Abstract: A plurality of distributed network nodes may provide a decentralized access gateway to multiple, diverse types of databases. The plurality of distributed network nodes may host a private party blockchain. Each node may execute a peer-to-peer (P2P) client to perform operations associated with the private party blockchain. A subset of the nodes may be configured as validator nodes that may implement gossip protocols to cooperatively validate one or more database operations and generate a new block for the private party blockchain. Another subset of nodes may be configured as host nodes that may receive the new block and update a corresponding local copy of the private party blockchain appending the new block. Utilizing the co-operative validation of database operations and the updates appending the new blocks, the private party blockchain may maintain an immutable digital record of access and updates to the multiple and diverse types of databases.

Abstract: An example network security and threat assessment system is configured to determine, based on one or more events that have occurred during execution of one or more applications, a potential security vulnerability of a target computing system, where the one or more events correspond to a node represented in the hierarchical risk model. The system is further configured to identify, based on a mapping of the node represented in the hierarchical risk model to a node represented in a hierarchical game tree model, one or more actions that are associated with the potential security vulnerability and that correspond to the node represented in the hierarchical game tree model, and to output, for display in a graphical user interface, a graphical representation of the potential security vulnerability and the one or more actions associated with the potential security vulnerability.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise a computing device, which allows a device to be used in different classification levels by powering the device down and booting to a different classified level without the need to switch hard drives. The disclosed software shield and persona switcher (Shielder) module provides independent application environments (personas) for separate security domains while allowing fast transition between personas. Shielder module supports multiple security classification via a minimal system storage partitioning. Shielder module allows efficient collection and reallocation of memory and persistent storage according to need and priority. Shielder module provides secure management of communication media by directing the system communication according to the security profile of the active persona.

Abstract: Disclosed herein are embodiments of systems, methods, and products providing real-time anti-malware detection and protection. The computer uses artificial intelligence techniques to learn and detect new exploits in real time and protect the full system from harm. The computer trains a first machine learning model for executable files. The computer trains a second machine learning model for non-executable files. The computer trains a third machine learning model for network traffic. The computer identifies malware using the various machine learning models. The computer restores to a clean, uncorrupted state using virtual machine technology. The computer reports the detected malware to a security server, such as security information and even management (SIEM) systems, by transmitting detection alert message regarding the malware. The computer interacts with an administrative system over an isolated control network to allow the system administrator to correct the corruption caused by the malware.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise a processor, which provides runtime enforcement of data flow integrity. The processor accesses the application binary file from the disk to execute an application and translates the application binary into intermediate representation. The processor applies the logic of data flow integrity controls to the intermediate representation. Specifically, the processor identifies the vulnerable code in the intermediate representation. The processor applies data flow integrity controls to the vulnerable code. The processor adds simple instrumentation that only changes the application's behavior when unauthorized data tampering occurs while preserving the application's normal behavior. When certain operations may cause unauthorized data tampering, the processor takes proper measures to stop the operations. The processor translates the intermediate representation back to a machine code and replaces the original binary with the machine code.

Abstract: A system and a corresponding computer-implemented method identifies and classifies community-sourced documents as true documents. The community-sourced documents include one or more data objects such as data items, including text, strings, phrases, and words; image items, including still image items, video image items, and icons; and drawing items. The system and corresponding method then report the analysis results.

Abstract: Various embodiments described herein relate to a server-based virtual training environment monitor, which may configure and customize an exercise and fitness program accessible through augmented and virtual reality applications running on an electronic device of a user, based on a current state and events associated with the user. The current state and events are determined through reactive agents (for example, intelligent agents) and monitoring devices (for example, sensors), which are directly or indirectly associated with the electronic device.

Abstract: Disclosed herein is application specific integrated circuit (ASIC) redesign for security and analysis testing tool, which includes hardware description language code with on-chip security circuitry for detecting and mitigating hardware Trojan horses (HTHs) in an ASIC chip. The testing tool is used between a design stage of the ASIC chip and a synthesis phase of production of the ASIC chip to add test circuitry to the ASIC chip in order to facilitate testing and protecting of the ASIC chip from the HTHs long after production. The test circuitry facilitates search for HTHs, HTH triggering events, and changes made to the ASIC if the HTH has been activated.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprising an analytic server that automates training dataset generation for different application areas. The server may perform an automated, iterative refinement process to build a collection of dataset generator models over time. The server may receive a set of seed examples in a domain and generate candidate examples based on the features of the seed examples using data synthesis techniques. The server may execute a pre-trained label discriminator (LD) and domain discriminator (D2) on the candidate examples. The LD may identify and reject mislabeled data. The D2 may identify and reject out of domain data. The analytic server may regenerate new labeled data based on the feedback of the LD and D2. The analytic server may train a dataset generator by iteratively performing these steps for refinement until the regenerated candidate examples reach a pass rate threshold.

Abstract: An attack tree model for an aviation system comprises a plurality of tree nodes organized as a tree. For each tree node of the attack tree model model, the tree node corresponds to a respective event that may befall aviation system. An analysis computing system generates one or more attack tree models for the aviation system, wherein the aviation system includes one or more systems, sub-systems, or components. The analysis computing system further performs an assessment of one or more of the system, sub-systems, or components of the aviation system using the one or more attack tree models, and outputs metrics indicative of the assessment.

Abstract: A computer-implemented method of securing vulnerabilities in a program, the method including receiving, by a computer, state information generated by an executed application program, training, by the computer, a constraints model based on the state information, generating, by the computer, one or more constraints with the constraints model, each of the one or more constraints describing an execution constraint for executing the application program, wherein the execution constraint enforces an intended operation of the application program, and applying, by the computer, the one or more constraints to the application program.

Abstract: Disclosed herein are embodiments of systems, methods, and products that execute tools to identify non-malicious faults in source codes introduced by engineers and programmers. The tools may execute a machine learning model on the source codes to perform sentiment analysis and pattern analysis on information associated with the source codes to generate annotated source code files identifying anomalies based on the sentiment analysis and the pattern analysis. One or more threat levels are then identified and ranked based on the one or more anomalies and a ranked list of the one or more threat levels is displayed on a graphical user interface of a computer.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprising a computing device, which provides Efficient Data-In-Transit Protection Techniques for Handheld Devices (EDITH) to protect data-in-transit. An end user device (EUD) may generate a multicast data packet. The EDITH module of the EUD encapsulates the data packet in a GRE packet and directs the GRE packet to a unicast destination address of an EDITH Multicast Router included in an infrastructure. The EDITH module on the EUD double compresses and double encrypts the GRE packet. The EDITH module on the infrastructure decrypts and decompresses the double compressed and double encrypted GRE packet to recreate the GRE packet. The EDITH module on the infrastructure decapsulates the GRE packet to derive the original multicast data packet, and distributes the original multicast data packet to the multiple group member based on the multicast destination address included in the original multicast data packet.

Abstract: A computer-implemented adaptive group training method a computer accessing a virtual system and initiating a group training exercise for training a trainee group comprising one or more trainees, the group training exercise including one or more challenges to the virtual system, each of the one or more challenges including a pre-defined sequence of one or more injectable events; the computer controlling subsequent execution of the group training exercise comprising injecting the injectable events; and the computer evaluating performance of the trainee group during the subsequent execution of the group training exercise, including analyzing actions taken by the trainee group in response to each of the injections, and attributing one or more of the actions taken to a trainee.

Abstract: A plurality of distributed network nodes may provide a decentralized access gateway to multiple, diverse types of databases. The plurality of distributed network nodes may host a private party blockchain. Each node may execute a peer-to-peer (P2P) client to perform operations associated with the private party blockchain. A subset of the nodes may be configured as validator nodes that may implement gossip protocols to cooperatively validate one or more database operations and generate a new block for the private party blockchain. Another subset of nodes may be configured as host nodes that may receive the new block and update a corresponding local copy of the private party blockchain appending the new block. Utilizing the co-operative validation of database operations and the updates appending the new blocks, the private party blockchain may maintain an immutable digital record of access and updates to the multiple and diverse types of databases.

Abstract: Systems, devices, methods, and techniques are described for automated air traffic management using multiple flight operation modes. In one example, a method includes receiving, by a computing device comprising one or more processors, data associated with one or more aircraft in flight in a controlled airspace. The method further includes selecting, by the computing device, based at least in part on the data associated with the one or more aircraft, a respective flight operation mode from among a plurality of flight operation modes for at least one respective aircraft among the one or more aircraft in flight. The method further includes outputting, by the computing device for transmission to the at least one respective aircraft, an indication of the respective flight operation mode selected for the at least one respective aircraft.

Abstract: Disclosed herein are embodiments of systems, methods, and products for modernizing and optimizing legacy software. A computing device may perform an automated runtime performance profiling process. The performance profiler may automatically profile the legacy software at runtime, monitor the memory usage and module activities of the legacy software, and pinpoint/identify a subset of inefficient functions in the legacy software that scale poorly or otherwise inefficient. The computing device may further perform a source code analysis and refactoring process. The computing device may parse the source code of the subset of inefficient functions and identify code violations within the source code. The computing device may provide one or more refactoring options to optimize the source code. Each refactoring option may comprise a change to the source code configured to correct the code violations. The computing device may refactor the source code based on a selected refactoring option.

Abstract: An example method includes receiving an indication of a selection of a first application environment that includes a first virtual environment associated with a first security domain and is configured to isolate execution of software applications within the first application environment, suspending execution of a second application environment that includes a second virtual environment associated with a second security domain different from the first security domain, initiating execution of the first application environment, identifying information associated with the first security domain and provided by the first application environment that is to be sent to an external computing device associated with the first security domain, selecting communication network(s) from one or more communication networks that are each available to the mobile computing device for data communication, encrypting, based on the first security domain and network(s), the information, and sending, to the external computing device via

Abstract: A computer-implemented method for establishing and controlling a mobile perimeter and for determining a geographic location of an RF emitting source at or within the mobile perimeter includes receiving from RF sensors in a network, processed RF emissions from the source collected at RF sensors. The RF emissions follow a wireless protocol and include frames encoding RF emitting source identification information. The method further includes extracting RF emitting source identification information from the frames, processing the source identification information to identify the RF emitting source, and classifying the RF emitting source by one or more of UAS type, UAS capabilities, and UAS model. The method also includes receiving from the RF sensors, a geographic location of each RF sensor and a time of arrival (TOA) of the RF emissions at the RF sensor; and executing a multilateration process to estimate a geographic location of the RF emitting source.

Abstract: Disclosed herein are embodiments of a network monitoring device for a supercomputer system having a plurality of supercomputer nodes. The network monitoring device may utilize plug-in software modules to provide network monitoring capabilities related to discovering the network topologies of the supercomputer system, determining network and computing resources that are available for new applications in the supercomputer system, collecting network and computing resources that are being used by running software applications in the supercomputer system, and monitoring running software applications on the supercomputer system.