Abstract: A data flow graph and a control flow graph of each of a safe code section and an unsafe code section corresponding to the safe code section are extracted. Code variant-injected safe code sections corresponding to the safe code section and code variant-injected unsafe code sections, in which code semantics are not altered, are generated. Structurally modifiable code variant-injected code sections are generated based on the code variant-injected safe code sections, the code variant-injected unsafe code sections, and an impaired code section semantically uncorrelated to the code variant-injected safe code section and the code variant-injected unsafe code section. A version of test code is generated based on the structurally modifiable variant-injected code sections and a specified behavior.

Abstract: A visual media is received. For example, the received visual media may be a digital image, a video file, or a video stream. A plurality of colors in the visual media are identified. In response to identifying the plurality of colors in the visual media, one or more watermark colors missing from the plurality of colors. A first watermark is generated to include in the visual media. The first watermark comprises at least one of the missing one or more watermark colors. The watermarked visual media is verified using image processing.

Abstract: First anomalies are selected from those identified by security analysis, and are enhanced with additional information. Second anomalies occurring within a specified time period and regarding a specified entity, including at least one of the first anomalies, are also selected. A prompt is generated based on the second anomalies. The prompt is generated to solicit a response from a large language model (LLM) including a natural language summary synthesizing the second anomalies. The second anomalies are also evaluated against a database to identify related security threats. Scores for these security threats are generated, and a subset of the threats is selected based on the scores. Another prompt is generated based on the second anomalies and based on the selected subset of security threats. The prompt is generated to solicit a response from an LLM including a natural language summary associating the security threats with the second anomalies.

Abstract: Anomalies regarding a specified entity that occurred within a specified time period are selected from anomalies identified by security analysis performed on raw events. The selected anomalies are enhanced with additional information regarding the selected anomalies. A prompt is generated based on the selected anomalies as have been enhanced. The prompt is generated to solicit a response from a large language model (LLM) including a natural language summary synthesizing the selected anomalies. The generated prompt as input to the LLM, and the response is received as output from the LLM.

Abstract: One or more anomalies are selected from anomalies identified by security analysis performed on a raw events regarding entities. The selected anomalies are enhanced with additional information regarding them. A prompt is generated based on the selected anomalies as have been enhanced. The prompt is generated to solicit a response from a large language model (LLM) including a natural language summary of the selected anomalies. The generated prompt as input to the LLM, and the response is received as output from the LLM.

Abstract: Anomalies regarding a specified entity that occurred within a specified time period are selected and enhanced with additional information. The selected anomalies, as have been enhanced, are evaluated against a database to identify security threats that the selected anomalies are related to. Scores for the identified security threats are generated, and a subset of the security threats that the selected anomalies are related to is selected based on the scores. A prompt is generated based on the enhanced selected anomalies and based on the selected subset of the identified security threats. The prompt is generated to solicit a response from a large language model (LLM) including a natural language summary associating the identified security threats with the selected anomalies regarding the specified entity that occurred within the specified time period. The prompt as input to the LLM, and the response is received as output from the LLM.

Abstract: Log events for a target system are received. In each of a number of iterations, selection of a filter from a library of preexisting filters is received from a user, the selected filter is applied to the log events to generate filtered log events, and the filtered log events are displayed to the user. In each iteration other than a first iteration, the selected filter is applied to the filtered log events that are generated in an immediately preceding iteration.

Abstract: Domain-specific images used for training an optical character recognition (OCR) machine learning model are generated as follows. Universal resource locator (URL) addresses of web pages associated with a particular domain are retrieved. Words in the web pages associated with the particular domain are determined. Domain-relevant n-grams of the words are identified for the particular domain. Corresponding domain-specific images of each domain-relevant n gram for the particular domain are generated.

Abstract: A mutated issue in AI generated source code is identified. For example, the mutated issue may be a mutated type of malware. A snippet of source code in the AI generated source code that comprises the mutated issue is identified. A vector based on the snippet of source code in the AI generated source code that comprises the mutated issue is generated. Vectors of a second source code (e.g., a new software application) are compared using the vector generated from the snippet of source code in the AI generated source code that comprises the mutated issue. The comparison is used to identify new types of issues in the second source code.

Abstract: For each item represented within log events that have a power law-oriented distribution, first and second metrics for the item are computed based on the log events which pertain to the item. The items are organized over bins according to the first metric. The bins correspond to different ranges of the first metric. For each bin, the items in the bin are ordered according to the second metric. A plot of the bins over which the items have been organized according to the first metric, is graphically displayed, which includes displaying, for each bin, the items in the bin as have been ordered according to the second metric.

Abstract: One or more unused locations in a software image are identified. An example of a software image may be a container image or virtual machine image. An unused location may be a location where padding is used in the software image. A first watermark is placed in the one or more unused locations to produce a watermarked software image. A request is received to load the watermarked software image. In response to receiving the request to load the watermarked software image, a second watermark is generated using the one or more unused locations in the watermarked software image and the second watermark is then compared to the first watermark. In response to the first watermark matching the second watermark, the software image is loaded. In response to the first watermark not matching the second watermark, the software image is not loaded.

Abstract: A request to authenticate a user is received. A random authentication pattern is generated. For example, the random authentication pattern may be for the user to provide a series of biometric scans and/or gesture scans. Instructions for the random authentication pattern are sent to a communication device (e.g., to a smartphone or smartwatch). A generated authentication pattern is received from the communication device. The generated authentication pattern is compared to a stored set of biometric scans and/or gestures scans that are based on the random authentication pattern. The user is authenticated based on the generated authentication pattern meeting a threshold by comparing the generated authentication pattern to the stored set of biometric scans and/or gestures scans.

Abstract: Systems and methods are disclosed to develop and use a tool to enable an application package to be instrumented with automatic real user monitoring (RUM) without accessing the original source code. A package, such as Android application bundle (AAB) or Android package kit (APK), is imported and decoded and a generated source code file and/or manifest is obtained. Instrumentation is then added at a location corresponding to a code signature in the generated source code file (e.g., an operation to be instrumented before and/or after the operation). The generated source code file is then compiled and packaged into an APK and/or AAB file. The resulting application package is available for downloading, installation, and use on user devices with the instrumentation having been automatically added and without access to the original source code.

Abstract: A media is created. The media may be a document, an image, a video file, an audio file, a real-time communication session, an email, a chat session, and/or the like. The media is associated with a plurality of authentication levels. For example, the media may use a first authentication level that requires a username/password and a second authentication level that requires a fingerprint scan of a user. The media is created based on a security process according to the plurality of authentication levels. For example, the security process may be an encryption process and/or a tokenization process. The media is divided into a plurality of sections based on the plurality of authentication levels. The security process is applied to the plurality of sections based on the plurality of authentication levels.

Abstract: Language models require resource-intensive training. As a result, retraining language models happens very infrequently even though new or custom words are needed at a much faster rate. By deploying a custom set of words, speech recognition may be performed using a previously trained language model and augmented with entries in a custom word list. A probability map is created for each token position predicted by the model. Next, potential positions for custom words are identified by calculating the probability ratio between the token selected by the model and the custom word token. The probability ratios are summed for the first, second, and last tokens of the custom words, and if the sum falls below a certain threshold, the position is recorded. Next, the word or words starting at the recorded position are identified and, using string comparison metrics, are determined the most likely candidates for replacement.

Abstract: A system and method are provided that store electronic data describing events that have occurred in a computing system, index the electronic data to create indexed data records; and store the indexed data records in computer memory as part of a flat data structure.

Abstract: Software applications often incorporate an embedded browser to perform web-based operations. Not all browsers operate the same way, for example, elements within tabs in Microsoft Edge browsers use messages to communicate through web extensions, while Microsoft Internet Explorer (IE) browsers use the original browsers helper object (BHO). A consequence of the different paradigms is that certain graphical elements may be duplicated in a resource table. A test development may fail to identify the duplication and may produce extraneous or erroneous tests. By launching on a system and monitoring the system's executing processes, a browser application may be determined to be running and, if so, a refresh operation is performed on an application under test (AUT). If the AUT refresh operation results in a browser also performing a refresh, the type of embedded browser may be identified and any duplicates of the same graphical elements identified and merged for subsequent testing.

Abstract: A plurality of captured packets are received. The plurality of captured packets are from a plurality of packet flows. A packet flow is a communication session between two devices. For example, a packet flow may be a communication session between a client and a server. The plurality of captured packets are sorted into individual packet flows. The individual packet flows are converted into individual videos. For example, each packet from each packet flow is stored as a separate video frame in an individual video. A machine learning algorithm is applied to the individual videos to perform analytic tasks on the individual videos. For example, the machine learning algorithm may be used to identify anomalies within a packet flow and/or between packet flows.

Abstract: Correlation rules (or simply, rules) evaluate events received from networked components. The rules may fail to keep up with the events received and leave a network and/or the networked components vulnerable. Systems and methods are provided wherein an event is processed by rules, when known. When not known, and not associated with normal activity, the event is converted into a natural language sentence by a large language model (LLM), which is then provided to a sentence transformer to vectorize the sentence and associated events. A neural network then determines a degree of fit to a number of rules and selects the best fitting rule(s). If no rule is a sufficient match, a new/modified rule may be generated.

Abstract: Automating testing or use of an application under test (AUT) is greatly simplified when domain object model (DOM) information is available. However, DOM information is not always available. Systems and methods are provided wherein graphical elements are identified and converted to computer code. The computer code is applied to a transparent layer and as a user visually interacts with the AUT, the transparent layer identifies the inputs and the root graphical elements. The inputs are then forwarded to the root graphical elements. The inputs and target graphical elements may be recorded and played back (as-is or modified) on the same or different AUT. The playback then allows a specific graphical element to receive a particular input, even if DOM information remains unavailable.