Patents by Inventor Yaron Neuman
Yaron Neuman has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11777971Abstract: Methods, apparatus and computer program products implement embodiments of the present invention that include collecting data packets transmitted between multiple entities over a network, and grouping the packets at least according to their source and destination entities and their times, into connections to which the packets belong. Pairs of the connections are identified having identical source and destination entities and times that are together within a specified time window, and sets of features are generated for the identified pairs of the connections. The features in the pairs are evaluated in order to detect a given pair of connections indicating malicious activity, and an alert is generated for the malicious activity.Type: GrantFiled: February 15, 2021Date of Patent: October 3, 2023Assignee: PALO ALTO NETWORKS (ISRAEL ANALYTICS) LTD.Inventors: Yinnon Meshi, Idan Amit, Eyal Firstenberg, Jonathan Allon, Yaron Neuman
-
Publication number: 20230117268Abstract: Methods, apparatuses and computer program products implement embodiments of the present invention that include protecting a computer system by identifying multiple user identifiers associated with a single uses entity. A first event carried out using a first one of the user identifiers is detected. Upon detecting a second event carried out using a second one of the user identifiers that is different from the first one of the user identifiers, an alert can be issued in response to a combination of the first and the second events.Type: ApplicationFiled: October 20, 2021Publication date: April 20, 2023Inventors: Netanel Rimer, Aviad Meyer, Yaron Neuman, Jonathan Allon
-
Publication number: 20210168163Abstract: Methods, apparatus and computer program products implement embodiments of the present invention that include collecting data packets transmitted between multiple entities over a network, and grouping the packets at least according to their source and destination entities and their times, into connections to which the packets belong. Pairs of the connections are identified having identical source and destination entities and times that are together within a specified time window, and sets of features are generated for the identified pairs of the connections. The features in the pairs are evaluated in order to detect a given pair of connections indicating malicious activity, and an alert is generated for the malicious activity.Type: ApplicationFiled: February 15, 2021Publication date: June 3, 2021Inventors: Yinnon Meshi, Idan Amit, Eyal Firstenberg, Jonathan Allon, Yaron Neuman
-
Patent number: 11012492Abstract: Methods, apparatus and computer software products implement embodiments of the present invention that include protecting a computing system by defining a list of network access messages that are indicative of human use of computing devices, and extracting, from data traffic transmitted over a data network connecting a plurality of the computing devices to multiple Internet sites, respective transmissions from the computing devices to the Internet sites. A given transmission including one of the network access messages in the list is detected in the transmissions from a given computing device, and the given computing device is classified as being operated by a human in response to detecting the given transmission. Upon identifying suspicious content in the transmissions from a subset of the computing devices that includes the given computing device, any suspicious transmissions from the given computing device are ignored in response to the classification.Type: GrantFiled: December 26, 2019Date of Patent: May 18, 2021Assignee: PALO ALTO NETWORKS (ISRAEL ANALYTICS) LTD.Inventors: Asaf Dahan, Rony Brailovsky, Yaron Neuman, Idan Amit, Yinnon Meshi
-
Patent number: 10999304Abstract: Methods, apparatus and computer program products implement embodiments of the present invention that include collecting data packets transmitted between multiple entities over a network, and grouping the packets at least according to their source and destination entities and their times, into connections to which the packets belong. Pairs of the connections are identified having identical source and destination entities and times that are together within a specified time window, and sets of features are generated for the identified pairs of the connections. The features in the pairs are evaluated in order to detect a given pair of connections indicating malicious activity, and an alert is generated for the malicious activity.Type: GrantFiled: April 11, 2018Date of Patent: May 4, 2021Assignee: PALO ALTO NETWORKS (ISRAEL ANALYTICS) LTD.Inventors: Yinnon Meshi, Idan Amit, Eyal Firstenberg, Jonathan Allon, Yaron Neuman
-
Patent number: 10686829Abstract: A method including extracting, from initial data transmitted on a network, multiple events, each of the events including a user accessing a resource. First and second sets of records are created, each first set record including a sub-group of the events of a user, each second set record including a sub-group of the events of a multiple users during respective sub-periods of a training period. Safe labels are assigned to the first set records and suspicious labels are assigned to the second set records. An analysis fits, to the first and the second set records and their respective labels, a model for predicting the label for a given record. The model filters subsequent network data to identify, in the subsequent data, sequences of events predicted to be labeled suspicious by the model, and upon detecting a given sequence of events predicted as suspicious by the model, an alert is generated.Type: GrantFiled: September 4, 2017Date of Patent: June 16, 2020Assignee: PALO ALTO NETWORKS (ISRAEL ANALYTICS) LTD.Inventors: Idan Amit, Eyal Firstenberg, Jonathan Allon, Yaron Neuman
-
Patent number: 10574681Abstract: A method, including collecting information on data transmitted at respective times between multiple endpoints and multiple Internet sites having respective domains, and acquiring, from one or more external or internal sources, maliciousness information for the domains. An access time profile is generated based on the times of the transmissions to the domains, and a popularity profile is generated based on the transmissions to the domains. A malicious domain profile is generated based on the acquired maliciousness information, and the collected information is modeled using the access time profile, the popularity profile and the malicious domain profile. Based on their respective modeled collected information, one or more of the domains is predicted to be suspicious, and an alert is generated for the one or more identified domains.Type: GrantFiled: September 4, 2017Date of Patent: February 25, 2020Assignee: PALO ALTO NETWORKS (ISRAEL ANALYTICS) LTD.Inventors: Yinnon Meshi, Jonathan Allon, Eyal Firstenberg, Yaron Neuman, Dekel Paz, Idan Amit
-
Publication number: 20190319981Abstract: Methods, apparatus and computer program products implement embodiments of the present invention that include collecting data packets transmitted between multiple entities over a network, and grouping the packets at least according to their source and destination entities and their times, into connections to which the packets belong. Pairs of the connections are identified having identical source and destination entities and times that are together within a specified time window, and sets of features are generated for the identified pairs of the connections. The features in the pairs are evaluated in order to detect a given pair of connections indicating malicious activity, and an alert is generated for the malicious activity.Type: ApplicationFiled: April 11, 2018Publication date: October 17, 2019Inventors: Yinnon Meshi, Idan Amit, Eyal Firstenberg, Jonathan Allon, Yaron Neuman
-
Patent number: 10075461Abstract: A method for monitoring includes defining a plurality of different types of administrative activities in a computer system. Each administrative activity in the plurality includes an action performed by one of the computers in the system that can be invoked only by a user having an elevated level of privileges in the system. The administrative activities performed by at least a group of the computers in the system are tracked automatically. Upon detecting that a given computer in the system has performed an anomalous combination of at least two of the different types of administrative activities, an action is initiated to inhibit malicious exploitation of the given computer.Type: GrantFiled: May 31, 2015Date of Patent: September 11, 2018Assignee: PALO ALTO NETWORKS (ISRAEL ANALYTICS) LTD.Inventors: Michael Mumcuoglu, Giora Engel, Yaron Neuman, Eyal Firstenberg
-
Publication number: 20180069883Abstract: A method, including collecting information on data transmitted at respective times between multiple endpoints and multiple Internet sites having respective domains, and acquiring, from one or more external or internal sources, maliciousness information for the domains. An access time profile is generated based on the times of the transmissions to the domains, and a popularity profile is generated based on the transmissions to the domains. A malicious domain profile is generated based on the acquired maliciousness information, and the collected information is modeled using the access time profile, the popularity profile and the malicious domain profile. Based on their respective modeled collected information, one or more of the domains is predicted to be suspicious, and an alert is generated for the one or more identified domains.Type: ApplicationFiled: September 4, 2017Publication date: March 8, 2018Inventors: Yinnon Meshi, Jonathan Allon, Eyal Firstenberg, Yaron Neuman, Dekel Paz, Idan Amit
-
Publication number: 20180069893Abstract: A method including extracting, from initial data transmitted on a network, multiple events, each of the events including a user accessing a resource. First and second sets of records are created, each first set record including a sub-group of the events of a user, each second set record including a sub-group of the events of a multiple users during respective sub-periods of a training period. Safe labels are assigned to the first set records and suspicious labels are assigned to the second set records. An analysis fits, to the first and the second set records and their respective labels, a model for predicting the label for a given record. The model filters subsequent network data to identify, in the subsequent data, sequences of events predicted to be labeled suspicious by the model, and upon detecting a given sequence of events predicted as suspicious by the model, an alert is generated.Type: ApplicationFiled: September 4, 2017Publication date: March 8, 2018Inventors: Idan Amit, Eyal Firstenberg, Jonathan Allon, Yaron Neuman
-
Publication number: 20170054744Abstract: A method for monitoring includes defining a plurality of different types of administrative activities in a computer system. Each administrative activity in the plurality includes an action performed by one of the computers in the system that can be invoked only by a user having an elevated level of privileges in the system. The administrative activities performed by at least a group of the computers in the system are tracked automatically. Upon detecting that a given computer in the system has performed an anomalous combination of at least two of the different types of administrative activities, an action is initiated to inhibit malicious exploitation of the given computer.Type: ApplicationFiled: May 31, 2015Publication date: February 23, 2017Inventors: Michael Mumcuoglu, Giora Engel, Yaron Neuman, Eyal Firstenberg