Abstract: An example operation may include one or more of receiving storage requests endorsed by blockchain peers of a blockchain, selecting a group of the endorsed storage requests to be stored together and ordering the group of endorsed storage requests with respect to each other based on timestamps, encoding the group of ordered and endorsed storage requests into an image, and storing the encoded image within a data section of a block of the blockchain.

Abstract: A system and method for automatic remediation of non-compliance events are provided. In embodiments, a computer-implemented method includes: accessing a compliance profile and a remediation profile, wherein the compliance profile includes compliance data regarding rules for an enterprise and the remediation profile includes remediation data regarding remediation actions to address non-compliance with one or more of the rules; generating mapped data by mapping compliance data in the compliance profile to remediation data in the remediation profile; receiving non-compliance event data from a workload node in a network; extracting information from the non-compliance event data including the workload node associated with the event and a cause of event; determining a remediation action for the event based on the information and the mapped data; and invoking automatic performance of the remediation action at the workload node based on the determined remediation action.

Abstract: A system and method for automatic remediation of non-compliance events are provided. In embodiments, a computer-implemented method includes: accessing a compliance profile and a remediation profile, wherein the compliance profile includes compliance data regarding rules for an enterprise and the remediation profile includes remediation data regarding remediation actions to address non-compliance with one or more of the rules; generating mapped data by mapping compliance data in the compliance profile to remediation data in the remediation profile; receiving non-compliance event data from a workload node in a network; extracting information from the non-compliance event data including the workload node associated with the event and a cause of event; determining a remediation action for the event based on the information and the mapped data; and invoking automatic performance of the remediation action at the workload node based on the determined remediation action.

Abstract: A method, system, and computer program product for malicious virtual machine detection is provided. The method passes network traffic from a set of virtual machines to a set of network resources. The network traffic passes through a network monitor. The network monitor monitors a set of traffic characteristics for the network traffic. A change in a network traffic characteristic is identified. The change results in a modified traffic characteristic. The method identifies a first virtual machine of the set of virtual machines. The first virtual machine is associated with the modified traffic characteristics. An alert is then generated which identifies the first virtual machine and the modified traffic characteristic.

Abstract: A method, system and computer-usable medium are disclosed for providing a travel network infrastructure. A dedicated Li-F connection is provided for each physical space such as a seat, expected to accommodate a passenger in a travel network such as an airline. A passenger is authenticated according to a physical space occupied by the passenger. If authentication is successful, a secure Li-Fi channel is established for the passenger. The access point of the Li-Fi channel is only leveraged by the passenger and no other passengers.

Abstract: Methods and a system of classifying unrecognized logs in an environment. The method includes inputting a log unrecognized during event collection into a machine learning model and predicting, by the machine learning model, a log source type of the log to allow for normalization of the log. The method also includes producing, by the machine learning model, a confidence score relating to the source type prediction, determining the confidence score exceeds a predetermined threshold, and submitting the log for normalization based on the log source type prediction. The method can also include predicting, by the machine learning model, an event name relating to the log, producing, by the machine learning model, a second confidence score relating to the event name prediction, determining the second confidence score exceeds another predetermined threshold, and submitting the log for normalization based on the identified log source type and the predicted event name.

Abstract: A system for prioritizing network resource dispatch may include receiving a request for a network resource from a mobile device associated with a user, the request comprising mobile device and user characteristics, and location information. A request priority may be determined based on some combination of a mobile device score and user score. The request priority is assigned to the request. A highest ranked mobile device request priority is determined, and the network resource is dispatched to a location corresponding to the highest ranked request priority. A heatmap may be generated to illustrate a geographical representation of each mobile device data usage rate at each mobile device respective location. The request priorities may change based on any combination of the mobile device characteristics, user characteristics, location information and the usage characteristics. Therefore, the priority of dispatching the network resource may be determined dynamically and updated as the inputs change.

Abstract: A system for prioritizing network resource dispatch may include receiving a request for a network resource from a mobile device associated with a user, the request comprising mobile device and user characteristics, and location information. A request priority may be determined based on some combination of a mobile device score and user score. The request priority is assigned to the request. A highest ranked mobile device request priority is determined, and the network resource is dispatched to a location corresponding to the highest ranked request priority. A heatmap may be generated to illustrate a geographical representation of each mobile device data usage rate at each mobile device respective location. The request priorities may change based on any combination of the mobile device characteristics, user characteristics, location information and the usage characteristics. Therefore, the priority of dispatching the network resource may be determined dynamically and updated as the inputs change.

Abstract: A system and method for automatic remediation of non-compliance events are provided. In embodiments, a computer-implemented method includes: accessing a compliance profile and a remediation profile, wherein the compliance profile includes compliance data regarding rules for an enterprise and the remediation profile includes remediation data regarding remediation actions to address non-compliance with one or more of the rules; generating mapped data by mapping compliance data in the compliance profile to remediation data in the remediation profile; receiving non-compliance event data from a workload node in a network; extracting information from the non-compliance event data including the workload node associated with the event and a cause of event; determining a remediation action for the event based on the information and the mapped data; and invoking automatic performance of the remediation action at the workload node based on the determined remediation action.

Abstract: An approach is disclosed that receives location data from a location based device via a Light Fidelity (LiFi) wireless communication adapter. A LiFi receiver at the receiving system is within a direct line-of-sight to a LiFi transmitter of the location based device. The received location data is then provided to a bootable network asset, such as a virtual machine (VM) or application container running on the system. The bootable network asset then determines whether to operate based on the received location data.

Abstract: A method, system and computer-usable medium are disclosed for providing a travel network infrastructure. A dedicated Li-F connection is provided for each physical space such as a seat, expected to accommodate a passenger in a travel network such as an airline. A passenger is authenticated according to a physical space occupied by the passenger. If authentication is successful, a secure Li-Fi channel is established for the passenger. The access point of the Li-Fi channel is only leveraged by the passenger and no other passengers.

Abstract: An example operation may include one or more of receiving storage requests endorsed by blockchain peers of a blockchain, selecting a group of the endorsed storage requests to be stored together and ordering the group of endorsed storage requests with respect to each other based on timestamps, encoding the group of ordered and endorsed storage requests into an image, and storing the encoded image within a data section of a block of the blockchain.

Abstract: Provided are techniques for dynamic LIFI extenders routing. One or more geographic locations of a physical region are identified based on historical crowd density, historical network traffic, current crowd density, and current network traffic. For each of the one or more geographic locations and a plurality of mobile bots, a mobile bot of the plurality of mobile bots is sent to that geographic location at a specified time, where the mobile bot provides a dynamic Light Fidelity (LIFI) extender router that acts as a network access point, and users at that geographic location are associated with the mobile bot, where each of the users has a LIFI enabled mobile device that communicates with a network of devices by sending data to the dynamic LIFI extender router via LIFI.

Abstract: A method, system, and computer program product for malicious virtual machine detection is provided. The method passes network traffic from a set of virtual machines to a set of network resources. The network traffic passes through a network monitor. The network monitor monitors a set of traffic characteristics for the network traffic. A change in a network traffic characteristic is identified. The change results in a modified traffic characteristic. The method identifies a first virtual machine of the set of virtual machines. The first virtual machine is associated with the modified traffic characteristics. An alert is then generated which identifies the first virtual machine and the modified traffic characteristic.

Abstract: Ensuring physical access control of a lockbox according to a contract. Parties to the contract interact with the lockbox according to contractual requirements recorded to a ledger accessible over a network. The ledger linking access activity of the parities using cryptography. The lockbox is opened with a credential provided over the network and secured automatically upon closing of the lockbox such that the credential no longer opens the lockbox.

Abstract: An event retrieval and analysis system compares counts of event data for a device to stored profile counts to determine if alerts should be triggered. Event data can be retrieved by a sensor. Rules for analyzing the event data can be retrieved based on the device. The event data is analyzed based on the rules to determine recordable events. Recordable events are organized into categories representing a type or severity of attack. Current event counts are calculated by summing the recordable events for each category. A normal profile is retrieved for the device and compared to the current event count. A percentage change trigger can be retrieved from a threshold matrix based on the current event count. The percentage increase of the current event count over the normal profile is calculated and compared to the percentage change trigger to determine if an alert is triggered by the analysis system.

Abstract: An event retrieval and analysis system compares counts of event data for a device to stored profile counts to determine if alerts should be triggered. Event data can be retrieved by a sensor. Rules for analyzing the event data can be retrieved based on the device. The event data is analyzed based on the rules to determine recordable events. Recordable events are organized into categories representing a type or severity of attack. Current event counts are calculated by summing the recordable events for each category. A normal profile is retrieved for the device and compared to the current event count. A percentage change trigger can be retrieved from a threshold matrix based on the current event count. The percentage increase of the current event count over the normal profile is calculated and compared to the percentage change trigger to determine if an alert is triggered by the analysis system.

Abstract: An event retrieval and analysis system compares counts of event data for a device to stored profile counts to determine if alerts should be triggered. Event data can be retrieved by a sensor. Rules for analyzing the event data can be retrieved based on the device. The event data is analyzed based on the rules to determine recordable events. Recordable events are organized into categories representing a type or severity of attack. Current event counts are calculated by summing the recordable events for each category. A normal profile is retrieved for the device and compared to the current event count. A percentage change trigger can be retrieved from a threshold matrix based on the current event count. The percentage increase of the current event count over the normal profile is calculated and compared to the percentage change trigger to determine if an alert is triggered by the analysis system.

Abstract: An event retrieval and analysis system compares counts of event data for a device to stored profile counts to determine if alerts should be triggered. Event data can be retrieved by a sensor. Rules for analyzing the event data can be retrieved based on the device. The event data is analyzed based on the rules to determine recordable events. Recordable events are organized into categories representing a type or severity of attack. Current event counts are calculated by summing the recordable events for each category. A normal profile is retrieved for the device and compared to the current event count. A percentage change trigger can be retrieved from a threshold matrix based on the current event count. The percentage increase of the current event count over the normal profile is calculated and compared to the percentage change trigger to determine if an alert is triggered by the analysis system.