Abstract: Methods, systems, and apparatuses for detecting a presence of a malicious application are disclosed. In an example, a method includes storing information to a data structure as a predicted response from a client device. The information is indicative of graphically rendered text or images at the client device corresponding to transactional information and presentation information of a website. The method also includes, during a subsequent access of the website, selecting the transactional information and the presentation information to transmit to the client device. The method further includes receiving second information indicative of graphically rendered text or images at the client device, comparing the second information to the stored predicted response, and determining a malicious application is attempting to affect the controlled usage of a website resource or a second website resource when the received second information does not match the stored predicted response.

Abstract: Methods and apparatus for interfering with malware using displaced display elements are disclosed. In an example, a processor is configured to change a location of a displayed pointer by a first offset vector from a hidden true pointer. The processor is also configured to change a location of at least one application display element, such as a website “Submit” button, by a second offset vector from a hidden true application element. The first offset vector may have a similar magnitude as the second offset vector but an opposite direction Changing a location of a pointer and the application element by the offsets enables a user to interact with the application normally. However, the offsets prevent malware or a malicious application from interacting with the application.

Abstract: Methods, systems, and apparatuses for detecting a presence of a malicious application are disclosed. In an example, a method includes determining a prediction for human user interaction with webpage content of a website by identifying webpage elements in the webpage content, where the webpage elements are for human user interaction, and determining at least one of spatial density of cursor movements or cursor velocity vectors relative to the webpage elements that are indicative of human user interaction with the webpage content. The method further includes using the prediction for human user interaction with the webpage content to determine if received webpage interaction information from a client device is indicative of a presence of a malicious application. The method provides an indication of the presence of the malicious application when the received interaction information is indicative of the presence of a malicious application.

Abstract: A system, apparatuses, and methods for mobile device security are disclosed. In an example, a system includes a mobile endpoint device wirelessly communicatively coupled to a user device via a short range air gap. The system also includes a proxy server communicatively coupled to the user device via a network connection. The mobile endpoint device is configured to receive a text input from a user, convert the text input into a first format for transmission over the short range air gap, encrypt the converted text input, and transmit the encrypted converted text input to the user device. The proxy server is configured to receive the encrypted converted text input from the user device, decrypt the encrypted converted text input; convert the decrypted converted text input into a second format compatible with an application server, and transmit the converted text input in the second format to the application server.

Abstract: Methods and apparatus for interfering with malware using displaced display elements are disclosed. In an example, a processor is configured to change a location of a displayed pointer by a first offset vector from a hidden true pointer. The processor is also configured to change a location of at least one application display element, such as a website “Submit” button, by a second offset vector from a hidden true application element. The first offset vector may have a similar magnitude as the second offset vector but an opposite direction Changing a location of a pointer and the application element by the offsets enables a user to interact with the application normally. However, the offsets prevent malware or a malicious application from inter-acting with the application.

Abstract: A system, apparatuses, and methods for device and network security are discussed herein. In an example, a security device for providing security to user-entered inputs includes a universal serial bus (“USB”) port configured to receive a connector of an input device and a USB connector configured to connect to a port of a user device. The apparatus also includes a processor configured to receive a string of characters from the input device that correspond to inputs made by a user into a web browser or application on the user device. The processor adds at least one security character to the string of characters to generate a watermark string, and transmits the watermark string to the user device. The processor is configured to format the at least one security character such that only the string of characters are displayed in the web browser or the application at the user device.

Abstract: Methods, systems, and apparatuses for detecting a presence of a malicious application are disclosed. In an example, a method includes determining a prediction for human user interaction with webpage content of a website by identifying webpage elements in the webpage content, where the webpage elements are for human user interaction, and determining at least one of spatial density of cursor movements or cursor velocity vectors relative to the webpage elements that are indicative of human user interaction with the webpage content. The method further includes using the prediction for human user interaction with the webpage content to determine if received webpage interaction information from a client device is indicative of a presence of a malicious application. The method provides an indication of the presence of the malicious application if the received interaction information is indicative of the presence of a malicious application.

Abstract: Methods and apparatus for interfering with automated bots using a graphical pointer and page display elements are disclosed. In an example, a processor selects a challenge for display on a client device. The challenge includes a display element and stylized pointer information. The processor causes the display element to be displayed on the client device and a pointer to be stylized, as specified by the pointer information. The processor receives a response message corresponding to at least one of a pointer selection or pointer movement made by the stylized pointer. The processor compares information within the response message to a specified correct location of the display element that is stored in an answer file related to the selected challenge. If the information within the response message is correct, the processor transmits a correct answer message and/or enables webpage content to be displayed or otherwise provided to the client device.

Abstract: Methods, systems, and apparatuses for detecting a presence of a malicious application are disclosed. In an example, a method includes determining a prediction for human user interaction with webpage content of a website by identifying webpage elements in the webpage content, where the webpage elements are for human user interaction, and determining at least one of spatial density of cursor movements or cursor velocity vectors relative to the webpage elements that are indicative of human user interaction with the webpage content. The method further includes using the prediction for human user interaction with the webpage content to determine if received webpage interaction information from a client device is indicative of a presence of a malicious application. The method provides an indication of the presence of the malicious application if the received interaction information is indicative of the presence of a malicious application.

Abstract: A system, method, and apparatus for detecting remote control of a client device are disclosed. An example network security apparatus includes a network switch configured to route first data packets between a client device and a content provider device, determine IP addresses of other devices that transmit second data packets to or receive second data packets from the client device, and throttle the second data packets destined for the client device. The apparatus also includes a controller configured to receive signal packets indicative of activity in relation to a webpage provided by the content provider device to the client device and instruct the network switch to throttle the second data packets after receiving one of the signal packets. The controller is also configured to provide an indication of a malicious device remotely controlling the client device responsive to not receiving another signal packet within a specified time period.

Abstract: A system, method, and apparatus for identifying and removing malicious applications are disclosed. An example apparatus includes an analysis server configured to receive from an executable application operating on a client device a data structure including information identifying processes operating on the client device during a time period and analyze the data structure to identify a malicious application by determining which of the processes on the client device were triggered after an application server was accessed by the executable application and identifying processes associated with the malicious application by comparing the determined processes to records of processes of a device similarly configured as the client device.

Abstract: A system, methods, and apparatus for validating communications in an open architecture system are disclosed. In an example embodiment, a method includes selecting transactional information to transmit from a server to a communicatively coupled client device based on a request from the client device, selecting presentation information corresponding to the transactional information to transmit from the server to the client device, transmitting at least one message including the presentation and transactional information from the server to the client device, determining a prediction as to how the client device will render the transactional information based on the presentation information, receiving a response message from the client, and responsive to information in the response message not matching the prediction, providing an indication there is a malicious application affecting communications between the server and the client device.

Abstract: A system, method, and apparatus for providing observable authentication are disclosed. An example method includes receiving a request from a user to access an account, the request including an identifier associated with the user, determining a secret login rule previously provided to the user, and transmitting observable information to be displayed in a login map by a client device associated with the user. The example method also includes determining a correct answer by analyzing the positioning of the displayed observable information within the login map in conjunction with the secret login rule associated with the user. The example method further includes receiving an answer from the client device and providing the user access to the account responsive to the answer matching the correct answer.

Abstract: A system, method, and apparatus for identifying and removing malicious applications are disclosed. An example apparatus includes an analysis server configured to receive from an executable application operating on a client device a data structure including information identifying processes operating on the client device during a time period and analyze the data structure to identify a malicious application by determining which of the processes on the client device were triggered after an application server was accessed by the executable application and identifying processes associated with the malicious application by comparing the determined processes to records of processes of a device similarly configured as the client device.

Abstract: A system, methods, and apparatus for validating communications in an open architecture system are disclosed. In an example embodiment, a method includes selecting transactional information to transmit from a server to a communicatively coupled client device based on a request from the client device, selecting presentation information corresponding to the transactional information to transmit from the server to the client device, transmitting at least one message including the presentation and transactional information from the server to the client device, determining a prediction as to how the client device will render the transactional information based on the presentation information, receiving a response message from the client, and responsive to information in the response message not matching the prediction, providing an indication there is a malicious application affecting communications between the server and the client device.