Abstract: A method for applying user profiles in electronic sessions is described. In one embodiment, the method includes detecting a request to initiate an electronic session with a web server; identifying a user profile associated with the request; generating an alternative profile; initiating the electronic session; and replacing the user profile with the alternative profile during the electronic session. In some examples, the method includes performing a security action, including modifying one or more data points in a set of metadata and/or a set of latent user characteristics associated with the user profile. In some cases, the alternative profile includes a set of modified metadata and a set of modified latent user characteristics. In some examples, the method includes replacing a cookie associated with the user profile with a cookie associated with the alternative profile.

Abstract: A user creates dynamic meta-communities that span membership of multiple existing third-party online communities, based on profile attributes. This allows the user to create targeted sub-communities for specific purposes without recreating or duplicating community information. The user can communicate with members of created meta-communities by leveraging the mechanisms provided by the third party online communities.

Abstract: Securing a network device by automatically identifying files belonging to an application. In one embodiment, a method may include collecting file attributes for multiple files from multiple network devices, examining a hash of file contents of each of the multiple files to identify multiple unique files in the multiple files, summarizing the file attributes for each of the multiple unique files to generate a sketch of file attributes for each of the multiple unique files, clustering the multiple unique files into multiple applications, making a security action decision for one application of the multiple applications, and performing a security action on a network device based on the security action decision.

Abstract: A computer-implemented method for managing computer security of client computing machines may include (i) monitoring a set of client computing devices, (ii) receiving security data on sets of security-related events from each client computing device in the set of client computing devices, (iii) clustering the sets of security-related events by calculating a dissimilarity value, for each set of security-related events, that indicates a uniqueness of the set of security-related events in relation to other sets of security-related events using a dissimilarity function and adjusting the dissimilarity function based on a homogeneity of clusters of sets of security-related events, (iv) determining, based on clustering the sets of security-related events by the dissimilarity value, that a set of security-related events comprises an anomaly, and (v) performing a security action in response to determining that the set of security-related events comprises the anomaly.

Abstract: A method for location validation through physical surroundings is described. In one embodiment, the method includes receiving a location of a user device, transmitting to the user device, a request for additional information, receiving the additional information from the user device in response to the request, the second identifier matching the first identifier, comparing the received additional information with stored data pre-associated with the received location, and verifying the received location based at least in part on the comparing. In some embodiments, the request for additional information includes at least one of a request for a first image captured at a first direction, a request for a second image captured at a second direction, a request for a third image captured at a pre-determined tilt angle, a request for a stream of images captured in a pre-determined pattern, or any combination thereof.

Abstract: The disclosed computer-implemented method for identifying malicious file droppers may include (1) detecting a malicious file on the computing device, (2) constructing an ordered list of files that resulted in the malicious file being on the computing device where the malicious file is the last file in the ordered list of files and each file in the ordered list of files placed the next file in the ordered list of files on the computing device, (3) determining that at least one file prior to the malicious file in the ordered list of files comprises a malicious file dropper, and (4) performing a security action in response to determining that the file prior to the malicious file in the ordered list of files comprises the malicious file dropper. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for managing computing device access to local area computer networks may include (i) receiving, at a router computing device, a request to connect a client computing device to a local area computer network, (ii) determining whether the client computing device has prior authorization to connect to the local area computer network, (iii) sending, when the client computing device is determined to not have prior authorization, a request to an administrator computing device for authorization to connect the client computing device to the local area computer network, (iv) receiving, from the administrator computing device, an instruction to allow the client computing device to connect or to block the client computing device from connecting, and (v) performing a security action to block or allow the client computing device's request based on the instruction. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for connecting Internet-connected devices to wireless access points may include (1) receiving, over the Internet from a client device at a server, a request to connect the client device to an access point that is secured by a passcode, (2) transmitting a verification-request message from the server to the access point and/or the client device that instructs the access point and/or the client device to perform an action that enables the physical proximity of a user of the client device to the access point to be verified, (3) receiving a verification-response message that indicates that the user of the client device has physical access to the access point, and (4) enabling the client device to connect to the access point by transmitting, from the server to the client device, the passcode. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The present disclosure relates to systems and methods for on-boarding an out of the box (OOB) device so as to secure electronic control of the OOB device. In some embodiments, a method may be performed by a computing device having an electronic processor, and may include automatically electronically receiving, by a processor, an electronic request to on-board from the OOB device, and authenticating, by the processor, a standardized certificate associated with the OOB device. The method may further include obtaining, by the processor, a policy authority to electronically control the OOB device. The method may further include securing electronic control of the OOB device, by the processor, based at least in part on the obtained approval.

Abstract: An antenna system for wireless communications and other wireless applications is disclosed. In one particular embodiment, the antenna system may comprise a frame with at least three facets and an antenna element mounted on each of the at least three facets, wherein each of the antenna elements are electromagnetically isolated from each other.

Abstract: Securing network devices by forecasting future security incidents for a network based on past security incidents. In one embodiment, a method may include constructing past inside-in security features for a network, constructing past outside-in security features for the network, and employing dynamic time warping to generate a similarity score for each security feature pair in the past inside-in security features, in the past outside-in security features, and between the past inside-in security features and the past outside-in security features. The method may further include generating a Coupled Gaussian Latent Variable (CGLV) model based on the similarity scores, forecasting future inside-in security features for the network using the CGLV model, and performing a security action on one or more network devices of the network based on the forecasted future inside-in security features for the network.

Abstract: The disclosed computer-implemented method for managing security programs may include (i) identifying a security program configured to analyze files on a client device to detect malicious files, (ii) determining a result the security program would report for an analysis of a file on the client device, (iii) intercepting an attempt by the security program to analyze the file, and (iv) determining, based on the result the security program would report for the analysis of the file, whether to permit the security program to analyze the file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for mapping services utilized by network domains may include (i) receiving a request to perform a risk assessment on a domain, (ii) querying a database for records associated with the domain, where each record links to a network resource that enables functionality of the domain, (iii) generating a service map that matches each network resource to a corresponding service type and service provider, (v) performing the risk assessment of the domain, and (vi) facilitating a security measure for the domain based on a result of the risk assessment. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for personalizing security incident reports may include (i) generating, within a training dataset, a feature vector for each of a group of security incidents, the feature vector including features that describe the security incidents and the features including response codes that a set of clients previously assigned to the security incidents as labels, (ii) training a supervised machine learning function on the training dataset using the response codes that the set of clients previously assigned to the security incidents, (iii) applying the supervised machine learning function to a feature vector that describes a new security incident on the set of clients to predict that the set of clients will ignore the new security incident, and (iv) personalizing a list of security incidents that is electronically reported to the set of clients by deprioritizing the new security incident. Other methods, systems, and computer-readable media are also disclosed.

Abstract: A method for applying perturbations to electronic media is described. A computing device may receive an electronic request to upload an electronic media to an internet-based service and perform a pre-processing operation on the electronic media based on the electronic request and a feature of the electronic media. In some examples, the computing device may perform a security action on the electronic media. For example, the computing device may apply perturbations to elements of the electronic media based on a gradient of a model. The computing device may transmit the electronic media to the internet-based service.

Abstract: An accessibility service protection application for hiding content of a first application from an accessibility service of a second application on a mobile computing device is described. The accessibility service protection application determines the first application currently active in foreground of the mobile computing device. The accessibility service protection application configures a transparent activity to hide content associated with the first application from the accessibility service of the second application. The accessibility service protection application launches the transparent activity on top of the first application, such that the transparent activity protects the content associated with the first application from the accessibility service of the second application.

Abstract: Encrypting and decrypting sensitive files on a network device. In one embodiment, a method may include determining that a file stored on a network device is a sensitive file, encrypting the sensitive file, sending, to an authentication server, an encryption key, initializing, at the network device, a Software Guard Extension (SGX) enclave, loading, into the SGX enclave, a retrieval application, receiving, at the retrieval application, an attestation from the authentication server that the retrieval application is authentic, receiving, at the retrieval application, the encryption key from the authentication server, receiving, at the retrieval application, a user request to decrypt the encrypted sensitive file, authenticating, at the retrieval application, the user request, decrypting, at the network device, the particular encrypted sensitive file, and providing the sensitive file to the user.

Abstract: The disclosed computer-implemented method for detecting preparatory-stages of rowhammer attacks may include (i) receiving, at a computing device, signatures of preparatory behaviors that are known to be exhibited by malicious virtual machines during preparatory stages of rowhammer attacks, (ii) monitoring, at the computing device, behaviors of a virtual machine that is hosted by the computing device, (iii) detecting, at the computing device while monitoring behaviors of the virtual machine, a behavior that matches one of the signatures of preparatory behaviors, and (iv) performing, in response to detecting the behavior that matches one of the signatures of preparatory behaviors, a security action to prevent the virtual machine from perpetrating a successful rowhammer attack. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for detecting security incidents may include (i) collecting, by a security server, security information describing security events detected on at least one client device, (ii) generating, based on the collected security information, a mathematical graph that includes a set of nodes designating machine-windows of data and a set of nodes designating detected security events, (iii) executing a random-walk-with-restart algorithm on the generated mathematical graph to sort the set of nodes designating machine-windows of data in terms of relevance to a set of ground truth nodes that indicate confirmed security threats, and (iv) performing a remedial security action to protect a user in response to detecting a candidate security threat based on sorting the set of nodes designating machine-windows of data by executing the random-walk-with-restart algorithm. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for remediating computer stability issues may include (i) determining that a device has experienced a computer stability problem, (ii) obtaining, from the device, one or more computer-generated log lines that potentially include information pertaining to a cause of the computer stability problem, (iii) directly analyzing text included within the computer-generated log lines, (iv) identifying information relating to the computer stability problem based on the direct analysis of the text, and (v) remediating the device to resolve the computer stability problem. Various other methods, systems, and computer-readable media are also disclosed.