Abstract: Methods, non-transitory computer readable media, protection server apparatuses, and network security systems that improve network security for web applications by mitigating cyberattacks that cause the exfiltration of data are illustrated. With this technology, network request(s) are received from a client that specify domain(s) to which the client has sent data during rendering of a webpage. The webpage includes instrumentation code configured to intercept and post the network requests. A determination is then mage when one of the domain(s) is a malicious domain. Interceptor code is generated based on a type of attack that is associated with the one of the domains, when the determination indicates the one of the domains is a malicious domain. The instrumentation code is then updated to include the interceptor code. The interceptor code is configured to mitigate the attack when the webpage is subsequently rendered by another client.

Abstract: Embodiments described herein provide for systems and methods for verifying authentic JIPs associated with ANIs using CLLIs known to be associated with the ANIs, allowing a computer to authenticate calls using the verified JIPs, among various factors. The computer builds a trust model for JIPs by correlating unique CLLIs to JIPs. A malicious actor might spoof numerous ANIs mapped to a single CLLI, but the malicious actor is unlikely to spoof multiple CLLIs due to the complexity of spoofing the volumes of ANIs associated with multiple CLLIs, so the CLLIs can be trusted when determining whether a JIP is authentic. The computer identifies an authentic JIP when the trust model indicates that a number of CLLIs associated with the JIP satisfies one or more thresholds. A machine-learning architecture references the fact that the JIP is authentic as an authentication factor for downstream call authentication functions.

Abstract: Systems and methods may generate, by a computer, a voice model for an enrollee based upon a set of one or more features extracted from a first audio sample received at a first time; receive at a second time a second audio sample associated with a caller; generate a likelihood score for the second audio sample by applying the voice model associated with the enrollee on the set of features extracted from the second audio sample associated with the caller, the likelihood score indicating a likelihood that the caller is the enrollee; calibrate the likelihood score based upon a time interval from the first time to the second time and at least one of: an enrollee age at the first time and an enrollee gender; and authenticate the caller as the enrollee upon the computer determining that the likelihood score satisfies a predetermined threshold score.

Abstract: A method that may include receiving network information indicative of (a) network elements that comprise edge network element, (b) connectivity between the network elements, and (c) connectivity of edge network elements to one or more other networks; and generating a visual representation of the network, the visual representation comprises multiple layers, each layer comprises one or more of the network elements of the network, wherein different layers are associated with different importance values; wherein the visual representation is associated with selection metadata for selecting which part out of multiple parts of the visual representation to display, wherein each part comprises at least a part of a single layer the multiple layers.

Abstract: Predictive rendering (also referred to herein as speculative rendering) is disclosed. The predictive rendering is performed by an endpoint browser in response to a user input made by a user. The predictive rendering is verified using a surrogate browser that is executed on a remote server. The verification can be performed asynchronously.

Abstract: Systems and methods are disclosed that receive data at an electronic computing device. A first algorithm can be applied to the phrases to generate masked versions of the phrases. The masked versions can be cryptographically secured using a second algorithm and a cryptographic key. The second algorithm and cryptographic key can be used to generate a secured versions of the phrases. A filter representative of the data can be generated using the secured versions of the phrases.

Abstract: Embodiments described herein provide for performing a risk assessment using graph-derived features of a user interaction. A computer receives interaction information and infers information from the interaction based on information provided to the computer by a communication channel used in transmitting the interaction information. The computer may determine a claimed identity of the user associated with the user interaction. The computer may extract features from the inferred identity and claimed identity. The computer generates a graph representing the structural relationship between the communication channels and claimed identities associated with the inferred identity and claimed identity. The computer may extract additional features from the inferred identity and claimed identity using the graph. The computer may apply the features to a machine learning model to generate a risk score indicating the probability of a fraudulent interaction associated with the user interaction.

Abstract: Disclosed techniques include cybersecurity workflow management using autodetection. A cybersecurity threat protection workflow is accessed. At least one cybersecurity threat protection application notification is received. The cybersecurity threat protection application notification causes an irreversible action to be scheduled by the workflow. The irreversible action comprises a destructive response. The destructive response includes killing a process, deleting an account, shutting down a computer, wiping a computer, or shutting down a router. The irreversible action is detected before it is implemented by the workflow. The irreversible action in the workflow is mitigated using a supervisory workflow element. The mitigating the irreversible action comprises initiating a machine learning algorithm. The machine learning algorithm enables a near real-time response. The machine learning algorithm self-triggers the actionable response.

Abstract: A method, system, or apparatus to debug software that is reorganized in memory is presented. A post-mortem debugging session is established by loading an executable code component corresponding to a packed binary file into memory. A randomly reorganized layout of the machine code corresponding to the blocks of the original source code is generated based on a transformation defined in a function randomization library corresponding to the blocks of original source code. A core dump file corresponding to the crash event associated with the executing of the executable code component and a debug data file that includes symbol table information to debug the blocks of the original source code are received. An updated debug data file is generated that includes symbol table information corresponding to the randomly reorganized layout. A debugger program is called with the executable code component, the core dump file, and the updated debug data file.

Abstract: Described herein are systems and methods for improved audio analysis using a computer-executed neural network having one or more in-network data augmentation layers. The systems described herein help ease or avoid unwanted strain on computing resources by employing the data augmentation techniques within the layers of the neural network. The in-network data augmentation layers will produce various types of simulated audio data when the computer applies the neural network on an inputted audio signal during a training phase, enrollment phase, and/or testing phase. Subsequent layers of the neural network (e.g., convolutional layer, pooling layer, data augmentation layer) ingest the simulated audio data and the inputted audio signal and perform various operations.

Abstract: Example secure runtime systems and methods are described. In one implementation, a secure runtime system is configured to execute multiple applications in a secure manner. The secure runtime is associated with a secure enclave defined by a hardware device. A secure application loader is configured to load an application into the secure runtime system and an OS bridge is configured to provide OS services to the application.

Abstract: Systems and methods are disclosed for generation of a representative data structure. A computing device can receive data including various data items. The computing device can generate logical rows that include the data items. The computing device can convert the logical rows into nodes and store the nodes into logical rows of a first logical table. The computing device can generate logical rows for a second logical table including row identifiers and a link to one of the logical rows from the first logical table.

Abstract: Malware prevention and remediation is provided by monitoring actions performed processes and maintaining indications of which processes are trusted; selectively presenting canary files to these processes, which includes presenting the canary files to processes not indicated as being trusted and hiding the canary files from processes indicated as being trusted, and where the monitoring includes monitoring for access of canary files with change privileges; scoring each of the processes based on the actions performed, including any access of canary files with change privileges, which scoring produces a malice score for each process; and automatically terminating any process for which its malice score indicates at least a threshold level of malice in the execution of the process.

Abstract: A technique for anomaly detection is disclosed. Event data is converted into a normalized common information model. The resulting data may be stored in an event data store database. Additionally, the resulting data may be stored in a knowledge graph representation in a knowledge graph database. The knowledge graph database efficiently stores event data to generate histograms on demand for common anomaly queries.

Abstract: A method, system, or apparatus to debug software that is reorganized in memory is presented. An interactive debugging session is established with an executable code component corresponding to a packed binary file includes machine code that corresponds to blocks of original source code. A randomly reorganized layout of the machine code is generated in memory based on a transformation defined in a function randomization library. An in-memory object file is created by using a debug data component corresponding to the packed binary file. The debug data component includes symbol table information to debug the blocks of the original source code generated prior to the randomly reorganized layout. The symbol table information is updated based on the randomly reorganized layout of the machine code, and the debugger program is instructed to load the in-memory object file with the updated symbol information to debug the blocks of the original source code.

Abstract: A multi-point locking set, comprising an engagement member attached to a first end of an actuator plate and configured to move the actuator plate in a vertical direction, a locking member attached to a second end of the actuator plate and attached to a first moving plate and a second moving plate, wherein the locking member pivots between a retracted position and an extended position when the actuator plate moves in the vertical direction, and wherein the first moving plate and the second moving plate move in a vertical direction when the locking member pivots between the retracted position and the extended position.

Abstract: Techniques for detecting emails that pertain to Internet services are disclosed. Information about such emails can be recognized by performing a discrete analysis of the email before delivering the email to the user and determining whether a corrective action is warranted. Such emails can be recognized by heuristic pattern analysis that scans incoming emails for patterns known to pertain to certain Internet services. Emails relating to other Internet services can be detected by a machine learning classifier that uses labeled training data. These accesses to Internet services can be written to a database. In many implementations, such discrete analysis is performed after an email has been classified as legitimate by one or both of a spam filter and a malware detector. An aggregate analysis, whose output can also update the database, can provide a broad picture of Internet service usage within a set of email users (e.g., by department).

Abstract: A data security server system includes a first network proxy, a data classifier, an operation pipeline module, a vault database, security infrastructure, and second network proxy that function as secure data tunnel mechanisms through which network data containing sensitive information passes through. The data classifier identifies data payloads having data fields that require processing and routes these data payloads to an operation pipeline module which can redact, tokenize or otherwise process sensitive data before the data payload exits the system. The data classifier also reverses the process by identifying data payloads having redacted or tokenize data fields and restoring the sensitive data to these data fields.

Abstract: A network-accessible service provides an enterprise with a view of all identity and data activity in the enterprise's cloud accounts. The service enables distinct cloud provider management models to be normalized with centralized analytics and views across large numbers of cloud accounts. The service enables an enterprise to model all activity and relationships across cloud vendors, accounts and third party stores. Display views of this information preferably can pivot on cloud provider, country, cloud accounts, application or data store. Using a domain-specific query language, the system enables rapid interrogation of a complete and centralized data model of all data and identity relationships. User reports may be generated showing all privileges and data to which a particular identity has access. Similarly, data reports shown all entities having access to an asset can be generated.

Abstract: Utterances of at least two speakers in a speech signal may be distinguished and the associated speaker identified by use of diarization together with automatic speech recognition of identifying words and phrases commonly in the speech signal. The diarization process clusters turns of the conversation while recognized special form phrases and entity names identify the speakers. A trained probabilistic model deduces which entity name(s) correspond to the clusters.