Abstract: A system and a method are disclosed for detecting a malicious website. In an embodiment, a mobile device detects a URL referencing an unknown website. Responsive to detecting the URL, the mobile device retrieves a representative image of the unknown website. The mobile device determines whether the representative image matches an image of a known legitimate website. Responsive to determining that the representative image matches the image of the known legitimate website, the mobile device determines if the unknown website is malicious. The mobile device performs a security action responsive to determining that the website is malicious.

Abstract: A system and a method are disclosed for detecting a malicious website. In an embodiment, a mobile device detects a URL referencing an unknown website. Responsive to detecting the URL, the mobile device retrieves a representative image of the unknown website. The mobile device determines whether the representative image matches an image of a known legitimate website. Responsive to determining that the representative image matches the image of the known legitimate website, the mobile device determines if the unknown website is malicious. The mobile device performs a security action responsive to determining that the website is malicious.

Abstract: A trained classifier is received from a server. Static analysis is performed on a mobile application to generate a vector storing values representing the number of times the mobile application calls functions from each of multiple namespaces, and an indication of the permissions the mobile application requests. The received trained classifier is then applied to the generated vector to identify whether the mobile application contains malware. Based on the output of the trained classifier, a security policy is applied.

Abstract: A method for a wireless network. The network includes at least a server and a plurality of computer devices wirelessly connected to the server. At least one of the computer devices is under attack by an ‘attacker’ device. The method provides for detection and reporting of the attack as to the location of the attack. The method includes detecting an attack by one of the computer devices, using a zCore module and transmitting an ‘attack report’ to the server. The report includes at least the attack location. The method also includes notifying at least one of the plurality of computer devices and an external computer device that the network is compromised.

Abstract: A security system receives attribute samples from one or more devices configured to simulate one or more states (such as attack states). The attribute samples are aggregated, normalized to a common format, and quantized to lower the resolution of the attribute samples. Outlier attribute samples and attribute samples determined to not be correlated to the simulated states are removed to form a pruned set of attribute samples. A set of classifiers is generated based on a first portion of the pruned set of attribute samples, and the set of classifiers is tested based on a second portion of the pruned set of attribute samples. A subset of the classifiers can be provided to a device configured to monitor attributes associated with the subset of classifiers and to identify an attack state based on the monitor attributes.

Abstract: A method for providing an intrusion prevention system to prevent hacking into files located on enterprise users' endpoint devices functioning as mobile computing platforms. The method includes filtering low-level network packets for each of a plurality of received network packets, offloading the received packets to an inspecting processing module and marking suspicious packets based on at least one of a header and pattern of each of said received packets. The method also includes taking preventive measures by the system to ensure protection of the device and network, taking active steps by the system to block suspicious traffic and disconnecting the current connection by the system, when it detects suspicious traffic.

Abstract: A method for providing an intrusion prevention system to prevent hacking into files located on enterprise users' endpoint devices functioning as mobile computing platforms. The method includes filtering low-level network packets for each of a plurality of received network packets, offloading the received packets to an inspecting processing module and marking suspicious packets based on at least one of a header and pattern of each of said received packets. The method also includes taking preventive measures by the system to ensure protection of the device and network, taking active steps by the system to block suspicious traffic and disconnecting the current connection by the system, when it detects suspicious traffic.