על אודות
I have expertise in a variety of domains, including vulnerability management, threat…
מאמרים מאת Yotam
תרומות
פעילות
-
Heading out to Las Vegas for my last work trip of 2024! Looking forward to meeting founders, customers, operators and investors at AWS re:Invent this…
Heading out to Las Vegas for my last work trip of 2024! Looking forward to meeting founders, customers, operators and investors at AWS re:Invent this…
נוסף לייק על ידי Yotam Perkal
-
Rare footage. This demo is probably more impressive than any Demo I've seen in recent years... (considering being filmed in 89' and realtime). MNIST…
Rare footage. This demo is probably more impressive than any Demo I've seen in recent years... (considering being filmed in 89' and realtime). MNIST…
נוסף לייק על ידי Yotam Perkal
-
This is a restored version of an old video of me demonstrating an early convolutional network recognizing digits in real time. My friend Larry…
This is a restored version of an old video of me demonstrating an early convolutional network recognizing digits in real time. My friend Larry…
נוסף לייק על ידי Yotam Perkal
ניסיון
חינוך
רישיונות והסמכות
ניסיון בהתנדבות
-
Organization Committee Member
PyCon Israel
-להציג 6 שנים 2 חודשים
מדע טֶכנוֹלוֹגִיָה
Collaborating with a talented and dedicated group of Python professionals in organizing and running the popular PyCon conference in Israel.
-
Volunteer
FIRST
-להציג 1 חודשי שנה 4
מדע טֶכנוֹלוֹגִיָה
Volunteering as part of the EPSS Special Interest Group (SIG)
פרסומים
-
SBOM Sharing Roles and Considerations
Cybersecurity and Infrastructure Security Agency (CISA)
This document describes the three SBOM sharing lifecycle phases from the perspectives of the
three roles, outlining the considerations, shared or unique, of each role as they engage across
the SBOM sharing lifecycle document. The scope of this document is limited to SBOM sharing
and therefore assumes that an SBOM has been created, without commenting on whether it was
created by the software producer or by another party. -
When to Issue VEX Information
Cybersecurity and Infrastructure Security Agency (CISA)
This document seeks to explain the circumstances and events that could lead an entity to issue
VEX information and describes the entities that create or consume VEX information.
This document was a product of the VEX Working Group, which grew out of the NTIA
Multistakeholder Process and the Framing Working Group, initially beginning work in 2020. That
work continued into 2023, facilitated by CISA. -
A Planning Approach to Monitoring Computer Programs’ Behavior
Cyber Security Cryptography and Machine Learning. CSCML 2018. Lecture Notes in Computer Science, vol 10879. Springer, Cham
We describe a novel approach to monitoring high level behaviors using concepts from AI planning. Our goal is to understand what a program is doing based on its system call trace. This ability is particularly important for detecting malware. We approach this problem by building an abstract model of the operating system using the STRIPS planning language, casting system calls as planning operators. Given a system call trace, we simulate the corresponding operators on our model and by observing…
We describe a novel approach to monitoring high level behaviors using concepts from AI planning. Our goal is to understand what a program is doing based on its system call trace. This ability is particularly important for detecting malware. We approach this problem by building an abstract model of the operating system using the STRIPS planning language, casting system calls as planning operators. Given a system call trace, we simulate the corresponding operators on our model and by observing the properties of the state reached, we learn about the nature of the original program and its behavior. Thus, unlike most statistical detection methods that focus on syntactic features, our approach is semantic in nature. Therefore, it is more robust against obfuscation techniques used by malware that change the outward appearance of the trace but not its effect. We demonstrate the efficacy of our approach by evaluating it on actual system call traces.
אַחֵר הכותביםראה פרסום
פטנטים
-
Emulator Detection Through User Interactions
שהונפקו US US20200210566A1
A method for detection whether an electronic device is using an emulator to imitate another electronic device (mobile device) for fraud detection purposes.
This method utilizes the fact that when a fraudster uses an emulator, the interaction with the emulator is through a mouse and keyboard as opposed to a touch screen. As such, the interaction patterns with the device will be different from those patterns for actual mobile device use.
Examples include: scrolling patterns, elements such…A method for detection whether an electronic device is using an emulator to imitate another electronic device (mobile device) for fraud detection purposes.
This method utilizes the fact that when a fraudster uses an emulator, the interaction with the emulator is through a mouse and keyboard as opposed to a touch screen. As such, the interaction patterns with the device will be different from those patterns for actual mobile device use.
Examples include: scrolling patterns, elements such as force-touch which will be non-existent in mouse based interaction, or even the relative coordinates in which buttons are pressed. -
Mobile Emulator Determination using Sound Detection
שהונפקו US US11011186B2
Mobile emulator detection using sound fingerprinting for fraud prevention purposes.
-
Systems and Methods for Characterizing a Client Device
שהונפקו US US10911319B2
Identify type of client device (Physical/Virtual Machine/Container) based on statically analyzing network traffic.
-
Geographic Location Consensus Determination
מתויק US WO2021138051A1
Transactions may be initiated by various user computing devices located at different geographic locations around the world. Accordingly, such transactions may fall under different jurisdictions that are associated with the different geographic regions. Within these jurisdictions, different rules exist for processing transactions. Often such transactions are conducted by mobile devices meaning that a transaction may be initiated at or close to a border dividing different geographic regions which…
Transactions may be initiated by various user computing devices located at different geographic locations around the world. Accordingly, such transactions may fall under different jurisdictions that are associated with the different geographic regions. Within these jurisdictions, different rules exist for processing transactions. Often such transactions are conducted by mobile devices meaning that a transaction may be initiated at or close to a border dividing different geographic regions which are governed by different jurisdictions. In addition, mobile devices change locations often, and as such their geographic location is continually changing. In such situations, it may be difficult for a system processing these transactions to determine which jurisdiction a particular transaction falls under and by extension how to process the particular transaction.
The present disclosure describes evaluation techniques that include a comparison of different geographic location information to determine whether a consensus exists between geographic regions (e.g., whether the regions match) specified by these multiple different data sources. In addition to using geographic location information from various data sources, the disclosed techniques utilize various sets of rules associated with different geographic regions to determine whether and how to process actions initiated by user devices. In this way, the disclosed techniques may provide more accurate processing of transactions and, in turn, may be able to provide users with access to services available according to their current location, even when such services are unavailable according to their registration or prior location. -
Automatic mitigation of corrupted or compromised compute resources
מתויק US WO2020161622A1
Determine whether an application executing on a compute instance has been corrupted or compromised by malicious code. This may achieved by statically analyzing an image file from which the application is based to determine characteristics thereof. Such characteristics are representative of the behavior that is expected to be performed by the application during execution. During execution of the application, runtime characteristics of the application are determined, which are determined based on…
Determine whether an application executing on a compute instance has been corrupted or compromised by malicious code. This may achieved by statically analyzing an image file from which the application is based to determine characteristics thereof. Such characteristics are representative of the behavior that is expected to be performed by the application during execution. During execution of the application, runtime characteristics of the application are determined, which are determined based on an analysis of the address space in memory allocated for a computing process of the application. The statically-determined characteristics are compared to the determined runtime characteristics to determine discrepancies. In the event that a discrepancy is found, a determination is made that the application has been compromised or corrupted and an appropriate remedial action is automatically performed.
-
Sentiment analysis for fraud detection
מתויק US US20210200955A1
Malicious users are constantly finding new ways to circumvent fraud detection mechanisms. Thus, new models for detection are needed to improve current techniques. The disclosed approaches invoke new technical methods for identifying fraudulent accounts by relying on the fact that account actions are ordered sequences of events. We model each account action as a word, each series of actions (or a session) as a sentence, and each account as a document and utilize sentiment analysis, a natural…
Malicious users are constantly finding new ways to circumvent fraud detection mechanisms. Thus, new models for detection are needed to improve current techniques. The disclosed approaches invoke new technical methods for identifying fraudulent accounts by relying on the fact that account actions are ordered sequences of events. We model each account action as a word, each series of actions (or a session) as a sentence, and each account as a document and utilize sentiment analysis, a natural language processing (NLP) approach that can be performed on bodies of text, to determine a fraudulent sentiment of the account. Instead of classifying text (e.g., a tweet, blog post, review) as having a positive/negative sentiment, We propose to classify the account as having a fraudulent/benign sentiment. Thus, a series of actions on a web-based platform (or other system) may be categorized and analyzed using NLP to uncover tendencies that may indicate a higher (or lower) risk from certain types of user accounts that have performed those actions.
A vocabulary may be constructed of all possible account actions encoded as input vectors (e.g., one-hot encoded). Then, an auto-encoder or a word2vec algorithm may be used to reduce the dimensionality and create an embedding in which similar actions are mapped close to each other in the new (vector) space. Then a neural network (e.g., a recurrent neural network (RNN)/long short-term memory (LSTM)) may be used in order to perform sentiment analysis and determine the fraudulent sentiment of accounts. Once the model is trained on existing data, the model may be able to predict the fraudulent sentiment of any new or existing account given an input sequence of account actions. In response to the determination that an account has a fraudulent sentiment, actions may be taken to confirm the determination, take corrective action, mitigate the risk, and/or restrict a malicious user.
-
System for detecting anomalous access to tables
מתויק US US20210073409A1
A recommender system approach for detecting anomalous access to DB tables.
A query for accessing a table from a requesting user is received. A set of users similar to the requesting user is determined. The probability that the requesting user should access the table is calculated. Then, it is determined whether the user should be accessing the table based on the calculated probability. -
Systems and methods for remote detection of computer device attributes
מתויק US US20200380522A1
Fingerprinting client device based on estimating a number of processing cycles used by the computer device to perform a particular function.
The particular function may be associated with obtaining at least one of the device attributes of the device. The estimated number of processing cycles may be compared against a benchmark profile. A risk associated with the transaction request is determined based on the comparison.
Such fingerprinting could allow for detection of malicious actors…Fingerprinting client device based on estimating a number of processing cycles used by the computer device to perform a particular function.
The particular function may be associated with obtaining at least one of the device attributes of the device. The estimated number of processing cycles may be compared against a benchmark profile. A risk associated with the transaction request is determined based on the comparison.
Such fingerprinting could allow for detection of malicious actors spoofing device parameters using web based extensions.אַחֵר ממציאיםראה פטנט
קורסים
-
Central Processing Unit Architecture
361.1.4201
-
Data Structures and Algorithms
361.1.3691
-
Digital Communication
361.1.4611
-
Digital Computer Structure
361.1.4191
-
Introduction to Information Theory and Error Control Coding
361.1.3761
-
Networks Seurity
361.1.4711
-
Object Oriented Programming
361.1.3811
-
Parallel Processing
361.1.3621
פרויקטים
-
Internal Rotation Project - Detecting Suspicious Events in Autorun Logs
-
As part of an internal rotation program, conducted a 5 weeks research project as part of the Security Threat Intelligence team, that aimed to detect suspicious behaviors in Windows Autoruns logs.
The project included analyzing Autoruns data collected from Tanium agents on Windows machines, identifying anomalies and reporting suspicious events indicative of malware or other unwanted artifacts.
שפות
-
Hebrew
מיומנות שפת אם או דו-לשונית
-
English
מיומנות מקצועי מלאה
המלצות התקבל
5 אנשים המליצו Yotam
הצטרפו עכשיו כדי נוףעוד פעילות על ידי Yotam
-
🎤I am thrilled to have had the opportunity to speak at the AI Meetup hosted by The Academic College of Tel-Aviv Yaffo! It was a true privilege to…
🎤I am thrilled to have had the opportunity to speak at the AI Meetup hosted by The Academic College of Tel-Aviv Yaffo! It was a true privilege to…
נוסף לייק על ידי Yotam Perkal
-
Today is the 2nd anniversary of chatGPT. Good, bad and ugly report card Good: 1) Sparked the GenAI revolution. Still the best model $ can buy. The…
Today is the 2nd anniversary of chatGPT. Good, bad and ugly report card Good: 1) Sparked the GenAI revolution. Still the best model $ can buy. The…
נוסף לייק על ידי Yotam Perkal
-
This masterpiece of corporate communication from ANALYGENCE, I believe, did not receive sufficient attention within the #vulnerabilitymanagement…
This masterpiece of corporate communication from ANALYGENCE, I believe, did not receive sufficient attention within the #vulnerabilitymanagement…
נוסף לייק על ידי Yotam Perkal