Abstract: Example methods disclosed herein to determine whether a first monitored device is compromised include determining a first entropy value for the first monitored device based on a first number of unique event identifiers included in log entries obtained for the first monitored device, the log entries associated with a first time window. Disclosed example methods also include determining a second entropy value for the first monitored device based on numbers of unique event identifiers included in corresponding groups of log entries obtained for respective ones of a plurality of monitored devices including the first monitored device, the groups of log entries associated with the first time window. Disclosed example methods further include determining whether the first monitored device is compromised based on the first entropy value and the second entropy value, and performing an action in response to a determination that the first monitored device is compromised.

Abstract: Technologies for a distributed Internet of Things (IoT) system including a plurality of IoT devices are disclosed. An example first Internet of Things (IoT) device includes at least one processor to execute instructions to access a first message transmitted by a second IoT device, the first IoT device and second IoT device communicatively coupled via a direct communication, identify that the first message is indicative of an administrative event, the administrative event associated with a function of one or more of the first IoT device or the second IoT device, update a status of a system of IoT devices based on the administrative event, the system of IoT devices including the first IoT device and the second IoT device, and send a second message indicative of the administrative event to a universal bus.

Abstract: Example methods disclosed herein to determine whether a first monitored device is compromised include determining a first entropy value for the first monitored device based on a first number of unique event identifiers included in log entries obtained for the first monitored device, the log entries associated with a first time window. Disclosed example methods also include determining a second entropy value for the first monitored device based on numbers of unique event identifiers included in corresponding groups of log entries obtained for respective ones of a plurality of monitored devices including the first monitored device, the groups of log entries associated with the first time window. Disclosed example methods further include determining whether the first monitored device is compromised based on the first entropy value and the second entropy value, and performing an action in response to a determination that the first monitored device is compromised.

Abstract: A computing device and method for contextual access, including the computing device to implement a traversal of a property graph of data. The traversal includes using contextual information to determine whether to grant access to vertices of the property graph and to outgoing edges of the vertices.

Abstract: Example methods disclosed herein to determine whether a first monitored device is compromised include determining a first entropy value for the first monitored device based on a first number of unique event identifiers included in log entries obtained for the first monitored device, the log entries associated with a first time window. Disclosed example methods also include determining a second entropy value for the first monitored device based on numbers of unique event identifiers included in corresponding groups of log entries obtained for respective ones of a plurality of monitored devices including the first monitored device, the groups of log entries associated with the first time window. Disclosed example methods further include determining whether the first monitored device is compromised based on the first entropy value and the second entropy value, and performing an action in response to a determination that the first monitored device is compromised.

Abstract: Example apparatus disclosed herein to perform a cybersecurity investigation are to generate an information graph based on a set of information seeker tools in response to detection of a threat alert in a monitored network, and search the information graph for a reference pattern associated with a cybersecurity threat. Disclosed example apparatus are also to, in response to detection of a portion of the reference pattern in the information graph, (i) select a first one of information seeker tools associated with a first input-output relationship capable of expanding the portion of the reference pattern to complete the reference pattern, and (ii) execute the first one of information seeker tools to complete the reference pattern associated with the cybersecurity threat.

Abstract: Methods and apparatus to detect adversarial malware are disclosed. An example adversarial malware detector includes a machine learning engine to classify a first feature representation representing features of a program as benign or malware, a feature perturber to, when the first feature representation is classified as benign, remove a first one of the features to form a second feature representation, and a decider to classify the program as adversarial malware when the machine learning engine classifies the second feature representation as malware.

Abstract: Technologies for a distributed Internet of Things (IoT) system including a plurality of IoT devices are disclosed. An example first Internet of Things (IoT) device includes at least one processor to execute instructions to access a first message transmitted by a second IoT device, the first IoT device and second IoT device communicatively coupled via a direct communication, identify that the first message is indicative of an administrative event, the administrative event associated with a function of one or more of the first IoT device or the second IoT device, update a status of a system of IoT devices based on the administrative event, the system of IoT devices including the first IoT device and the second IoT device, and send a second message indicative of the administrative event to a universal bus.

Abstract: Technologies for a distributed Internet of Things (IoT) system including a plurality of IoT devices are disclosed. An example IoT device includes an input device to receive an input from a user and a processor to determine if a pattern is recognized in the input. The example IoT device also includes a communication circuit to: in response to a determination that a pattern is not recognized in the input, communicate a first message indicative of the input over a universal bus; and in response to a determination that a pattern is recognized in the input, communicate a second message indicative of the input directly to another IoT device without using the universal bus.

Abstract: Example apparatus disclosed herein to perform a cybersecurity investigation include a graph generator to iteratively generate an information graph based on investigative data in response to detection of a threat alert in a monitored network, the investigative data accessed from information sources based on a set of information seeker tools, the information graph generated based on a graph schema specifying possible relationships between the information seeker tools. Example apparatus also include a pattern recognizer to traverse the information graph to identify a path in the information graph matching a pattern from the graph schema associated with a cybersecurity threat. Example apparatus further include a user interface to output the path identified in the information graph and the cybersecurity threat to an output device.

Abstract: Systems, apparatuses and methods may provide a query response. A value of a time-to-live (TTL) for data associated with a computation unit may be determined, wherein the computation unit may disallow access to the data when the TTL is expired. Additionally, a determination may be made whether the data associated with the computation unit satisfies a query. Also, a query response may be generated including the data associated with the computation unit that satisfies the query. In one example, a context for the data associated with the computation unit may be determined, wherein the computation unit may disallow access to the data based on the context. Data may be represented as a network of computation units which may provide data with a TTL that is contextual, which may be handled in a massively distributed fashion.

Abstract: Methods and apparatus to detect adversarial malware are disclosed. An example adversarial malware detector includes a machine learning engine to classify a first feature representation representing features of a program as benign or malware, a feature perturber to, when the first feature representation is classified as benign, remove a first one of the features to form a second feature representation, and a decider to classify the program as adversarial malware when the machine learning engine classifies the second feature representation as malware.

Abstract: Example methods disclosed herein to determine whether a first monitored device is compromised include determining a first entropy value for the first monitored device based on a first number of unique event identifiers included in log entries obtained for the first monitored device, the log entries associated with a first time window. Disclosed example methods also include determining a second entropy value for the first monitored device based on numbers of unique event identifiers included in corresponding groups of log entries obtained for respective ones of a plurality of monitored devices including the first monitored device, the groups of log entries associated with the first time window. Disclosed example methods further include determining whether the first monitored device is compromised based on the first entropy value and the second entropy value, and performing an action in response to a determination that the first monitored device is compromised.

Abstract: Detecting a malware attack includes monitoring an event log of a first device, wherein the event log identifies events indicating that the first device is likely compromised, determining an expected rate of log entries during a time window, identifying that an actual rate of log entries during the time window satisfies a threshold, determining, in response to the identifying, that the first device is a compromised device, and performing an action in response to determining that the first device is a compromised device.

Abstract: Technologies for a distributed Internet of Things (IoT) system including a plurality of IoT devices are disclosed. An example IoT device includes an input device to receive an input from a user and a processor to determine if a pattern is recognized in the input. The example IoT device also includes a communication circuit to: in response to a determination that a pattern is not recognized in the input, communicate a first message indicative of the input over a universal bus; and in response to a determination that a pattern is recognized in the input, communicate a second message indicative of the input directly to another IoT device without using the universal bus.

Abstract: Technologies for a distributed Internet of Things (IoT) system are disclosed. Several IoT devices may form a peer-to-peer network without requiring a central server. Information may be stored in a distributed manner in the distributed IoT system, allowing for storing information without transmitting it to a remote server, which may be costly and introduce security or privacy risks. Each IoT device of the distributed IoT system includes a machine learning algorithm that is capable of uncovering patterns in the input of the distributed IoT system, such as a pattern of user inputs in certain situations, and the distributed IoT system may adaptively anticipate a user's intentions.

Abstract: Methods and systems for pattern matching and relationship discovery in graphs. The graph may be adapted as an actor graph, where vertices may include processing functionality and executable logic. The vertices of an actor graph may send messages to other vertices to which they are connected. A first vertex may receive an initial regular expression. The first vertex may evaluate which of its edges and/or respective vertices connected to these edges satisfy a first condition in the initial regular expression. If the first condition is met by an edge and or its connected vertex, the initial regular expression may be modified, if necessary, to reflect that the first condition has been met. The modified expression is then communicated to the connected vertex. The identity of the edge and/or the connected vertex may be recorded. A subsequent vertex may then proceed in a similar manner as the first vertex.

Abstract: Detecting a malware attack includes monitoring an event log of a first device, wherein the event log identifies events indicating that the first device is likely compromised, determining an expected rate of log entries during a time window, identifying that an actual rate of log entries during the time window satisfies a threshold, determining, in response to the identifying, that the first device is a compromised device, and performing an action in response to determining that the first device is a compromised device.

Abstract: Technologies for a distributed Internet of Things (IoT) system are disclosed. Several IoT devices may form a peer-to-peer network without requiring a central server. Information may be stored in a distributed manner in the distributed IoT system, allowing for storing information without transmitting it to a remote server, which may be costly and introduce security or privacy risks. Each IoT device of the distributed IoT system includes a machine learning algorithm that is capable of uncovering patterns in the input of the distributed IoT system, such as a pattern of user inputs in certain situations, and the distributed IoT system may adaptively anticipate a user's intentions.

Abstract: A computing device and method for contextual access, including the computing device to implement a traversal of a property graph of data. The traversal includes using contextual information to determine whether to grant access to vertices of the property graph and to outgoing edges of the vertices.