Abstract: Systems and methods of modifying a program binary by injecting code into a function of a program binary that tokenizes the return address of the function. The tokenization of the return address improves the robustness of the program binary against cyberattacks. For example, an attacker's attempt to hijack program flow before a function return will fail since any return address modified by the adversary will be tokenized (e.g., using a binary operation such as an XOR) resulting in an unusable address that will cause the system to crash. One advantage of the improved CFI consumes less average overhead and does not require all of the complications of the conventional CFI systems. In some embodiments, the tokenization includes applying a binary operation on a randomly-generated token and the return address. The token can be generated at transform time, load time, or run time.

Abstract: A computer may train a single-class machine learning using normal speech recordings. The machine learning model or any other model may estimate the normal range of parameters of a physical speech production model based on the normal speech recordings. For example, the computer may use a source-filter model of speech production, where voiced speech is represented by a pulse train and unvoiced speech by a random noise and a combination of the pulse train and the random noise is passed through an auto-regressive filter that emulates the human vocal tract. The computer leverages the fact that intentional modification of human voice introduces errors to source-filter model or any other physical model of speech production. The computer may identify anomalies in the physical model to generate a voice modification score for an audio signal. The voice modification score may indicate a degree of abnormality of human voice in the audio signal.

Abstract: An automated speaker verification (ASV) system incorporates a first deep neural network to extract deep acoustic features, such as deep CQCC features, from a received voice sample. The deep acoustic features are processed by a second deep neural network that classifies the deep acoustic features according to a determined likelihood of including a spoofing condition. A binary classifier then classifies the voice sample as being genuine or spoofed.

Abstract: Predictive rendering (also referred to herein as speculative rendering) is disclosed. The predictive rendering is performed by an endpoint browser in response to a user input made by a user. The predictive rendering is verified using a surrogate browser that is executed on a remote server. The verification can be performed asynchronously.

Abstract: A method, medium and system for auto-aligning displays of a head/helmet mounted display. The method, medium and system may provide for an auto-alignment of components of a headband, headgear, or a helmet. The method, medium and system may provide for a first sensor mounted to the helmet of a user and configured to communicate and transfer align with a vehicle comprising an inertial navigation system (INS). The method, medium and system may provide for display comprising a second sensor configured to communicate with the first sensor and transfer align the second sensor with the first sensor based on the transfer alignment of the first sensor with the vehicle. The method, medium and system may provide for wherein the first sensor and the second sensor comprise an inertial measurement unit (IMU). Further, the method, medium and system may also provide for the aligning of two displays on the head/helmet relative to each other in real time.

Abstract: Techniques to facilitate prevention of malicious attacks on a web service are disclosed herein. In at least one implementation, a computing system intercepts a web request directed to a web server providing the web service. The computing system identifies whether or not the web request is malicious. When the web request is identified as malicious, the computing system redirects the web request to an isolated mitigation server configured to mimic responses of the web server. The isolated mitigation server processes the web request to generate artificial content based on the web request that appears to be genuine content provided by the web server, and presents the artificial content in response to the web request.

Abstract: Methods of sensory input integrity attestation are provided. Artifacts included within devices under test inject a known noise signal into the output signal of one or more output devices that are detectable by one or more input devices (i.e., sensors) of an embedded device, and monitor the received input data. By comparing the received signal against the expected noise signal, attestation of the validity of sensory input data is possible. Such sensory input data attestation is capable either locally or using a remote attestation device with knowledge of the expected data stream.

Abstract: Techniques are provided for detection of malicious activity using behavior data. A behavior model is trained with behavior data generated in association with a plurality of requests. Data is received that describes a particular request from a particular client device to a server system hosting a website. The data includes particular behavior data generated at the particular client device in association with the particular request. The particular behavior data is analyzed using the behavior model to generate a behavior model result. An automation determination for the particular request is generated based on the behavior model result. The particular request is handled based on the automation determination for the particular request.

Abstract: Systems, methods, and computer-readable media for call classification and for training a model for call classification, an example method comprising: receiving DTMF information from a plurality of calls; determining, for each of the calls, a feature vector including statistics based on DTMF information such as DTMF residual signal comprising channel noise and additive noise; training a model for classification; comparing a new call feature vector to the model; predicting a device type and geographic location based on the comparison of the new call feature vector to the model; classifying the call as spoofed or genuine; and authenticating a call or altering an IVR call flow.

Abstract: Technology related to detecting and/or mitigating malicious client-side scripts is disclosed. In one example, a method includes sending a request for a page of a client application. In response to the request for the page, the page and a supervisory script of the page are received. The supervisory script of the page of the client application can be executed within a client environment. The supervisory script can override an operation associated with an architected application programming interface (API) of the client environment. During rendering of the page, a call to the architected API of the client environment can be serviced by performing a modified operation that is different than the architected operation associated with the architected API.

Abstract: Disclosed herein are techniques for protecting web applications from untrusted endpoints using remote browser isolation. In an example scenario, a browser isolation system receives a request from a client browser executing on a client device to connect with a remote application accessible via a private network. A surrogate browser is provided to facilitate communications between the client browser and the remote application. A security policy is enforced against the communications.

Abstract: Providing policy check functionality to file uploads is disclosed. An attempted file upload is detected at a browser isolation system. A user of a client is prompted to provide a credential associated with the file and usable to access contents of the file. A policy is applied to the file upload.

Abstract: Embodiments described herein provide for passive caller verification and/or passive fraud risk assessments for calls to customer call centers. Systems and methods may be used in real time as a call is coming into a call center. An analytics server of an analytics service looks at the purported Caller ID of the call, as well as the unaltered carrier metadata, which the analytics server then uses to generate or retrieve one or more probability scores using one or more lookup tables and/or a machine-learning model. A probability score indicates the likelihood that information derived using the Caller ID information has occurred or should occur given the carrier metadata received with the inbound call. The one or more probability scores be used to generate a risk score for the current call that indicates the probability of the call being valid (e.g., originated from a verified caller or calling device, non-fraudulent).

Abstract: The present invention is directed to a deep neural network (DNN) having a triplet network architecture, which is suitable to perform speaker recognition. In particular, the DNN includes three feed-forward neural networks, which are trained according to a batch process utilizing a cohort set of negative training samples. After each batch of training samples is processed, the DNN may be trained according to a loss function, e.g., utilizing a cosine measure of similarity between respective samples, along with positive and negative margins, to provide a robust representation of voiceprints.

Abstract: Disclosed is a test engine intended to evaluate the correctness and measure the performance effects of a binary transformation technique. The disclosed system takes source code as input and compiler information/flags as input. The transformation-under-test is applied to the compiler, creating a transformed compiler. A random test case generator residing within the test engine for injecting illegal code structures to modify the project source code, build flags, or compiler's operating environment, thereby creating an unlimited number of input test cases for the compiler. The test engine compiles the source code utilizing both the raw and transformed compilers and compares the results. For example, the test engine renders a pass/fail judgement on the binary transformation based on a metric of near equivalence between the results of the raw compiler and transformed compiler. By using one or more bitmasks, the evaluation process factors in differences attributed to compiler run-time generated artifacts.

Abstract: Embodiments described herein provide for a computer that detects one or more keywords of interest using acoustic features, to detect or query commonalities across multiple fraud calls. Embodiments described herein may implement unsupervised keyword spotting (UKWS) or unsupervised word discovery (UWD) in order to identify commonalities across a set of calls, where both UKWS and UWD employ Gaussian Mixture Models (GMM) and one or more dynamic time-warping algorithms. A user may indicate a training exemplar or occurrence of call-specific information, referred to herein as “a named entity,” such as a person's name, an account number, account balance, or order number. The computer may perform a redaction process that computationally nullifies the import of the named entity in the modeling processes described herein.

Abstract: A score indicating a likelihood that a first subject is the same as a second subject may be calibrated to compensate for aging of the first subject between samples of age-sensitive biometric characteristics. Age of the first subject obtained at a first sample time and age of the second subject obtained at a second sample time may be averaged, and an age approximation may be generated based on at least the age average and an interval between the first and second samples. The age approximation, the interval between the first and second sample times, and an obtained gender of the subject are used to calibrate the likelihood score.

Abstract: Behavioral verification of user identity includes building a deep neural network for keystroke-based behavioral verification of user identity. The building includes receiving recorded keystroke events, each such recorded keystroke event including (i) an indication of whether the recorded keystroke event is a key press or a key release, (ii) a key identifier of the respective key pressed or released, and (iii) a timestamp of the recorded keystroke event. The building further includes performing pre-processing of the recorded keystroke events to provide data structures representing sequential key events for processing by a deep neural network to extract local patterns, and training the deep neural network using the data structures. The method also includes providing the trained deep neural network for keystroke-based behavioral verification of user identity based on determinate vectors output from the trained deep neural network.

Abstract: Aspects of the invention determining a threat score of a call traversing a telecommunications network by leveraging the signaling used to originate, propagate and terminate the call. Outer-edge data utilized to originate the call may be analyzed against historical, or third party real-time data to determine the propensity of calls originating from those facilities to be categorized as a threat. Storing the outer edge data before the call is sent over the communications network permits such data to be preserved and not subjected to manipulations during traversal of the communications network. This allows identification of threat attempts based on the outer edge data from origination facilities, thereby allowing isolation of a compromised network facility that may or may not be known to be compromised by its respective network owner.

Abstract: In an embodiment, a computer-implemented method prevents use of a network protocol over an encrypted channel. In the method, a packet is received on an encrypted channel addressed to a network address. It is determined whether a network host at the network address is able to service a request formatted according to the network protocol over the encrypted channel. When the network host is determined to be able to resolve to a domain name over the encrypted channel, the network packet is blocked.