Abstract: A method for threat detection by identifying patterns of used memory blocks is described. In one embodiment, the method includes identifying a pattern of memory allocations from a known malware threat; tracking memory allocations of memory; identifying a plurality of memory allocations that match at least a portion of the pattern of memory allocations based at least in part on the tracking of the memory allocations; and performing a security action upon determining a quantity of the plurality of memory allocations satisfies a predetermined threshold. In some examples, the method includes determining that a sequence of wiped data strings satisfies a confidence threshold, and identifying the plurality of memory allocations is based at least in part on the confidence threshold. In some cases, the security action includes flagging the identified pattern of memory allocations, quarantining an associated application or process, or generating a notification.

Abstract: Large amounts of data from user interactions with web resources is available as data logs. Analysis may be performed to process the data log in order to determine the characteristics of the user interactions. Data log analysis may include identifying page states, which may be sets of frequent attributes and values that occur together in a session. The data log analysis may also include generating semantic labels of page states, which may describe the function of pages corresponding to different page states. Text mining models may be used to determine the semantic labels. Analysis may also include aggregating sets of page paths to create page journeys. These page journeys may be aggregated over all users, all user sessions, or other subsets of the clickstream. In some embodiments, comparing page journeys may provide recommendations for potential methods to improve the site and enhance user experiences.

Abstract: Techniques are disclosed relating to authenticating a client computer system to a server computer system. In some embodiments, a client computer system sends, to a server computer system, authentication information for an initial access request for one or more resources. This information may include authentication credentials and attributes that collectively identify the client computer system. In some embodiments, the client computer system receives, from the server computer system, an authentication response that indicates an initial authentication of the client computer system. In some embodiments, the authentication response includes a cryptographic key. While the initial authentication is valid, in some embodiments, the client computer system repeatedly re-authenticates for subsequent access requests. Each of the subsequent access request may include a single-use password generated using a cryptographic key and the attributes of the client computer system.

Abstract: Techniques are disclosed relating to authorization of asset sharing for transactions by other user accounts. In some embodiments, an apparatus is configured to transmit a request to a mobile device on behalf of a first user account. In some embodiments, the apparatus is configured to receive, from the mobile device in response to the request, an electronic message in a format recognized by an authorization computing system. In some embodiments, the electronic message includes a constraint for a transaction, a replenishment key, and a hash value generated based on at least a portion of other information in the message. In some embodiments, the apparatus is configured to transmit the electronic message for communication to the authorization computing system. In some embodiments, the apparatus is configured to receive transaction authorization based on a comparison of the hash value in the electronic message and a copy of the hash value from the mobile device.

Abstract: Large amounts of data from user interactions with web resources is available as data logs. Analysis may be performed to process the data log in order to determine the characteristics of the user interactions. Data log analysis may include identifying page states, which may be sets of frequent attributes and values that occur together in a session. The data log analysis may also include generating semantic labels of page states, which may describe the function of pages corresponding to different page states. Text mining models may be used to determine the semantic labels. Analysis may also include aggregating sets of page paths to create page journeys. These page journeys may be aggregated over all users, all user sessions, or other subsets of the clickstream. In some embodiments, comparing page journeys may provide recommendations for potential methods to improve the site and enhance user experiences.

Abstract: Method and systems for data storage is provided. Metric data corresponding to a component of a datacenter is received, the metric data associated with a metric instance that identifies the component of the datacenter. It is determined that the metric instance is not stored at an index server. The metric instance is stored at the index server, the metric instance being synchronously stored in a flattened format. A slot identification is generated based on at least a portion of the metric instance, and the metric instance is stored at an inventory server in accordance with the slot identification, the metric instance being asynchronously stored in an unflattened format.

Abstract: Provided is a process of correlating information organized according to a logical architecture of a distributed application to information organized according to a network architecture of computers executing the distributed application, the process including: obtaining a logical-architecture topology of a logical architecture of a distributed application executing on a plurality of computing devices; obtaining a network-architecture topology of a physical architecture of the plurality of computing devices executing the distributed application; inferring pairs of logical-architecture host identifiers and network-architecture host identifiers that refer to the same computing device to produce a cross-namespace mapping that correlates the logical-architecture namespace with the network-architecture namespace; and storing the cross-namespace mapping in memory.

Abstract: Method and systems for data retrieval is provided. A query is received to search for metric data corresponding to a component of a datacenter, the component of the datacenter identified by a metric instance. An index is searched for the metric instance, the index comprising the metric instance synchronously stored in a flattened format. Further, a slot identification corresponding to the metric instance is determined, the slot identification identifying a location of the metric data in an inventory. Based on the determined slot identification, metric data is retrieved from the inventory, the inventory comprising the metric data asynchronously stored in an unflattened format. Additionally, a query result comprising the metric data corresponding to the search is communicated.

Abstract: Provided is a process, including: obtaining a composition record defining at least one service of a multi-container application; selecting a plurality of infrastructure or application performance monitoring agents based on the composition record defining the multi-container application; causing the selected agents to be deployed on one or more computing devices executing the multi-container application; receiving metrics or events from the agents indicative of performance of at least part of the multi-container application or at least some of the one or more computing devices executing the multi-container application; and causing an indication of the received metrics or events to be presented.

Abstract: A password breach registry is utilized to secure a service provided by a service provider. The password breach registry is a publicly accessible registry and includes password tokens written by breached service providers. The password tokens indicate passwords used to access breached service providers that may have been breached. A service provider can subscribe to the password breach registry and periodically query the password breach registry to determine if a password token corresponding to a user of a service provided by the service provider has been written to the password breach registry. This may indicate that the user of the service utilizes the same password on other services that have been breached. Upon determining that the password token has been written to the password breach registry, the user can be locked out from the service to prevent a malicious actor from gaining access to the account of the user.

Abstract: Systems and methods are provided for tracking System Management Facility (SMF) record types using a small array. An index entry can be modified by adding an extension that tracks what record types are missing, rather than what record types are included in a particular history file. As log data comprising a plurality of history files is received, a flag bit in the header of each history file indicates that the associated history file comprises extended record types. An extension is added to each of the index entries associated with the history files that contain extended record types. Extensions may indicate record type gaps in the associated history file. Upon receiving a query for a particular record type of data stored in the data store, the extension can be utilized to determine which history files do not have the particular record type and can be skipped in the search.