Abstract: A computer processing node is described that is configured to perform a control flow integrity (CFI) method on a protected process operating on the processing node. The CFI method includes intercepting a system call originating from execution of the protected process executing in the runtime environment. A fast path operating within a kernel of the computer system accesses, from a kernel memory, a processor trace packet corresponding to the system call. The fast path attempts to establish a match between the processor trace packet and a program control flow (edge) entry within a credit-labeled control flow graph (CFG) definition having an associated credit value. The credit value represents a degree to which the program control flow is credible.

Abstract: Techniques for performing static and dynamic analysis on a mobile device application are disclosed. Static analysis is performed on a mobile device application using a static analysis engine. A set of static analysis results is generated. Dynamic analysis of the application is selectively customized based at least in part on a presence of a permission in the set of static analysis results. Dynamic analysis is performed using a dynamic analysis engine. A determination of whether the application is malicious is made based at least in part on the dynamic analysis.

Abstract: The present invention discloses a method for preparing large-area transition metal dichalcogenide (TMDC) single-crystal films and the products obtained therefrom. The method comprises the steps of: (1) providing a single-crystal C-plane sapphire with surface steps along <1010>directions; and (2) taking the sapphire in step (1) as the substrate, generating unidirectionally arranged TMDC domains on the sapphire surface based on a vapor deposition method and keeping the domains continuously grow and merge into a large-area single-crystal film. The lateral size of the TMDC single-crystal films prepared by the method can reach inch level or above, and is limited only by the size of the substrate.

Abstract: This disclosure relates to methods, non-transitory computer readable media, and client devices that automatically initiate a wireless network connection (e.g., a pairing) with an auxiliary computing device based on recurring detection of a wireless broadcast signal from the auxiliary computing device. Upon detecting a wireless broadcast signal for an auxiliary computing device satisfying a signal-strength threshold at multiple times or locations, for example, the disclosed client devices can automatically initiate a wireless network connection (e.g., a pairing) with the auxiliary computing device. By automatically initiating a wireless connection with such an auxiliary computing device, the disclosed client devices obviate inefficient user interactions conventional computing devices use to establish a pairing, facilitate pairings with auxiliary computing devices for unsavvy technology users, and avoid unsecure wireless connections that may compromise data on the disclosed provider client devices.

Abstract: A two-step optimization process is utilized to define an optimal phase profile for a LCoS spatial light modulator. The two-step optimization process first utilizes a nonlinear constrained optimization (NCO) program to determine the specific parameters required to obtain an optimal phase profile (hologram), where the “optimal phase profile” is typically defined as that profile which achieves maximum diffraction efficiency for optical switching. Following this first step, phase scaling (and perhaps an adjustment in the number of pixels per period) is employed to slightly modify the values of the optimal phase profile to effectively suppress crosstalk peaks. If any orders still exhibit an unacceptable level of crosstalk, these orders are then subtracted from the phase profile to create the final design.

Abstract: Techniques for malware detection using clustering with malware source information are disclosed. In some embodiments, malware detection using clustering with malware source information includes generating a first cluster of source information associated with a first malware sample, in which the first malware sample was determined to be malware, and the first malware sample was determined to be downloaded from a first source; and determining that a second source is associated with malware based on the first cluster.

Abstract: Evaluating a potentially malicious sample using a copy-on-write overlay is disclosed. A first virtual machine instance is initialized as a copy-on-write overlay associated with an original virtual machine image. The first virtual machine image is started and a first sample is executed. A second virtual machine instance is initialized as a copy-on-write overlay associated with a second original virtual machine image. The second virtual machine image is started and a second sample is executed. The first and second samples are executed at an overlapping time.

Abstract: Methods and apparatus are described for quarantining malicious injected code. target code is identified, in web page code requested by a client device, that is vulnerable to a code injection attack by malware. The web page code is modified by obfuscating the target code, and adding decoy code to the web page code that is vulnerable to the code injection attack.

Abstract: Methods and apparatus are described for automatically modifying web page code. Specific implementations relate to the modification of web page code for the purpose of combatting Man-in-the-Browser (MitB) attacks.

Abstract: Techniques are provided for detection of malicious activity using behavior data. A behavior model is trained with behavior data generated in association with a plurality of requests. Data is received that describes a particular request from a particular client device to a server system hosting a website. The data includes particular behavior data generated at the particular client device in association with the particular request. The particular behavior data is analyzed using the behavior model to generate a behavior model result. An automation determination for the particular request is generated based on the behavior model result. The particular request is handled based on the automation determination for the particular request.

Abstract: A computer-implemented method includes providing, for use by a third-party, injectable computer code that is capable of being served with other code provided by the third-party to client computing devices; receiving data from client computing devices that have been served the code by the third-party, the data including data that characterizes (a) the client computing devices and (b) user interaction with the client computing devices; classifying the client computing devices as controlled by actual users or instead by automated software based on analysis of the received data from the client computing devices; and providing to the third party one or more reports that characterize an overall level of automated software activity among client computing devices that have been served code by the third party.

Abstract: Techniques for malware domain detection using passive Domain Name Service (DNS) are disclosed. In some embodiments, malware domain detection using passive DNS includes generating a malware association graph that associates a plurality of malware samples with malware source information, in which the malware source information includes a first domain; generating a reputation score for the first domain using the malware association graph and passive DNS information; and determining whether the first domain is a malware domain based on the reputation score for the first domain.

Abstract: Techniques for malware detection using clustering with malware source information are disclosed. In some embodiments, malware detection using clustering with malware source information includes generating a first cluster of source information associated with a first malware sample, in which the first malware sample was determined to be malware, and the first malware sample was determined to be downloaded from a first source; and determining that a second source is associated with malware based on the first cluster.

Abstract: Techniques for malware detection using clustering with malware source information are disclosed. In some embodiments, malware detection using clustering with malware source information includes generating a first cluster of source information associated with a first malware sample, in which the first malware sample was determined to be malware, and the first malware sample was determined to be downloaded from a first source; and determining that a second source is associated with malware based on the first cluster.

Abstract: A computer-implemented method includes providing, for use by a third-party, injectable computer code that is capable of being served with other code provided by the third-party to client computing devices; receiving data from client computing devices that have been served the code by the third-party, the data including data that characterizes (a) the client computing devices and (b) user interaction with the client computing devices; classifying the client computing devices as controlled by actual users or instead by automated software based on analysis of the received data from the client computing devices; and providing to the third party one or more reports that characterize an overall level of automated software activity among client computing devices that have been served code by the third party.

Abstract: Detecting malicious PDF documents is disclosed. A PDF document is received. The PDF is classified using a classifier. The classifier is trained at least in part by using one of the following: (1) a feature associated with embedded script code; (2) a feature associated with a PDF action; and (3) a feature associated with a PDF structure.

Abstract: Disclosed is a method for depositing ultrathin C8-BTBT, PTCDA and their heterojunctions with precise control of the molecular layers. In the method, source of the organic semiconductor material to grow (C8-BTBT or PTCDA) and a support are spaced from each other in a vacuum chamber with a temperature gradient, and ultrathin organic semiconductor crystal can be deposited on the support in crystalline form and with precisely controlled molecular layers. The as-deposited C8-BTBT or PTCDA crystals can be one-molecular-layer or two-molecular-layer in thickness and has full coverage on the support without any additional layers or voids. Ultrathin heterojunctions of these two-dimensional organic semiconductors can also be achieved.

Abstract: Techniques for performing static and dynamic analysis on a mobile device application are disclosed. Static analysis is performed on a mobile device application using a static analysis engine. A set of static analysis results is generated. Dynamic analysis of the application is selectively customized based at least in part on a presence of a permission in the set of static analysis results. Dynamic analysis is performed using a dynamic analysis engine. A determination of whether the application is malicious is made based at least in part on the dynamic analysis.

Abstract: Methods and apparatus are described for automatically modifying web page code. Specific implementations relate to the modification of web page code for the purpose of combatting Man-in-the-Browser (MitB) attacks.

Abstract: A computer processing node is described that is configured to perform a control flow integrity (CFI) method on a protected process operating on the processing node. The CFI method includes intercepting a system call originating from execution of the protected process executing in the runtime environment. A fast path operating within a kernel of the computer system accesses, from a kernel memory, a processor trace packet corresponding to the system call. The fast path attempts to establish a match between the processor trace packet and a program control flow (edge) entry within a credit-labeled control flow graph (CFG) definition having an associated credit value. The credit value represents a degree to which the program control flow is credible.