Abstract: An automated technique for security monitoring leverages a labeled semi-directed temporal graph derived from system-generated events. The temporal graph is mined to derive process-centric subgraphs, with each subgraph consisting of events related to a process. The subgraphs are then processed to identify atomic operations shared by the processes, wherein an atomic operation comprises a sequence of system-generated events that provide an objective context of interest. The temporal graph is then reconstructed by substituting the identified atomic operations derived from the subgraphs for the edges in the original temporal graph, thereby generating a reconstructed temporal graph. Using graph embedding, the reconstructed graph is converted into a representation suitable for further machine learning, e.g., using a deep neural network. The network is then trained to learn the intention underlying the temporal graph.

Abstract: Systems, methods and computer program products for improving security of artificial intelligence systems. The system comprising processors for monitoring one or more transactions received by a machine learning decision model to determine a first score associated with a first transaction. The first transaction may be identified as likely adversarial, in response to the first score being lower than a certain score threshold and the first transaction having a low occurrence likelihood. A second score may be generated in association with the first transaction based on one or more adversarial latent features associated with the first transaction. At least one adversarial latent feature may be detected as being exploited by the first transaction, in response to determining that the second score falls above the certain score threshold. Accordingly, an abnormal volume of activations of adversarial latent features spanning across a plurality of transactions scored may be detected and blocked.

Abstract: Disclosed are various embodiments for validating documents using a blockchain data. Multiple documents can be included in the validation process using a merge and hash process and a summary terms document. Validation can be performed by hashing and merging operations, followed by comparing hash values.

Abstract: A computer-implemented method for executing a user instruction may include obtaining identification data of a user via a device associated with the user, wherein the identification data comprises at least a password, a user name, and biometric data of the user; determining, via the one or more processors, a login status based on the identification data; demonstrating, to the user, historical account data based on the login status, wherein the historical account data comprises at least historical biometric data associated with one or more historical logins; receiving, via the one or more processors, the user instruction based on the historical account data, wherein the user instruction comprises at least one of revoking a historical login, changing password, or signing out a historical device associated with a historical login of the one or more historical logins; and executing, via the one or more processors, the user instruction.

Abstract: Systems and methods to personalize offers for presentation to users are disclosed. Exemplary implementations may include a wireless chipset including an adhesive layer; electronic storage storing a unique identifier, a manufacturer identifier, a digital signature, and an encryption key; a wireless transducer; and one more processors. The one or more processors may be configured to effectuate transmission of identification information; receive challenge information; encrypt challenge information, such that encrypted response information is generated; and effectuate transmission of the encrypted response information.

Abstract: Inverse imbalance subspace searching techniques are used to detect potential malware among samples of network communication data. A large number of samples of network communication data, such as proxy log data and/or network flows, are received and analyzed by a malware detection system. A number of the samples are associated with known malware, while other unlabeled samples are either benign or may be associated with unknown malware. An inverse imbalance subspace search may be performed, in which the sample sets are divided into subsets based on random feature thresholds, and each subset is evaluated based on the ratio of known malware samples to unlabeled samples. Unlabeled samples within subsets having high malware sample ratios may be identified, aggregated, and processed as potential malware.

Abstract: In some implementation, a system for identifying malicious attacks on a convolutional neural network (CNN) model includes a target computing system that performs classification of objects using a CNN model, and an attack identification computing system that identifies an injected neural attack. The attack identification computing system can be configured to generate, based on the CNN model and associated parameters, an ecosystem of CNN models by modifying original weights of the parameters associated with the CNN model; update the original weights of the parameters with the modified weights; store, in a secure data store, the updated weights of the parameters; generate, based on the updated weights, an update file for the CNN model; update, using the update file, the CNN model; and transmit the updated CNN model to a targeting computing system configured to detect neural attacks by an attacker computing system based on the updated CNN model.

Abstract: There is provided a method of operating a node of a network. A first token generated by a device having an application program stored therein is received from the device. The first token is generated by the device in response to a request from a user to access the application program. A second token input by the user at a mobile terminal of a mobile network is received. The second token is input in response to a request for the user to input the first token. It is decided whether to allow the user access to the application program stored in the device based on a verification of whether the second token matches the first token and whether the user has a subscription for the application program. An indication of the decision whether to allow the user access to the application program is transmitted to the device.

Abstract: An apparatus includes multiple ports, packet communication processing circuitry coupled to the ports, and a processor that is configured to receive, from the packet communication processing circuitry, metadata that is indicative of a temporal pattern of control messages communicated via one or more of the ports, and to identify a network attack by applying anomaly detection to the temporal pattern of the control messages.

Abstract: There are provided systems and methods for detection of fraudulent displayable code data during device capture. A user may utilize a computing device to capture data at a certain location, such as imaging a QR code or reading an RFID reader. However, without knowing that those codes or devices are safe, the user make risk a computing attack on their device. Thus, processes herein provide a manner to detect when codes or devices are unsafe based on the additional data detected when encoded data is captured. In such instances, those codes and devices may be detected as fraudulent and the user may receive a warning of malicious computing attacks. Additionally, the user may be guided to valid codes and devices to utilize and may further receive information on removing such computing attacks.

Abstract: A system for information interaction includes: an electronic tag configured to present a two-dimensional code; a binding relationship existing between a first terminal and the two-dimensional code; a second terminal configured to: scan the two-dimensional code, generate login request information, send the login request information to the information interaction platform, the login request information including identifier information of the second terminal; receive content presentation information corresponding to the two-dimensional code returned by the information interaction platform, according to the identifier information, and perform information interaction with the first terminal according to a communication manner selected from the content presentation information; and an information interaction platform configured to receive the login request information, authorize and authenticate the second terminal according to the identifier information, and send the content presentation information to the second

Abstract: An online system receives information describing a request from a user to perform an action within a guest application and information identifying a host application for determining whether to allow the user to do so. The information describing the request is communicated to the host application for comparison to a set of permissions. Upon receiving information indicating the information describing the request matches a permission identifying a user allowed to perform an action within the guest application, the online system communicates, to the host application, a message for display to the user including an option allowing the user to perform the action within the guest application. Upon receiving a selection of the option at the host application, the online system receives a token allowing the user to perform the action within the guest application and communicates it to the guest application. The host and guest applications also may communicate directly.

Abstract: Various systems, methods, and apparatuses relate to managing data transmissions from one or more Internet of Things (IoT) devices. A method includes discovering one or more IoT devices; tracking data transmission between the one or more IoT devices and an IoT server; restricting audiovisual data transmission by at least one of the one or more IoT devices based on a user profile associated with a user by providing an instruction to the at least one of the one or more IoT devices; determining that the at least one of the one or more IoT devices is continuing to transmit audiovisual data to the IoT server subsequent to the restriction; based on the determination, denying network access; and presenting, via a user device, a user interface including an indication whether communications to the IoT server have been prevented for each of the one or more IoT devices.

Abstract: Disclosed is a multi-source encrypted image retrieval method based on federated learning and secret sharing, including the following steps: S1. performing model training on a convolutional neural network of double cloud platforms based on federated learning, with an image owner joining the double cloud platforms as a coalition member; and S2. completing, by an authorized user, encrypted image retrieval based on additive secret sharing with the assistance of the double cloud platforms. The present disclosure provides a multi-source encrypted retrieval scheme based on federated learning and secret sharing, which simplifies the neural network model structure for retrieval by using federated learning, to obtain better network parameters. Better neural network parameters and a more simplified network model structure are achieved by compromising overheads on the image owner side, such that a better convolutional neural network can be used in encrypted image retrieval.

Abstract: Methods, systems, and media for protecting and verifying video files are provided.

Abstract: A method identifying clusters with anomaly detection. The method includes aggregating a set of events, of a user, to generate a user vector in response to identifying an event of the set of events. The method further includes aggregating a set of user vectors to a periodic vector for a time period. The method further includes processing a set of periodic vectors to generate a periodic distance. The method further includes selecting the time period, corresponding to the periodic vector, using the periodic distance and a threshold. The method further includes processing the set of user vectors to generate clusters of user vectors, wherein the set of user vectors includes the event during the time period. The method further includes processing the clusters of user vectors to identify a selected cluster and performing an action to a set of user accounts corresponding to the selected cluster.

Abstract: A computerized-system for anomaly detection of Point-to-Point avionic communication messages via a message-bus between an entity to one or more aircraft-systems in an aircraft during phases of flight, is provided herein. The computerized-system may include a bus-message queue to store bus-avionic-communication-messages transmitted via one or more input buses; an anomaly queue to store anomaly bus-messages; a memory to store the bus-message queue and the anomaly queue; a C-BIT mechanism to operate one or more preconfigured test routines; and one or more processors to operate a rule engine based on a preconfigured ruleset to detect one or more anomalies of bus-avionic-communication-messages for each bus-message in the bus-message queue; The rule engine may be configured to store each bus-message that is detected as an anomaly in the anomaly queue and to send one or more alerts to be presented via one or more external devices for each bus-message in the anomaly queue.

Abstract: In an aspect of the present disclosure is a system for encrypted flight plan communications, the system including a first computing device communicatively connected to a peer-to-peer network including a second computing device, the first computing device configured to receive a verified flight plan from the second computing device, wherein the verified flight plan is encrypted, wherein the verified flight plan comprises battery datum, and decrypt the verified flight plan.

Abstract: Systems and methods of determining file-access patterns in at least one computer network, the network comprising a file-access server, including training a first machine learning (ML) algorithm with a first training dataset comprising vectors representing network traffic such that the first ML algorithm learns to determine network characteristics associated with file-access traffic, determining, using the first ML algorithm, network characteristics based on highest interaction of traffic with the file-access server compared to other interactions in the at least one computer network, and determining file-access patterns in the at least one computer network based on the network characteristics associated with file-access traffic.

Abstract: An intelligent-adversary simulator can construct a graph of a virtualized instance of a network including devices connecting to the virtualized instance of the network as well as connections and pathways through the virtualized instance of the network. Running a simulated cyber-attack scenario on the virtualized instance of the network in order to identify one or more critical devices connecting to the virtualized instance of the network from a security standpoint, and then put this information into a generated report to help prioritize which devices should have a priority. During a simulation, the intelligent-adversary simulator calculates paths of least resistance for a cyber threat in the cyber-attack scenario to compromise a source device through to other components until reaching an end goal of the cyber-attack scenario in the virtualized network, all based on historic knowledge of connectivity and behaviour patterns of users and devices within the actual network under analysis.