Abstract: Disclosed are systems and methods including software processes executed by a server that detect audio-based synthetic speech (“deepfakes”) in a call conversation. Embodiments include systems and methods for detecting fraudulent presentation attacks using multiple functional engines that implement various fraud-detection techniques, to produce calibrated scores and/or fused scores. A computer may, for example, evaluate the audio quality of speech signals within audio signals, where speech signals contain the speech portions having speaker utterances.

Abstract: Disclosed are systems and methods including software processes executed by a server that detect audio-based synthetic speech (“deepfakes”) in a call conversation. Embodiments include systems and methods for detecting fraudulent presentation attacks using multiple functional engines that implement various fraud-detection techniques, to produce calibrated scores and/or fused scores. A computer may, for example, evaluate the audio quality of speech signals within audio signals, where speech signals contain the speech portions having speaker utterances.

Abstract: Disclosed are systems and methods including software processes executed by a server that detect audio-based synthetic speech (“deepfakes”) in a call conversation. Embodiments include systems and methods for detecting fraudulent presentation attacks using multiple functional engines that implement various fraud-detection techniques, to produce calibrated scores and/or fused scores. A computer may, for example, evaluate the audio quality of speech signals within audio signals, where speech signals contain the speech portions having speaker utterances.

Abstract: A method includes, as part of establishing a feature merging threshold (?) for determining equivalence between two features, selecting a set of candidate ? values, partitioning training data into a plurality of groups, establishing a model W? for each ? value of the set of candidate ? values, iteratively performing: selecting a next group of training data of the plurality of groups of training data; adding the selected next group of training data to a training set; and for each ? value in the set of candidate ? values: training the W? for the ? value using the training set, and evaluating a size of W?, the size comprising a number of features included in the model, and choosing the feature merging threshold ? based on the iteratively performing.

Abstract: Disclosed are systems and methods including software processes executed by a server that detect audio-based synthetic speech (“deepfakes”) in a call conversation. The server applies an NLP engine to transcribe call audio and analyze the text for anomalous patterns to detect synthetic speech. Additionally or alternatively, the server executes a voice “liveness” detection system for detecting machine speech, such as synthetic speech or replayed speech. The system performs phrase repetition detection, background change detection, and passive voice liveness detection in call audio signals to detect liveness of a speech utterance. An automated model update module allows the liveness detection model to adapt to new types of presentation attacks, based on the human provided feedback.

Abstract: Malware prevention and remediation is provided by monitoring actions performed by processes and maintaining indications of which processes are trusted; selectively presenting canary files to these processes, which includes presenting the canary files to processes not indicated as being trusted and hiding the canary files from processes indicated as being trusted, and where the monitoring includes monitoring for access of canary files with change privileges; scoring each of the processes based on the actions performed, including any access of canary files with change privileges, which scoring produces a malice score for each process; and automatically terminating any process for which its malice score indicates at least a threshold level of malice in the execution of the process.

Abstract: According to an embodiment of the disclosure, a toll-free telecommunications validation system determines a confidence value that an incoming phone call to an enterprises' toll-free number is originating from the station it purports to be, i.e.

Abstract: An autonomic incident response system (AIRS) that can be used within any cyber system (computing systems, network devices, applications, cyber-physical systems, data, and files). If a cyber system is attacked, the cyberattack pattern type can be seamlessly identified by the AIRS along with the method used to launch the attack, the vulnerability that was exploited, the impact and consequence of the attack, and finally the recovery actions that can be taken automatically or semi-automatically to stop the attack or mitigate its impact on cyber system operations.

Abstract: Predictive rendering (also referred to herein as speculative rendering) is disclosed. The predictive rendering is performed by an endpoint browser in response to a user input made by a user. The predictive rendering is verified using a surrogate browser that is executed on a remote server. The verification can be performed asynchronously.

Abstract: Systems, methods, and computer-readable media for call classification and for training a model for call classification, an example method comprising: receiving DTMF information from a plurality of calls; determining, for each of the calls, a feature vector including statistics based on DTMF information such as DTMF residual signal comprising channel noise and additive noise; training a model for classification; comparing a new call feature vector to the model; predicting a device type and geographic location based on the comparison of the new call feature vector to the model; classifying the call as spoofed or genuine; and authenticating a call or altering an IVR call flow.

Abstract: Disclosed are methods, systems and non-transitory computer readable memory for container image or host deduplication in vulnerability management systems. For instance, a method may include: obtaining source data from at least one source, wherein the source data includes a plurality of assets and/or findings; extracting data bits for each asset or finding from the source data; determining a first asset or finding concerns a first container image or first host based on the data bits for the first asset or finding; in response to determining the first asset or finding concerns the first container image or first host, obtaining a container image dataset or a search structure; determining whether the data bits match any of the plurality of sets of values of the container image dataset or the search structure; and, based on a match result, generating or updating records for the first container image or the first host.

Abstract: A formally verified trusted computing base with active security and policy enforcement is described. The formally verified trusted computing base includes a formally verified microkernel and multiple formally verified hyper-processes including a virtual machine monitor (VMM), virtual machine introspection (VMI), policy enforcers including an active security policy enforcer (ASPE), and a virtual switch. The active security and policy enforcement continuously monitors for semantic behavior detection or policy violations and enforces the policies at the virtualization layer. Further, policies can be attached to the network layer to provide granular control of the communication of the computing device.

Abstract: Methods and systems for threat monitoring and analysis are disclosed. Data is collected, over a protected network, from a data stream provided by at least one data source connecting to the protected network. Machine learning (ML) models are trained for the data stream utilizing the collected data. The ML models include a first ML model to establish a baseline value, an allowed threshold value range, and a threshold value for the data from the data source, and a second ML model to identify outlier data. The outlier data is outside of the allowed threshold value range from the baseline value and exceeds the threshold value in the data stream. The ML models are used to determine whether one or more anomalies indicating a cyber threat exist within the collected data. Responsive to determining that the anomalies exist, it is determined whether to provide a response action.

Abstract: A method for monitoring endpoint devices affiliated with a computer network includes: for each security technology, accessing a set of objects generated by the security technology during a time interval and representing characteristics endpoint devices configured with the security technology, partitioning object groups representing individual endpoint devices, and aggregating characteristics represented in each object group into an endpoint device container associated with the security technology and containing identifying data and status data representing one endpoint device; identifying a first subset of endpoint devices configured with first and second security technologies based on correspondence between data contained endpoint device containers associated with the first and second security technologies; and identifying a second subset of endpoint devices configured with the first security technology and excluding the second security technology based on absence of correspondence between data contained in

Abstract: Embodiments described herein provide for end-to-end joint determination of degradation parameter scores for certain types of degradation. Degradation parameters include degradation describing additive noise and multiplicative noise such as Signal-to-Noise Ratio (SNR), reverberation time (T60), and Direct-to-Reverberant Ratio (DRR). Various neural network architectures are described such that the inherent interplay between the degradation parameters is considered in both the degradation parameter score and degradation score determination. The neural network architectures are trained according to computer generated audio datasets.

Abstract: Disclosed are systems and methods including processes executed by a server that executes software routines for machine-learning architectures that receive call-invite messages containing data from a terminating carrier. The server a caller ANI and types of call data. The server further requests data from a telephony database. The server applies and executes the software programming of the machine-learning architecture on the call data (from the terminating carrier) and the portability data (from the telephony database) to generate risk scores. The server stores the data and the risk scores into a request database, until a provider server requests the risk scores in a threat assessment request. The server returns a threat assessment message to the provider server in response to the threat assessment request. The threat assessment message includes information about the caller or caller device, and the risk scores, but not the caller ANI.

Abstract: Provided are a driving negotiation method and apparatus for supporting stability against a blind spot, an unexpected situation, etc. and a rapid judgment and response of an autonomous vehicle in various driving environments. The driving negotiation apparatus includes a wireless communication module configured to support vehicle to everything (V2X) communication and at least one processor connected to the wireless communication module. The at least one processor receives a cooperative request message from a first vehicle, broadcasts a cooperative request message and additional information required for a negotiation to surrounding vehicles, receives a cooperative response message from at least one second vehicle among the surrounding vehicles, and transmits a message indicating that the negotiation is possible or impossible to the first vehicle on the basis of the cooperative response message.

Abstract: Preference data is received. The received preference data is compared to stored preference data associated with a user with which the received preference data is associated. A determination is made whether to authorize an action based at least on the comparison. The preference data is received as a selection.

Abstract: Techniques for code modification for detecting abnormal activity are described. Web code is obtained. Modified web code is generated by changing a particular programmatic element to a modified programmatic element throughout the web code. Instrumentation code is generated configured to monitor and report on one or more interactions with versions of the particular programmatic element. The instrumentation code is caused to be provided in association with the modified web code to the first client device in response to the first request from the first client device. Report data generated by the instrumentation code is received. The report data describes abnormal activity at the first client device, the abnormal activity comprising an interaction with a version of the particular programmatic element that does not exist in the modified web code. Based on the report, it is determined that the first client device is likely controlled by malware.

Abstract: The present invention is directed to a deep neural network (DNN) having a triplet network architecture, which is suitable to perform speaker recognition. In particular, the DNN includes three feed-forward neural networks, which are trained according to a batch process utilizing a cohort set of negative training samples. After each batch of training samples is processed, the DNN may be trained according to a loss function, e.g., utilizing a cosine measure of similarity between respective samples, along with positive and negative margins, to provide a robust representation of voiceprints.