Abstract: An apparatus, a computer program product and a method for dimensionality reduction comprising: obtaining a set of Application Programming Interface (API) functions of a system invocable by a program, and a set of artifacts. Each artifact is associated with at least one API function and indicative of a functionality thereof. The method further comprising: clustering the API functions based on an analysis of the artifacts to create a set of clusters smaller than the set of API functions, such that each cluster comprises API functions having a similar functionality; and performing a dimensionality reduction to a feature vector using the set of clusters.

Abstract: A system, an apparatus, a computer program product and a method for obfuscation-based security and authentication. The method comprises: obtaining a different key for each different device; obfuscating an interface layer utilized by components of the device to interact, using the key, to produce an obfuscated interface layer; and providing, directly or indirectly, the two components with the key to allow the two components to utilize the obfuscated interface layer to interact with each other. The system comprises a plurality of devices that are instances of a same device and a server coupled to a memory retaining a plurality of keys, each of which is used to obfuscate interface layers of a different device to produce heterogeneous set of devices instead of a homogenous set of devices. Communications and operations with the plurality of devices are performed in an obfuscated manner through the server.

Abstract: A method, computer program product, and computer system are provided. A processor receives an executable file for execution by an operating system, where the executable file includes a plurality of sections in a first order. A processor determines a second order that indicates a loading order for the plurality of sections, where the second order is distinct from the first order. A processor loads the plurality of sections of the executable file into a plurality of locations in memory of a device based on the second order. A processor resolves one or more memory references for the plurality of sections based on the plurality of locations in memory. A processor executes the plurality of sections of the executable file in the plurality of locations in memory.

Abstract: In some examples, a system for authenticating users can include a processor to train a first predictive application based on a first set of user engagements with advertisements, wherein the first predictive application is associated with a first advertising identifier. The processor can also train a second predictive application based on a second set of user engagements with the advertisements, wherein the second predictive application is associated with a second advertising identifier. Additionally, the processor can compare the first predictive application and the second predictive application and authenticate a user in response to detecting a similarity of the first predictive application and the second predictive application is below a threshold value, wherein authenticating the user enables the user to access a resource or service.

Abstract: Challenging a current user of a computing device by measuring characteristics of user actions sensed by a computing device, determining that the measurements meet a uniqueness condition with respect to corresponding measurements in a comparison set of actions, recording the user actions and their measurements in a set of challenge actions associated with an authorized user, and responsive to a challenge requirement to determine whether a current user of the computing device is the authorized user, selecting challenge actions associated with an authorized user, prompting the current user to perform the selected challenge actions that are then sensed by the computing device, measuring characteristics of the prompted actions, and determining that the measurements of the characteristics of the prompted actions meet a similarity condition with respect to measurements of corresponding characteristics of the selected challenge actions.

Abstract: Challenging a current user of a computing device by measuring characteristics of user actions sensed by a computing device, determining that the measurements meet a uniqueness condition with respect to corresponding measurements in a comparison set of actions, recording the user actions and their measurements in a set of challenge actions associated with an authorized user, and responsive to a challenge requirement to determine whether a current user of the computing device is the authorized user, selecting challenge actions associated with an authorized user, prompting the current user to perform the selected challenge actions that are then sensed by the computing device, measuring characteristics of the prompted actions, and determining that the measurements of the characteristics of the prompted actions meet a similarity condition with respect to measurements of corresponding characteristics of the selected challenge actions.

Abstract: A method, computer product and computerized system, the method comprising: obtaining computer code, wherein the computer code is comprised of code blocks arranged in a first order and providing a functionality, wherein each code block of the code blocks comprises one or more program instructions; determining, by a processor, one or more constraints on reordering the code blocks in a second order, such that a second computer code comprising the code blocks arranged in the second order, when executed, provides the functionality; and providing the constraints to an automatic solver for determining the second order.

Abstract: A method, apparatus and product for using a predictive model to predict if inputs reach a vulnerability of a program. Given a sample input, which when provided to a program being executed, is configured to cause execution of the program to reach a vulnerability, a set of variant inputs and labels thereof is generated based on the sample input and execution of the program with each variant input. A predictive model is trained based on the set of variant inputs and labels thereof, and provided to an input analysis platform configured to analyze an input; whereby the input analysis platform is enabled to predict whether an input would cause the program to reach the vulnerability prior to executing the program with the input and perform a responsive action accordingly.

Abstract: A system, an apparatus, a computer program product and a method for obfuscation-based security and authentication. The method comprises: obtaining a different key for each different device; obfuscating an interface layer utilized by components of the device to interact, using the key, to produce an obfuscated interface layer; and providing, directly or indirectly, the two components with the key to allow the two components to utilize the obfuscated interface layer to interact with each other. The system comprises a plurality of devices that are instances of a same device and a server coupled to a memory retaining a plurality of keys, each of which is used to obfuscate interface layers of a different device to produce heterogeneous set of devices instead of a homogenous set of devices. Communications and operations with the plurality of devices are performed in an obfuscated manner through the server.

Abstract: An example system includes a processor to receive hashed sensitive data including attributes, a hashing function, and text classifiers. The processor is to also monitor a user interface and detect an input text or an output text. The processor is to further scan the detected input text or the detected output text to detect a candidate based on the text classifiers. The processor is also to hash the detected candidate using the hashing function to generate a hashed candidate. The processor is to match the hashed candidate with hashed sensitive data. The processor is to also further extract an attribute from the matched hashed sensitive data. The processor is to intercept the output text based at least on the extracted attribute.

Abstract: An apparatus, a computer program product and a method for dimensionality reduction comprising: obtaining a set of Application Programming Interface (API) functions of a system invocable by a program, and a set of artifacts. Each artifact is associated with at least one API function and indicative of a functionality thereof. The method further comprising: clustering the API functions based on an analysis of the artifacts to create a set of clusters smaller than the set of API functions, such that each cluster comprises API functions having a similar functionality; and performing a dimensionality reduction to a feature vector using the set of clusters.

Abstract: In some examples, a system for authenticating users can include a processor to train a first predictive application based on a first set of user engagements with advertisements, wherein the first predictive application is associated with a first advertising identifier. The processor can also train a second predictive application based on a second set of user engagements with the advertisements, wherein the second predictive application is associated with a second advertising identifier. Additionally, the processor can compare the first predictive application and the second predictive application and authenticate a user in response to detecting a similarity of the first predictive application and the second predictive application is below a threshold value, wherein authenticating the user enables the user to access a resource or service.

Abstract: A method, computer product and computerized system, the method comprising: receiving computer code to be protected, wherein the computer code comprising of code blocks arranged consecutively; modifying the computer code, whereby a modified computer code is created, wherein said modifying comprises: introducing a padding area inbetween every two code blocks, wherein each padding area comprises one or more computer instructions; and storing the modified computer code in a computer readable medium.

Abstract: Challenging a current user of a computing device by measuring characteristics of user actions sensed by a computing device, determining that the measurements meet a uniqueness condition with respect to corresponding measurements in a comparison set of actions, recording the user actions and their measurements in a set of challenge actions associated with an authorized user, and responsive to a challenge requirement to determine whether a current user of the computing device is the authorized user, selecting challenge actions associated with an authorized user, prompting the current user to perform the selected challenge actions that are then sensed by the computing device, measuring characteristics of the prompted actions, and determining that the measurements of the characteristics of the prompted actions meet a similarity condition with respect to measurements of corresponding characteristics of the selected challenge actions.

Abstract: A method, computer program product, and computer system are provided. A processor receives an executable file for execution by an operating system, where the executable file includes a plurality of sections in a first order. A processor determines a second order that indicates a loading order for the plurality of sections, where the second order is distinct from the first order. A processor loads the plurality of sections of the executable file into a plurality of locations in memory of a device based on the second order. A processor resolves one or more memory references for the plurality of sections based on the plurality of locations in memory. A processor executes the plurality of sections of the executable file in the plurality of locations in memory.

Abstract: A method, apparatus and product for using a predictive model to predict if inputs reach a vulnerability of a program. Given a sample input, which when provided to a program being executed, is configured to cause execution of the program to reach a vulnerability, a set of variant inputs and labels thereof is generated based on the sample input and execution of the program with each variant input. A predictive model is trained based on the set of variant inputs and labels thereof, and provided to an input analysis platform configured to analyze an input; whereby the input analysis platform is enabled to predict whether an input would cause the program to reach the vulnerability prior to executing the program with the input and perform a responsive action accordingly.

Abstract: A method, computer product and computerized system, the method comprising: obtaining computer code, wherein the computer code is comprised of code blocks arranged in a first order and providing a functionality, wherein each code block of the code blocks comprises one or more program instructions; determining, by a processor, one or more constraints on reordering the code blocks in a second order, such that a second computer code comprising the code blocks arranged in the second order, when executed, provides the functionality; and providing the constraints to an automatic solver for determining the second order.

Abstract: Accessing a password-secured computer software application by acquiring an input password, generating at a first computer an output password from the input password using password generation data, where the output password differs from the input password, and providing the output password to a second computer as part of a request to access a password-secured computer software application using the output password, where the password-secured computer software application is accessible using the output password, and where the password-secured computer software application is inaccessible using the input password.

Abstract: An example system includes a processor to receive hashed sensitive data including attributes, a hashing function, and text classifiers. The processor is to also monitor a user interface and detect an input text or an output text. The processor is to further scan the detected input text or the detected output text to detect a candidate based on the text classifiers. The processor is also to hash the detected candidate using the hashing function to generate a hashed candidate. The processor is to match the hashed candidate with hashed sensitive data. The processor is to also further extract an attribute from the matched hashed sensitive data. The processor is to intercept the output text based at least on the extracted attribute.

Abstract: A method, computer product and computerized system, the method comprising: receiving computer code to be protected, wherein the computer code comprising of code blocks arranged consecutively; modifying the computer code, whereby a modified computer code is created, wherein said modifying comprises: introducing a padding area inbetween every two code blocks, wherein each padding area comprises one or more computer instructions; and storing the modified computer code in a computer readable medium.