Abstract: An anti-malware computer providing a hardware-centric solution for preventing (or substantially reducing) hacking which cannot be affected by contaminated software. The anti-malware computer is configured with an anti-malware circuit device, Internet regulator devices and an Internet active indicator that facilitate receiving an Internet access request from an Internet regulator device. Responsive to the Internet access request received, establishing an Internet communications link between the anti-malware computer and the Internet and illuminating an Internet active indicator. Monitoring for active Internet activity cessation from the anti-malware computer and if inactive initiating an Internet inactivity timer and counting the total Internet inactivity time. If an Internet inactivity level has been met blocking the Internet communications link between the anti-malware computer and the Internet and deactivating the Internet ready indicator.

Abstract: A computing device monitors for an event trigger by a secure computing module. Based on identifying an event trigger at the computing device, the secure computing module executes a health check according to a configuration identifying operating anomalies that are indicative of malicious activity at the computing device. The health check includes scanning a filesystem and communications module operation and configuration of the computing device for indications of malicious activity. Based on identified operating anomalies at the computing device, the secure computing module determines response measures to secure the computing device. The secure computing module executes the response measures individually or in combination at the computing device based on a response configuration.

Abstract: A blockchain of block entries that can be requested by users from user devices is maintained in a distributed network of nodes. Block entries include a plurality of data portions that are each associated with an access level. A request from an auditor to view one or more data portions of a block entry can includes an access code associated with at least one access level can be evaluated to identify one or more data portions associated with the access level. A customized view of the block entry which includes the one or more data portions associated with the access level can be generated. An artificial intelligence engine can review entries within the distributed ledger, identify earnings information associated with the sales of the commercial inventory, determine tax based on earning information, and pay the tax via fiat or cryptocurrency to government authorities based on earnings information.

Abstract: Mechanisms for analyzing a structured file for malicious content are provided, comprising: parsing the structured file into a plurality of portions; selecting a selected portion of the portions; checking the selected portion to determine if at least one pre-condition is met; and in response to determining that the at least one pre-condition is met: decoding the selected portion to form a decoded portion; and checking the decoded portion to determine if it is malicious. In some embodiments: the at least one pre-condition can be changed; the structured file is a MICROSOFT OFFICE XML file; the selected portion is a file; the at least one pre-condition checks at least one attribute of the selected portion; decoding the selected portion comprises decompressing the selected portion; and/or checking the decoded portion to determine if it is malicious comprises checking whether a previously decoded portion of the structure file meets at least one condition.

Abstract: An intrusion detection system (IDS) for a micro-services environment identifies attacks in substantially real-time and at a container-level. In this approach, behavior models are generated from container images using a binary analysis. A behavior model is a graph data structure having nodes and edges, wherein an edge represents a system call made by at least one process represented as a node in the graph data structure. The model is co-located with a running container, thereby enabling detection of anomalies as the container executes in a container environment on a hardware node. A per-container IDS function is instantiated by checking whether system call telemetry generated by an image's running container satisfies the associated behavior model that has been generated for the container image. If the telemetry indicates activity that deviates from the behavior model, an automated action is then initiated to attempt to address the attack, preferably while it is in progress.

Abstract: Techniques are described herein that are capable of using multiple factors to detect illicit enumeration. Object requests are parsed among request types such that each request type includes object request(s) that share a respective common attribute. Each object request requests information about an object. Scores are generated for the respective request types such that the score for each request type is based at least in part on a count of the object request(s) in the respective request type. The scores for the respective request types are aggregated to provide a malicious activity score that represents a likelihood that the illicit enumeration has occurred. The malicious activity score is compared to a score threshold. A remedial operation is selectively performed with regard to the illicit enumeration based at least in part on whether the malicious activity score is greater than or equal to the score threshold.

Abstract: In one embodiment, a method for providing access to wireless networks may include receiving, by a wireless network access provider from a user device, a request to access a wireless network. The method may include obtaining data representing a policy applicable to the access request, sending the access request, augmented with the policy, to an identity provider associated with the user and having no pre-existing relationship with the access provider, and receiving, from the identity provider, an access request response indicating whether or not the policy is met. The method may include communicating, to the wireless device, an indication that the access request has been accepted, if the policy is met, or an indication that the access request has been rejected, if the policy is not met. The access provider and identity provider may be members of an identity and access federation that communicate over a dynamically established secure connection.

Abstract: A snooping invalidation module is implemented at the network interface for a given core, or processing element, of a multicore or manycore device, e.g., NoC device, to discard packets with invalid header flits (e.g., duplicate packets) from being injected into the device, e.g., by a malicious hardware trojan implemented in the network interface. In some embodiments, a data-snooping detection circuit is implemented to detect a source of an on-going attack.

Abstract: A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.

Abstract: System and method for protecting a computing device of a target system against ransomware attacks employs a file system having a data structure used by an operating system of the computing device for managing files. A software or a hardware installed agent in the computing device performs one or more actions autonomously on behalf of the target system. The agent autonomously creates one or more trap files in the data structure of the filing system. A trap file is a file access to which indicates a probability of ransomware attack. The agent monitors access to the one or more trap files. Upon detecting access to a trap file, remedial action is performed by the target system against the probability of ransomware attack.

Abstract: A system compares two network security specifications expected to implement the same network security policy for a network and identifies possible discrepancies between them. The system generates a representation of relations between subnetworks of the network for each network security specification. The representation efficiently stores permitted connections between subnetworks. The system compares the representations corresponding to the two network security specifications to identify discrepancies across the two network security specifications. If discrepancies are identified across the two network security specifications the system generating a report identifying the discrepancies.

Abstract: Systems, methods, and software are disclosed herein to generate a customized view of a blockchain transaction. A blockchain of block entries requested by a plurality of users from user devices is maintained in a distributed network of nodes. The block entries each comprise a plurality of data portions that are each associated with an access level. A request to view one or more data portions of a block entry is received which includes an access code associated with at least one access level. The access code in the request is evaluated with the blockchain of block entries to identify one or more data portions associated with the access level. A customized view of the block entry is generated which includes the one or more data portions associated with the access level.

Abstract: Systems and methods are described for the generation of domain names that may be associated with a particular user device and may be encrypted to obfuscate the domain names of content requested by the user device.

Abstract: Deriving and surfacing insights regarding security threats is disclosed. A plurality of features associated with a message is determined. A plurality of facet models is used to analyze the determined features. Based at least in part on the analysis, it is determined that the message poses a security threat. A prioritized set of information is determined to be provided as output that is representative of why the message was determined to pose a security threat. At least a portion of the prioritized set of information is provided as output.

Abstract: Systems, methods, and software are disclosed herein to generate a customized view of a blockchain transaction. A blockchain of block entries is maintained in a distributed network of nodes. The block entries each comprise a plurality of data portions and data access guidelines are received which govern access by a user to one or more of the data portions. A request to view one or more data portions of a block entry is received from the user. The data access guidelines for the user are applied to the request and the one or more data portions that are accessible by the request according to the data access guidelines are identified. A customized view of the block entry is generated which includes the one or more data portions determined to be accessible by the request.

Abstract: Embodiments of this disclosure provide techniques for securely communicating an IMSI over the air from a UE to an SeAN, as well as for securely validating an unencrypted IMSI that the SeAN receives from the home network, during authentication protocols. In particular, the UE may either encrypt the IMSI assigned to the UE using an IMSI encryption key (KIMSIenc) or compute a hash of the IMSI assigned to the UE using an IMSI integrity key (KIMSIint), and then send the encrypted IMSI or the hash of the IMSI to the serving network. The encrypted IMSI or hash of the encrypted IMSI may then be used by the SeAN to validate an unencrypted IMSI that was previously received from an HSS in the home network of the UE.

Abstract: Arrangements of the present disclosure relate to a method for securing data located in a blockchain having a plurality of blocks. The method includes creating a pointer within a block of the plurality of blocks, the pointer pointing to a location external to the blockchain. In response to a request to protect data inside the block, the method further includes creating a security vault at the location, copying the block, and storing the copied block in the security vault using the pointer.

Abstract: A method and an electronic device (100) are disclosed for generating semantic representation of a document to determine data security risk associated with the document. The method includes receiving, by a document semantics controller (160) of the electronic device (100), a document in an electronic form and determining, by the document semantics controller (160), raw text. Further, the method includes generating, by the document semantics controller (160), a plurality of sentence blocks using the raw text and determining, by the document semantics controller (160), embeddings for the plurality of sentence blocks. Further, the method includes determining, by the document semantics controller (160), the semantic representation of the document based on the embeddings for each of the sentence blocks; and generating, by the document semantics controller (160), the semantic representation of the document to determine the data security risk associated with the document.

Abstract: Systems, methods, and software are disclosed herein to generate a customized view of a blockchain transaction. A blockchain of block entries requested by a plurality of users from user devices is maintained in a distributed network of nodes. The block entries each comprise a plurality of data portions that are each associated with an access level. A request to view one or more data portions of a block entry is received which includes an access code associated with at least one access level. The access code in the request is evaluated with the blockchain of block entries to identify one or more data portions associated with the access level. A customized view of the block entry is generated which includes the one or more data portions associated with the access level. Enhanced operational efficiency and customer convenience is thereby provided in industries including parking, hotels, and autonomous vehicle fleets.

Abstract: Deriving and surfacing insights regarding security threats is disclosed. A plurality of features associated with a message is determined. A plurality of facet models is used to analyze the determined features. Based at least in part on the analysis, it is determined that the message poses a security threat. A prioritized set of information is determined to be provided as output that is representative of why the message was determined to pose a security threat. At least a portion of the prioritized set of information is provided as output.