Abstract: In an approach to attesting control over network devices, responsive to receiving a first signal from a client, wherein the first signal initiates a network connection between the client and a server, a first certificate is sent to the client that contains a common name that is an internet protocol (IP) address. A second certificate is sent to the client that contains a common name that is a uniform resource locator (URL) of the server. Responsive to receiving a second signal from the client that the first certificate and the second certificate are trusted, the client is connected with the server.

Abstract: In an approach to attesting control over network devices, responsive to receiving a first signal from a client, wherein the first signal initiates a network connection between the client and a server, a first certificate is sent to the client that contains a common name that is an internet protocol (IP) address. A second certificate is sent to the client that contains a common name that is a uniform resource locator (URL) of the server. Responsive to receiving a second signal from the client that the first certificate and the second certificate are trusted, the client is connected with the server.

Abstract: An embodiment of the invention may include a method, computer program product, and computer system for monitoring a computing device. The embodiment includes retrieving data from physical components of the method. The embodiment includes converting the data to at least one spectral format. The embodiment includes analyzing the converted data with a spectral detector. The embodiment includes performing a remediation action of the code anomaly based on detecting a code anomaly by the spectral detector.

Abstract: A method, computer system, and a computer program product for cognitive template question formation and execution is provided. The present invention may include receiving a dynamic template question. The present invention may also include mapping the received template question to a type. The present invention may then include mapping the received template question to a data source. The present invention may further include forming a template question based on the mapped template question. The present invention may also include triggering, in response to a triggering event, a query based on the formed template question. The present invention may then include executing the triggered query.

Abstract: An approach for filtering data is presented. A relationship between first and second entity-metadata elements specifying a person and a vehicle, respectively, and between the person and the vehicle is determined. Representations of the first and second entity-metadata elements are displayed within a regular polygon that includes locations indicated by a geospatial tag that includes location information about the person extracted from profile information describing the person and by other geospatial tags included in metadata obtained from data extracted from streaming data and data at rest. The metadata includes contextual information that specifies an activity included in a domain of knowledge associated with law enforcement. Based on hidden Markov and support vector machine models, a frequent pattern growth algorithm, and a Kohonen map, another activity of the person is predicted.

Abstract: A request is received at a local domain name system server (LDNS) from a client application to resolve a domain name. Responsive to the request a WHOIS information corresponding to the domain name is obtained, using which an age of registration of the domain name and a first weighted value based on the age are computed at the LDNS. A host associated with the domain name is accessed to determine whether a type of a service is configured at the host. A second weighted value is computed based on the configuration of the type of the service. A weighted score is computed using the first weighted value and the second weighted value. An action is selected according to the weighted score. The action is applied to a network component in a network where the client application is executing, to control a manner in which the client application communicates with the host.

Abstract: A request is received at a local domain name system server (LDNS)from a client application to resolve a domain name. Responsive to the request a WHOIS information corresponding to the domain name is obtained, using which an age of registration of the domain name and a first weighted value based on the age are computed at the LDNS. A host associated with the domain name is accessed to determine whether a type of a service is configured at the host. A second weighted value is computed based on the configuration of the type of the service. A weighted score is computed using the first weighted value and the second weighted value. An action is selected according to the weighted score. The action is applied to a network component in a network where the client application is executing, to control a manner in which the client application communicates with the host.

Abstract: From a record of a packet in a Domain Name System (DNS) communication between a DNS client and a DNS server, an input feature is constructed. Using the packet, a metadata item supporting the input feature is computed. Using a processor and a memory to execute a trained cognitive classification model, and by supplying the input feature and the supporting metadata item as inputs to the cognitive classification model, a transmission of the packet is classified as malicious use of DNS tunneling between the DNS client and the DNS server. From the cognitive classification model, a classification of the packet as malicious, and a confidence value in the malicious classification are output. By generating a notification, the DNS client is caused to cease the malicious use of the DNS tunneling.

Abstract: A method, computer system, and a computer program product for cognitive template question formation and execution is provided. The present invention may include receiving a dynamic template question. The present invention may also include mapping the received template question to a type. The present invention may then include mapping the received template question to a data source. The present invention may further include forming a template question based on the mapped template question. The present invention may also include triggering, in response to a triggering event, a query based on the formed template question. The present invention may then include executing the triggered query.

Abstract: A request is received at a local domain name system server (LDNS) from a client application to resolve a domain name. Responsive to the request a WHOIS information corresponding to the domain name is obtained, using which an age of registration of the domain name and a first weighted value based on the age are computed at the LDNS. A host associated with the domain name is accessed to determine whether a type of a service is configured at the host. A second weighted value is computed based on the configuration of the type of the service. A weighted score is computed using the first weighted value and the second weighted value. An action is selected according to the weighted score. The action is applied to a network component in a network where the client application is executing, to control a manner in which the client application communicates with the host.

Abstract: An approach for filtering data is presented. A relationship between first and second entity-metadata elements specifying a person and a vehicle, respectively, and between the person and the vehicle is determined. Representations of the first and second entity-metadata elements are displayed within a regular polygon that includes locations indicated by a geospatial tag that includes location information about the person extracted from profile information describing the person and by other geospatial tags included in metadata obtained from data extracted from streaming data and data at rest. The metadata includes contextual information that specifies an activity included in a domain of knowledge associated with law enforcement. Based on hidden Markov and support vector machine models, a frequent pattern growth algorithm, and a Kohonen map, another activity of the person is predicted.

Abstract: From a record of a packet in a Domain Name System (DNS) communication between a DNS client and a DNS server, an input feature is constructed. Using the packet, a metadata item supporting the input feature is computed. Using a processor and a memory to execute a trained cognitive classification model, and by supplying the input feature and the supporting metadata item as inputs to the cognitive classification model, a transmission of the packet is classified as malicious use of DNS tunneling between the DNS client and the DNS server. From the cognitive classification model, a classification of the packet as malicious, and a confidence value in the malicious classification are output. By generating a notification, the DNS client is caused to cease the malicious use of the DNS tunneling.

Abstract: An approach for filtering data is presented. A first geo-hash indicating location information of a person based on profile data or a second geo-hash indicating location information of the person based on an inference is determined to have more characters and is selected as an optimal geo-hash specifying a first geospatial tag. Based on correlations between geospatial tags, time/date stamps, and contextual information, a relationship between first and second entity-metadata elements specifying the person and a vehicle, respectively, and between the person and the vehicle is determined. Representations of the first and second entity-metadata elements are displayed within a regular polygon that includes locations indicated by the geospatial tags. Based on hidden Markov and support vector machine models, a frequent pattern growth algorithm, and a Kohonen map, another activity of the person is predicted.

Abstract: Embodiments for domain name service (DNS) tunneling prevention by a processor. A DNS tunneling detection operation is requested to be performed upon receiving a DNS query. A response is generated based on the DNS tunneling detection operation such that the DNS tunneling detection operation indicates in the response that the DNS query for a domain name is associated with DNS tunneling activity.

Abstract: From a record of a packet in a Domain Name System (DNS) communication between a DNS client and a DNS server, an input feature is constructed. Using the packet, a metadata item supporting the input feature is computed. Using a processor and a memory to execute a trained cognitive classification model, and by supplying the input feature and the supporting metadata item as inputs to the cognitive classification model, a transmission of the packet is classified as malicious use of DNS tunneling between the DNS client and the DNS server. From the cognitive classification model, a classification of the packet as malicious, and a confidence value in the malicious classification are output. By generating a notification, the DNS client is caused to cease the malicious use of the DNS tunneling.

Abstract: Embodiments for verifying trustworthiness of redirection targets in a tiered delivery computing network by at least a portion of a processor. A degree of trustworthiness for a uniform resource locator (URL) is determined by validating at least one attribute of the URL to establish a reputation score of the URL. The URL is classified, using the reputation score, into one of a plurality of classifications to indicate the degree of trustworthiness.

Abstract: Embodiments for verifying trustworthiness of redirection targets in a tiered delivery computing network by at least a portion of a processor. A degree of trustworthiness for a uniform resource locator (URL) is determined by validating at least one attribute of the URL to establish a reputation score of the URL. The URL is classified, using the reputation score, into one of a plurality of classifications to indicate the degree of trustworthiness.

Abstract: Embodiments for domain name service (DNS) tunneling prevention by a processor. A DNS tunneling detection operation is requested to be performed upon receiving a DNS query. A response is generated based on the DNS tunneling detection operation such that the DNS tunneling detection operation indicates in the response that the DNS query for a domain name is associated with DNS tunneling activity.

Abstract: From a record of a packet in a Domain Name System (DNS) communication between a DNS client and a DNS server, an input feature is constructed. Using the packet, a metadata item supporting the input feature is computed. Using a processor and a memory to execute a trained cognitive classification model, and by supplying the input feature and the supporting metadata item as inputs to the cognitive classification model, a transmission of the packet is classified as malicious use of DNS tunneling between the DNS client and the DNS server. From the cognitive classification model, a classification of the packet as malicious, and a confidence value in the malicious classification are output. By generating a notification, the DNS client is caused to cease the malicious use of the DNS tunneling.

Abstract: A request is received at a local domain name system server (LDNS) from a client application to resolve a domain name. Responsive to the request a WHOIS information corresponding to the domain name is obtained, using which an age of registration of the domain name and a first weighted value based on the age are computed at the LDNS. A host associated with the domain name is accessed to determine whether a type of a service is configured at the host. A second weighted value is computed based on the configuration of the type of the service. A weighted score is computed using the first weighted value and the second weighted value. An action is selected according to the weighted score. The action is applied to a network component in a network where the client application is executing, to control a manner in which the client application communicates with the host.