Abstract: Techniques for application code obfuscation are disclosed. In one embodiment, the techniques may be realized as a method including receiving application code and testing data associated with the application; automatically generating obfuscated application code from the received application code; automatically testing the obfuscated application code by running the obfuscated application code and inputting at least the recorded inputs from the testing data while recording associated outputs; in response to determining that the associated outputs from automatically testing the obfuscation code do not match the testing data outputs, modifying the obfuscated application code and automatically testing the modified obfuscated application code against the testing data; and, in response to determining that outputs from automatically testing the modified obfuscated application code match the testing data outputs, transmitting the modified obfuscated application code as a successful obfuscation of the application.

Abstract: A computer-implemented method for predicting security threat attacks may include (1) identifying candidate security threat targets with latent attributes that describe features of the candidate security threat targets, (2) identifying historical attack data that describes which of the candidate security threat targets experienced an actual security threat attack, (3) determining a similarity relationship between latent attributes of at least one specific candidate security threat target and latent attributes of the candidate security threat targets that experienced an actual security threat attack according to the historical attack data, (4) predicting, based on the determined similarity relationship, that the specific candidate security threat target will experience a future security threat attack, and (5) performing at least one remedial action to protect the specific candidate security threat target in response to predicting the future security threat attack.

Abstract: Network traffic is monitored, and activities concerning posting images to sharing sites are detected. Detected activities can be attempts to login to sharing sites, or attempts to post images. Privacy concerns associated with sharing images on target sites are identified. In the case of detecting a successful attempt to login to a known sharing site, the site is scanned for the privacy settings in effect for the user, and it is determined whether the settings are below a given threshold. Another example of a privacy concern is detecting an attempt to post an image to an unknown site. When a privacy concern is detected, the user is warned, and prompted to indicate whether images are to be posted to the target site anyway. Attempts to post images to sites that are subject to privacy concerns are processed according to received user directives (e.g., blocked or allowed).

Abstract: A method, performed by a network device, for communication with Internet of Things (IoT) devices is provided. The method includes receiving a communication relevant to Internet of Things devices, wherein the communication is in accordance with a naming scheme that has conventions for objects, context, data and commands and is agnostic as to a plurality of addressing schemes of the Internet of Things devices. The method includes resolving names in the communication, in accordance with the naming scheme, and sending the communication or a further communication to one or more Internet of Things devices per the resolving.

Abstract: The disclosed computer-implemented method for adjusting behavioral detection heuristics may include (1) configuring a behavioral detection heuristic to provide an initial level of malicious behavior detection on a computing system, (2) using the behavioral detection heuristic at the initial level of malicious behavior detection to detect at least two security threats on the computing system, (3) determining that the time between the security threats is shorter than a predetermined length of time, and (4) in response to determining that the time between the security threats is shorter than the predetermined length of time, adjusting the behavioral detection heuristic to provide a heightened level of malicious behavior detection that is configured to catch at least one additional security threat that may not be caught using the initial level of malicious behavior detection. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for improving forest-based malware detection within an organization may include (i) receiving, at a backend computing system, organization data from at least one organization computing device within an organization computer network, (ii) adjusting, at the backend computing system, a general use forest model based on the organization data to generate an organization-specific forest model for detecting malicious computer files within the organization computer network, and (iii) sending, from the backend computing system, the organization-specific forest model to the at least one organization computing device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method for phishing detection, performed by a mobile device, is provided. The method includes receiving a first OTP (one-time password), from a remote caller purporting to be from a trusted organization, into the mobile device. The method includes generating a second OTP, using an OTP generation system provided by the trusted organization, and comparing, in the mobile device, the first OTP and the second OTP, wherein the first OTP matching the second OTP indicates legitimacy of the remote caller, and the first OTP mismatching the second OTP indicates illegitimacy of the remote caller. A mobile device and a computer readable media are also provided.

Abstract: Techniques for generating a virtual private container (VPC) are disclosed. In one embodiment, the techniques may be realized as a virtual container defining a self-contained software environment, comprising one or more analytic components configured to carry out specified analytic functions on data within the container, wherein the one or more analytic components are isolated to run within the self-contained software environment of the container; an interface configured to identify and authenticate a particular user and provide analysis results generated by the one or more analytic components; and a gateway configured to receive data from one or more secure data sources external to the virtual container and associated with the particular user for use by the one or more analytic components.

Abstract: The disclosed computer-implemented method for thwarting unauthorized attempts to disable security managers within runtime environments may include (1) monitoring a runtime environment that (A) facilitates execution of an application and (B) includes a security manager that prevents the application from performing unauthorized actions while running within the runtime environment, (2) detecting, while monitoring the runtime environment, an attempt to disable the security manager such that the security manager no longer prevents the application from performing the unauthorized actions, (3) identifying a source of the attempt to disable the security manager, (4) determining that the source of the attempt is not authorized to disable the security manager, and then (5) blocking the attempt to disable the security manager such that the security manager continues to prevent the application from performing the unauthorized actions while running within the runtime environment.

Abstract: A computer-implemented method for securely detecting data similarities may include (1) identifying a private data object subject to comparison to determine a similarity with at least one potentially similar data object, (2) establishing a connection between a client system and a server that is not authorized to access the private data object, (3) generating a summary of the private data object by applying a summary generation protocol between the client system and the server to the private data object without exposing plaintext from the private data object to the server and without exposing a parameter of the summary generation protocol to the client system, and (4) computing the similarity between the private data object and the potentially similar data object by using the summary of the private data object and a summary of the potentially similar data object. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for anonymously selecting streams for analysis is described. In one embodiment, control information that associates one or more telemetry feeds with one or more multicast sources is identified. One or more multicast sources are joined based on the received control information and data from the multicast source is analyzed based on one or more data analysis parameters.

Abstract: The disclosed computer-implemented method for filtering log files may include (1) identifying, on the endpoint computing device, log files that recorded events performed by processes executing on the endpoint computing device, (2) prior to sending the log files from the endpoint computing device to a security server for analysis, filtering, based on an analysis of the events recorded by the log files, the log files by excluding log files that recorded non-suspicious events, and (3) forwarding the filtered log files from the endpoint computing device to the security server for analysis. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method for inferring real world identities is provided. The method includes receiving an authenticated copy of a document, the document having identification information and the document subject to a security check. The method includes providing evidence that an owner of the authenticated copy of the document passed the security check validating the identification information contained in the document. The method includes asserting that a device is associated with a real-world identity corresponding to the identification information listed in the authenticated copy of the document, in response to a determination that the owner of the authenticated document entered the secured area. At least one method operation is executed through a processor.

Abstract: Techniques describe preventing sensitive data from being misappropriated during an operation performed by a cloud synchronization application. A request from a cloud sync application to upload a file to a cloud storage service is intercepted. The file is currently stored on a client computer of an enterprise network. An account associated with the request is identified. The file is evaluated based on a data loss prevention policy and the account associated with the request. The request is blocked based on the evaluation.

Abstract: A method for sharing data based on user ranking is described. In one embodiment, the method includes determining a location of a computing device, identifying a request to share data from the computing device with one or more other computing devices, and ranking potential recipients of the data from the computing device based on at least one of location data, network communication data, and contact information.

Abstract: The disclosed computer-implemented method for preventing computing devices from sending wireless probe packets may include (1) storing a geolocation of at least one wireless network that was previously accessed by the computing device, (2) determining a current geolocation of the computing device, (3) determining that the current geolocation of the computing device is not within a predetermined distance of the geolocation of any previously accessed wireless network, and (4) preventing the computing device from sending any wireless probe packets in response to determining that the current geolocation of the computing device is not within the predetermined distance of the geolocation of any previously accessed wireless access point. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for detecting potentially illegitimate wireless access points may include (1) detecting an attempt by the computing device to automatically connect to a wireless access point that resembles a known wireless access point whose geographic location is stored by the computing device, (2) identifying a current geographic location of the computing device, (3) determining that the current geographic location of the computing device is beyond a certain distance from the geographic location of the known wireless access point, and then (4) determining, based at least in part on the determination that the current geographic location of the computing device is beyond the certain distance from the geographic location of the known wireless access point, that the wireless access point is potentially illegitimate. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for identifying message payload bit fields in electronic communications may include (i) monitoring messages transmitted via a network, (ii) selecting a plurality of messages transmitted via the network, each of the plurality of messages comprising an identical message identifier corresponding to a specified message type having a payload, (iii) determining for each bit position in the payload of the specified message type, a quasi-entropy value based on a proportion of occurrences of a first bit value and a proportion of occurrences of a second bit value at each corresponding bit position in the plurality of messages, and (iv) identifying at least one of a near-random bit field, a periodic bit field, and a constant bit field within the specified message type based on the determined quasi-entropy values. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The present disclosure relates to systems and methods based at least in part on managing electronic device configuration and/or features. In some embodiments, a method may include identifying a first configuration state at a first time; generating a virtual configuration state based at least in part on the first configuration state at the first time; determining a first modification to be made to the first configuration state based at least in part on a first characteristic of a first application; modifying the virtual configuration state based at least in part on the determined first modification; and/or modifying the first configuration state at a second time after the first time based at least in part on the determined first modification.