Abstract: A method is provided for validating an inventory of files in a file system of a customer premises equipment (CPE). The method includes developing a database containing a file system inventory of a validated CPE operating in different scenarios or under different operating conditions that may include different networks, different service provider configurations and different end user feature settings. The validated CPE will be allowed to operate in these different scenarios so that an inventory of files and their attributes may be obtained at different times, such as after a reboot, after a change in software feature configurations, and so on. A file system inventory of a CPE system under test is obtained and each entry in the inventory is compared to the entries in the validated file system database to identify unexpected discrepancies.

Abstract: A validity verification method may include receiving an event to be analyzed from a security information & event management (SIEM) server, the event to be analyzed selected by the SIEM server from a plurality of events detected by different security devices based on a desired correlation rule; registering the event to be analyzed; collecting raw data associated with the registered event from a security device corresponding to the registered event among the different security devices; acquiring location information of an intended network location associated with an attack based on the collected raw data; determining a validity status of the registered event based on the acquired location information; generating an exceptional processing message of the registered event; and transmitting the generated exceptional processing message to the SIEM server based on results of the determining the validity status of the registered event.

Abstract: Techniques for applying context-based security over interfaces in O-RAN environments in mobile networks are disclosed. In some embodiments, a system/process/computer program product for applying context-based security over interfaces in O-RAN environments in mobile networks includes monitoring network traffic on a mobile network at a security platform to identify a GTP-U tunnel session setup message associated with a new session; extracting a plurality of parameters from the GTP-U tunnel session setup message and from F1AP traffic to extract contextual information at the security platform; and enforcing a security policy at the security platform on the new session based on one or more of the plurality of parameters to apply context-based security to the network traffic transported between O-RAN Distributed Unit (O-DU) and O-RAN Centralized Unit Control Plane (O-CU-CP) nodes in an O-RAN environment in the mobile network.

Abstract: Methods, media, and systems for facilitating inter-application communications between a web platform and a remote application computing device are disclosed such that a link protocol agent associated with the web platform processes an authentication request based on which a temporary connection resource locator is provided. A connection is then established at the resource locator and maintained for a period of time. Payloads and acknowledgements are exchanged in the established connection. The connection is capable of being established across a firewall.

Abstract: A method implemented in a monitoring station is described. The monitoring station is configurable to monitor a communication between a first wireless device and a second wireless device. The method includes receiving a packet from the first wireless device, the packet being addressed to the second wireless device and determining whether the received packet meets at least one criterion of one packet that is to be blocked. The method further includes transmitting a blocking signal when the received packet meets the at least one criterion of the one packet that is to be blocked. The blocking signal causes an interference with a reception, at the second wireless device, of at least one field of the received packet.

Abstract: In an embodiment, a communication method, using OFDM (Orthogonal Frequency Division Multiplexing), comprises transmitting and receiving packets between a first node and at least one second node, where each packet comprises a preamble and payload data. The method, performed by the first node, may comprise receiving packets from the at least one second node, and authenticating the at least one second node based on physical layer characteristics, i.e., on CSI (Channel State Information). The authenticating may be based on a plurality of preambles, which are extracted from a group of consecutively received packets.

Abstract: Described herein are systems and methods for enhancing an interface for an information technology (IT) environment. In one implementation, an incident service causes display of a first version of a course of action and obtains input indicative of a request for a new action in the course of action. The incident service further determines suggested actions based at least one the input and causes display of the suggested actions. Once displayed, the incident service obtains input indicative of a selection of at least one action from the suggested actions, and causes display input indicative of a selection of at least one action from the suggested actions.

Abstract: The disclosed computer-implemented method for utilizing user identity notifications to protect against potential privacy attacks on mobile devices may include (i) monitoring a mobile computing device to detect one or more user interactions by a current user, (ii) identifying the current user of the mobile computing device, (iii) determining that the current user is a potentially malicious user associated with one or more privacy-invasive applications installed on the mobile computing device, and (iv) performing a security action that protects a benign user of the mobile computing device against an attack initiated by the potentially malicious user associated with the privacy-invasive applications. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Certain aspects of the present disclosure provide techniques for estimating performance of a radio link in a wireless communication systems using historical information. Disclosed methods generally includes determining receipt of historical information from a network, and estimating the performance of a radio link based on at least one selected from the group consisting of determining historical information was not received, and comparing received historical information to information available at the UE.

Abstract: A method synchronizes frame counters for protecting data transmissions between a first end-device and a second end-device. The data, in particular data frames, are transferred between the first end-device and the second end-device. The data frames are provided with frame counters to protect the data transfer between the first end-device and the second end-device. The second end-device sends a first data frame to the first end-device. The first data frame contains a marker in its payload data. The first end-device sends back a second data frame as an answer to the second end-device. The second data frame contains a frame counter in the header data, and the second data frame contains the frame counter and the marker in its payload data.

Abstract: Disclosed herein are methods, systems, and processes to detect valid clusters and eliminate spurious clusters in cybersecurity-based computing environments. A cluster detection and elimination model is trained by accessing a dataset with raw data that includes data points associated with computing devices in a network and applying two or more different clustering methodologies independently to the dataset. The resulting cluster detection and elimination model is used to compare two or more clusters to determine whether a cluster from one clustering methodology matches another cluster from another clustering methodology based on centroid locations and shared data points.

Abstract: A computerized system and method for symmetric encryption and decryption using two machines, the method including obtaining a message and an initialization vector on a first machine, sending the initialization vector to a second machine, where said second machine stores an encryption key for a Key Derivation Function (KDF), generating a derived key on the second machine by applying the KDF receiving as input both the encryption key and the initialization vector, sending the derived key from the second machine to the first machine, and encrypting the message using the derived key on the first machine.

Abstract: A model designer improves the security of a machine learning model in certain embodiments. Instead of storing the model in a central location, the training data used to build and train the model is stored across several different databases and/or datacenters. The training data is divided into portions and stored as a circular linked list across these databases and/or datacenters. The model designer retrieves the training data and incrementally builds and trains the model using the training data. The incremental error and bias of the model is used to locate training data between datacenters. Additionally, fake training data is appended to the circular linked list and the model designer tracks how much training data is used before hitting fake training data.

Abstract: A method is disclosed. The method includes providing, by an SDK and a first application in a mobile device, first and second security values to a security value verification module in the mobile device. If the mobile device confirms that the first and second security values match, then a second application can proceed with interaction processing.

Abstract: The invention relates to an industrial system comprising machines, systems for controlling machines connected by a first communication network, and a gateway intended to connect the first communication network to a second communication network. The gateway comprises a memory and comprises a processor configured to copy to the memory first data transmitted over the second communication network and relating to the operation of the machines.

Abstract: An application-specific integrated circuit (ASIC) and method are provided for executing a memory-hard algorithm requiring reading generated data. A processor or state machine executes one or more steps of the memory-hard algorithm and requests the generated data. At least one specialized circuit is provided for generating the generated data on demand in response to a request for the generated data from the processor. Specific embodiments are applied to memory-hard cryptographic algorithms, including Ethash and Equihash.

Abstract: A method includes parsing a handshake message of an encrypted data stream according to a secure encrypted transmission protocol corresponding to the encrypted data stream, to obtain a plurality of fields included in the handshake message, determining, from a plurality of rule sets and based on the plurality of fields, a rule set that matches the handshake message, and determining, based on a mapping relationship between the matched rule set and an application, an application corresponding to the encrypted data stream.

Abstract: A method for determining whether a user is a human is disclosed. The method includes receiving a request to determine whether a user attempting to access a service provided by a host compute device is a human, obtaining an input motion that the user entered while the user solved a challenge-response test for accessing the service, extracting a noise component of the input motion, retrieving a noise model characterizing noise patterns of input motions previously entered into graphical user interfaces by humans, comparing the noise component with the noise model, calculating a human likeness score of the user based on the comparison, determining whether the user is a human based on the human likeness score, and sending a result of the determination to the host compute device such that the host compute device can allow or restrict access to the service by the user depending on the result.

Abstract: A system and method of de-elevating a process created in a computing device of a computer system are disclosed. In certain aspects, a method includes detecting a user login within a login session of a computing device in the computer system, the login session having a default security context. The method also includes creating a de-elevated security context for the login session, wherein the de-elevated security context has fewer privileges than the default security context. The method also includes detecting a process being created within the login session. The method further includes determining that the process is potentially malicious by comparing an intended state and a digital profile of the computing device. The method also includes launching the process using the de-elevated security context.

Abstract: Virtual firewalls may be established that enforce sets of policies with respect to computing resources maintained by multi-tenant distributed services. Particular subsets of computing resources may be associated with particular tenants of a multi-tenant distributed service. A tenant may establish a firewalling policy set enforced by a virtual firewall for an associated subset of computing resources without affecting other tenants of the multi-tenant distributed service. Virtual firewalls enforcing multiple firewalling policy sets may be maintained by a common firewalling component of the multi-tenant distributed service. Firewalling policy sets may be distributed at multiple locations throughout the multi-tenant distributed service. For a request targeting a particular computing resource, the common firewalling component may identify the associated virtual firewall, and submit the request to the virtual firewall for evaluation in accordance with the corresponding firewalling policy set.