Abstract: In one embodiment, a device in a network receives traffic information regarding one or more secure sessions in the network. The device associates the one or more secure sessions with corresponding certificate validation check traffic indicated by the received traffic information. The device makes a self-signed certificate determination for an endpoint domain of a particular secure session based on whether the particular secure session is associated with certificate validation check traffic. The device causes the self-signed certificate determination for the endpoint domain to be used as input to a malware detector.

Abstract: A method for processing particles contained in a liquid biological sample is presented. The method uses a rotatable vessel for processing particles contained in a liquid biological sample. The rotatable vessel has a longitudinal axis about which the vessel is rotatable, an upper portion having a top opening for receiving the liquid comprising the particles, a lower portion for holding the liquid while the rotatable vessel is resting, the lower portion having a bottom, and an intermediate portion located between the upper portion and the lower portion, the intermediate portion having a lateral collection chamber for holding the liquid while the rotatable vessel is rotating. The method employs dedicated acceleration and deceleration profiles for sedimentation and re-suspension of the particles of interest.

Abstract: A laboratory system for a laboratory automation system is presented. The laboratory system comprises a sample container carrier. The sample container carrier is configured to carry a laboratory sample container and comprises a removal detector. The removal detector is configured to interact with the laboratory sample container to detect a removal of the carried laboratory sample container from the sample container carrier. Furthermore, the laboratory system is configured to determine based on the detected removal that a before valid logic assignment of the sample container carrier to the carried laboratory sample container is invalid.

Abstract: In one embodiment, a device in a network receives traffic information regarding one or more secure sessions in the network. The device associates the one or more secure sessions with corresponding certificate validation check traffic indicated by the received traffic information. The device makes a self-signed certificate determination for an endpoint domain of a particular secure session based on whether the particular secure session is associated with certificate validation check traffic. The device causes the self-signed certificate determination for the endpoint domain to be used as input to a malware detector.

Abstract: In an embodiment, the method comprises receiving an identification of an anomaly associated with a false positive identification of a security threat by the intrusion detection system, wherein a first set of feature data identifies features of the anomaly; creating a plurality of training sets each comprising identifications of a plurality of samples of network communications; for the anomaly and each training set of the plurality of training sets, training a decision tree that is stored in digital memory of the security analysis computer; based at least in part on the plurality of trained decision trees, extracting a set of features that distinguish the anomaly from the plurality of samples; generating one or more rules associated with the anomaly from the extracted set of features and causing programming the security analysis computer with the one or more rules.

Abstract: Rapidly detecting network threats with targeted detectors includes, at a computing device having connectivity to a network, determining features of background network traffic. Features are also extracted from a particular type of network threat. A characteristic of the particular type of network threat that best differentiates the features of the particular type of network threat from the features of the background network traffic is determined. A targeted detector for the particular type of network threat is created based on the characteristic and an action is applied to particular incoming network traffic identified by the targeted detector as being associated with the particular type of network threat.

Abstract: In one embodiment, a device in a network maintains a plurality of machine learning-based detectors for an intrusion detection system. Each detector is associated with a different portion of a feature space of traffic characteristics assessed by the intrusion detection system. The device provides data regarding the plurality of detectors to a user interface. The device receives an adjustment instruction from the user interface based on the data provided to the user interface regarding the plurality of detectors. The device adjusts the portions of the feature space associated with the plurality of detectors based on the adjustment instruction received from the user interface.

Abstract: A user behavior activity detection method is provided in which network traffic relating to user behavior activities in a network is monitored. Data is stored representing network traffic within a plurality of time periods, each of the time periods serving as a transaction. Subsets of the network traffic in the transactions are identified as traffic suspected of relating to certain user behavior activities. The subsets of the network traffic in the transactions are assigned into one or more groups. A determination is made of one or more detection rules for each of the one or more groups based on identifying, for each of the groups, a number of user behavior activities common to each of the subsets of the network traffic. The one or more detection rules are used to monitor future network traffic in the network to detect occurrence of the certain user behavior activities.

Abstract: A computing device having connectivity to a network stores one or more existing device models, where each of the one or more existing device models is a representation of a different client device used by a first authenticated user to access the network. The computing device obtains a device sample, which comprises network traffic data that is captured during a period of time and which is generated by a particular client device associated with the authenticated user of the network. The computing device determines, based on one or more relational criteria, whether the device sample should be assigned to one of the one or more existing device models or to an additional device model that has not yet been created. The computing device then determines relative identity of the particular client device based on whether the device sample is assigned to one of the one or more device models or to an additional device model that has not yet been created.

Abstract: In one embodiment, a device in a network receives traffic information regarding one or more secure sessions in the network. The device associates the one or more secure sessions with corresponding certificate validation check traffic indicated by the received traffic information. The device makes a self-signed certificate determination for an endpoint domain of a particular secure session based on whether the particular secure session is associated with certificate validation check traffic. The device causes the self-signed certificate determination for the endpoint domain to be used as input to a malware detector.

Abstract: In one embodiment, a device in a network detects an encrypted traffic flow associated with a client in the network. The device captures contextual traffic data regarding the encrypted traffic flow from one or more unencrypted packets associated with the client. The device performs a classification of the encrypted traffic flow by using the contextual traffic data as input to a machine learning-based classifier. The device generates an alert based on the classification of the encrypted traffic flow.

Abstract: Rapidly detecting network threats with targeted detectors includes, at a computing device having connectivity to a network, determining features of background network traffic. Features are also extracted from a particular type of network threat. A characteristic of the particular type of network threat that best differentiates the features of the particular type of network threat from the features of the background network traffic is determined. A targeted detector for the particular type of network threat is created based on the characteristic and an action is applied to particular incoming network traffic identified by the targeted detector as being associated with the particular type of network threat.

Abstract: Detecting illegitimate typosquatting with Internet Protocol (IP) information includes, at a computing device having connectivity to a network, obtaining a list of domains and filtering the list to generate a list of monitored domain strings. IP information is passively determined for domains associated with each of the monitored domain strings. A domain requested in network traffic for the network is identified as a candidate typosquatting domain and the candidate typosquatting domain is determined to be an illegitimate typosquatting domain based at least on the IP information. An action is initiated related to the illegitimate typosquatting domain.

Abstract: A method for processing particles contained in a liquid biological sample is presented. The method uses a rotatable vessel for processing particles contained in a liquid biological sample. The rotatable vessel has a longitudinal axis about which the vessel is rotatable, an upper portion comprising a top opening for receiving the liquid comprising the particles, a lower portion for holding the liquid while the rotatable vessel is resting, the lower portion comprising a bottom, and an intermediate portion located between the upper portion and the lower portion, the intermediate portion comprising a lateral collection chamber for holding the liquid while the rotatable vessel is rotating. The method employs dedicated acceleration and deceleration profiles for sedimentation and re-suspension of the particles of interest.

Abstract: A method of individually releasing from an entity one or more members of a sub-group of biological units included in a heterogeneous group of biological units is provided. The method includes binding the group of biological units including the sub-group of biological units to the entity via a linker. Following binding, the location of the one or more members on the entity is determined. Once the location is determined, a localized physical pulse is applied to the one or more members. The localized physical pulse individually releases the one or more members from the entity by dissociating the linker.

Abstract: A pressure transmission liquid for a cellular analyzer, a cellular analyzer, and a method for analyzing a liquid cellular sample using such a cellular analyzer are disclosed. The pressure transmission liquid comprises an aqueous solution of at least one substance, wherein the solution has isotonic and substantially non-conductive characteristics. The cellular analyzer comprises a pipetting module having a pipetting tip, an automated positioning device for positioning the pipetting module, a capacitive liquid level sensor for detecting a liquid level of a liquid cellular sample to be analyzed, a pressure transmission liquid reservoir comprising such a pressure transmission liquid, and a pressure transmission liquid conduit connected to the pipetting tip and the pressure transmission liquid reservoir.

Abstract: In an embodiment, the method comprises receiving an identification of an anomaly associated with a false positive identification of a security threat by the intrusion detection system, wherein a first set of feature data identifies features of the anomaly; creating a plurality of training sets each comprising identifications of a plurality of samples of network communications; for the anomaly and each training set of the plurality of training sets, training a decision tree that is stored in digital memory of the security analysis computer; based at least in part on the plurality of trained decision trees, extracting a set of features that distinguish the anomaly from the plurality of samples; generating one or more rules associated with the anomaly from the extracted set of features and causing programming the security analysis computer with the one or more rules.

Abstract: In an arrangement to supply ink to a print head unit having a print head, an input, and an output, a back-pressure tank having ink is provided and connected with the input of the print head unit. A degassing unit for ink and having an input and an output is also provided. A first selector valve is connected to the degassing unit input, the first selector valve in a first position establishing a connection of the degassing unit with the output of the print head unit. A second selector valve is connected to the degassing unit output, the second selector valve in a first position establishing a connection of the degassing unit with the back-pressure tank.

Abstract: In an arrangement to supply ink to a print head unit having a print head, an input, and an output, a back-pressure tank having ink is provided and connected with the input of the print head unit. A degassing unit for ink and having an input and an output is also provided. A first selector valve is connected to the degassing unit input, the first selector valve in a first position establishing a connection of the degassing unit with the output of the print head unit. A second selector valve is connected to the degassing unit output, the second selector valve in a first position establishing a connection of the degassing unit with the back-pressure tank.

Abstract: A high-density multiwell-plate for performing thermocycled amplification reactions of polynucleotides in liquid samples comprising a plurality of reaction wells is disclosed. In order to provide a better thermal insulation, the plate comprises a rigid well-forming structure placed above a bottom layer, wherein substantially horizontal well-covering areas cover the liquid sample comprised in the wells, and a substantially plane cover placed above the well-forming structure providing a thermal insulating air distance between the well-covering areas and the cover.