Abstract: A generated signal is injected into a first network node in a set of network nodes. The generated signal comprises a predetermined pattern, the predetermined pattern comprises a plurality of time periods, wherein during each time period in the plurality of time periods a first data traffic is prevented from exiting the first network node. By monitoring data flow within the set of network nodes while the generated signal is being injected, a correlation with the generated signal is detected, the correlation correlating a second network node with the first network node. The second network node is associated with the first network node. Responsive to the association, traffic from the second network node to the set of network nodes is blocked.

Abstract: A processor may generate an enforcement point. The enforcement point may include one or more adversarial detection models. The processor may receive user input data. The processor may analyze, at the enforcement point, the user input data. The processor may determine, from the analyzing, whether there is an adversarial attack in the user input data. The processor may generate an alert based on the determining.

Abstract: Embodiments of the present disclosure provide enhanced threat relevancy identification user affinity of users within a security system. Security-related training data within a security system including indicators of compromise (IoC), security observables, and artifacts are evaluated and enriched to provide training data enrichment results for features collection. Clusters of users are created based on similarity of training data enrichment results between users. A risk posture of a cluster of users is determined based on relevancy of a risk detected by a user in the user cluster.

Abstract: A generated signal is injected into a first network node in a set of network nodes. The generated signal comprises a predetermined pattern, the predetermined pattern comprises a plurality of time periods, wherein during each time period in the plurality of time periods a first data traffic is prevented from exiting the first network node. By monitoring data flow within the set of network nodes while the generated signal is being injected, a correlation with the generated signal is detected, the correlation correlating a second network node with the first network node. The second network node is associated with the first network node. Responsive to the association, traffic from the second network node to the set of network nodes is blocked.

Abstract: Context information of a handshake between a source entity and a target entity is obtained at a security proxy. The context information is transmitted from the security proxy to a key manager. The key manager maintains a first private key of the security proxy. A first handshake message is received from the key manager. The first handshake message is generated at least based on the context information and signed with the first private key. The first handshake message is then transmitted to the target entity.

Abstract: An electronic device including a hinge module, a first body, a second body, and a flexible display assembled to the first body and the second body is provided. Each of the first body and the second body is pivoted and slidably connected to the hinge module, and a cover of the hinge module is exposed out of the first body and the second body. The first body and the second body are rotated relatively via the hinge module to bend or flatten the flexible display, when the flexible display is bending from a flat state, a bending portion of the flexible display leans against the cover and pushes the cover away from the first body and the second body.

Abstract: A method, a computer program product, and a system for implementing a dynamic virtual database honeypot. The method includes relaying a query request received from a database client to a database and receiving, from the database, a response relating to the query request. The method also includes determining the query request is an attack on the database based on session information relating to the database and the database client, generating a honey token based on information contained within the response, generating an alternate response formatted in a same format as the response and containing artificial information that masks the information contained within the response. The method further includes inserting the honey token into the alternate response and transmitting the alternate response to the database client.

Abstract: A method includes etching a first semiconductor fin and a second semiconductor fin to form first recesses. The first and the second semiconductor fins have a first distance. A third semiconductor fin and a fourth semiconductor fin are etched to form second recesses. The third and the fourth semiconductor fins have a second distance equal to or smaller than the first distance. An epitaxy is performed to simultaneously grow first epitaxy semiconductor regions from the first recesses and second epitaxy semiconductor regions from the second recesses. The first epitaxy semiconductor regions are merged with each other, and the second epitaxy semiconductor regions are separated from each other.

Abstract: In an approach for prohibiting voice attacks, a processor, in response to receiving a voice input from a source, determines, using a predetermined filter including an allowlist, that the voice input does not match any corresponding entry of the predetermined filter. A processor routes the voice input to an adversarial pipeline for processing. A processor identifies an adversarial example of the voice input using a predetermined connectionist temporal classification method. A processor generates a configurable distorted adversarial example using the adversarial example identified. In response to a user reply, a processor injects the configurable distorted adversarial example as noise into a voice stream of the user reply in real-time to alter the voice stream. A processor routes the altered voice stream to the source.

Abstract: An example operation may include one or more of receiving a set of structured query language (SQL) queries from one or more software applications, generating a set of SQL syntax trees that correspond to the set of SQL queries, identifying a unique subset of SQL syntax trees among the generated set of SQL syntax trees based on previously obtained SQL syntax trees, and transmitting the unique subset of SQL syntax trees to a computing system.

Abstract: A computer-implemented apparatus and related method prevent credential attacks. The method receives authentication transactions (ATs) comprising AT features (ATFs). The method then performs clustering, to produce clustered ATFs (CATFs) from the ATFs utilizing rule-based clustering. The clustering may operate by assigning user credentials: 1) from a same source IP to a common CATF; 2) targeting a same username to a common CATF; and/or with a same password to a common CATF. Upon determining a CATF is malicious, the method may classify the CATFs as malicious, and otherwise, classify the CATF as non-malicious. The method may further block an activity using a feature included in a malicious CATF.

Abstract: In an approach, a processor receives a set of normal domains, a set of suspicious domains, and a set of malicious domains; labels each domain of the set of normal domains as normal producing a labelled set of normal domains and each domain of the set of suspicious domains and the set of malicious domains as malicious producing a labelled set of malicious domains; samples a preset percentage of the labelled set of normal domains producing a sampled set of normal domains; aggregates the sampled set of normal domains and the labelled set of malicious domains producing a set of aggregated domains; filters the set of aggregated domains using hit size, inter-arrival-time, and univariate volumetric filters producing a set of filtered domains; and determines a cluster of a set of clusters to which each of the set of filtered domains is to be assigned using a trained K-shape model.

Abstract: In an approach to auditing of multi-factor authentication, one or more computer processors receive a request for a multi-factor authentication for a service from at least one device associated with a user. One or more computer processors retrieve information associated with the at least one device. One or more computer processors log the request and the information associated with the at least one device. One or more computer processors calculate a strength of the multi-factor authentication based on the request and the information associated with the at least one device. One or more computer processors log a multi-factor authentication audit trail.

Abstract: A computer-implemented method, a computer program product, and a computer system for creating malware domain sinkholes by domain clustering. The computer system clusters malware domains into domain clusters. The computer system collects domain metrics in the domain clusters. The computer system sorts clustered malware domains in the respective ones of the domain clusters, based on the domain metrics. The computer system selects, from the clustered malware domains in the respective ones of the domain clusters, a predetermined number of top domains as candidates of respective domain sinkholes, wherein the respective domain sinkholes are created for the respective ones of the domain clusters.

Abstract: In an approach to auditing of multi-factor authentication, one or more computer processors receive a request for a multi-factor authentication for a service from at least one device associated with a user. One or more computer processors retrieve information associated with the at least one device. One or more computer processors log the request and the information associated with the at least one device. One or more computer processors calculate a strength of the multi-factor authentication based on the request and the information associated with the at least one device. One or more computer processors log a multi-factor authentication audit trail.

Abstract: Embodiments for graph computing are provided. A graph including a plurality explicit nodes and at least one implicit node is generated. A first of the plurality of explicit nodes and a second of the plurality of explicit nodes are traversed between utilizing deductive reasoning. A third of the plurality of explicit nodes and a fourth of the plurality of explicit nodes are traversed between through the at least one implicit node utilizing inductive reasoning.

Abstract: A database protection system (DPS) mitigates injection attacks. DPS receives an unrestricted database query, extract a syntax tree, and evaluates whether it recognizes the query. To this end, DPS applies a hash function over the extracted syntax tree, and then determines whether the resulting hash has been seen by DPS before. If so, DPS retrieves a previously-generated prepared statement associated with the syntax tree, and that prepared statement is then forward to the database server in lieu of sending the original query. If the syntax tree is not recognized, DPS creates a new prepared statement, generates a hash of the syntax tree, and stores the hash and the new prepared statement, and forwards the new prepared statement. The prepared statements are configured based on the native wire protocol used by the database server, and DPS includes additional functionality by which it can learn the semantics of this protocol if necessary.

Abstract: Graph computing over micro and macro views includes expanding, with a processor at run-time, a set of nodes to include a node generated in response to received data corresponding to an event query. A first inference of an inference ensemble is determined by traversing a base graph whose nodes are associated with a discriminant power that exceeds a predetermined entity threshold. A second inference of the inference ensemble is determined by traversing a micro-view graph whose nodes are selected based on a number of references that exceeds a predetermined reference threshold. A third inference of the inference ensemble is determined by traversing a macro-view graph having one or more committee nodes and computing for each committee node a macro-node vote and generating a response to the event query based on the inference ensemble.

Abstract: A method, a computer program product, and a system for implementing a dynamic virtual database honeypot. The method includes relaying a query request received from a database client to a database and receiving, from the database, a response relating to the query request. The method also includes determining the query request is an attack on the database based on session information relating to the database and the database client, generating a honey token based on information contained within the response, generating an alternate response formatted in a same format as the response and containing artificial information that masks the information contained within the response. The method further includes inserting the honey token into the alternate response and transmitting the alternate response to the database client.

Abstract: In an approach for prohibiting voice attacks, a processor, in response to receiving a voice input from a source, determines, using a predetermined filter including an allowlist, that the voice input does not match any corresponding entry of the predetermined filter. A processor routes the voice input to an adversarial pipeline for processing. A processor identifies an adversarial example of the voice input using a predetermined connectionist temporal classification method. A processor generates a configurable distorted adversarial example using the adversarial example identified. In response to a user reply, a processor injects the configurable distorted adversarial example as noise into a voice stream of the user reply in real-time to alter the voice stream. A processor routes the altered voice stream to the source.