Abstract: Example systems and methods for biometric authentication that can bridge fuzzy extractors with deep learning and achieve the goals of preserving privacy and providing recoverability from zero are disclosed. Embeddings comprising a face or speaker embedding in a non-Hamming distance space can be processed to create a personal reliable bit map and a reliable locality-sensitive hash (LSH) for mapping the non-Hamming distance space to a Hamming distance space. A fuzzy extractor can be applied to create metadata that can be stored on a computing device. A secret can be recovered from the metadata and can be used for identification.

Abstract: An exemplary system and method are disclosed that provide the private querying of a biometric scan, such as a person's photo, against a private database such that the client issuing the private query learns only the identity of the query if it is in the database while the server performing the processing learns nothing of the biometric scan. The exemplary system and method conduct privacy-preserving searches over fuzzy databases via a fuzzy labeled set intersection (FLPSI) protocol. FLPSI protocol computes an intersection of noisy input sets to assess for closeness/similarity metrics in an efficient and optimized search.

Abstract: Example systems and methods for defending against powerful, automated attacks on facial authentication systems are disclosed. A first verification is performed based at least in part on determining a response time for a response to a CAPTCHA or other challenge. In response to determining that the response time is within a threshold, a second verification is performed based at least in part on extracting a face feature or a voice feature from a plurality of samples associated with the response.

Abstract: Example systems and methods for biometric authentication that can bridge fuzzy extractors with deep learning and achieve the goals of preserving privacy and providing recoverability from zero are disclosed. Embeddings comprising a face or speaker embedding in a non-Hamming distance space can be processed to create a personal reliable bit map and a reliable locality-sensitive hash (LSH) for mapping the non-Hamming distance space to a Hamming distance space. A fuzzy extractor can be applied to create metadata that can be stored on a computing device. A secret can be recovered from the metadata and can be used for identification.

Abstract: Example systems and methods for biometric authentication that can bridge fuzzy extractors with deep learning and achieve the goals of preserving privacy and providing recoverability from zero are disclosed. Embeddings comprising a face or speaker embedding in a non-Hamming distance space can be processed to create a personal reliable bit map and a reliable locality-sensitive hash (LSH) for mapping the non-Hamming distance space to a Hamming distance space. A fuzzy extractor can be applied to create metadata that can be stored on a computing device. A secret can be recovered from the metadata and can be used for identification.

Abstract: A method including: parsing a program to identify a plurality of features within the program; performing a first match of the plurality of features to a plurality of code files based on a hierarchical code index, the features corresponding to leaf nodes of the hierarchical code index and the code files corresponding to parent nodes of the leaf nodes; normalizing the first match results to weight against common features; performing a second match of the plurality of code files to one or more code repositories based on the hierarchical code index; normalizing the second match results to weight against common files; and identifying a code repository of the one or more code repositories as being included within the program.

Abstract: Example systems and methods for biometric authentication that can bridge fuzzy extractors with deep learning and achieve the goals of preserving privacy and providing recoverability from zero are disclosed. Embeddings comprising a face or speaker embedding in a non-Hamming distance space can be processed to create a personal reliable bit map and a reliable locality-sensitive hash (LSH) for mapping the non-Hamming distance space to a Hamming distance space. A fuzzy extractor can be applied to create metadata that can be stored on a computing device. A secret can be recovered from the metadata and can be used for identification.

Abstract: Example systems and methods for defending against powerful, automated attacks on facial authentication systems are disclosed. A first verification is performed based at least in part on determining a response time for a response to a CAPTCHA or other challenge. In response to determining that the response time is within a threshold, a second verification is performed based at least in part on extracting a face feature or a voice feature from a plurality of samples associated with the response.

Abstract: A method including: parsing a program to identify a plurality of features within the program; performing a first match of the plurality of features to a plurality of code files based on a hierarchical code index, the features corresponding to leaf nodes of the hierarchical code index and the code files corresponding to parent nodes of the leaf nodes; normalizing the first match results to weight against common features; performing a second match of the plurality of code files to one or more code repositories based on the hierarchical code index; normalizing the second match results to weight against common files; and identifying a code repository of the one or more code repositories as being included within the program.

Abstract: Aspects of the disclosed technology include a method including identifying, by a computer device, a message; encoding, by the computer device, the message; receiving, by the computer device, a video of a user reciting the encoded message; and providing, by the computer device, the message and the video for verification an authenticity of the message.

Abstract: A system and method of analysis. NX domain names are collected from an asset in a real network. The NX domain names are domain names that are not registered. The real network NX domain names are utilized to create testing vectors. The testing vectors are classified as benign vectors or malicious vectors based on training vectors. The asset is then classified as infected if the NX testing vector created from the real network NX domain names is classified as a malicious vector.

Abstract: A system and method for detecting a first network of compromised computers in a second network of computers, comprising: collecting Domain Name System (DNS) data for the second network; examining the collected data relative to DNS data from known comprised and/or uncompromised computers in the second network; and determining the existence of the first network and/or the identity of compromised computers in the second network based on the examination.

Abstract: A method and system of detecting a malicious and/or botnet-related domain name, comprising: reviewing a domain name used in Domain Name System (DNS) traffic in a network; searching for information about the domain name, the information related to: information about the domain name in a domain name white list and/or a domain name suspicious list; and information about the domain name using an Internet search engine, wherein the Internet search engine determines if there are no search results or search results with a link to at least one malware analysis site; and designating the domain name as malicious and/or botnet-related based on the information.

Abstract: A computerized system and method for performing behavioral clustering of malware samples, comprising: executing malware samples in a controlled computer environment for a predetermined time to obtain Hypertext Transfer Protocol. HTTP traffic; clustering the malware samples into at least one cluster based on network behavioral information from the HTTP traffic; and extracting, using the at least one processor, network signatures from the HTTP traffic information for each cluster, the network signatures being indicative of malware infection.

Abstract: System and method for detecting a domain generation algorithm (DGA), comprising: performing processing associated with clustering, utilizing a name-based features clustering module accessing information from an electronic database of NX domain information, the randomly generated domain names based on the similarity in the make-up of the randomly generated domain names; performing processing associated with clustering, utilizing a graph clustering module, the randomly generated domain names based on the groups of assets that queried the randomly generated domain names; performing processing associated with determining, utilizing a daily clustering correlation module and a temporal clustering correlation module, which clustered randomly generated domain names are highly correlated in daily use and in time; and performing processing associated with determining the DGA that generated the clustered randomly generated domain names.

Abstract: Aspects of the disclosed technology include a method including identifying, by a computer device, a message; encoding, by the computer device, the message; receiving, by the computer device, a video of a user reciting the encoded message; and providing, by the computer device, the message and the video for verification an authenticity of the message.

Abstract: A system and method of analysis. NX domain names are collected from an asset in a real network. The NX domain names are domain names that are not registered. The real network NX domain names are utilized to create testing vectors. The testing vectors are classified as benign vectors or malicious vectors based on training vectors. The asset is then classified as infected if the NX testing vector created from the real network NX domain names is classified as a malicious vector.

Abstract: A method and system for detecting a malicious domain name, comprising: collecting domain name statistical information from a non-recursive domain name system name server (RDNS NS); and utilizing the collected domain name statistical information to determine if a domain name is malicious or benign.

Abstract: The disclosed technology includes techniques for improving data privacy in mobile communications over public cloud services. According to certain implementations, a novel conceptual layer may be interposed between the “application” layer and the “user” layer. In some implementations, the conceptual layer may be at least partially embodied by a transparent window or pane overlaid on top of existing app graphical user interfaces to: (1) intercept plaintext user input before transforming the input and feeding it to an underlying app; and (2) reverse transform output data from the app before displaying the plaintext data to the user. Accordingly, the conceptual layer may serve as a protective layer while preserving the original application workflow and look-and-feel.

Abstract: A system and method of analysis. NX domain names are collected from an asset in a real network. The NX domain names are domain names that are not registered. The real network NX domain names are utilized to create testing vectors. The testing vectors are classified as benign vectors or malicious vectors based on training vectors. The asset is then classified as infected if the NX testing vector created from the real network NX domain names is classified as a malicious vector.