Abstract: An illustrative embodiment includes a method for protecting a machine learning model. The method includes: determining concept-level interpretability of respective units within the model; determining sensitivity of the respective units within the model to an adversarial attack; identifying units within the model which are both interpretable and sensitive to the adversarial attack; and enhancing defense against the adversarial attack by masking at least a portion of the units identified as both interpretable and sensitive to the adversarial attack.

Abstract: The disclosed computer-implemented method for protecting against password attacks by concealing the use of honeywords in password files may include (i) receiving a login request comprising a candidate password for a user, (ii) authenticating the login request by determining whether a hash of a true password for the user stored in a honeyserver matches a hash of the candidate password, (iii) determining whether the candidate password has matches a hash of a honeyword stored in a password file when the true password hash fails to match the candidate password hash, (iv) classifying the password file as being potentially compromised when the candidate password hash matches the honeyword hash stored in the password file, and (v) performing a security action that protects against a password attack utilizing the potentially compromised password file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method includes outputting with a first reader, presence signals to first smart devices, receiving responsive ephemeral ID signals, determining a first authorized device in response to the ephemeral ID signals, providing an ephemeral ID signal of the first authorized device to a second reader, directing a first peripheral to perform a user-perceptible action in response to the first authorized device, outputting with a second reader device, presence signals to second smart devices, receiving responsive ephemeral ID, determining a second authorized device in response to the ephemeral ID signals from the second smart devices, receiving the ephemeral ID signal of the first authorized device, determining a third authorized device in response to the ephemeral ID signal of the first authorized device, and directing a second peripheral device to perform a user-perceptible action in response to the second authorized device or the third authorized device.

Abstract: One example method includes deploying a group of bots in a computing environment that includes a group of nodes, each of the bots having an associated attack vector with respect to one or more of the nodes, receiving, from each of the bots, a report that identifies a node attacked by that bot, and a result of the attack, and adjusting, based on the bot reports, a confidence score of one or more of the attacked nodes.

Abstract: A method for registering and authenticating a user based on a visual access code. The method includes presenting, to the user, images; receiving a selection of a first image; receiving a selection of at least a first set of hotspots from a plurality of hotspots included in the first image; and generating a visual access code based at least in part on the selection of the first image and the first set of hotspots.

Abstract: The network reachability module maps and dynamically tracks network reachability of network addresses and/or devices. The network reachability module can map and dynamically track network reachability of a response-orchestrator engine, via communicating and cooperating with the response-orchestrator engine. The network reachability module has a tracking module to 1) monitor network traffic and 2) keep a list of known devices and/or known subnets on the network, which is dynamically tracked and updated as previously unknown devices and subnets on the network are detected. A trigger module generates a spoofed transmission and/or response communication, supported by a network protocol used by the network. The spoofed transmission and/or response communication can be used to map network reachability of i) network devices, ii) network addresses, and iii) any combination of both, which either 1) can receive or 2) cannot receive protocol communications from a host for the network reachability module in the network.

Abstract: Systems and methods for compute resource configuration, verification, and remediation are provided herein. An example method includes verifying compliance of an operating system and compute assets provisioned configured within a middleware of a computing device using a pre-defined configuration profile, the compliance being determined by comparison of run-time hardware and software attributes of the compute assets to the pre-defined configuration profile comprising hardware and software requirements for the client of a blockchain implementation.

Abstract: Analyzing and mitigating website privacy issues by automatically classifying cookies.

Abstract: A method for accessing cloud resources via a local application development environment on a computing device. The method includes invoking an access management client at the computing device; obtaining an account identifier associated with a user account and communicating the account identifier to an identity platform; receiving an authentication message from the identity platform in response to the identity platform validating the account identifier, the authentication message comprising a role identifier; communicating the authentication message to the cloud platform; receiving security credentials associated with the role identifier from the cloud platform in response to the cloud platform validating the authentication message and the associated role identifier; setting a variable in the local development environment based on the received security credentials for use by the local development environment to request access to one or more resources maintained by the cloud platform.

Abstract: Techniques and apparatuses are described to enable a strategically coordinated fictitious ecosystem of disinformation for cyber threat intelligence collection in a computing network. The ecosystem comprises fictitious profiles and supporting fictitious infrastructure information to portray in-depth, apparent authenticity of the ecosystem. Malicious communications from an adversary directed at the ecosystem are monitored, and threat intelligence about the adversary is collected to prevent future attacks.

Abstract: Systems and methods described herein provide a private network management service for enterprise networks with wireless access. The systems and methods receive, within a provider network and from a user of a private network, parameters for multiple subscription profiles; associate the multiple subscription profiles with an identifier for the private network to create private network subscription profiles; store the private network subscription profiles; and provide at least a portion of the private network subscription profiles from a core network of the provider network to an authentication proxy in the private network. The authentication proxy performs authentication for end devices locally based on the private network subscription profiles.

Abstract: The disclosure relates to user-centric access to blockchain-based services accessed through a telecom network. User devices may each include a Digital Passport Application (“DPA”), which may be stored at an eSIM of the user device. The DPA may be directed to and anchor to an Edge Digital Gate (“EDG”) entitled to provide access to blockchain-based services. The DPA may store a digital persona that digitally represents an entity such as a user or machine so that the DPA may access and interact with blockchain-based services on behalf of the entity. For instance, the digital persona may bind a physical identity of the entity with a digital identity through a private key of the entity. The private key may be used to digitally signed the access token. The digital persona may further link the digital identity with one or more (typically multiple) virtual identities each associated with a blockchain-based service.

Abstract: A method includes generating a private key associated with a distributed ledger. The private key is stored on a secure memory. A storage device is manufactured and includes an onboard computing device having the secure memory integrated therein. The onboard computing device is configured to sign one or more ledger operations with the private key.

Abstract: Embodiments for detecting malicious modification of data in a network, by: setting, by a first layer of network resources, a number of markers associated with input/output (I/O) operations of the network; saving the markers, location, and associated metadata in a marker database; reading, by a second layer of the network resources, the markers corresponding to relevant I/O operations; and verifying each scanned I/O operation against a corresponding marker to determine whether or not data for a scanned specific I/O operation has been improperly modified for the first and second layers and any intermediate layer resulting in a fault condition, and if so, taking remedial action to flag or abort the specific I/O operation.

Abstract: The disclosed computer-implemented method may include initializing a server instance using a specified network address and an associated set of credentials, logging the network address of the initialized server instance as well as the associated set of credentials in a data log, analyzing network service requests to determine that a different server instance with a different network address is requesting a network service using the same set of credentials, accessing the data log to determine whether the second server instance is using a network address that is known to be valid within the network and, upon determining that the second server instance is not using a known network address, preventing the second server instance from performing specified tasks within the network. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques for providing a smart proxy for a large scale high-interaction honeypot farm are disclosed. In some embodiments, a system/method/computer program product for providing a smart proxy for a large scale high-interaction honeypot farm includes receiving tunneled traffic at a smart proxy from a sensor for a honeypot farm that is executed in a honeypot cloud, wherein the tunneled traffic is forwarded attack traffic, and wherein the honeypot farm includes a plurality of container images of distinct types of vulnerable services; selecting a matching type of vulnerable service from the plurality of container images of distinct types of vulnerable services based on a profile of the attack traffic; and forwarding the tunneled traffic to an instance of the matching type of vulnerable service.

Abstract: Techniques are described selecting consensus nodes in a blockchain. A voting process is performed by a plurality of shareholder nodes to generate a voting result for each shareholder node. The voting process comprises each shareholder node voting for a plurality of expected nodes, and the expected nodes and the plurality of shareholder nodes comprise a group of nodes associated with a blockchain. A shareholder node is a node that owns at least one share. A voting result is verified for each shareholder node. After the voting process, a number of shares owned by each node of the group of nodes id determined based on the voting result. A plurality of consensus nodes are selected from shareholder nodes based on the number of shares owned by each of the shareholder nodes.

Abstract: Techniques for providing a large scale high-interaction honeypot farm are disclosed. In some embodiments, a system/method/computer program product for providing a large scale high-interaction honeypot farm includes sending traffic detected at a sensor to a smart proxy for a honeypot farm that is executed in a honeypot cloud, wherein the traffic is forwarded attack traffic that is sent using a tunneling protocol, and wherein the honeypot farm includes a plurality of container images of distinct types of vulnerable services; selecting a matching type of vulnerable service from the plurality of container images of distinct types of vulnerable services based on a profile of the attack traffic; forwarding the traffic to an instance of the matching type of vulnerable service; and executing a security agent associated with the instance of the matching type of vulnerable service to identify a threat by monitoring behaviors and detecting anomalies or post exploitation activities.

Abstract: A method of storing data allowing a seed value for generating an encryption key to be retrieved is provided. The method comprises obtaining, for each of a plurality of biological data sources, a respective set of biometric data from an authorised user. A respective biometric identifier is generated from each set of biometric data. The biometric identifiers are stored in a database. A plurality of seed portions are generated that are combinable using a function to generate the seed value. Each seed portion is stored in the database in association with a biometric identifier.

Abstract: A control method for controlling a wireless device includes setting a decode protocol at a first wireless device and a second wireless device; publishing a service set identifier (SSID) by the first wireless device; detecting the service set identifier by the second wireless device; decoding the service set identifier according to the decode protocol by the second wireless device; and executing a specific function according to the service set identifier by the second wireless device.