Abstract: Disclosed examples include obtaining malicious neighbor samples based on a non-classified sample; obtaining clean neighbor samples based on the non-classified sample; generating a malicious proximity vector representing first distances between the non-classified sample and a first malicious neighbor sample from the malicious neighbor samples; generating a clean proximity vector representing second distances between the non-classified sample and a first clean neighbor sample from the clean neighbor samples; and classifying the non-classified sample as a clean sample or a malicious sample based on at least one of the malicious proximity vector or the clean proximity vector.

Abstract: Systems, apparatus, articles of manufacture, and methods to self-guardrail large language model responses are disclosed. An example apparatus includes interface circuitry, instructions, and programmable circuitry to at least one of execute or instantiate the instructions to access a first response message provided by a first large language model, the first response message generated based on an initial prompt, cause a second large language model to determine the first response message is inappropriate, modify the initial prompt to create a modified prompt, and provide the modified prompt to the first large language model to trigger generation of a second response message.

Abstract: Systems, apparatus, articles of manufacture, and methods are disclosed to improve the efficiency of an artificial intelligence-based threat detection model. An example apparatus includes interface circuitry, machine readable instructions, and programmable circuitry to at least one of instantiate or execute the machine readable instructions to: obtain an email address from a group of email addresses to be considered as candidates for adding to the list of non-suspicious email addresses, determine that a domain of the email address is indicative of a non-email service providing entity, determine that the email address has a policy configured for a domain-based message authentication, reporting, and conformance (DMARC) record, add the email address associated to the list of non-suspicious email addresses, and cause the artificial intelligence-based threat detection model to skip an analysis of an email associated with the email address.

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed. An example apparatus includes at least one memory, instructions; and processor circuitry to execute the instructions to train a neural network with a plurality of raw byte data samples, perform feature extraction on ones of the plurality of raw byte data samples, determine whether ones of the plurality of raw byte data samples are clean or malicious using the extracted features, and determine a family of malware to which an identified malicious sample belongs.

Abstract: There is disclosed a system and method of providing services on a home gateway, including providing a set of security scans for traffic to and from a plurality of devices on a home network; cryptographically verifying that a secured device from the plurality of devices provides for itself internal security services; and based on the cryptographic verification, skipping at least one security scan of the set of security scans for traffic of the secured device.

Abstract: By way of example, a method includes, responsive to a user request to download, from the internet, a downloadable file with executable content, downloading a portion of the downloadable file, wherein the downloadable file is not executable with the portion; after download the portion of the downloadable file, scanning the portion of the downloadable file for malware characteristics to classify the downloadable file; and completing downloading the downloadable file only after determining, based on the scanning of the portion of the downloadable file, that the downloadable file is not malware.

Abstract: A computer-implemented method provides phishing mitigation. Upon a human user accessing a website, request from a cloud reputation service a reputation for a uniform resource locator (URL) associated with the website; determine that the URL does not have a reliable reputation; determine that the human user has entered data into the website, and that the data comprise sensitive data; log a data packet in a user sensitive information data store, wherein the data packet includes the URL and at least some of the sensitive data; periodically query the cloud reputation service to determine whether the URL has received a reliable reputation; and upon determining that the URL has received a reputation as a phishing website, notify the human user and provide a recommendation for a remedial action to protect the sensitive data.

Abstract: Methods and apparatus for voice transformation, authentication, and metadata communication are disclosed.

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed. An example apparatus comprises at least one memory, instructions, and processor circuitry to execute the instructions. The processor circuitry executes the instructions to provide a neural network a plurality of raw bytes for malware classification. The processor circuitry executes the instructions to generate a visualization of features extracted from the plurality of raw bytes. The processor circuitry executes the instructions to generate a heatmap for the plurality of raw bytes based on gradient activations of the neural networks. The processor circuitry executes the instructions to perform a dimensionality reduction based on features of the plurality of raw bytes identified in the heatmap.

Abstract: A method includes determining first data stored in a clipboard of an operating system, determining second data is stored in the clipboard, performing a comparison of the second data against malicious data, at least in part based on a determination that the first data has changed to the second data, and performing a first security operation, at least in part based on the comparison.

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed to improve offloading of malware scans. An example apparatus is to, based on a trigger to perform a scan of a volume of data, estimate a computational burden associated with performing the scan using the CPU, the volume of data representative of at least one of a file or an object. Additionally, the example apparatus is to determine whether the computational burden satisfies a threshold associated with offloading the scan to the GPU. The example apparatus is also to cause at least one of the CPU or the GPU to perform the scan based on whether the computational burden satisfies the threshold.

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed. An example apparatus includes at least one memory, instructions, and processor circuitry to execute the instructions. The processor circuitry executes the instructions to identify a test data distribution, generate a first visualization of the identified test data distribution, select a visualization type for a machine learning model, generate a second visualization including an indication of features extracted from the test data by the machine learning model, and generate a third visualization of results of inference performed by the machine learning model, the inference performed on the test data.

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed to disable select processes for malware prevention, an apparatus comprising: at least one memory; instructions; and at least one processor to execute the instructions to cause the at least one processor to at least: identify execution of a computer process on a computing device; determine whether the identified computer process is in a list of computer processes to be monitored; in response to the identified computer process being listed in the list of computer processes to be monitored, determine an amount of time since last execution of the identified computer process; and suspend, in response to the amount of time since last execution meeting or exceeding a threshold time, execution of the identified computer process.

Abstract: There is disclosed in one example a ransomware mitigation engine, including: a processor; a convolutional neural network configured to provide file type identification (FTI) services including: identifying an access operation of a file as a write to the file or newly creating the file; computing a byte correlation factor for the file; classifying the file as belonging to a file type; determining with a screening confidence that the file type is correct for the file; determining that the screening confidence is below a screening confidence threshold; and circuitry and logic to provide heuristic analysis including: receiving notification that the confidence is below the confidence threshold; performing a statistical analysis of the file to determine a difference between an expected value and a computed value; determining from the difference, with a detection confidence, that the file has been compromised; and identifying the file as having been compromised by a ransomware attack.

Abstract: An example apparatus disclosed herein is to select a first network security platform based on a first value associated with a first message associated a client and a second value associated with a second message associated with a server, the first message and the second message associated with establishment of an encrypted network traffic flow between the client and the server. The disclosed example apparatus is also to cause a cryptographic session key associated with the encrypted network traffic flow to be sent to the first network security platform.

Abstract: A method includes receiving privacy information about an entity from a privacy resource; parsing the privacy information to identify a plurality of keywords; determining a plurality of attributes of a user requested by the entity, at least in part based on the plurality of keywords; and transmitting a result, at least in part based on the plurality of attributes.

Abstract: Methods, systems, and media for detecting anomalous network activity are provided. In some embodiments, a method for detecting anomalous network activity is provided, the method comprising: receiving information indicating network activity, wherein the information includes IP addresses corresponding to devices participating in the network activity; generating a graph representing the network activity, wherein each node of the graph indicates an IP address of a device; generating a representation of the graph, wherein the representation of the graph reduces a dimensionality of information indicated in the graph; identifying a plurality of clusters of network activity based on the representation of the graph; determining that at least one cluster corresponds to anomalous network activity; and in response to determining that the at least one cluster corresponds to anomalous network activity, causing a network connection of at least one device included in the at least one cluster to be blocked.

Abstract: Example methods, apparatus, systems and articles of manufacture (e.g., physical storage media) to implement contextual key management for data encryption are disclosed. Example apparatus disclosed herein are to identify a combination of context rules mapped to a key associated with encrypted data, the combination of context rules including at least two context rules. Disclosed example apparatus are also to discover first context information and second context information associated with the combination of context rules, the first context information obtained from a request to access the encrypted data, the second context information separate from the request. Disclosed example apparatus are further to evaluate the combination of context rules based on the first context information and the second context information to validate the request.

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed to classify a sample as clean or malicious. An example apparatus includes instruction identifies circuitry to convert a sample into a sequence of instructions, abstract language circuitry to transform the sequence of instructions into an abstract language representation, transition matrix circuitry to create a Markov transition matrix, the Markov transition matrix to represent transitions within the abstract language representation, and classifier circuitry to classify an unknown sample as clean or malicious, the classification in response to whether the Markov transition matrix is closer to a clean group of Markov transition matrices or a malicious group of Markov transition matrices.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a processor circuit and a memory circuit; first means for accessing a machine learning engine; second means for accessing a user interface; and instructions encoded within the memory to instruct the processor to: load into the machine learning engine via the first means an object prevalence model, including an enterprise-specific prevalence model; provide to the machine learning engine an object set from the enterprise; identify an enterprise-novel object from the object set; solicit and receive via the second means user-sourced feedback for the enterprise-novel object; and act according to the user-sourced feedback.