Abstract: An example of a method for detecting hacking activities includes identifying one or more attributes of each interaction in a sequence of interactions between one or more users and bank services during a predetermined time period. The one or more users are categorized into a plurality of groups based on the identified attributes. Each of the plurality of groups includes users performing the sequence of interactions with the bank services during the predetermined time period. A degree of anomaly is calculated for each of the plurality of groups based on a total number of users associated with a corresponding sequence of interactions and based on a number of users associated with the corresponding sequence of interactions during the predetermined time period. The calculated degree of anomaly is compared with a predetermined threshold. Hacking activity is identified, in response to determining that the calculated degree of anomaly exceeds the predetermined threshold.

Abstract: A method for using inventory rules to identify devices of a computer network includes intercepting data traffic across one or more communication links of the computer network. The intercepted data traffic is analyzed to determine whether one or more of a plurality of inventory rules is satisfied by the intercepted data traffic. Each of the plurality of inventory rules comprises one or more conditions indicating the presence of a particular computer network device having a set of parameters. Each one of the plurality of inventory rules has a weighting factor value indicative of a priority of the application of a corresponding rule. The weighting factor value depends on previously identified devices. One or more devices of the computer network are identified using the weighting factor value of the one or more satisfied inventory rules.

Abstract: A method for detecting a false positive outcome in classification of files includes, analyzing a file to determine whether or not the file is to be recognized as being malicious, analyzing a file to determine whether a digital signature certificate is present for the file, in response to recognizing the file as being malicious; comparing the digital certificate of the file with one or more digital certificates stored in a database of trusted files, in response to determining that the digital signature certificate is present for the file; and detecting a false positive outcome if the digital certificate of the file is found in the database of trusted files, when the false positive outcome is detected, excluding the file from further determination of whether the file is malicious and calculating a flexible hash value of the file.

Abstract: Disclosed herein are systems and methods for generating individual content for a user of a service. In one aspect, an exemplary method comprises, gathering data on behavior of a user of a computing device, training a model of a user behavior based of the gathered data, wherein the trained data identifies the user to a predetermined degree of reliability, and generating an individual content for the user of the service based on a predetermined service environment in accordance with a trained model received from a model transmitter.

Abstract: Disclosed herein are systems and methods for counting a ballot in an electronic voting system. In one aspect, an exemplary method comprises, generating, by a token generator of the system, a number of tokens, wherein every token unambiguously identify actions of a user during an electronic voting, when the user is identified and authenticated successfully, enabling the user to select a token from the number of tokens, activating, by a ballot activator of the system, a ballot for the user, wherein activating includes generating the ballot, unambiguously relating the token selected by the user to the ballot, and enabling the user to access the ballot, and counting, by a ballot counter of the system, the ballot filled out by the user.

Abstract: Disclosed herein are systems and methods for providing a security policy for an electronic control unit (ECU) implementing an Autosar Adaptive Platform (AAP) standard. In one aspect, an exemplary method comprises maintaining a list of allowed interactions, the allowed interactions being between control applications and a basic component, the basic component including at least a program element defined by the AAP standard. In one aspect, when a request for a verdict as to whether or not access for an interaction of a first control application with the basic component is received from an operating system (OS) kernel, the method comprises performing a search in the list of allowed interactions, and when the interaction for which the request is received is found in the list, the method comprises providing a verdict to the OS kernel allowing the interaction.

Abstract: Disclosed herein are systems and methods for changing a password of an account record under a threat of unlawful access to user data. In one aspect, an exemplary method comprises generating, by an account records generator, a set of known user account records and sending the generated set of known user account records to a determination module, identifying, by the determination module, a use of at least one user account record from the generated set, and sending, to a verification module, data about the at least one user account record, performing, by the verification module, a verification of a presence of a threat of unlawful access to user data, the unlawful access being performed using the at least one user account record and performing, by a change module, the changing of a password of the at least one user account record the use of which has been identified.

Abstract: Disclosed herein are systems and methods for configuring IoT devices from the network infrastructure component based on a type of network, wherein the network contains at least one IoT device. In one aspect, an exemplary method comprises, by the network infrastructure component, collecting, data on one or more IoT devices, wherein each of the one or more IoT devices is connected to the network infrastructure component; for each IoT device, identifying a type of network; defining policies for configuring each of the one or more IoT devices based on the identified network; and for each of the one or more IoT devices, applying policies for monitoring and configuring the IoT device.

Abstract: Disclosed herein are systems and method for sending user data in a client-server architecture with data anonymity and consistency. In an exemplary aspect, a client device may identify, a structure to send to the server, wherein the structure comprises the user data. The client device may divide the structure into two or more substructures and for each respective substructure of the two or more substructures, the client device may (1) assign a degree of confidentiality to the respective substructure and (2) send the respective substructure to a respective node of a plurality of nodes based on the assigned degree of confidentiality and a degree of security of the respective node. The respective node may be configured to apply a respective transformation to the respective substructure and transmit the transformed respective substructure to the server. The server may be configured to combine received transformed substructures into a transformed structure.

Abstract: Disclosed herein are systems and methods for handling unwanted telephone calls through a branching node. In one aspect, an exemplary method comprises, intercepting a call request from a terminal device of a calling party to a terminal device of a called party, establishing a connection through the branching node via two different communication channels, a first communication channel being with the terminal device of the called party and a second communication channel being with a call recorder; duplicating media data between the terminal devices such that one data stream is directed towards a receiving device of the media data and a second data stream is directed towards the call recorder; recording and sending the recorded call to an automatic speech recognizer for converting the media file to digital information suitable for analysis; and when the call is unwanted, handling the call based on classification of the call.

Abstract: Systems and methods are provided for detecting system anomalies. The described technique includes receiving system parameters specifying functionality of a computing system. An anomaly is detected within the computing system. A recovery method is determined based on a recovery-method model and information about the detected anomaly, responsive to detecting the anomaly in the computing system. The determined recovery method is configured to ensure requirements of the computing system are met. Furthermore, responsive to detecting the anomaly in the computing system, the determined recovery method is implemented in response to installation of the selected system-compatible tool.

Abstract: A method for emulating execution of a file includes emulating execution of the instructions of a file on a virtual processor of an emulator. The execution of the instructions is halted in response to an invocation of an API function. A determination is made whether the invoked API function is present in the updatable modules of the emulator. The updatable modules contain implementation of API functions. In response to determining that the invoked API function is present in the updatable modules, execution of the invoked API function is emulated according to corresponding implementation contained in the updatable modules. Otherwise, result of execution of the invoked API function is generated by executing a corresponding virtual API function on a processor of a computing device.

Abstract: A method for processing information security events of a computer system includes receiving information related to a plurality of information security events occurred in the computer system. Each of the events includes an event related to a possible violation of information security of the computer system. A verdict is determined for each of the events. The verdict includes: i) information security incident or ii) false positive. The verdict is false positive if the probability of a false positive for the corresponding event is greater than a first threshold. Verdicts are changed for a subset of the events from the false positive to the information security incident. A number of events in the subset is lower than a second threshold. An analysis of the events having a verdict of the information security incident is performed to determine if the computer system is under a cyberattack.

Abstract: Disclosed herein are systems and methods for casting a vote in an electronic balloting system. In one aspect, an exemplary method comprises, authenticating a voter from whom a request for casting a vote is received, when the voter is successfully authenticated, generating an electronic ballot based on voting information, gathering data about an electronic vote of the voter, the electronic vote representing a choice of the voter on the electronic ballot, generating and sending at least one request to the voter, the request being generated for confirmation of a validity of the gathered data on the electronic vote, generating a hardcopy of the ballot filled out by the voter and placing the generated hardcopy in a centralized repository, and counting the vote, when the hardcopy of the ballot is successfully generated and an affirmative response is received from the voter in response to the at least one request.

Abstract: Disclosed herein are systems and methods for assessing an impact of malicious software causing a denial of service of components of industrial automation and control systems (IACS). In one aspect, an exemplary method comprises, generating a configuration of the IACS on a testing device based on specifications, obtaining a set of investigated software, where the set includes at least one sample of one malicious software, testing the generated configuration using the received set of investigated software, identifying occurrences of denials of service of the components of the testing device which are used to simulate the generated configuration, determining an impact of the malicious software on the generated configuration, and a degree of degradation of a performance of the generated configuration of IACS, and pronouncing a verdict as to a danger of the malicious software for the generated configuration of IACS based on the determined impact of the malicious software.

Abstract: Disclosed herein are methods and systems for detecting malicious files. An exemplary method comprises: selecting a file from a database of files used to perform training of a model for detecting a malicious file, forming one or more behavior patterns from intercepted one or more commands and parameters during execution of the file, forming a detection model, wherein the detection model selects a method of machine learning and is initialized with one or more hyper-parameters, training the detection model by calculating the one or more hyper-parameters based on the one or more behavior patterns to form a group of rules for calculating a degree of maliciousness of a resource and calculating a degree of maliciousness of another file based on the trained detection model.

Abstract: A method for detecting unmanned aerial vehicles (UAV) includes detecting an unknown flying object in a monitored zone of air space. An image of the detected unknown flying object is captured. The captured image is analyzed to classify the detected unknown flying object. A determination is made, based on the analyzed image, whether the detected unknown flying object comprises a UAV.

Abstract: Disclosed herein are systems and methods for granting access to data of a user. In one aspect, an exemplary method comprises, blocking the processing of data of a user, transferring the data of the user to a storage device, receiving a request for data processing from a collected data processor of a device, redirecting the received request to the storage device, determining, by the storage device, data access rights for the collected data processor of the device from which the request for data processing is received in accordance with data access rights established by a data access rights manager, and providing access to the data in accordance with the determined data access rights.

Abstract: Systems and methods for protecting an automated system (AS) including building a security configuration based on architecture data of the AS such that compliance with the security configuration ensures a security level for AS devices, installing a data transmission application on a gateway of an AS network using the security configuration, and transmitting data from one of the AS devices through the data transmission application such that the actions of the data transmission application are defined by the security configuration.

Abstract: A method for controlling secure access to user requested data includes retrieving information related to potential unauthorized access to user requested data. The information is collected by a plurality of sensors of user's mobile device. A trained statistical model representing an environment surrounding a user is generated based on the retrieved information. A first data security value is determined using the generated trained statistical model. The first data security value indicates a degree of information security based on user's environment. A second data security value is determined using the generated trained statistical model. The second data security value indicates a degree of confidentiality of the user requested data. The user requested data is filtered based on a ratio of the determined first data security value and the second data security value.