Abstract: Various computing technologies for various reverse engineering platforms capable of outputting, including creating or generating, a human readable and high level source code, such as C, Fortran, LISP, or BASIC, from various binary files, such as application binaries, executable binaries, or data binaries, in an original language as developed pre-compilation. For example, some of such reverse engineering platforms can be programmed to disassemble binary files from different process architectures, identify various code optimizations as compiler introduced, reverse or unwind various compiler optimizations (de-optimize), and generate a human readable and high-level source code from de-optimized data.

Abstract: Disclosed herein are embodiments of an aerial network system including a first transceiver configured to transmit and receive free space optical (FSO) signals and a second transceiver configured to transmit and receive radio frequency (RF) signals. A processor provides modulated data signals to the first and second transceivers for transmission and receives demodulated signals from the first and second transceiver. The processor is configured for policy-based multipath admission of requests for access to an IP-routing enabled overlay network. The processor includes an inverse mission planning system configured for predictive traffic load balancing of transmitted FSO signals and RF signals. The inverse mission planning system includes radio behavior models and aerial platform models, and is configured for geographic simulation and optimization of mission planning data based upon user-inputted mission-specific data.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise a computing device, which allows in-network and network-border protection for Internet of things (IoT) devices by securely partitioning network space and defining service-based access to IoT devices. The disclosed segmented attack prevention system for IoT networks (SAPSIN) segments the IoT network into two virtual networks: a service network and a control network; and define access control rules for each virtual network. In the service network, SAPSIN utilizes a service-based approach to control device access, allowing only configured protocol, applications, network ports, or address groups to enter or exit the network. In control network, the SAPSIN provides the access control rules by defining a threshold for the number of configuration requests within a predetermined time. As a result, SAPSIN protects IoT devices against intrusion and misuse, without the need for device-specific software or device-specific security hardening.

Abstract: Disclosed herein are embodiments of systems, methods, and products that provide adversary detection and threat hunting. A server may comprise a user side virtual machine facing the cyber protection users, a collection virtual machine facing the at-risk network, and a data repository. The server may receive user requests requesting status data from the at-risk network via the user side virtual machine. The server may collect status data from the at-risk network via the collection virtual machine and store the collected data into the data repository. Different users may request duplicate information from the at-risk network. The server may retrieve the requested information from the data repository for duplicate requests and return the responses immediately for such requests. Because the server does not query the at-risk network for duplicate requests, the server may reduce the amount of bandwidth needed to acquire and distribute the requested information.

Abstract: Described herein are methods and systems to send/receive medical data from one or more electronic devices to a secondary medical unit in delayed, intermittently-connected, low-bandwidth (DIL) environments. An application executing on the electronic devices may, in response to detecting a disruption within a communication network, execute an offline communication protocol to transmit medical data among a predetermined number of other electronic devices, wherein the offline communication protocol does not use the communication network. The application may then receive a request from a server of the secondary medical unit to transmit at least a part of the medical data. In response to authenticating the request, the application then transmits the medical data using an online communication protocol that uses the communication network or using an offline communication protocol.

Abstract: For each respective virtual machine (VM) of a plurality of VMs, a distributed computing system generates a unique Application Binary Interface (ABI) for an operating system for the respective VM, compiles a software application to use the unique ABI, and installs the operating system and the compiled software application on the respective VM. A dispatcher node dispatches, to one or more VMs of the plurality of VMs that provide a service and are in the active mode, request messages for the service. Furthermore, a first host device may determine, in response to software in the first VM invoking a system call in a manner inconsistent with the unique ABI for the operating system of the first VM, that a failover event has occurred. Responsive to the failover event, the distributed computing system fails over from the first VM to a second VM.

Abstract: A real-time recommendation system includes a non-transitory, computer-readable storage medium having encoded thereon instructions that a processor executes to receive data from data sources that includes one or more data records. The processor then identifies features in data of a data record, extracts and buffers the features, and applies the features to a feature detect mechanism. The feature detect mechanism includes feature detect algorithm and more recommender algorithms that are encapsulated in a feature detection object. The feature detection object may be a Strategy/Composite feature detection object that includes Strategy design patterns. The processor further executes to reject a feature in response to failures of the feature to match at least one of the Strategy design patterns, and in real time, select and install features that match one or more of the Strategy design patterns into one or more recommender algorithms.

Abstract: Disclosed herein are embodiments for managing a virtual reality (VR) training exercise via a management server. The management server outputs a graphical dashboard including one or more skill nodes, and selects one or more software agents associated with the skill nodes. The management server provides the software agents to at least one host computing system communicatively coupled to a near-to-eye display device. The near-to-eye display device is configured to display a virtual three dimensional (3D) training environment including a plurality of interactive 3D virtual objects. The software agents are configured to collect VR observables data while the trainee performs actions within the virtual 3D training environment. Based on the VR observables data collected, the management server determines that one or more skills have been demonstrated during the training exercise, and updates the one or more skill nodes to graphically indicate the one or more skills demonstrated by the trainee.

Abstract: Disclosed herein are embodiments of systems and methods that dynamically reconfigure a multi-tiered system of network devices and software applications in response to an ongoing and/or anticipated cyber-attack. The dynamic reconfiguration of the network devices may consist of a wide range of processes, which may include generating new network addresses for individual network devices; reconfiguring the network devices by creating firewalls, changing protocols between the network devices in a multi-tier reconfiguration solution, changing the cloud infrastructure provider of the network devices, even when the underlying network infrastructure ecosystem differs across cloud service providers (CSPs); and maintaining a secure and updated data model of a record of reconfigured network devices and their dependencies to allow legitimate users of the network devices to understand reconfiguration actions that are hidden from malicious users such as hackers and cyber-attackers.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise an analytic server, which provides a SilverlineRT system that prioritizes and analyzes security alerts and events. The server builds an attack tree based on attack detection rules. The server monitors large-scale distributed systems and receives alerts from various devices. The server determines attacks using the attack tree while excluding false alarms. The server determines impact and risk metrics for attacks in real-time, and calculates an impact score for each attack. The server ranks and prioritizes the attacks based on the impact scores. The server also generates real-time reports. By consider the mission and system specific context in the analysis alert information, the server gives insight into the overall context of problems and potential solutions, improving decision-making. By showing the impacts of alters, the server allows security personnel to prioritize responses and focus on highest value defense activities.

Abstract: A method for safe and efficient use of airport runway capacity includes receiving, at an air traffic control system at an airport, airport data related to movement areas of the airport, time data related to a time period, aircraft data related to a plurality of aircraft expected to operate into and out of the airport during the time period, and environmental data related to environmental conditions predicted for the airport during the time period. The method further includes computing a probability distribution for inter-aircraft spacing by applying the airport data, the time data, the aircraft data, and the environmental data to a trained Bayesian network, producing the probability distribution for the inter-aircraft spacing as an output observation of the trained Bayesian network, and, using the probability distribution and a confidence value, identifying an inter-aircraft spacing value for the plurality of aircraft expected to operate into and out of the airport during the time period.

Abstract: Disclosed herein are embodiments of a cloud data synchronization system enabling an user operating a mobile client device to download mission-specific data sets from a fixed cloud-based server system to a database of the mobile client device, and then use the downloaded data sets independently on the mobile client device when the mobile client device is disconnected from a network connecting to the fixed cloud-based server system. When connectivity to the fixed cloud-based server system is re-established by the mobile client device in an intermittent and bandwidth-limited communication network environment, the fixed cloud-based server system may provide bi-directional data synchronization between records of the fixed cloud-based server system and the mobile client device to update the data sets on the fixed cloud-based server system and the mobile client device while operating in the intermittent and bandwidth-limited communication network environment.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise an analytic server, which improves security of a system. The analytic server may monitor the system by retrieving status information from various devices within the system. The analytic server may generate an attack tree model based on a set of aggregation rules that are configured based on the monitored status information. The analytic server may detect one or more attacks by associating the status information with corresponding nodes of the attack tree model and executing a logic of the attack tree model. The analytic server may determine aggregated impact and risk metrics and calculate an impact score for each attack based on aggregated impact and risk metrics. The analytic server may generate reports comprising the one or more attacks ranked based on the impact scores. The analytic server may respond to one or more attacks by taking automated actions.

Abstract: In general, this disclosure describes methods and devices for analyzing source code to detect potential bugs in the code. Specifically, a device retrieves source code of an application. For each distinct execution of a plurality of executions of the application, the device initiates the respective execution at a particular starting point of the source code and inputs, into the source code, a unique set of inputs relative to any other execution. The device stores, into a path log, an indication of each line of source code and stores, into an output log, an indication of each output object encountered during the respective execution. Each output object includes a local variable dependent on the inputs. The device analyzes, using a machine learning model, the path and output logs to identify an abnormality indicative of a potential bug in the source code. The device outputs a graphical representation of the abnormality.

Abstract: Disclosed herein are embodiments for managing a task including one or more skills. A server stores a virtual environment, software agents configured to collect data generated when a user interacts with the virtual environment to perform the task, and a predictive machine learning model. The server generates virtual entities during the performance of the task, and executes the predictive machine learning model to configure the virtual entities based upon data generated when the user interacts with the virtual environment. The server generates the virtual environment and the virtual entities configured for interaction with the user during display by the client device, and receives the data collected by the software agents. The system displays a user interface at the client device to indicate a measurement of each of the skills during performance of the task. The server trains the predictive machine learning model using this measurement of skills during task performance.

Abstract: Disclosed herein are embodiments of a network monitoring device for a supercomputer system having a plurality of supercomputer nodes. The network monitoring device may utilize plug-in software modules to provide network monitoring capabilities related to discovering the network topologies of the supercomputer system, determining network and computing resources that are available for new applications in the supercomputer system, collecting network and computing resources that are being used by running software applications in the supercomputer system, and monitoring running software applications on the supercomputer system.

Abstract: Disclosed herein are embodiments of an optical character recognition pre-processing software system, which is integrated into a language translation system to provide automated cleaning and correction of noisy and degraded document images to enable seamless and efficient optical character recognition processing and machine translation of information within the document images.

Abstract: An example method includes initializing, by an obfuscation computing system, communications with nodes in a distributed computing platform, the nodes including one or more compute nodes and a controller node, and performing at least one of: (a) code-level obfuscation for the distributed computing platform to obfuscate interactions between an external user computing system and the nodes, wherein performing the code-level obfuscation comprises obfuscating data associated with one or more commands provided by the user computing system and sending one or more obfuscated commands to at least one of the nodes in the distributed computing platform; or (b) system-level obfuscation for the distributed computing platform, wherein performing the system-level obfuscation comprises at least one of obfuscating system management tasks that are performed to manage the nodes or obfuscating network traffic data that is exchanged between the nodes.

Abstract: This disclosure is directed to network optimization in a complex joint network for increasing the network utility of the complex joint network. A computing device in the complex joint network may receive a data flow via a complex joint network. The computing device may determine, based on a network template, a mission utility associated with the data flow and a traffic class associated with the data flow. The computing device may control one or more quality of service decisions based at least in part on the mission utility associated with the data flow and the traffic class associated with the data flow.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise an analytic server, which detects and defends against malware in-flight regardless of the specific nature and methodology of the underlying attack. The analytic server learns the system's normal behavior during testing and evaluation phase and trains a machine-learning model based on the normal behavior. The analytic server monitors the system behavior during runtime comprising the runtime behavior of each sub-system of the system. The analytic server executes the machine-learning model and compares the system runtime behavior with the normal behavior to identify anomalous behavior. The analytic server executes one or more mitigation instructions to mitigate malware. Based on multiple available options for mitigating malware, the analytic server makes an intelligent decision and takes the least impactful action that have the least impact on the system to maintain mission assurance.