Abstract: A performance anomaly detector obtains a performance metric value from a performance measurement of operation of a resource, and determines a modified Z-score based on the. Occurrence of an anomaly event for the resource is detected responsive to determining that: 1) the modified Z-score exceeds a Z-score anomaly threshold; and 2) a threshold number of other modified Z-scores, which are determined for the other performance metric values in the sequence and are within a sequence window range of the performance metric value, also exceed the Z-score anomaly threshold. A remedial action for the resource is initiated responsive to detecting the occurrence of the anomaly event for the resource.

Abstract: A computer-implemented method for identifying malicious computer files may include (i) receiving, by a computing device, a set of files from a set of client devices, (ii) performing, by the computing device, a machine learning classification of file attributes on the set of files, (iii) determining, based on the machine learning classification, a node pattern of a suspicious file in the set of files, (iv) calculating, by hashing the node pattern, a file prevalence score of the suspicious file, and (v) performing, by the computing device, a security action based on the file prevalence score of the suspicious file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A digital currency driven channel assignment technique is disclosed. Each AP in a distributed network uses a channel selection manager and a distributed ledger to select channels according to a channel assignment and a digital currency associated with the distributed ledger. The digital currency incentivizes APs to make sacrifices in their channel selection for the benefit of the overall network while punishing APs that select channels selfishly and cause bandwidth interference.

Abstract: The disclosed computer-implemented method for enforcing data loss prevention policies may include (i) identifying an application installed on the computing device, where the computing device is capable of transmitting data to other computing devices via a wireless technology standard for exchanging data over short distances, (ii) examining the application for a module that indicates that the application is capable of transferring files via the wireless technology standard, (iii) monitoring for initiations of connections via the wireless technology standard by the application, (iv) monitoring, in response to detecting an initiation of a connection via the wireless technology standard by the application, file system access by the application, (v) determining that the application is attempting to open a file, and (vi) analyzing the file to determine if transferring the file via the wireless technology standard violates a data loss prevention policy.

Abstract: A method for detecting name resolution spoofing is described. In one embodiment, the method includes identifying a request to resolve a host name, identifying a hostname specified in a response to the request, identifying an actual hostname associated with the response, analyzing the hostname specified in relation to the actual hostname, and performing a security action based at least in part on the analysis.

Abstract: The disclosed computer-implemented method for detecting malware using static analysis may include (i) identifying an executable file to subject to analysis for malware, (ii) retrieving an association between a known malicious behavior and an exploitable method being invoked, wherein the association specifies that a contextual method precedes the exploitable method in an invocation path and that the exploitable method is invoked with a set of predetermined parameters, (iii) detecting, within the executable file, an invocation of the exploitable method, (iv) determining that the invocation of the exploitable method within the executable file occurs in a detected invocation path in which the contextual method precedes the exploitable method and that the invocation of the exploitable method includes a set of invoking parameters that matches the set of predetermined parameters, and (v) classifying the executable file as containing malware.

Abstract: According to an embodiment of the present disclosure, a method by an electronic message server includes determining that an electronic message for delivery to a first user comprises sensitive content. Prior to transmitting the electronic message to a client device associated with the first user, the electronic message server requests at least one device attribute from the client device associated with the first user. The at least one device attribute is received from the client device associated with the user. Based on the at least one device attribute, the electronic message server masks the sensitive content such that the masked sensitive content is unreadable within the electronic message. The electronic message that includes the masked content that is unreadable within the electronic message is transmitted to the client device associated with the first user.

Abstract: A collaborative speech processing computer receives packets of sampled audio streams. The sampled audio streams are forwarded to a speech-to-text conversion server via a data network. Packets are received via the data network that contain text strings converted from the sampled audio steams by the speech-to-text conversion server. Speakers are identified who are associated with the text strings contained in the data packets. The text strings and the identifiers of the associated speakers are added to a dialog data structure in a repository memory. Content of at least a portion of the dialog data structure is displayed on a display device.

Abstract: A debug tool generates a plurality of crash dump windows configured to display a view of crash dump data. The tool hierarchically links the memory addresses of the data in different windows such that changes made to the view of the crash dump data in a parent will affect the view of the crash dump data in a child window. The relationship that links the windows is a relationship expression provided by a user. The relationship between the windows can be altered to reflect a new user-defined relationship.

Abstract: Data is received describing attributes of a first mainframe computing system at a software appliance, where the software appliance is hosted at least in part on a second mainframe computing system and the software appliance includes a plurality of microservices hosted in a plurality of software containers. The data is sent to a first one of the plurality of microservices hosted in a first one of the plurality of software containers, where the first microservice includes data science logic. The data is analyzed using the data science logic to generate a result at the first microservice, and it is determined whether to send the result to a second one of the plurality of microservices hosted in a second one of the plurality of software containers, where the second microservice includes logic to determine an alert condition based on results received from other microservices in the software appliance.

Abstract: A registry is utilized to identify personally identifiable information (PII) that has been breached. The registry is a distributed database shared by multiple organizations to track which PII has been breached in other organizations. A first service provider initially receives PII and corresponding signed descriptor from a user. The PII is used to verify an identity of the user and the signed descriptor describes the type of PII that is received. The first service provider queries the registry to determine if the signed descriptor of the user has been written to the registry by a second service provider, indicating that it has been breached at a service provided by the second service provider. If the first service provider uses the breached PII, the breached PII is invalidated by the first service provider.

Abstract: Provided is process including receiving a request to authenticate a user; sending instructions to present an authentication user interface including a geographic map; receiving geolocations on the geographic map selected by the user; comparing the geolocations to a sequence of geolocations in an authentication credential to determine whether to authenticate the user.

Abstract: Aspects of the embodiments include performing, by a personal computing device, a secure handshake with a secure server accessible through an identity provider to log into the secure server. A temporary identity (TID) token can be received at the personal computing device a from an identity provider system over a telecommunications network. The TID token can be encrypted using a cryptographic key stored in a hardware storage element of the personal computing device. The encrypted TID token can be transmitted to a connected wearable device across a Bluetooth connection or other connection protocol. When a user wishes to log into a network location accessible through the identity provider, the wearable device can provide the encrypted TID token to the computing device. The personal computing device can decrypt the encrypted TID token and use the decrypted TID to access the network location.

Abstract: A computing device analyzes the transaction entries in a transaction log to identify related commands associated with performing a set of data operations. Commands are considered to be potentially related if the commands are executed within a predetermined timespan. Sets of potentially related commands are then grouped together into corresponding candidate patterns, and further analyzed in view of additional information to determine a probability that the potentially related commands of a candidate pattern are actually related. A confidence value indicating that probability is also determined. Application management tasks, such as database optimization and recovery tasks, for example, may then be performed based on the candidate patterns that meet or exceed a predetermined threshold.

Abstract: Provided is a process including: receiving a given alarm from a given instance of a given service executing on a given computing device, wherein: the given service is one of a plurality of different services that form at least part of a given distributed application, and the distributed application is executing on a plurality of different computing devices including the given computing device; accessing contextual data, the contextual data including metrics or events received from other instances of the given service or other services of the given distributed application; determining an alarm score for the given alarm based on the contextual data, the alarm score being indicative of a marginal effect of the given alarm on performance of the given distributed application; and storing the alarm score in memory in association with the given alarm.

Abstract: Provided is a process, including: obtaining, within a trusted computing environment, data comprising confidential values and non-confidential values; replacing, within the trusted computing environment, the confidential values with obfuscated identifiers; sending, from the trusted computing environment, into an untrusted computing environment, an obfuscated representation of the data; transforming, in the untrusted computing environment, the obfuscated representation of the data; sending, from the untrusted computing environment, the obfuscated transformed data into the trusted computing environment; and replacing, within the trusted computing environment, obfuscated identifiers in the obfuscated transformed data with confidential values.

Abstract: A password breach registry is utilized to secure a service provided by a service provider. The password breach registry is a publicly accessible registry and includes password tokens written by breached service providers. The password tokens indicate passwords used to access breached service providers that may have been breached. A service provider can subscribe to the password breach registry and periodically query the password breach registry to determine if a password token corresponding to a user of a service provided by the service provider has been written to the password breach registry. This may indicate that the user of the service utilizes the same password on other services that have been breached. Upon determining that the password token has been written to the password breach registry, the user can be locked out from the service to prevent a malicious actor from gaining access to the account of the user.

Abstract: Provided is a process, including: obtaining a plurality of network-traffic pattern specifications; obtaining network traffic data captured as the network traffic data is leaving from, arriving to, or looping back at a network interface of a computing device; comparing the plurality of network-traffic pattern specifications to the network traffic data; detecting based on the comparing, a match between at least a portion of the network traffic data and a matching network-traffic pattern specification among the plurality of network-traffic pattern specifications; and causing adding or adjusting one or more instances of one or more monitoring agents monitoring the instance of a service based on the detected match and the respective monitoring agent or monitoring agent configuration setting associated with the matching network-traffic pattern specification.

Abstract: A first set of information is identified, collected by a first agent during monitoring of a first software component. A second set of information is identified, that was collected by a second agent during monitoring of a second software component. It can be determined that the first and second sets of information each include characteristics of a particular transaction involving the first and second software components. A model is generated of the particular transaction based at least in part on the first and second sets of information. The model includes a representation of the involvement of the first and second software components within the particular transaction. In some aspects, characteristics included in the first and second set of information can include timing information for use, for example, in generating a model representing ordering of software components' involvement in one or more transactions.

Abstract: Provided is a computer system that includes a processor and a memory coupled to the processor, the memory including computer readable program code embodied therein that, when executed by the processor, causes the processor to generate a catalog that identifies a plurality of tasks that a plurality of network resources are available to perform, the network resources including Internet-of-things devices and human network resources and to generate, in response to receiving a request to perform a complex project, a solution path that includes an ordered list corresponding to selected ones of the plurality of tasks that are capable of aggregately performing the complex project, wherein the selected ones of the plurality of tasks define the solution path in an edge graph that include the plurality of tasks represented as edges therein.