Abstract: This disclosure relates generally to online learning against data poisoning attack. Conventional methods used data sanitization techniques for online learning against data poisoning attack. However, these methods do not remove poisoned data points from training dataset completely. Embodiments of the present disclosure method provide an influence based defense method for secure online learning against data poisoning attack. The method initially filters a subset of poisoned data points in the training dataset for training a machine learning model using data sanitization technique. Further the method computes an influence of the data points and performs an influence minimization based on a predefined threshold. Updated data points for the learning model are generated and used for training the machine learning model. The disclosed method can be used against data poisoning attacks in applications such as spam filtering, malware detection, recommender system and so on.

Abstract: A network node may select a reference AM/PM impairment signature. The network node may transmit, to a UE, a first indication of the reference AM/PM impairment signature via a security signal. The network node may transmit, to the UE, at least one reference signal via a downlink channel. The at least one reference signal may include added AM/PM impairment based on the reference AM/PM impairment signature. The UE may receive, from a transmitter, at least one reference signal via a downlink channel. The UE may estimate an AM/PM impairment signature in the at least one reference signal. The UE may identify whether the estimated AM/PM impairment signature matches a reference AM/PM impairment signature. Further, the UE may maintain or discard at least one slot associated with the downlink channel based on whether the estimated AM/PM impairment signature matches the reference AM/PM impairment signature.

Abstract: Disclosed are methods, systems, and non-transitory computer-readable storage media for evaluating software posture as a condition of zero trust access. The present technology provides a client-side validation agent and a validation service which in tandem can capture and evaluate data representative of parameters associated with an application executing on a user device. The validation service can validate the application to a networked service, and in turn the networked service can permit communication to the application running on the user device.

Abstract: The present disclosure relates to apparatuses and methods for memory management. The disclosure further relates to an interface protocol for flash memory devices including at least a memory array and a memory controller coupled to the memory array. A host device is coupled to the memory device through a communication channel and a hardware and/or software full encryption-decryption scheme is adopted in the communication channel for data, addresses and commands exchanged between the host device and the memory array.

Abstract: A method of detecting bots, preferably in an operating environment supported by a content delivery network (CDN) that comprises a shared infrastructure of distributed edge servers from which CDN customer content is delivered to requesting end users (clients). The method begins as clients interact with the edge servers. As such interactions occur, transaction data is collected. The transaction data is mined against a set of “primitive” or “compound” features sets to generate a database of information. In particular, preferably the database comprises one or more data structures, wherein a given data structure associates a feature value with its relative percentage occurrence across the collected transaction data. Thereafter, and upon receipt of a new transaction request, primitive or compound feature set data derived from the new transaction request are compared against the database. Based on the comparison, an end user client associated with the new transaction request is then characterized, e.g.

Abstract: A method, apparatus and computer program product are provided for generating a registered certified seal, sealing an asset, and verifying a sealed asset. In an example embodiment, a method is provided for receiving a request to generate a registered certified seal from an entity, accessing certifier entity data via a uniform resource locator of a certification authority identified by a certifying certificate, and verifying a digitally signed entity certifying certificate. The method further comprises upon verifying the digitally signed entity certifying certificate, receiving seal data comprising a seal data key for a certified seal, and saving the seal data for the entity within a digital seal registry, wherein the digital seal registry is searchable based at least in part on at least a portion of the seal data key.

Abstract: An example apparatus can receive a DMA request from a device, where the DMA request comprises an address and an ID of the device that uniquely identifies the device and wherein the device is a bus mastering device. The example apparatus can access a range of addresses using the ID of the device. An example apparatus can determine whether the address is in the range of addresses and can process the DMA request responsive to verifying that the address is in the range of addresses.

Abstract: Systems and methods for mitigating network attacks include, responsive to detection of malicious traffic in a network, causing creation of an isolated network slice in the network where the isolated network slice is a set of connection resources that are allocated to a flow of traffic and that spans a plurality of network devices in the network; and causing rerouting of the malicious traffic from a source node of the malicious traffic to a deceptive network resource along the isolated network slice.

Abstract: A license issuing means issues a license file to an application program using a library containing a plurality of functions. The license file contains licensed function information for specifying a function allowed to be used among the plurality of functions contained in the library. An authentication means performs license authentication based on the license file. A function activation means activates a function specified by the licensed function information among the plurality of functions in the library based on a result of the license authentication. A program execution means executes the application program by using the activated function.

Abstract: Memory is partitioned and isolated in container-based memory enclaves. The container-based memory enclaves have attestable security guarantees. During provisioning of the container-based memory enclaves from a container image, a purported link in the container to a memory address of the enclave is modified to verifiably link to an actual memory address of the host, such as partitioned memory enclave. In some instances, enclave attestation reports can be validated without transmitting corresponding attestation requests to remote attestation services, based on previous attestation of one or more previous container attestation reports from a similar container and without requiring end-to-end attestation between the container and remote attestation service for each new attestation request.

Abstract: Technologies are shown for trust delegation that involve receiving a first request from a subject client and responding by sending a first token having first permissions to the subject client. A second request from a first actor includes the first token and responding involves linking the first actor to the subject client in a trust stack and sending a second token to the first actor with second permissions, the second token being a first complex token that identifies the subject client and the first actor. A third request from a second actor includes the second token and responding to the third request involves linking the second actor to the first actor in the trust stack, and sending a third token to the second actor partner with third permissions, the third token being a second complex token that identifies the first actor and the second actor.

Abstract: A unique implementation of a machine learning application for suggesting actions for a user to undertake is described herein. The application transforms a history of user behavior for a plurality of users into a set of models that represent user actions, and the optimal actions, given a set of parameters. These models are then used to suggest that users in a payments or banking environment take certain actions based on a best in class model derived from the best performing user. The models are created using the DensiCube, random forest, K-means or other machine learning algorithms.

Abstract: Disclosed herein are systems and method for providing agentless security of virtual machines. In one aspect, the method intercepts, by a virtual switch filtering extension of an extensible virtual switch on a host processor, a data packet in an outbound transmission from a virtual machine to a destination device. The method blocks, by the virtual switch filtering extension, transmission of the data packet from the virtual machine to the destination device based on determining non-compliance with a set of predefined rules of the first virtual machine. The method generates a first event indicative of the blocking and creates a filtering log comprising a list of events, filtered by the virtual switch filtering extension, including the first event. The filtering log is either transmitted or cached based on whether accessibility is available to a management service database.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for post-quantum cryptography (PQC). An example method includes receiving data. The example method further includes receiving a set of data attributes about the data. The set of data attributes comprises one or more sets of data environment data attributes that are each representative of a set of data environments associated with the data. The example method further includes receiving one or more sets of data environment threat data structures associated with one or more data environments in the one or more sets of data environments associated with the data. The example method further includes selecting one or more cryptographic techniques for encrypting the data for at least the one or more data environments based on the set of data attributes, the one or more sets of data environment threat data structures, and a cryptograph optimization machine learning model.

Abstract: Disclosed here is a system and method to determine which wireless telecommunication network functionalities are impaired when using end-to-end encryption and to ameliorate the impairment of the functionality. The system receives a request from a sender device to communicate with a receiver device, where the request indicates whether the sender device is capable of an end-to-end encryption. The system determines whether the receiver device is capable of the end-to-end encryption, and whether the receiver device is associated with a functionality provided by a wireless telecommunication network that is impaired when the end-to-end encryption is used. Upon determining that the receiver device is not capable of the end-to-end encryption or that the receiver device is associated with the functionality that is impaired, the system performs an action to ameliorate the impairment to the functionality.

Abstract: A receiver for recognizes blinding attacks in a quantum encrypted channel having an optical fiber. The receiver includes a multipixel detector having a plurality of pixels, and configured to be illuminated by a light beam outputted by the optical fiber. A processing unit connects to the multipixel detector and is configured to determine the presence of a blinding attack if a predetermined number of pixels detects light within a predetermined interval. The receiver recognizes blinding attacks in a quantum encrypted channel and implements a method for recognizing blinding attacks in a quantum encrypted channel.

Abstract: A system for combining data from various data providers, certain portions of said data necessary to perform identity related services, said portions of said data combined into a central repository with a secure data structure, said data structure made available to outside parties participating in verification or validation services on at least a part of said portions of said data, storing the results of said services as separate entries in said data structure, resulting after a review in a total score, that can be used as a proofed portable identity verification.

Abstract: A method of exchanging a combined cryptographic key between a first node and a second node, the first node and the second node being connected through a first communication and a second communication network, wherein the first communication network is a quantum communication network wherein information is encoded on weak light pulses; and the first node and the second node being configured to: exchange one or more first cryptographic keys on the first communication network; exchange one or more second cryptographic keys using the second communication network; and form the combined cryptographic key by combining the one or more first cryptographic keys and the one or more second cryptographic keys, such that the first node and the second node share knowledge of the combined cryptographic key.

Abstract: Provided are embodiments for a circuit comprising for performing hardware acceleration for elliptic curve cryptography (ECC). The circuit includes a code array comprising instructions for performing complex modular arithmetic; and a data array storing values corresponding to one or more complex numbers. The modular arithmetic unit includes a first multiplier and a first accumulation unit, a second multiplier and a second accumulation unit, and a third multiplier and a third accumulation unit, wherein the first, second, and third multiplier and accumulation units are cascaded and configured to perform hardware computation of complex modular operations. Also provided are embodiments of a computer program product and a method for performing the hardware acceleration of super-singular isogeny key encryption (SIKE) operations.

Abstract: Techniques are provided for aggregate inline deduplication and volume granularity encryption. For example, data that is exclusive to a volume of a tenant is encrypted using an exclusive encryption key accessible to the tenant. The exclusive encryption key of that tenant is inaccessible to other tenants. Shared data that has been deduplicated and shared between the volume and another volume of a different tenant is encrypted using a shared encryption key of the volume. The shared encryption key is made available to other tenants. In this way, data can be deduplicated across multiple volumes of different tenants of a storage environment, while maintaining security and data privacy at a volume level.