Abstract: A data storage system uses erasure coding in combination with hashgraph to organize stored data and recover that data in a computing environment.

Abstract: The IOC Infrastructure management system (100) and method is disclosed for building an IOC infrastructure and its management thereof. The system mainly includes a IOC processing unit and an endpoint engine. The IOC processing unit is configured to i) source raw IOCs from a plurality of external sources, ii) convert format of the raw IOCs into a predetermined format of an IOC database using a parser unit, where each parser of the parser unit corresponds to at least one IOC format, iii) build and apply syntax tree to the parsed IOCs, where the syntax tree supports complex expression-based toolsets, such as YARA, and sort the IOCs lexicographically to avoid duplication of IOC entry and render the malware detection scanning process faster and efficient.

Abstract: Disclosed herein are systems and method for repurposing a machine learning model. An exemplary method includes: receiving a first training dataset; determining an input portion and an output portion in an entry of the first training dataset; comparing the first training dataset to a second training dataset used to train a machine learning model, wherein the comparing includes determining a similarity score between the input portion and the output portion of the first training dataset and an input portion and an output portion of the second training dataset; in response to determining that the similarity score is greater than a threshold similarity score, re-training the machine learning model using the first training dataset; and executing the retrained machine learning model on an input value to generate an output value corresponding to the first training dataset.

Abstract: The present disclosure relates to a system and method for rootkit detection based on a system dump sequence analysis. The system includes a security system in communication with one or more applications of a computing system. The security system includes a system event monitor to monitor events occurring at the applications, a system dump capture driver to capture differential system dumps corresponding to each event, and a rootkit detection engine to determine if a system state is infected. The rootkit detection engine is based on a machine learning model, where the machine learning model is trained on collection of clean system dumps and infectious system dumps. Based on analysis carried out by the machine learning model, the rootkit detection engine can classify the system state as suspicious, infectious, or clean state.

Abstract: Forensic analysis on consistent system footprints relates to a system and method for rootkit detection based on forensic analysis performed on consistent system footprints, such as application events, application network communications and application files. The system includes a security system periodically monitoring one or more applications of a computing system. The security system includes a threat detection unit for collecting and storing system memory dumps, a machine learning module trained on clean and infectious memory dump, a similarity scanner to identify similarity between suspicious memory block and consistent system footprints, and a forensic analyzer to perform forensic analysis and detect infection, if any, based on the similarity found. The suspicious memory block is identified by the threat detection unit based on the analysis performed by the machine learning model. Upon rootkit detection an alert and forensic analysis report are generated.

Abstract: The invention relates to data recovery technology. Each created backup is checked for the integrity of the placed files, while calculating the checksums of each block of data that can be restored from the backup. The computer system is restored from a backup copy by connecting it using the archive copy connection driver, which creates a virtual disk that is readable by standard means of the operating system of the computer system being restored. The booting of the operating system is performed from the virtual disk and, after restoring the functioning of the computer system, the system volume that has been damaged is restored from the backup copy to the local storage medium.

Abstract: The present disclosure relates to a system and method for creating a backup and restoring the exact clean system state prior to malware detection. The system includes a security system, in communication with one or more applications of a computing system, and a backup unit. The security system detects malware during execution of the applications or events based on a memory dump analysis. The backup unit creates a backup copy of the system state corresponding to each event, labels each copy and creates an index. When the security system detects presence of the malware at a particular event, the backup system parses the index, and with use of the labels, retrieves the exact backup copy that belongs to the event preceding the other event that caused the malware attack.

Abstract: A method for creating a collection with optimized family-specific signatures for protecting from malware includes collecting statistics of potential signatures for chosen sample attribute vectors, the statistics of potential signatures being collected for clean files and malware files, estimating a probability to find a potential signature in the clean files, grouping malware files with the same signature in clusters (families), choosing the most optimal signature for the malware family files based on a predefined target function, and exporting a collection with optimized family-specific signatures configured to be implemented by scan engines.

Abstract: Disclosed herein are systems and method for provisioning artificial intelligence resources. A method may receive an input training dataset and an indication of a task to perform using the input training dataset and may determine a size of the input dataset and a content type of an entry in the input training dataset. The method may identify, from a plurality of computing resources, at least one computing resource to accommodate the size and the content type associated with the input training dataset and may identify attributes of the input training dataset. The method may select, from a plurality of artificial intelligence models, and train and execute, on the at least one computing device, an artificial intelligence model that is configured to perform the task.

Abstract: Disclosed herein are systems and method for protecting files indirectly related to user activity. In one exemplary aspect, a method may comprise identifying, on a computing device, a file that is directly accessed by a user of the computing device. The method may comprise determining an application that provides access to the file. The method may comprise identifying a plurality of program files that the application utilizes during execution. For each respective program file of the plurality of program files, the method may comprise determining whether the respective program file is required by the application to provide access to the file and in response to determining that the respective program file is required, determining a type of threat that can target the respective program file. The method may further comprise performing a data protection action on the respective program file based on the type of threat.

Abstract: Disclosed herein are systems and method for inspecting archived slices for malware. In one exemplary aspect, the method comprises identifying a first slice in a plurality of slices in a backup archive, wherein the first slice is an image of user data at a first time. The method comprises scanning the first slice of the plurality of slices in the backup archive and detecting at least one infected file in the first slice. The method comprises identifying a block of the first slice that corresponds to the at least one infected file. The method comprises mounting, to a disk, a second slice of the plurality of slices. The method comprises tracking the block and determining that the at least one infected file exists on the second slice and removing the infected file from the second slice by generating a respective cured slice of the second slice.

Abstract: Disclosed are systems and methods restoring a computing system. The described method includes emulating a virtual disk using a backup of the computing device and generating an ancillary virtual machine (VM). The method includes determining and writing, to a delta disk linked to the virtual disk, configuration modifications to the ancillary VM that enable booting of the ancillary VM using the virtual disk on a different device with dissimilar hardware as the computing device. Responsive to receiving a request to perform recovery of the computing device, the method comprises restoring the backup by creating on the different device a recovery virtual machine (VM) having a base virtual disk emulated from the backup, and modifying the recovery VM by attaching the delta disk having the configuration modifications.

Abstract: A system for detection of files not matching a known malware file in a computing environment that includes a processor coupled to a memory storing instructions to permit the processor to function as an analyzer. The analyzer is configured to receive, as input, an unknown file and the known malware file, compare the unknown file to the known malware file by comparing N (where N is greater of equal to 1) blocks B1, ..., BN of lengths L1, ..., LN located at offsets O1, ..., ON such that the number of blocks, lengths and offsets are calculated according to pre-defined algorithm, and output a value indicating that the unknown file is different from the known malware file if exists at least one j that a Bj block of the unknown file is different from a Bj block of the known malware file.

Abstract: Disclosed herein are systems and method for multiplexing data of an underlying index. In an exemplary aspect, an index handler may: search for a data file in a plurality of data buckets associated with an index, wherein at least one respective data bucket of a plurality of data buckets is attached to a respective slot of a plurality of slots; identify, based on the searching, a first data bucket of the plurality of data buckets that comprises the data file; in response to determining that the first data bucket is not attached to any of the plurality of slots, attach the first data bucket to a first slot of the plurality of slots; and enable access to the data file via the first data bucket attached to the first slot.

Abstract: Aspects of the disclosure describe methods and systems for transmitting data via a satellite to a ground node. In one exemplary aspect, a method comprises splitting, on a satellite, a data segment into a plurality of data chunks, wherein an amount of the data chunks equals a number of ground nodes that the data chunks will be transmitted to. For each respective data chunk, the method comprises determining whether the satellite has a stable connection with the respective ground node. When the satellite has the stable connection with the respective ground node, the method comprises transmitting, by the satellite, the respective data chunk to the respective ground node, and when the satellite does not have the stable connection with the respective ground node, the method comprises transmitting, by the satellite, the respective data chunk to a neighboring satellite for storage until the stable connection is established.

Abstract: Disclosed herein are systems and methods for protecting user data. In one aspect, an exemplary method comprises, by a hardware processor, detecting one or more user files, created by a user, that are on a user device; generating user transactional data associated with one or more detected network-based interactions with a service provider by the user, and user behavior data based on one or more user interactions with a graphical user interface of the user device by the user; generating a user classification using a machine learning model that classifies the user based on the one or more user files, the user transactional data, and the user behavior data; and when the user is identifiable based on the user classification, modifying at least one of the one or more user files stored on the user device and user behavior of the user during an operation of the user device.

Abstract: Disclosed herein are systems and method for determining data storage insurance policies. In an exemplary implementation, a method comprises receiving a request to add a data storage insurance policy to a plurality of data files. The method comprises extracting data file attributes and determining a data recovery score for each respective data file based on a uniqueness, criticality, and/or importance of the respective data file. The method comprises determining a hardware score for each of a plurality of performance tiers comprising at least one storage server, based on an available capacity, a performance cost, and/or data recovery scores of data files currently stored at each of the plurality of performance tiers. The method comprises selecting and executing a data storage insurance policy for the respective data file based on a plurality of data recovery rules and/or the comparison of the data recovery score and the hardware score.

Abstract: Disclosed herein are systems and methods for classifying organizational structure for implementing data protection policies. In one exemplary aspect, a method may comprise retrieving a plurality of data files of an organization, wherein the plurality of data files are stored in a data storage; retrieving structural information of the organization, the structural information comprising details of user accounts, organizational roles, and file metadata within the organization; classifying the structural information into an organization type of a plurality of organization types; classifying each respective data file of the plurality of data files into a respective topic of a plurality of topics, wherein the plurality of topics are associated with the organization type; generating a data protection policy for the organization based on each respective topic of the plurality of data files and the organization type; and executing the data protection policy on the data storage.

Abstract: Disclosed herein are systems and methods for parallel malware scanning in a cloud environment. In one exemplary aspect, a method may comprise identifying a plurality of agents connected to a server, wherein each agent is configured to synchronize data between a different computing device and the server. The method may comprise receiving, from a first agent of the plurality of agents, a request to scan the synchronized data for malware. In response to determining, from the plurality of agents, at least one other agent that comprises the synchronized data, the method may comprise partitioning the synchronized data into a plurality of portions. The method may comprise assigning a first portion for scanning to the first agent and at least one other portion for scanning to the at least one other agent, and aggregating scan results from the first agent and the at least one other agent.

Abstract: Disclosed herein are systems and methods for dynamic job performance in secure multiparty computation (SMPC). The method may comprise receiving an SMPC query that indicates a processing job to be performed on a data input. The method may split the data input to generate a plurality of partial data inputs, based on parameters and the query type of the SMPC query. The method may generate a plurality of jobs to perform on the plurality of partial data inputs and determine a combined result of the processing job. The method may adjust the amount of worker processes in a worker pool based on at least one of: required computation, time of day, date, financial costs, power consumption, and available network bandwidth.