Abstract: An adaptive training system configured to implement a virtual training environment includes a control platform, which in turn includes a processor, and a non-transitory, computer readable storage medium having encoded thereon, machine instruction executable by the processor. The system further includes media devices in communication with the processor, with native sensors implemented on each of the media devices, each native sensor operating under control of a corresponding native sensor agent; and non-native sensors implemented outside the media devices, each non-native sensor operating under control of a corresponding non-native sensor agent. The machine instructions include instructions to deploy the non-native sensor agents, activate the native sensor agents, receive and process outputs from the native sensors and the non-native sensors, and adapt, in real-time, a training exercise by changing the difficulty, fidelity, and complexity of the training exercise.

Abstract: Disclosed herein are embodiments of an aerial network system including a first transceiver configured to transmit and receive free space optical (FSO) signals and a second transceiver configured to transmit and receive radio frequency (RF) signals. A processor provides modulated data signals to the first and second transceivers for transmission and receives demodulated signals from the first and second transceiver. The processor is configured for policy-based multipath admission of requests for access to an IP-routing enabled overlay network. The processor includes an inverse mission planning system configured for predictive traffic load balancing of transmitted FSO signals and RF signals. The inverse mission planning system includes radio behavior models and aerial platform models, and is configured for geographic simulation and optimization of mission planning data based upon user-inputted mission-specific data.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprising a computing device, which provides Efficient Data-In-Transit Protection Techniques for Handheld Devices (EDITH) to protect data-in-transit. An end user device (EUD) may generate a multicast data packet. The EDITH module of the EUD encapsulates the data packet in a GRE packet and directs the GRE packet to a unicast destination address of an EDITH Multicast Router included in an infrastructure. The EDITH module on the EUD double compresses and double encrypts the GRE packet. The EDITH module on the infrastructure decrypts and decompresses the double compressed and double encrypted GRE packet to recreate the GRE packet. The EDITH module on the infrastructure decapsulates the GRE packet to derive the original multicast data packet, and distributes the original multicast data packet to the multiple group member based on the multicast destination address included in the original multicast data packet.

Abstract: Systems and methods for analyzing memory architectures and for mapping data structures in software programs to appropriate memory to take advantage of the different memory architectures. A computer architecture having a processor connected to one or more first memories and one or more second memories is defined, wherein the first memories and the second memories are characterized by different performance profiles. An executable of a software program is instrumented to capture, during runtime, patterns of access to selected data structures of the executable. Based on an analysis of the patterns of access, allocation of the selected data structures between the first and second memories is determined.

Abstract: A computer-implemented method of securing vulnerabilities in a program, the method including receiving, by a computer, state information generated by an executed application program, training, by the computer, a constraints model based on the state information, generating, by the computer, one or more constraints with the constraints model, each of the one or more constraints describing an execution constraint for executing the application program, wherein the execution constraint enforces an intended operation of the application program, and applying, by the computer, the one or more constraints to the application program.

Abstract: A plurality of distributed network nodes may provide a decentralized access gateway to multiple, diverse types of databases. The plurality of distributed network nodes may host a private party blockchain. Each node may execute a peer-to-peer (P2P) client to perform operations associated with the private party blockchain. A subset of the nodes may be configured as validator nodes that may implement gossip protocols to cooperatively validate one or more database operations and generate a new block for the private party blockchain. Another subset of nodes may be configured as host nodes that may receive the new block and update a corresponding local copy of the private party blockchain appending the new block. Utilizing the co-operative validation of database operations and the updates appending the new blocks, the private party blockchain may maintain an immutable digital record of access and updates to the multiple and diverse types of databases.

Abstract: Systems, methods, and products may comprise an analytic server, which improves security of a unified system of distributed network infrastructure comprising a plurality of cyber-physical systems. The analytic server may instantiate a sub attack tree for each cyber-physical system within the unified system. The analytic server may determine how the interconnection of the plurality of cyber-physical systems may affect the unified system security. The analytic server may monitor systems and receive electronic notifications of alerts in real-time from devices in the plurality of cyber-physical systems. The analytic server may follow the logic of the attack tree model by traversing the attack tree from bottom up and determine how the alerts from the cyber-physical systems may affect the distributed network infrastructure as a whole. The analytic server may generate reports comprising a list of the prioritized attacks and recommendation actions to mitigate the attacks.

Abstract: A system having a distributed node hardware and software product is disclosed. The distributed topology allows for multiple GPS receiver node positions. The multiple GPS receiver node positions enable an accurate location estimation of a GPS spoofing signal emitter source of an incoming malicious GPS signal. The system detects the presence of a GPS spoofing signal emitter with high confidence against any spoofing geometry or strategy while the GPS receiver nodes are on the move.

Abstract: Embodiments disclosed herein describe systems, methods, and products to generate dynamic event trees that may be generated with ease and rapidly reconfigured. A computer may provide, e.g., through a web service, a user interface for a user (e.g., a trainer) to retrieve and customize event nodes from an event node database. The computer may also provide an event tree template where the user may simply drag and drop event nodes and use the dynamic event sequencers to generate hierarchical interconnections between the event nodes to generate a dynamic event tree. The computer may further execute a machine learning model that may recommend one or more event nodes. The computer may continuously train the machine learning model based upon the dynamic event tree and based upon whether the user has accepted the recommended event node.

Abstract: Disclosed herein are systems and methods for receiving electronic healthcare records and wearable device data associated with multiple users from multiple data sources, which are configured to generate and store the data in various data model regimes, many of which are not standardized or are variants of a standard. The data is standardized, aggregated, and then analyzed to generate reports. The reports are used to provide a plurality of customized execution environments and user interfaces on computing devices of the users, based on a report of each user. The data is used to determine distress situations and provide alert notifications in response.

Abstract: The methods and systems disclosed herein generally relate to automated execution and evaluation of computer network training exercises, such as in a virtual environment. A server executes a first attack action by a virtual attack machine against a virtual target machine based on a cyber-attack scenario, wherein the virtual target machine is configured to be controlled by the user computer. The server receives a user response to the first attack action, determines, using a decision tree, a first proposed attack action based on the user response, and executes an artificial intelligence model to determine a second proposed attack action based on the user response. The server selects a subsequent attack action from the first proposed attack action and the second proposed attack action and executes the subsequent attack action by the virtual attack machine against the virtual target machine.

Abstract: A method for use of airport runway capacity includes receiving, at an air traffic control system at an airport, airport data related to movement areas of the airport, time data related to a time period, aircraft data related to a plurality of aircraft expected to operate into and out of the airport during the time period, and environmental data related to environmental conditions predicted for the airport during the time period. The method further includes computing a probability distribution for inter-aircraft spacing by applying the airport data, the time data, the aircraft data, and the environmental data to a trained Bayesian network, producing the probability distribution for the inter-aircraft spacing as an output observation of the trained Bayesian network, and, using the probability distribution and a confidence value, identifying an inter-aircraft spacing value for the plurality of aircraft expected to operate into and out of the airport during the time period.

Abstract: Embodiments disclosed herein describe systems and methods for assessing vulnerabilities of embedded non-IP devices. In an illustrative embodiment, a system of assessing the vulnerabilities of embedded non-IP devices may be within a portable device. The portable device may include a plurality of wired connectors for various wired communication/data transfer protocols. The portable device may include tools for analyzing the firmware binaries of the embedded non-IP devices, such as disassemblers and modules for concrete and symbolic (concolic) execution. Based upon the disassembly and the concolic execution, the portable device may identify vulnerabilities such as buffer overflows and programming flaws in the firmware binaries.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise an analytic server, which detects and defends against malware in-flight regardless of the specific nature and methodology of the underlying attack. The analytic server learns the system's normal behavior during testing and evaluation phase and trains a machine-learning model based on the normal behavior. The analytic server monitors the system behavior during runtime comprising the runtime behavior of each sub-system of the system. The analytic server executes the machine-learning model and compares the system runtime behavior with the normal behavior to identify anomalous behavior. The analytic server executes one or more mitigation instructions to mitigate malware. Based on multiple available options for mitigating malware, the analytic server makes an intelligent decision and takes the least impactful action that have the least impact on the system to maintain mission assurance.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise an analytic server, which provides a SilverlineRT system that prioritizes and analyzes security alerts and events. The server builds an attack tree based on attack detection rules. The server monitors large-scale distributed systems and receives alerts from various devices. The server determines attacks using the attack tree while excluding false alarms. The server determines impact and risk metrics for attacks in real-time, and calculates an impact score for each attack. The server ranks and prioritizes the attacks based on the impact scores. The server also generates real-time reports. By consider the mission and system specific context in the analysis alert information, the server gives insight into the overall context of problems and potential solutions, improving decision-making. By showing the impacts of alters, the server allows security personnel to prioritize responses and focus on highest value defense activities.

Abstract: A method for improving efficiency of a training program begins with a processor monitoring and adapting execution of a training exercise of the training program. The processor determines a training program effectiveness measure including determining trainee skill improvement demonstrated during the training exercise, and monitoring and determining correctness and timeliness of trainee actions during the training exercise. The processor then determines a training program cost measure by determining a first monetary cost for the execution of the at least one training exercise, determining a second monetary cost associated with trainee man-hours for the training exercise, and generating the training program cost measure based on the first and second monetary costs. The processor then computes a ratio of the training program effectiveness measure to the training program cost measure.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise a computing device, which allows in-network and network-border protection for Internet of things (IoT) devices by securely partitioning network space and defining service-based access to IoT devices. The disclosed segmented attack prevention system for IoT networks (SAPSIN) segments the IoT network into two virtual networks: a service network and a control network; and define access control rules for each virtual network. In the service network, SAPSIN utilizes a service-based approach to control device access, allowing only configured protocol, applications, network ports, or address groups to enter or exit the network. In control network, the SAPSIN provides the access control rules by defining a threshold for the number of configuration requests within a predetermined time. As a result, SAPSIN protects IoT devices against intrusion and misuse, without the need for device-specific software or device-specific security hardening.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise a computing device, which provides a secure data transport service (SecureX) for data packets traversing from an end user device (EUD) to a mission network over untrusted networks. The disclosed SecureX module may be software product running on the EUD and on a SecureX appliance fronting the mission network. The SecureX module on the EUD compresses the data packets by removing header fields that are constant over the same packet flow and double encrypts the data packets with different cryptographic keys. The SecureX on the EUD transmits the double compressed encrypted data packets over the untrusted network. The SecureX appliance receives the double compressed encrypted data packets, decrypts the data packets and decompresses the data packets to recreate the original data packets. The SecureX appliance transmits the original data packets to the mission network.

Abstract: A computer-implemented method for securing unmanned aerial system (UAS) operations includes receiving a UAS flight plan for a UAS and a UAS operation, the UAS flight plan including a flight profile and flight path for the UAS; determining a mission type for the UAS operation requires use of dummy aircraft information; and assigning a dummy UAS identification for the UAS. Generating dummy airframe information, including dummy airframe characteristics and performance data, for the UAS, includes generating dummy airframe information that corresponds to airframe information for an actual civil aircraft that could follow the received UAS flight plan. The method further includes causing the UAS to broadcast the dummy UAS identification and the dummy airframe information with an automatic dependent surveillance-broadcast signal during at least a portion of the UAS operation.

Abstract: Various computing technologies for various reverse engineering platforms capable of outputting, including creating or generating, a human readable and high level source code, such as C, Fortran, LISP, or BASIC, from various binary files, such as application binaries, executable binaries, or data binaries, in an original language as developed pre-compilation. For example, some of such reverse engineering platforms can be programmed to disassemble binary files from different process architectures, identify various code optimizations as compiler introduced, reverse or unwind various compiler optimizations (de-optimize), and generate a human readable and high-level source code from de-optimized data.