Abstract: A method of identifying malicious activity in a computer data sequence includes providing provided the computer data sequence to a network configured to convert the computer data sequence from a high-dimensional space to a low-dimensional space, and processing the computer data sequence in the low-dimensional space to generate an approximately Gaussian distribution. The processed computer data sequence converted to the low dimensional space is evaluated relative to the approximately Gaussian distribution to determine whether the computer data sequence is likely malicious or likely benign, and an output is provided indicating whether the computer data sequence is likely malicious or likely benign.

Abstract: A method for enabling secure communication. The method includes providing a first virtual network function (“VNF”) at a first network location and providing a second VNF at a second network location. A first Layer 3 virtual private network (“L3 VPN”) tunnel is constructed by the first VNF and the second VNF between the first network location and the second network location, and a first local area network (“LAN”) at the first network location and a second LAN at the second network location are connected by the first L3 VPN tunnel. Further provided is a method for establishing a secure communication environment.

Abstract: Web page items and other requests can be automatically categorized. An interaction with a web page item can be categorized based on previous categorizations of other web page items in which the same or similar data has been entered into a web page. A classification database containing categories of classified web page items is maintained. An interaction database containing interaction records of a user is maintained. The interaction records include a value corresponding to the user and a web page item. A web page item on a web page visited by a user and that is a user-fillable field that has been previously categorized in the classification database may be automatically populated with a value stored in an interaction database and that corresponds to the user and the user-fillable field.

Abstract: A method of identifying malicious activity in a sequence of computer instructions includes monitoring data flows from a public network to one or more networked devices on a private network and to one or more honeypots that appear to the public network to be devices on the private network, representing each such data flow as a word, and the sequence of data flows as comprising an n-gram of two or more words. The data flows are characterized with a likelihood of being malicious based on their statistical association with the one or more honeypots relative to their statistical association with one or more networked devices. Identified malicious activity is used to train a network device to identify malicious data flows and prevent them from reaching devices on the private network.

Abstract: A convolutional deep neural network architecture can detect malicious executable files by reading the raw sequence of bytes, that is, without any domain-specific feature extraction or preprocessing.

Abstract: A method for applying electronic data sharing settings. The method includes determining a first image or a first plurality of images shared by a user to a first network-enabled application. A first plurality of image components are extracted from the first image or the first plurality of images, and access by the first network-enabled application to a second image or a second plurality of images stored on a computing device of the user is enabled based on the first plurality of image components extracted from the first image or the first plurality of images. A method for controlling internet browsing is further provided.

Abstract: Malicious behavior of a device on a local network may be detected. A data stream from a device may be collected. A functional group may be created using behavioral data of devices of a known type. A behavior profile for the functional group may be generated and stored in a database. The data stream of the device is compared to the behavior profile of the functional group. A malicious behavior is indicated for the device in response to determining that the device's current behavior is not within a predetermined or configurable threshold of the behavior profile.

Abstract: A recommendation engine can provide recommendations with respect to an application and can provide insights to a user of a computing device. The recommendation engine can receive a prediction based on user engagement with the application during an initial period of time (e.g., a trial period) as to whether the user will convert use of the application to a paid basis (e.g., a subscription or license to the application). An action can be recommended based on the prediction. The recommendation engine can provide insights to a user based on a score associated with the insight. The score can be determined by measuring previous user interactions with the insight over a period of time.

Abstract: A method includes monitoring data security events on mobile computing devices and positions of the mobile computing devices when the plurality of data security events occurred. A plurality of demographic information of the plurality of geographic positions are determined and a classifier is trained based on the data security events and demographic information. A particular mobile computing device is determined to be located at a particular geographic location and particular demographic information of the particular geographic location is determined. The classifier is applied to the particular demographic information and a particular security risk prediction of the particular geographic location is generated. A particular security measure is activated on the particular mobile computing device based on the particular security risk prediction.

Abstract: Systems and methods perform various optimizations of an LLCS algorithm for use in determining if a set of input sequences are similar to a query sequence. The optimizations include filtering out sequence from the set of input sequences where the estimated similarity of the sequence with the query sequence is below a threshold value. The remaining sequences can then be provided to an LLCS algorithm where the output of the LLCS algorithm is used in a similarity function to determine an actual similarity of an input sequence with a query sequence.

Abstract: Systems and methods observe and classify device events. A model containing a set of features to be observed can be determined based on machine learning and training methods. A client application can issue a transaction request to an operating system service. A determination can be made whether the operating system service, a method associated with the transaction request, and the client application are currently being observed. In response to determining that the operating system service, a method associated with the transaction request, and the client application are being observed, a behavioral vector associated with the client application can be modified to indicate that the feature represented by the method is associated with the client application. The behavioral vector can be used to determine if the client application is malware.

Abstract: A method of identifying network devices such as a router includes accessing an HTTP server on at least one network device, and evaluating a web page served by the device's HTTP server. The web page is evaluated to determine whether it is similar to a page group from a plurality of page groups, where each of the plurality of page groups comprises a group of web pages similar to other pages in the page group. If the evaluated web page is determined similar to a page group, the page group most similar to the evaluated web page is identified as corresponding to the identity of the network device.

Abstract: A data set shared by multiple nodes is encrypted. The data set can be split into independent records. The records can be encrypted and shared independently, without the need to modify and transmit the full data set. Although the records are encrypted with their own encryption key, they are all accessible by a single authentication method.

Abstract: A method for accessing a network resource including detecting an attempt by a user via a computing device to access a service enabled by a computing system via a network and transmitting via the network to the computing system a first request to access the service in response to detecting the attempt by the user to access the service, the first request including at least one empty personally identifiable data structure. A failure to access the service responsive to the first request is determined. A second request to access the service in response to the first failure to access the service is transmitted via the network to the computing system, the second request including artificial personally identifiable information, and access to the service from the computing system is received for the user.

Abstract: A method for enabling website access is provided. The method includes detecting an attempt to access a particular website by a computing device via a network, the particular website including one or more webpages, and accessing a particular data privacy policy for the particular website. Scores of the particular data privacy policy are determined based on text of the particular data privacy policy, and a particular multidimensional coordinate is determined based on the scores of the particular data privacy policy. A map including the particular multidimensional coordinate is displayed via the computing device. An instruction from a user is received via the computing device to enable accessing of the particular website, and the accessing by the computing device of the particular website is enabled in response to the instruction from the user.

Abstract: A device control method includes monitoring location of a first user device of a first user and receiving an indication of a location of a second user device. The method further includes monitoring use of the second user device and determining a first time of use on the second user device. The first time of use on the second user device is allocated to a use time of a second user based on the location of the first user device relative to the location of the second user device, and a functional component of a third user device of the second user is disabled based at least on the use time of the second user.

Abstract: A method for controlling application enabling includes receiving from a particular user an indication of data for sharing and an indication of one or more recipients with which to share the data. A multidimensional zone is determined based on the indication of the data and the indication of the one or more recipients. A request from the particular user to enable a particular application via a computing device is detected. Data permission requirements of the particular application are accessed, and a multidimensional coordinate is determined based on the data permission requirements of the particular application. The multidimensional zone is compared to the multidimensional coordinate, and the particular user is notified via the computing device of the comparing of the multidimensional zone to the multidimensional coordinate. An affirmation of the request is received from the particular user via the computing device, and the particular application is enabled responsive to the affirmation of the request.

Abstract: Systems and methods create an inverted index for a set of documents utilizing a heap data structure. The documents can be divided into a series of n-grams. The n-grams can be hashed, producing hashed n-gram values. A first hashed n-gram value can be placed into the heap data structure. Operations performed using the heap data structure obtain document identifiers that are associated with documents that include a hashed n-gram value that matches the top n-gram value in the heap.

Abstract: Methods, systems and devices for securing a bank account against an unauthorized access from a portable electronic device include or include using an auxiliary security device and a portable electronic device. The portable electronic device is adapted for controlling the bank account via the Internet. The auxiliary security device and the portable electronic device communicate via a Bluetooth protocol. Secure access to the bank account with the portable electronic device is based on a combination of information that is indicative of a key that is stored in the portable electronic device and data that is indicative of the key stored in the auxiliary security device that has been transmitted to the portable electronic device.

Abstract: A central platform remote from a local network can detect anomalies on the local network. The central platform can assign a unique pair of DNS server IP addresses to the local network. The central platform can receive configuration data from the local network and use the configuration data and the assigned pair of DNS server IP addresses to uniquely identify devices on the local network. In the case that current network flow statistics do not match expected network flow statistics for the local network, a device causing the anomalous behavior can be identified using the assigned pair of DNS server IP addresses and configuration data.