Abstract: Challenging a current user of a computing device by measuring characteristics of user actions sensed by a computing device, determining that the measurements meet a uniqueness condition with respect to corresponding measurements in a comparison set of actions, recording the user actions and their measurements in a set of challenge actions associated with an authorized user, and responsive to a challenge requirement to determine whether a current user of the computing device is the authorized user, selecting challenge actions associated with an authorized user, prompting the current user to perform the selected challenge actions that are then sensed by the computing device, measuring characteristics of the prompted actions, and determining that the measurements of the characteristics of the prompted actions meet a similarity condition with respect to measurements of corresponding characteristics of the selected challenge actions.

Abstract: A system for training a file classification model for classifying malicious software comprising at least one hardware processor adapted to: computing a plurality of datasets, each for one of a plurality of executable files, each file having a label, each dataset is computed by: receiving a respective file; detecting a plurality of binary functions in the respective file; translating each of the respective plurality of binary functions to produce a plurality of disassembled functions; clustering a plurality of operation-codes identified in the plurality of disassembled functions into a plurality of clusters according to respective operation-code; computing a plurality of statistical values of the plurality of disassembled functions and the plurality of clusters; and associating the plurality of statistical values with the file's label to produce a dataset; and training a file classification model using the plurality of datasets to compute at least one classification score of an input file.

Abstract: A method, computer program product and computer system are provided. A processor retrieves a target file for inspection of malware. A processor converts the target file to a time domain format. A processor determines one or more time-frequency domain features of the converted target file. A processor generates a malicious classification for the target file based on the one or more time-frequency domain features of the converted target file and one or more classification models.

Abstract: Embodiments of the present systems and methods may decide if a software file is malicious or benign, using properties of the file's overlay, if existing. For example, in an embodiment, a computer-implemented method for identifying malware in computer systems may comprise receiving a plurality of executable files labeled as being malicious or benign, training a machine learning model using properties extracted from overlays associated with each of the plurality of received labeled executable files, receiving an executable file that is not labeled, determining whether the received unlabeled executable file is malicious or benign using the trained machine learning model based on properties extracted from an overlay associated with the received unlabeled executable file, and transmitting information identifying the received unlabeled executable file as malicious when the received unlabeled executable file is determined to be malicious.

Abstract: Challenging a current user of a computing device by measuring characteristics of user actions sensed by a computing device, determining that the measurements meet a uniqueness condition with respect to corresponding measurements in a comparison set of actions, recording the user actions and their measurements in a set of challenge actions associated with an authorized user, and responsive to a challenge requirement to determine whether a current user of the computing device is the authorized user, selecting challenge actions associated with an authorized user, prompting the current user to perform the selected challenge actions that are then sensed by the computing device, measuring characteristics of the prompted actions, and determining that the measurements of the characteristics of the prompted actions meet a similarity condition with respect to measurements of corresponding characteristics of the selected challenge actions.

Abstract: Challenging a current user of a computing device by measuring characteristics of user actions sensed by a computing device, determining that the measurements meet a uniqueness condition with respect to corresponding measurements in a comparison set of actions, recording the user actions and their measurements in a set of challenge actions associated with an authorized user, and responsive to a challenge requirement to determine whether a current user of the computing device is the authorized user, selecting challenge actions associated with an authorized user, prompting the current user to perform the selected challenge actions that are then sensed by the computing device, measuring characteristics of the prompted actions, and determining that the measurements of the characteristics of the prompted actions meet a similarity condition with respect to measurements of corresponding characteristics of the selected challenge actions.

Abstract: Challenging a current user of a computing device by measuring characteristics of user actions sensed by a computing device, determining that the measurements meet a uniqueness condition with respect to corresponding measurements in a comparison set of actions, recording the user actions and their measurements in a set of challenge actions associated with an authorized user, and responsive to a challenge requirement to determine whether a current user of the computing device is the authorized user, selecting challenge actions associated with an authorized user, prompting the current user to perform the selected challenge actions that are then sensed by the computing device, measuring characteristics of the prompted actions, and determining that the measurements of the characteristics of the prompted actions meet a similarity condition with respect to measurements of corresponding characteristics of the selected challenge actions.

Abstract: Challenging a current user of a computing device by measuring characteristics of user actions sensed by a computing device, determining that the measurements meet a uniqueness condition with respect to corresponding measurements in a comparison set of actions, recording the user actions and their measurements in a set of challenge actions associated with an authorized user, and responsive to a challenge requirement to determine whether a current user of the computing device is the authorized user, selecting challenge actions associated with an authorized user, prompting the current user to perform the selected challenge actions that are then sensed by the computing device, measuring characteristics of the prompted actions, and determining that the measurements of the characteristics of the prompted actions meet a similarity condition with respect to measurements of corresponding characteristics of the selected challenge actions.

Abstract: Embodiments of the present invention may involve identifying a user of a touchscreen device. A touchscreen device may receive a user input. One or more features of the user input on the touchscreen device may be identified. The one or more features of the user input may include, for example, geometric patterns, swiping motifs, a pressure, a spatial orientation, or any combination thereof. A user profile comprising the one or more features of the user input may be generated. The touchscreen device may receive a second input from an unknown user. A statistical evaluation may be performed comparing one or more features of the second input with one or more features of the user input in the user profile. A probability that the unknown user is the user may be determined. If a low probability is determined, the unknown user may be locked out of the touchscreen device.

Abstract: A method for improving stacking schema for classification tasks, according to which predictive models are built, based on stacked-generalization meta-classifiers. Classifications are combined to build a new scheme from at least two layers and multiclass classification problems are converted into binary classification problems. One-against-all class binarization and regression learners are used for each class model and ensemble classifiers are improved using stacking. Accuracy differences, accuracy ratio, and runtime classification in multiclass datasets are also improved and the class of a value is then predicted.

Abstract: a method for improving stacking schema for classification tasks, according to which predictive models are built, based on stacked-generalization meta-classifiers. Classifications are combined to build a new scheme from at least two layers and multiclass classification problems are converted into binary classification problems. One-against-all class binarization and regression learners are used for each class model and ensemble classifiers are improved using stacking. Accuracy differences, accuracy ratio, and runtime classification in multiclass datasets are also improved and the class of a value is then predicted.