Abstract: Disclosed is a system for customizing protections provided to different application programming interfaces (“APIs”) and different functions of an API based on different API context and user context associated with the different APIs and the different functions of each API. The system receives a particular API, determines API context for proper usage of one or more functions of the particular API, and determines user context associated with endpoints properly accessing the one or more functions. The system generates a model for differentiating between proper and improper use of the one or more functions based on contextual relationships between different combinations of the API context and the user context. The system monitors usage of the one or more functions based on the model, and performs an action that is associated with the model in response to the usage violating the contextual relationships for the one or more functions.

Abstract: An assessment query may be received and analyzed to identify relevant assessment attributes and select a set of associated assessment resources. Assessment information may be extracted from the set of associated assessment resources. The extracted information may be used to identify additional relevant assessment attributes that may be utilized to extract additional assessment information. The extracted information may be used to generate a comprehensive threat assessment report. The threat assessment report, and the threat assessment, may be updated based on user feedback.

Abstract: Systems, computer program products, and methods are described herein for generating information security management packages through malware tracing, logging, and analysis. A system in accordance with embodiments of the present invention may be configured for receiving one or more trace log files from one or more artifact data collection computing systems; parsing the artifact data and metadata to identify one or more relationships between the target malware and one or more malware artifacts; based on parsing the artifact data and metadata, generating one or more nodes within a malware graph database; and executing a coverage analysis of an information security management package configured to detect a presence of the target malware.

Abstract: Disclosed are methods, systems and non-transitory computer readable memory for vulnerability detection and management. For instance, a method may include obtain asset information for an organization, wherein the asset information indicates a plurality of assets; obtain a set of grouping rules, wherein the set of grouping rules defines a plurality of groups based on asset attributes; obtain asset data from at least one source, wherein the asset data indicates particular attributes for at least a subset of assets of the plurality of assets; determine at least one specific group for each of the subset of assets; generate a data structure associating each asset of the subset of assets to a first group, thereby grouping the subset of assets into the first group; and perform at least one vulnerability management action using a command that applies to all of the assets, and only the assets, of the first group.

Abstract: Disclosed are methods, systems and non-transitory computer readable memory for vulnerability detection and management. For instance, a method may include obtain asset information for an organization, wherein the asset information indicates a plurality of assets; obtain a set of grouping rules, wherein the set of grouping rules defines a plurality of groups based on asset attributes; obtain asset data from at least one source, wherein the asset data indicates particular attributes for at least a subset of assets of the plurality of assets; determine at least one specific group for each of the subset of assets; generate a data structure associating each asset of the subset of assets to a first group, thereby grouping the subset of assets into the first group; and perform at least one vulnerability management action using a command that applies to all of the assets, and only the assets, of the first group.

Abstract: Embodiments described herein provide for audio processing operations that evaluate characteristics of audio signals that are independent of the speaker's voice. A neural network architecture trains and applies discriminatory neural networks tasked with modeling and classifying speaker-independent characteristics. The task-specific models generate or extract feature vectors from input audio data based on the trained embedding extraction models. The embeddings from the task-specific models are concatenated to form a deep-phoneprint vector for the input audio signal. The DP vector is a low dimensional representation of the each of the speaker-independent characteristics of the audio signal and applied in various downstream operations.

Abstract: Cryptographic techniques are disclosed which employ at least a five-pass protocol (5PP) for a cryptographic exchange of a secret data matrix between two computer systems. This 5PP approach improves the functioning of the computer systems by making their encrypted communications more resistant to potential quantum computing-based attacks while still resisting brute-force attacks by eavesdroppers. For example, the 5PP approach can be used to improve public-key cryptography. The system may comprise a first computer system and a second computer system, where a secret data matrix is known by the first computer system but is not shared with the second computer system in unobscured form.

Abstract: A decentralized security system and associated methods are implemented by a distributed set of security controllers that independently detect threats and implement attack protections for endpoints based on cumulative threat states that are synchronized across the distributed set of security controllers in a decentralized manner. A particular security controller receives different states associated with different hashed identifiers from the other security controllers, and also receives a request from a client that is directed to a particular endpoint. The particular security controller generates a hashed value from hashing an identifier from the request that identifies the particular endpoint, updates a first state based on the first hashed value matching a hashed identifier that is associated with the first state, and implements a protective action in response to an updated value generated from updating the first state violating a security rule.

Abstract: Systems and methods of defending against stack-based cybersecurity attacks that exploit vulnerabilities in buffer overflows. The embodiments disclosed herein propose hijacking program flow in a program binary by insert call checking CFI code before calling a target. Examples of a target can be a function within the program binary, a register, or a memory location. If the call target is a valid call target (e.g., included in a global list of addresses), normal program flow resumes and the program flow is transferred to the target. On the contrary, if the call target is not a valid call target (e.g., not included in a global list of addresses), the program binary is deliberately crashed.

Abstract: In an embodiment, a computer-implemented method for training a decision tree using a database system, the decision tree comprising a plurality nodes, comprises, by one or more computing devices: storing in a database input data for training the decision tree, the input data comprising a plurality of feature values corresponding to a plurality of features; generating a particular node of the plurality of decision nodes by: selecting a subset of the plurality of features and a subset of the input data; using one or more queries to the database system, for each feature of the subset of the plurality of features, calculating an information gain associated with the feature based on the subset of the input data; identifying a particular feature of the subset of the plurality of features associated with the highest information gain; associating the particular node with the particular feature, wherein the particular node causes the decision tree to branch based on the particular feature.

Abstract: An encryption key management method includes: receiving a data registration request from a supplier terminal, determining a data identifier associated with the content data, encrypting a master key with a public key of the supplier terminal, and providing the supplier terminal with the master key encrypted with the public key of the supplier terminal, the data identifier, and a key update count value; receiving a subscription application related to the data identifier from a first subscriber terminal, encrypting the master key with a public key of the first subscriber terminal, and providing the first subscriber terminal with the master key encrypted with the public key of the first subscriber terminal and the key update count value; receiving encrypted content data encrypted with the symmetric key and a hash for the content data from the supplier terminal; and transmitting the encrypted content data and the hash to the first subscriber terminal.

Abstract: A network-accessible service provides an enterprise with a view of identity and data activity in the enterprise's cloud accounts. The service enables distinct cloud provider management models to be normalized with centralized analytics and views across large numbers of cloud accounts. Based on identity and audit data received from a set of cloud deployments, and according to a cloud intelligence model, a set of permissions associated with each of a set of identities are determined. For each identity, and based on a set of identity chains extracted from the cloud intelligence model, a set of identity account action paths (IAAPs) are then determined. An IAAP defines how the identity obtains an ability to perform a given action in a given account. Using the identity account action paths together with context information, one or more roles, groups and accounts in the enterprise that are propagating permissions within the public cloud environment are then identified.

Abstract: Disclosed is a method and apparatus for performing steps to cause encoded information to be stored at a client device during a first network session between a server and the client device. To cause encoded information to be stored at a client device, the server first determines a set of network resource requests that encode the information. These network resource requests may include requests for one or more specific URLs and/or requests for one or more files. The server then causes the client device to initiate the network resource requests. The server may cause this initiation by, for example, redirecting the client device to the network resources. The client device initiating the network resource requests causes data representative of the network resource requests to be stored at the client device.

Abstract: A stent apparatus, system, and method that senses wall shear stress by measuring fluid flow at localized areas within the stent, that processes measured information through an integrated circuit, and selectively sends power to mechanically controllable stent surfaces which results in localized geometric changes. In various embodiments the stent apparatus, system, and method sends data to outside the body in real time.

Abstract: In some embodiments, a method can include identifying detection coverage of a set of adversarial techniques based on telemetry data and a detection instance of an environment. The method can further include determining a subset of detection coverage that has a metric value below a metric value threshold and among the detection coverage for the set of adversarial techniques. The method may further include identifying at least one detection instance associated with the subset of detection coverage. The method can further include presenting, via a graphical user interface, a representation of at least one of the subset of detection coverage or the at least one detection instance associated with the subset of detection coverage. The method can further include updating the subset of detection coverage based on the telemetry data, the detection instance, or the at least one detection instance to improve the metric value.

Abstract: Techniques, systems, and devices are described for providing a computational frame for estimating high-dimensional stochastic behaviors. In one exemplary aspect, a method for performing numerical estimation includes receiving a set of measurements of a stochastic behavior. The set of correlated measurements follows a non-standard probability distribution and is non-linearly correlated. Also, a non-linear relationship exists between a set of system variables that describes the stochastic behavior and a corresponding set of measurements. The method includes determining, based on the set of measurements, a numerical model of the stochastic behavior. The numerical model comprises a feature space comprising non-correlated features corresponding to the stochastic behavior. The non-correlated features have a dimensionality of M and the set of measurements has a dimensionality of N, M being smaller than N.

Abstract: A Merkle tree-based data management method may comprise: aligning data into two-dimensional square matrix; calculating a hash value of each node of the two-dimensional square matrix; calculating hash values of each row of the two-dimensional square matrix; generating an additional column with nodes having the hash values of each row; calculating hash values of each column of the two-dimensional square matrix; generating an additional row with nodes having hash values of each column; and calculating a Merkle root by concatenating the hash values of the additional column and the hash values of the additional row.

Abstract: Embodiments include a computing device that executes software routines and/or one or more machine-learning architectures providing improved omni-channel authentication solutions. Embodiments include one or more computing devices that provide an authentication interface by which various communication channels may deposit contact or session data received via a first-channel session into a non-transitory storage medium of an authentication database for another channel to obtain and employ (e.g., verify users). This allows the customer to access an online data channel and enter the contact center through a telephony communication channel, but further allows the enterprise contact center systems to passively maintain access to various types of information about the user's identity captured from each contact channel, allowing the call center to request or capture authenticating information (e.g.

Abstract: The methods and systems are operable to protect a computing environment from attack. The methods and systems incorporate a preventative ability with similar attributes to an Antivirus/Anti-malware technique suitable for use on home user or similar protected computing environments with no or minimal centralized human administrative resources using natural language.

Abstract: Embodiments described herein provide for a computer that detects one or more keywords of interest using acoustic features, to detect or query commonalities across multiple fraud calls. Embodiments described herein may implement unsupervised keyword spotting (UKWS) or unsupervised word discovery (UWD) in order to identify commonalities across a set of calls, where both UKWS and UWD employ Gaussian Mixture Models (GMM) and one or more dynamic time-warping algorithms. A user may indicate a training exemplar or occurrence of call-specific information, referred to herein as “a named entity,” such as a person's name, an account number, account balance, or order number. The computer may perform a redaction process that computationally nullifies the import of the named entity in the modeling processes described herein.