Abstract: A method and apparatus for identifying a risky user and a server. The method includes: extracting historical published information of users indicated by preset user identifiers; for each user indicated by each of the user identifiers, performing the following steps of identifying a risky user: extracting a feature vector from the historical published information of the user, and inputting the extracted feature vector to a pre-trained information identifying model to obtain an information identifying result corresponding to the historical published information of the user, the information identifying model being used to characterize a corresponding relation between the feature vector and the information identifying result; and determining the user as a risky user, in response to the information identifying result corresponding to the historical published information of the user indicating the historical published information of the user as risk information.

Abstract: A Domain Name System (“DNS”) package and a method for providing domain name resolution services in a partitioned network are disclosed. The system may include one or more built-in root name servers; one or more built-in top level domain (“TLD”) name servers; and a recursive name server. The recursive name server may be configured to query the one or more built-in root name servers during domain name resolution. Moreover, the one or more built-in root name servers may be configured to provide a network address corresponding to one of the built-in TLD name servers in response to a domain name resolution query sent by the recursive name server.

Abstract: The present application describes a method, system, and non-transitory computer-readable medium for end-to-end encryption during a secure communication session. According to the present disclosure, a first device receives an invitation to a secure communication session. The invitation includes a token, which the first device transmits to the call initiating device. Next, the first device performs a three-way handshake with the call initiating device to negotiate a first encryption key and a second encryption key for the secure communication session. The first device encrypts first communication data using the first encryption key and transmits the encrypted first communication data to the call initiating device.

Abstract: The present invention relates to an attack observation apparatus being a simulation environment where a malicious program such as malware created by an attacker is run, the simulation environment being built for observing the behavior and attack scheme of the malicious program. The attack observation apparatus includes a low-interactive simulation environment to execute on a terminal a predetermined response to communication coming from the malware, a high-interactive simulation environment to execute a response to the communication coming from the malware with using a virtual machine which simulates the terminal, and a communication management part to monitor an execution state of the low-interactive simulation environment with respect to the communication coming from the malware and switch the communication coming from the malware to the high-interactive simulation environment depending on the execution state of the low-interactive simulation environment.

Abstract: This disclosure provides a new automated threat detection using synchronized log and Snort streams. Time segments from a log stream are correlated by time to time segments from a Snort stream that have been identified as indicating “true” incidents. To determine whether a correlated time segment is “good” or “bad,” features are extracted from the correlated time segment and used to determine tuples associated therewith, each tuple containing a message type, a location, and an out of vocabulary word in the correlated time segment. A multidimensional feature vector containing a select number of the tuples is generated and provided as input to a machine learning module which determines, based on machine intelligence, whether the correlated time segment indicates a true incident.

Abstract: A data structure is provided for use as a positive list in a device, including an entry for each permitted communication partner of the device having a first identifier that explicitly identifies the communication partner, a value of a predetermined certificate field that identifies a certificate as explicitly associated with the communication partner, and a respective check value from at least one certificate of a communication partner that explicitly identifies the certificate. A method for updating the positive list for certificates from permitted communication partners of a device comprises the method steps of receiving a new certificate from a communication partner in the device, checking whether the positive list has an entry having an identifier of the communication partner and a value of a predetermined certificate field from the new certificate.

Abstract: A system for capturing communication variables associated with a communication between two or more parties and implementing a quantum optimizer to analyze the communication variables to determine the actual context of a communication held by one or more parties to the communication. Once the actual context is determined, a further determination is made as to whether the actual context poses or potentially poses a security threat to one or more parties to the communication or a third-party and, if so, notifies the party of the security threat. In this regard, parties to a communication that are unaware of the actual context of the communication held by another party are made aware of that actual context poses a security threat and, in some embodiments, notifies the parties while the communication is still occurring.

Abstract: A method and system are provided. The method includes separating initial user-inputted data into terms. The method further includes determining which terms are identity-related terms relating to an identity of a user, and which terms are clarity-related terms relating to subject-matter clarity. The method also includes calculating a population. The population is a number of individuals satisfying the identity-related terms. The method additionally includes assigning, for each clarity-related term, a clarity level, representing a respective amount of clarity for a respective one of the clarity-related terms. The method further includes creating amended user-inputted data by amending the initial user-inputted data such that the population is greater than or equal to a first threshold, and such that the clarity level, assigned for each clarity-related term, is greater than or equal to a second threshold.

Abstract: Techniques and mechanisms are disclosed enabling efficient collection of forensic data from client devices, also referred to herein as endpoint devices, of a networked computer system. Embodiments described herein further enable correlating forensic data with other types of non-forensic data from other data sources. A network security application described herein further enables generating various dashboards, visualizations, and other interfaces for managing forensic data collection, and displaying information related to collected forensic data and information related to identified correlations between items of forensic data and other items of non-forensic data.

Abstract: Systems and methods for identifying and addressing domains suspected as malicious domains used for targeted attacks in a cloud-based system include receiving valid domains; receiving an unidentified domain; comparing the unidentified domain to the valid domains to derive a distance calculation of the unidentified domain to each of the valid domains; determining whether the unidentified domain is a cybersquatting attempt of one of the valid domains based on the comparing; and, responsive to the determining the unidentified domain is a cybersquatting attempt, one of notifying an operator/user and blocking the unidentified domain in the cloud-based system.

Abstract: The invention is, firstly, a cryptographic apparatus for encrypting unencrypted data, comprising an input module for inputting the unencrypted data and an output module for outputting encrypted data, and a key automaton (44) adapted for converting the unencrypted data into the encrypted data, and the key automaton (44) is an composition of automata said composition of automata having a set of states and a set of input signals identical to each other and being implemented as a permutation automaton without output signals, said composition of automata comprises at least one factor automaton without output signals, each of the unencrypted data and the encrypted data has a character set identical to each other, and the set of states and the set of input signals, respectively, consist of blocks obtained from all possible combinations of said character set, wherein the blocks are of a predetermined block length. The invention is, furthermore, a cryptographic apparatus for decrypting encrypted data.

Abstract: A blockchain includes blocks that each store a hash value computed using a hash function from data of the block. Another hash value is computed for each block using a different hash function, and added to the block within the blockchain. New blocks subsequently added to the blockchain have hash values computed using just the different hash function.

Abstract: Example implementations of the present disclosure are directed to systems and methods directed to increasing the accuracy and speed that anomalous and malicious network data can be identified within a vehicle. Through the utilization of example implementations described herein, the security of the vehicle can be increased and the risk of a vehicle's internal systems being compromised and property being damaged can be reduced.

Abstract: Embodiments for media access policy and control management by one or more processors. A user is identified using biometric data to enable enforcement of one or more media policies for controlling access to media content for one or more types of computing devices. The one or more media policies may be incrementally applied over a predetermined period of time according to a resistance factor of the user to the one or more media policies for controlling access to media content for each of the one or more types of computing devices.

Abstract: A system, method, and computer program product are provided for dynamically configuring a virtual environment for identifying unwanted data. In use, a virtual environment located on a first device is dynamically configured based on at least one property of a second device. Further, unwanted data is identified, utilizing the virtual environment.

Abstract: Service providers may operate one or more services configured to detect requests generated by automated agents. A CAPTCHA may be transmitted in response to requests generated by automated agents. The CAPTCHAs may be included in a modal pop-up box configured to be displayed by a client application displaying a webpage to a customer of the service provider. Furthermore, the CAPTCHAs included in the modal pop-up box may be rendered inactive and caused not to be displayed by client application executing the webpage. Submitted solutions to CAPTCHAs may be presented with a cookie that enables access to resources of the service provider without restriction. Cookies may be tracked and their use may be used to detect automated agent activity.

Abstract: A system for detecting an attack by a virtual or physical machine on one or more auto-generated websites is provided. The system includes a processor, a memory, and an application. The application is stored in the memory and includes instructions, which are executable by the processor. The instructions are configured to: access an index of a search engine server computer and determine uniform resource locators (URLs) of auto-generated websites, where the auto-generated websites include the one or more auto-generated websites; and access Internet protocol (IP) address-URL entries stored in a domain name system server computer.

Abstract: An apparatus, computer program, and method are provided for generating an intermediate entitlement specification that specifies one or more access rights in connection with a service or content. A plurality of entitlement policies is stored that are configured for being used to determine one or more entitlements to be sent to a device. In operation, an offer specification is received, and at least one of the plurality of entitlement policies is identified based on the offer specification. An intermediate entitlement specification is generated that specifies one or more access rights in connection with a service or content, based on at least one entitlement policy. In use, a run-time entitlement specification may be generated, in response to a request for the service or content during a run-time. Further, in one embodiment, the run-time entitlement specification may be generated utilizing at least one intermediate entitlement specification.

Abstract: A system for preventing a brute force attack includes an output interface, an input interface, and a processor. An output interface is to provide a workfactor, a challenge token, and a login page to a client. An input interface is to receive a response token, a username, and a password. A processor is to determine whether the response token satisfies a condition based at least in part on the workfactor and determine whether the username and password are valid in the event that it is determined that the response token satisfies the condition based at least in part on the workfactor.

Abstract: A replaceable item for a host device includes a non-volatile memory and logic. The non-volatile memory stores passwords or authentication values, and/or a cryptographic key. The logic permits retrieval of a predetermined maximum number of the passwords from the non-volatile memory to authenticate the replaceable item within the host device. The predetermined maximum number of the passwords is less than the total number of the passwords.