Yotam Perkal

Yotam Perkal

Be'er Sheva, South District, Israel
5K‏ עוקבים מעל 500 קשרים

על אודות

I have expertise in a variety of domains, including vulnerability management, threat…

מאמרים מאת Yotam

תרומות

פעילות

הצטרפו עכשיו כדי לראות את כל פעילות

ניסיון

חינוך

רישיונות והסמכות

ניסיון בהתנדבות

  • PyCon Israel גרפי

    Organization Committee Member

    PyCon Israel

    -להציג 6 שנים 2 חודשים

    מדע טֶכנוֹלוֹגִיָה

    Collaborating with a talented and dedicated group of Python professionals in organizing and running the popular PyCon conference in Israel.

  • FIRST גרפי

    Volunteer

    FIRST

    -להציג 1 חודשי שנה 4

    מדע טֶכנוֹלוֹגִיָה

    Volunteering as part of the EPSS Special Interest Group (SIG)

פרסומים

  • SBOM Sharing Roles and Considerations

    Cybersecurity and Infrastructure Security Agency (CISA)

    This document describes the three SBOM sharing lifecycle phases from the perspectives of the
    three roles, outlining the considerations, shared or unique, of each role as they engage across
    the SBOM sharing lifecycle document. The scope of this document is limited to SBOM sharing
    and therefore assumes that an SBOM has been created, without commenting on whether it was
    created by the software producer or by another party.

    ראה פרסום
  • When to Issue VEX Information

    Cybersecurity and Infrastructure Security Agency (CISA)

    This document seeks to explain the circumstances and events that could lead an entity to issue
    VEX information and describes the entities that create or consume VEX information.
    This document was a product of the VEX Working Group, which grew out of the NTIA
    Multistakeholder Process and the Framing Working Group, initially beginning work in 2020. That
    work continued into 2023, facilitated by CISA.

    ראה פרסום
  • A Planning Approach to Monitoring Computer Programs’ Behavior

    Cyber Security Cryptography and Machine Learning. CSCML 2018. Lecture Notes in Computer Science, vol 10879. Springer, Cham

    We describe a novel approach to monitoring high level behaviors using concepts from AI planning. Our goal is to understand what a program is doing based on its system call trace. This ability is particularly important for detecting malware. We approach this problem by building an abstract model of the operating system using the STRIPS planning language, casting system calls as planning operators. Given a system call trace, we simulate the corresponding operators on our model and by observing…

    We describe a novel approach to monitoring high level behaviors using concepts from AI planning. Our goal is to understand what a program is doing based on its system call trace. This ability is particularly important for detecting malware. We approach this problem by building an abstract model of the operating system using the STRIPS planning language, casting system calls as planning operators. Given a system call trace, we simulate the corresponding operators on our model and by observing the properties of the state reached, we learn about the nature of the original program and its behavior. Thus, unlike most statistical detection methods that focus on syntactic features, our approach is semantic in nature. Therefore, it is more robust against obfuscation techniques used by malware that change the outward appearance of the trace but not its effect. We demonstrate the efficacy of our approach by evaluating it on actual system call traces.

    אַחֵר הכותבים
    ראה פרסום

פטנטים

  • Emulator Detection Through User Interactions

    שהונפקו US US20200210566A1

    A method for detection whether an electronic device is using an emulator to imitate another electronic device (mobile device) for fraud detection purposes.
    This method utilizes the fact that when a fraudster uses an emulator, the interaction with the emulator is through a mouse and keyboard as opposed to a touch screen. As such, the interaction patterns with the device will be different from those patterns for actual mobile device use.
    Examples include: scrolling patterns, elements such…

    A method for detection whether an electronic device is using an emulator to imitate another electronic device (mobile device) for fraud detection purposes.
    This method utilizes the fact that when a fraudster uses an emulator, the interaction with the emulator is through a mouse and keyboard as opposed to a touch screen. As such, the interaction patterns with the device will be different from those patterns for actual mobile device use.
    Examples include: scrolling patterns, elements such as force-touch which will be non-existent in mouse based interaction, or even the relative coordinates in which buttons are pressed.

    ראה פטנט
  • Mobile Emulator Determination using Sound Detection

    שהונפקו US US11011186B2

    Mobile emulator detection using sound fingerprinting for fraud prevention purposes.

    ראה פטנט
  • Systems and Methods for Characterizing a Client Device

    שהונפקו US US10911319B2

    Identify type of client device (Physical/Virtual Machine/Container) based on statically analyzing network traffic.

    ראה פטנט
  • Geographic Location Consensus Determination

    מתויק US WO2021138051A1

    Transactions may be initiated by various user computing devices located at different geographic locations around the world. Accordingly, such transactions may fall under different jurisdictions that are associated with the different geographic regions. Within these jurisdictions, different rules exist for processing transactions. Often such transactions are conducted by mobile devices meaning that a transaction may be initiated at or close to a border dividing different geographic regions which…

    Transactions may be initiated by various user computing devices located at different geographic locations around the world. Accordingly, such transactions may fall under different jurisdictions that are associated with the different geographic regions. Within these jurisdictions, different rules exist for processing transactions. Often such transactions are conducted by mobile devices meaning that a transaction may be initiated at or close to a border dividing different geographic regions which are governed by different jurisdictions. In addition, mobile devices change locations often, and as such their geographic location is continually changing. In such situations, it may be difficult for a system processing these transactions to determine which jurisdiction a particular transaction falls under and by extension how to process the particular transaction.
    The present disclosure describes evaluation techniques that include a comparison of different geographic location information to determine whether a consensus exists between geographic regions (e.g., whether the regions match) specified by these multiple different data sources. In addition to using geographic location information from various data sources, the disclosed techniques utilize various sets of rules associated with different geographic regions to determine whether and how to process actions initiated by user devices. In this way, the disclosed techniques may provide more accurate processing of transactions and, in turn, may be able to provide users with access to services available according to their current location, even when such services are unavailable according to their registration or prior location.

    ראה פטנט
  • Automatic mitigation of corrupted or compromised compute resources

    מתויק US WO2020161622A1

    Determine whether an application executing on a compute instance has been corrupted or compromised by malicious code. This may achieved by statically analyzing an image file from which the application is based to determine characteristics thereof. Such characteristics are representative of the behavior that is expected to be performed by the application during execution. During execution of the application, runtime characteristics of the application are determined, which are determined based on…

    Determine whether an application executing on a compute instance has been corrupted or compromised by malicious code. This may achieved by statically analyzing an image file from which the application is based to determine characteristics thereof. Such characteristics are representative of the behavior that is expected to be performed by the application during execution. During execution of the application, runtime characteristics of the application are determined, which are determined based on an analysis of the address space in memory allocated for a computing process of the application. The statically-determined characteristics are compared to the determined runtime characteristics to determine discrepancies. In the event that a discrepancy is found, a determination is made that the application has been compromised or corrupted and an appropriate remedial action is automatically performed.

    ראה פטנט
  • Sentiment analysis for fraud detection

    מתויק US US20210200955A1

    Malicious users are constantly finding new ways to circumvent fraud detection mechanisms. Thus, new models for detection are needed to improve current techniques. The disclosed approaches invoke new technical methods for identifying fraudulent accounts by relying on the fact that account actions are ordered sequences of events. We model each account action as a word, each series of actions (or a session) as a sentence, and each account as a document and utilize sentiment analysis, a natural…

    Malicious users are constantly finding new ways to circumvent fraud detection mechanisms. Thus, new models for detection are needed to improve current techniques. The disclosed approaches invoke new technical methods for identifying fraudulent accounts by relying on the fact that account actions are ordered sequences of events. We model each account action as a word, each series of actions (or a session) as a sentence, and each account as a document and utilize sentiment analysis, a natural language processing (NLP) approach that can be performed on bodies of text, to determine a fraudulent sentiment of the account. Instead of classifying text (e.g., a tweet, blog post, review) as having a positive/negative sentiment, We propose to classify the account as having a fraudulent/benign sentiment. Thus, a series of actions on a web-based platform (or other system) may be categorized and analyzed using NLP to uncover tendencies that may indicate a higher (or lower) risk from certain types of user accounts that have performed those actions.
    A vocabulary may be constructed of all possible account actions encoded as input vectors (e.g., one-hot encoded). Then, an auto-encoder or a word2vec algorithm may be used to reduce the dimensionality and create an embedding in which similar actions are mapped close to each other in the new (vector) space. Then a neural network (e.g., a recurrent neural network (RNN)/long short-term memory (LSTM)) may be used in order to perform sentiment analysis and determine the fraudulent sentiment of accounts. Once the model is trained on existing data, the model may be able to predict the fraudulent sentiment of any new or existing account given an input sequence of account actions. In response to the determination that an account has a fraudulent sentiment, actions may be taken to confirm the determination, take corrective action, mitigate the risk, and/or restrict a malicious user.

    ראה פטנט
  • System for detecting anomalous access to tables

    מתויק US US20210073409A1

    A recommender system approach for detecting anomalous access to DB tables.
    A query for accessing a table from a requesting user is received. A set of users similar to the requesting user is determined. The probability that the requesting user should access the table is calculated. Then, it is determined whether the user should be accessing the table based on the calculated probability.

    ראה פטנט
  • Systems and methods for remote detection of computer device attributes

    מתויק US US20200380522A1

    Fingerprinting client device based on estimating a number of processing cycles used by the computer device to perform a particular function.
    The particular function may be associated with obtaining at least one of the device attributes of the device. The estimated number of processing cycles may be compared against a benchmark profile. A risk associated with the transaction request is determined based on the comparison.
    Such fingerprinting could allow for detection of malicious actors…

    Fingerprinting client device based on estimating a number of processing cycles used by the computer device to perform a particular function.
    The particular function may be associated with obtaining at least one of the device attributes of the device. The estimated number of processing cycles may be compared against a benchmark profile. A risk associated with the transaction request is determined based on the comparison.
    Such fingerprinting could allow for detection of malicious actors spoofing device parameters using web based extensions.

    אַחֵר ממציאים
    ראה פטנט

קורסים

  • Central Processing Unit Architecture

    361.1.4201

  • Data Structures and Algorithms

    361.1.3691

  • Digital Communication

    361.1.4611

  • Digital Computer Structure

    361.1.4191

  • Introduction to Information Theory and Error Control Coding

    361.1.3761

  • Networks Seurity

    361.1.4711

  • Object Oriented Programming

    361.1.3811

  • Parallel Processing

    361.1.3621

פרויקטים

  • Internal Rotation Project - Detecting Suspicious Events in Autorun Logs

    -

    As part of an internal rotation program, conducted a 5 weeks research project as part of the Security Threat Intelligence team, that aimed to detect suspicious behaviors in Windows Autoruns logs.
    The project included analyzing Autoruns data collected from Tanium agents on Windows machines, identifying anomalies and reporting suspicious events indicative of malware or other unwanted artifacts.

שפות

  • Hebrew

    מיומנות שפת אם או דו-לשונית

  • English

    מיומנות מקצועי מלאה

המלצות התקבל

5 אנשים המליצו Yotam

הצטרפו עכשיו כדי נוף

עוד פעילות על ידי Yotam

הצג Yotam את הפרופיל המלא

  • ראה את מי שאתה מכיר במשותף
  • הכירו
  • צור קשר Yotam ישירות
הצטרפו נוף הפרופיל המלא

פרופילים דומים אחרים

הוסף כישורים חדשים עם קורסים אלה