, 2017Inventors: SHMUEL REGEV, SHAHAR KOHANIM, SHAI BARLEV
-
Publication number: 20170155651Abstract: A computer security method including detecting access, by a computer in a first computer network, to a computer-readable document, determining whether the computer-readable document was retrieved from a second computer network, identifying a reference, associated with the computer-readable document, to a resource at a location within the first computer network, and preventing access by the computer to the resource at the location within the first computer network responsive to determining that the computer-readable document was retrieved from the second computer network.Type: ApplicationFiled: November 29, 2015Publication date: June 1, 2017Inventors: SHMUEL REGEV, AMIT KLEIN
-
Publication number: 20170124324Abstract: Detecting computer anomalies by determining probabilities of encountering call stack configurations at various depths, the call stacks being associated with software application instances on computers having the same operating system, where snapshots of the call stacks are recorded on the computers responsive to detecting predefined software application events, determining entropies of call stack configurations at various call stack depths using their associated probabilities, determining stack frame rarity scores of call stack configurations at various depths based on their associated stack frame entropies in accordance with a predefined rarity function, determining a call stack rarity score of any given call stack configuration as the maximum stack frame rarity score of the given configuration, and detecting an anomaly associated with any given one of the computers where any of the snapshots recorded on the given computer is of a call stack whose call stack rarity score meets a predefined anomaly condition.Type: ApplicationFiled: October 29, 2015Publication date: May 4, 2017Inventors: RON PELEG, AMIR RONEN, TAMER SALMAN, SHMUEL REGEV, EHUD AHARONI
-
Publication number: 20170124319Abstract: Detecting computer anomalies by determining probabilities of encountering call stack configurations at various depths, the call stacks being associated with software application instances on computers having the same operating system, where snapshots of the call stacks are recorded on the computers responsive to detecting predefined software application events, determining entropies of call stack configurations at various call stack depths using their associated probabilities, determining stack frame rarity scores of call stack configurations at various depths based on their associated stack frame entropies in accordance with a predefined rarity function, determining a call stack rarity score of any given call stack configuration as the maximum stack frame rarity score of the given configuration, and detecting an anomaly associated with any given one of the computers where any of the snapshots recorded on the given computer is of a call stack whose call stack rarity score meets a predefined anomaly condition.Type: ApplicationFiled: November 22, 2015Publication date: May 4, 2017Inventors: RON PELEG, AMIR RONEN, TAMER SALMAN, SHMUEL REGEV, EHUD AHARONI
-
Publication number: 20160217284Abstract: Detecting heap spraying on a computer by determining that values of characteristics of a plurality of requests to allocate portions of heap memory are consistent with benchmark values of the characteristics, wherein the benchmark values of the characteristics are associated with heap spraying; and performing a computer-security-related remediation action responsive to determining that the values of the characteristics are consistent with the benchmark values of the characteristics.Type: ApplicationFiled: April 4, 2016Publication date: July 28, 2016Inventors: Zohar Basil, Amit Klein, Ron Peleg, Shmuel Regev
-
Patent number: 9372990Abstract: Detecting heap spraying on a computer by detecting a plurality of requests to allocate portions of heap memory, measuring the plurality of requests to determine a value of a characteristic of the plurality of requests, identifying an activity consistent with heap spraying by determining that the value of the characteristic is consistent with a benchmark value of the characteristic, wherein the benchmark value of the characteristic is associated with heap spraying, and performing a computer-security-related remediation action responsive to determining that the value of the characteristic is consistent with the benchmark value of the characteristic.Type: GrantFiled: August 29, 2014Date of Patent: June 21, 2016Assignee: INTERNATIONAL BUSINESS MACHINES CORPORATIONInventors: Zohar Basil, Amit Klein, Ron Peleg, Shmuel Regev