Abstract: Systems and methods for detecting and mitigating cyber-attacks directed to connected vehicles. A method includes classifying a behavior of a connected vehicle into at least one classification with respect to a location of data transmission relative to the connected vehicle, wherein the at least one classification includes any of local and remote; determining a plurality of vehicle-related cyber-attack indicators related to the behavior of the connected vehicle; performing risk analysis based on a first combination of vehicle-related cyber-attack indicators and the classification, wherein performing the risk analysis further comprises matching the first combination to a plurality of second combinations of cyber-attack indicators of a plurality of known attack patterns, wherein each of the plurality of known attack patterns has at least one classification matching the at least one classification of the connected vehicle; and performing at least one mitigation action based on the risk analysis.

Abstract: A method for electronic signing of a document by a plurality of signatories comprises a step of acquiring a photograph of at least one of the signatories and identifying the signatory using the photograph, and a step of associating the document in a digital form with the identified signatory, wherein the method comprises: a prior step of calculating a matrix code by a cryptographic processing TC applied to the document, the step of acquiring a photograph consisting of acquiring a photograph of at least one signatory bearing a physical medium representing the matrix code, a step of validating: the identity of the signatory on the photograph and, the conformity of the matrix code calculated by the cryptographic processing TC applied to the document held by a signatory, with the matrix code on the photograph.

Abstract: A computer implemented method of protecting a target subnet, including a set of network connected devices in a hierarchy of subnets of a computer network, from malware attack. The method includes generating a dynamical system for each subnet in the network, each dynamical system modelling a rate of change of a number of network connected devices in the subnet that are: susceptible to infection by the malware; infected by the malware; protected against infection by the malware; and remediated of infection by the malware. The dynamical systems are based on rates of transmission of the malware between pairs of subnets; evaluating a measure of risk of infection of the target subnet at a predetermined point in time based on the dynamical system for the target subnet; and responsive to the measure of risk meeting a predetermined threshold, deploying malware protection measures to devices in the target subnet.

Abstract: A method for defending a network of electronic devices from cyberattacks includes obtaining information about a plurality of devices and information about communication links between the plurality of devices and surrounding environment and determining types of the communication links using heuristic rules. The types of communication links are compared using corresponding link profiles. One or more similar communication links are identified based on the comparison. A cluster of devices is generated by combining a subset of the plurality of devices. The cluster includes one or more devices having one or more similar communication links. A surrounding environment profile is generated for the generated cluster of devices. When a cyberattack is detected on one of the devices in the cluster, the surrounding environment profile is modified for the cluster of devices in order to defend all devices in the cluster from the cyberattack.

Abstract: A level-of-confidence calculation apparatus includes a first collecting unit that collects relevant information related to first threat intelligence that is input; a second collecting unit that collects, from a memory unit storing threat intelligence to which a level of confidence is appended, second threat intelligence related to the relevant information; a generation unit that generates a graph in which the first threat intelligence, the relevant information, and the second threat intelligence are set as nodes and the nodes relating to related information are connected; and a calculating unit that calculates, by applying a belief propagation method to the graph, a level of confidence of the first threat intelligence based on a level of confidence of the second threat intelligence, and therefore a level of confidence of threat intelligence with uncertain level of confidence can be calculated.

Abstract: Devices, systems and methods are provided to implement key generation for secure pairing between first and second devices using embedded out-of-band (OOB) key generation and without requiring the devices to have input/output (IO) capability to enter authentication information. Bluetooth Smart or Low Energy (BLE) OOB pairing option can be used for pairing medical devices with added security of OOB key generation. The OOB key generation comprises providing first and second devices with the same predefined credential and secure hashing algorithm, and making input of the hashing algorithm of the first and second devices the same. The first device transmits unique data to second device (e.g., via BLE advertising) to share and compute a similar input. The first and second devices use the credential and shared data with the hashing function to generate a key that is the same at each of first and second devices.

Abstract: An information processing apparatus includes a memory and a processor. The processor coupled to the memory and configured to receive information indicating a plurality of program components used to execute a cyber exercise and a relationship between the plurality of program components, and generate a program group included in a scenario that controls execution of the cyber exercise by combining the plurality of program components based on the information indicating the relationship.

Abstract: Embodiments are directed to providing integrity-protected command buffer execution. An embodiment of an apparatus includes a computer-readable memory comprising one or more command buffers and a processing device communicatively coupled to the computer-readable memory to read, from a command buffer of the computer-readable memory, a first command received from a host device, the first command executable by one or more processing elements on the processing device, the first command comprising an instruction and associated parameter data, compute a first authentication tag using a cryptographic key associated with the host device, the instruction and at least a portion of the parameter data, and authenticate the first command by comparing the first authentication tag with a second authentication tag computed by the host device and associated with the command.

Abstract: Disclosed are systems and methods for detecting multiple malicious processes. The described techniques identify a first process and a second process launched on a computing device. The techniques receive from the first process a first execution stack indicating at least one first control point used to monitor at least one thread associated with the first process, and receive from the second process a second execution stack indicating at least one second control point used to monitor at least one thread associated with the second process. The techniques determine that both the first process and the second process are malicious using a machine learning classifier on the at least one first control point and the at least one second control point. In response, the techniques generate an indication that an execution of the first process and the second process is malicious.

Abstract: A method may include receiving a data file including a plurality of tuples, each respective tuple including a username and password; matching a username from a tuple in the data file to a username of an account stored in an account database; determining that the password from the tuple matches a password for the account; in response to the determining indicating a match, setting a security flag for the account identifying the account as compromised; subsequent to the security flag being set, receiving a login request with validated credentials for the account from a computing device; and in response to the login request, transmitting a request to the computing device to modify the password for the account.

Abstract: Techniques to facilitate prevention of malicious attacks on a web service are disclosed herein. In at least one implementation, a computing system intercepts a web request directed to a web server providing the web service. The computing system identifies whether or not the web request is malicious. When the web request is identified as malicious, the computing system redirects the web request to an isolated mitigation server configured to mimic responses of the web server. The isolated mitigation server processes the web request to generate artificial content based on the web request that appears to be genuine content provided by the web server, and presents the artificial content in response to the web request.

Abstract: Application programming interfaces (API) are provided for notebook settings, for example, classroom notebook settings. The APIs allow for a teacher or other user of a class notebook to manage permissions to the class notebooks, and particularly allow for fine control over parts of the class notebook through a class notebook application. An API for generating a guest access link is provided. APIs for creating permission groups for a collaboration space are provided. A post permission API is provided that creates or updates the permission for a section group. A get permission API is provided that retrieves permission information of a section group. A delete permission API is provided that removes permission for a user of a section group.

Abstract: The invention provides a computer-implemented method and corresponding system which is implemented using an electronic ledger such as a blockchain. This may or may not be the Bitcoin blockchain. The invention can be used to implement, execute and/or control the performance of a task or process. A method according to the invention comprises the steps of generating a blockchain Transaction which comprises: at least one signed input which comprises a value; and at least one modifiable output. It further comprises the step of extracting the value from the signed input and providing it to a portion of logic to obtain a result; and using the result to modify the output of the Transaction. The transaction provides a record and/or representation of the execution of the portion of logic and/or the result. The signed input is provided to the Transaction using an unlocking script. The at least one input is signed using a signature hash type which renders the input as non-modifiable.

Abstract: In one embodiment the method includes providing a bidirectionally linked blockchain structure; generating an additional block for expanding the blockchain structure, which includes the data to be stored and is intended to be linked bidirectionally to the last block of the blockchain structure, the last block of the blockchain structure including stored data; and calculating a first block-dependent linking function for bidirectionally linking the last block to the additional block. The calculation of the linking function including calculating a combined block-dependent check value of the last block and of the additional block, using the data stored in the last block and the data to be stored in the additional block; and associating the combined check value with a block-independent, linking process-specific function. The method further includes adding the first block-dependent linking function to the last block and to the additional block.

Abstract: Systems and methods include obtaining an expression for a Data Loss Prevention (DLP) engine, wherein the expression includes one or more DLP dictionaries that evaluate to a score for comparison with a corresponding threshold and one or more logical operators used to combine an evaluation of the one or more DLP dictionaries; storing the expression in a database associated with a DLP service; monitoring traffic from one or more users; evaluating the traffic using the DLP engine and the expression; and determining a DLP trigger based on a result of the expression that is a logical TRUE.

Abstract: A system for identifying and remediating data exfiltration paths is provided. In particular, the system may generate a map of the network environment which identifies all of the possible pathways and the steps of such pathways through which sensitive data may be exfiltrated. The system may then evaluate the potential impact associated with each exfiltration pathway and generate a prioritization scheme which may sort the pathways by their potential impacts. Based on the prioritization scheme, the system may, via a machine learning engine, provide one or more remediation processes that may be executed to reduce the chance of data exfiltration through certain potentially high-impact pathways.

Abstract: Systems for dynamic profile control are provided. A system may receive first check data that may include a number of checks written over a predetermined time period for an account. The first check data may be analyzed to determine the number of checks written in a predetermined time period and the number may be compared to one or more thresholds. Based on the comparison, a first tier level may be identified for the account. A profile record may be generated including a check profile that may include one or more parameters based on the identified first tier level. The system may then build the profile by adding checks to the profile upon determining that the checks meet predefined criteria. After a predetermined time period has expired, the system may process additional data to determine whether the identified tier level and associated parameters should be modified.

Abstract: An integrated vehicle health management (IVHM) system to resolve equipment-fault related anomalies detected by cyber intrusion detection system (IDS). A benefit of the present system is that it can result in fewer alerts that need manual analysis. A combination of cyber and monitoring with integrated vehicle health management (IVHM) may be a high value differentiator. As a solution gets more mature through a learning loop, it may be customized for different customers in a cost effective manner, something that might be expensive to develop on their own for most original equipment manufacturers (OEMs). An IVHM symptom pattern recognition matrix may link a pattern of reported symptoms to known equipment failures. This matrix may be initialized from the vehicle design data but its entries may get updated by a learning loop that improves a correlation by incorporating results of investigations.

Abstract: A system and method and for verifying that distorted biometric information submitted to a computing device is authentic. In various embodiments, the method includes receiving a signal indicative of a distorted biometric of a person; determining a DNA sequence code of the signal indicative of the distorted biometric signal; generating a first dataset based on the DNA sequence code; hashing the first dataset to obtain a second dataset; encrypting the second dataset; storing the encrypted second dataset into a blockchain; comparing the second dataset to a test dataset to determine if the second and test datasets are from a related data source and remain unchanged from the distorted biometric of the person; and updating a new transaction record on the blockchain to indicate that the blockchain transaction has been validated.

Abstract: Techniques for evaluating and optimizing cybersecurity operations in an organization is disclosed. The method includes the step of providing a first set of threat scenarios to a cybersecurity operations team in a live environment and a second set of scenarios in a static environment. The response of the teams including various parameters associated it such as time taken for responding, strategies used, effectiveness of the response, etc., are recorded. Based on the recorded responses, the method further performs the step of determining overall assessment scores. Upon determining the scores, the method further performs the step of contextualizing the scores based on a plurality of parameters. Based on the contextualized scores, the method provides detailed insights and recommendations related to the performance of cybersecurity teams.