Abstract: An integrated vehicle health management (IVHM) system to resolve equipment-fault related anomalies detected by cyber intrusion detection system (IDS). A benefit of the present system is that it can result in fewer alerts that need manual analysis. A combination of cyber and monitoring with integrated vehicle health management (IVHM) may be a high value differentiator. As a solution gets more mature through a learning loop, it may be customized for different customers in a cost effective manner, something that might be expensive to develop on their own for most original equipment manufacturers (OEMs). An IVHM symptom pattern recognition matrix may link a pattern of reported symptoms to known equipment failures. This matrix may be initialized from the vehicle design data but its entries may get updated by a learning loop that improves a correlation by incorporating results of investigations.

Abstract: A system and method and for verifying that distorted biometric information submitted to a computing device is authentic. In various embodiments, the method includes receiving a signal indicative of a distorted biometric of a person; determining a DNA sequence code of the signal indicative of the distorted biometric signal; generating a first dataset based on the DNA sequence code; hashing the first dataset to obtain a second dataset; encrypting the second dataset; storing the encrypted second dataset into a blockchain; comparing the second dataset to a test dataset to determine if the second and test datasets are from a related data source and remain unchanged from the distorted biometric of the person; and updating a new transaction record on the blockchain to indicate that the blockchain transaction has been validated.

Abstract: Techniques for evaluating and optimizing cybersecurity operations in an organization is disclosed. The method includes the step of providing a first set of threat scenarios to a cybersecurity operations team in a live environment and a second set of scenarios in a static environment. The response of the teams including various parameters associated it such as time taken for responding, strategies used, effectiveness of the response, etc., are recorded. Based on the recorded responses, the method further performs the step of determining overall assessment scores. Upon determining the scores, the method further performs the step of contextualizing the scores based on a plurality of parameters. Based on the contextualized scores, the method provides detailed insights and recommendations related to the performance of cybersecurity teams.

Abstract: A biometric data processing method implemented by a proof entity and a verification entity that are connected. The proof entity has a candidate biometric data, a reference biometric data, cryptographic footprints of the reference biometric data, and the candidate biometric data. The verification entity has a set of cryptographic footprints of reference biometric data of authorized users. The method includes generating the proof entity of a zero-knowledge proof of the fact that the candidate biometric data and the reference biometric data match. Transmitting to the verification entity the zero-knowledge proof of the cryptographic footprints of the candidate biometric data and the reference biometric data. Verifying that the zero-knowledge proof is valid, and the received cryptographic footprint of the reference biometric data belongs to the set of cryptographic footprints of reference biometric data in the possession of the verification entity.

Abstract: Methods and systems are disclosed for improvements in cloud services by sharing estimated and actual usage data of cloud services recipients with the cloud services provider. The sharing of this data allows the cloud services provider to better apportion cloud resources between multiple cloud services recipients. By analyzing information included in the shared data (e.g., information about one or more applications that use the cloud resources), the cloud services provider may categorize the applications and/or the functions of those applications into authorized and unauthorized uses, the determination of which, is used to further efficiently apportion the cloud services resources.

Abstract: A highly secure networked system and methods for storage, processing, and transmission of sensitive information. Personal/private information is cleansed, salted, and hashed by data contributor computing environments, and occurs using the same processes to ensure output hashed values are consistent across multiple sources. Hashed sensitive information is hashed a second time by a secure facility computing environment. The second hashing of the data involves a private salt inaccessible to third parties. The second hashed data is linked to previously hashed data (when possible) and assigned a unique ID. Data dictionaries are created for particular individuals provided access to the highly secure information. Prior to a data dictionary being accessible, the data dictionary undergoes compliance and statistical analyses regarding potential re-identification of the source unhashed data. The data dictionaries are viewable as certified views via a secure VPN.

Abstract: Disclosed are systems and methods for detecting malicious applications. The described techniques detect a first process has been launched on a computing device, and monitor at least one thread associated with the first process using one or more control points of the first process. An execution stack associated with the one or more control points of the first process is received from the first process. In response to detecting activity on the one or more control points of the first process, an indication that the execution of the first process is malicious is generated by applying a machine learning classifier to the received execution stack associated with the one or more control points of the first process.

Abstract: A system for deriving a rating representative of a level of cybersecurity of a user is configured to execute steps of a method comprising requesting, from the user, identifying information about the user; requesting, from the user, input in response to a set of predetermined questions provided to the user based on the identifying information about the user; collecting, based on at least the identifying information, public domain data about the user and data from the user's digital assets; and computing, based on the collected data and the input to the set of predetermined questions provided by the user, a numerical value defining the cybersecurity rating.

Abstract: The present disclosure provides a system and method for allocating computer resources for detection of malicious files. In one aspect, the system comprises: a hardware processor configured to: form at least one behavior pattern grouping selected commands with shared parameters, apply a hash function on the at least one of the formed behavior pattern to obtain computed parameters, calculate a degree of harmfulness based on the obtained computed parameters using the hash function and a model for detection of malicious files, wherein the degree of harmfulness is a number value characterizing a probability that a malicious activity will be manifested by a time of computing said degree of harmfulness and wherein the model is a machine learning model trained using computed parameters of previous behavior patterns on which the hash function was applied to output degrees of harmfulness, and allocate the computing resources based on the calculated degree of harmfulness.

Abstract: The present disclosure relates to methods and apparatus that collect data regarding malware threats, that organizes this collected malware threat data, and that provides this data to computers or people such that damage associated with these software threats can be quantified and reduced. The present disclosure is also directed to preventing the spread of malware before that malware can damage computers or steal computer data. Methods consistent with the present disclosure may optimize tests performed at different levels of a multi-level threat detection and prevention system. As such, methods consistent with the present disclosure may collect data from various sources that may include endpoint computing devices, firewalls/gateways, or isolated (e.g. “sandbox”) computers. Once this information is collected, it may then be organized, displayed, and analyzed in ways that were not previously possible.

Abstract: A method for analyzing relationships between clusters of devices includes selecting a first device from a first cluster of devices and selecting a second device from a second cluster of devices. Information related to a first communication link associated with the first device and information related to a second communication link associated with the second device is obtained. A similarity metric is computed based on the obtained information. The similarity metric represents a similarity between the first communication link and the second communication link associated with the second device. A relationship between the first and second clusters is determined using the computed similarity metric. When a cyberattack is detected on the devices in the first cluster or the second cluster, protection of all devices in the first cluster and the second cluster is modified based on the determined relationship in order to defend the respective clusters from the cyberattack.

Abstract: Disclosed herein are systems and method for recovering a computing device after an intrusion is detected. In one aspect, an exemplary method comprises, by a minimalistic operating system running on the computing device, deploying a master container, wherein the deploying of the master container comprises creating and starting the master container from a container image, providing, to the master container, access to a storage area network (SAN) volume, providing, to the master container, read-only access to a Distributed Configuration Management (DCM) module domain, the domain being where a configuration of the computing device is stored, and invoking an Intrusion Detection Module (IDM) to start detecting intrusions into the master container; and upon receiving a notification from the IDM, re-deploying, by the minimalistic OS, the master container from the container image, wherein the deployed master container acts as a default runtime environment on the computing device.

Abstract: Techniques for mitigating cybersecurity performance gaps in an organization are disclosed. The method comprises the steps of selecting a threat framework for formulating a threat detection strategy, mapping most likely adversary tactics that may be used to circumvent the threat detection strategy, updating the threat detection strategy, and performing threat detection to determine threat assessment scores. Further, the determined scores are categorized and contextualized to identify cybersecurity gaps in the organization. These gaps are prioritized based on certain criteria to provide automated recommendations and alerts regarding cybersecurity performance gaps and related organizational risks.

Abstract: A method of using an interexchange to process states of subsystems tracked by disparate block chains. The method comprises locating a first block comprising current state information associated with a first process stored in a first block chain by an interexchange application executing on a computer system, wherein the first process is performed by a first subsystem, reading the current state information of the first process by the interexchange application from the located first block, transcoding a representation of the current state information by the interexchange application to a representation associated with a second block chain, creating a block by the interexchange application, wherein the created block stores the transcoded representation of the current state information in a data field of the created block that the predefined block structure associates to the transcoded current state information, and attaching the created block to the second block chain.

Abstract: The application discloses a data analysis system and a data analysis method. The data analysis system includes a data provider host and a data analysis host. The data provider host is configured to perform a stream cipher algorithm based on raw data to obtain first data. The data analysis host is configured to perform a data analysis based on the first data to obtain an analysis result. The data provider host or the data analysis host is further configured to perform a block cipher algorithm based on the analysis result to obtain second data, and send the second data to an external device. The data provider host is further configured to calculate an attribute-value correspondence between the raw data and the second data, and send the attribute-value correspondence to the external device.

Abstract: Embodiments of the present specification disclose data authorization information acquisition methods, apparatuses, and devices. One method comprises: receiving, from a data requestor and for data, a data use permission application; determining, based on the data use permission application, an approver, wherein the approver is an owner of the data; sending the data use permission application to the approver; receiving acknowledgement information of the approver for receiving the data use permission application; generating data authorization information based on the acknowledgement information; and sending the data authorization information to the data requestor.

Abstract: A personal information security system allows for the storage of data in a secure manner by assigning a key to the data and breaking up the data then sending parts or pieces to many computing devices on a network. The data is requested and gathered from the user base by providing the key to the data.

Abstract: A system and method is provided for determining the confidence level in attributing a cyber campaign to an activity group. The system and method allows for determining information gaps that need to be filled in order to perform attribution with higher degree of confidence. The system and method is able to extract quantitative data from the campaign intrusion set data and perform a multi-stage analysis and comparison with quantitative data extracted from threat intelligence feeds/platforms and/or vendor intelligence reports. This allows for identifying an activity groups that may be attributed for the campaign with the associated level of confidence.

Abstract: A method for detecting an intrusion (i.e. hacking) of an electronic device includes determining an expected activity value associated with one or more software applications executing on a processor, monitoring the one or more software applications executing on the processor to determine a current activity value associated with the one or more software applications, determining whether the current activity value exceeds a threshold associated with the expected activity value, and in response to determining that the current activity value exceeds the threshold, initiating one or more security actions associated with the one or more software applications. A system for detecting an intrusion of an electronic device includes an intrusion detection module configured to perform the steps of the method.

Abstract: The disclosed computer-implemented method for protecting users may include (i) intercepting, through a cloud-based security proxy service, network traffic originating from a mobile application at a mobile device connected to a local area network protected by the cloud-based security proxy service, (ii) detecting, by the cloud-based security proxy service, a threat indicator indicated by the mobile application, and (iii) modifying the network traffic originating from the mobile application at the mobile device by applying, by the cloud-based security proxy service based on detecting the threat indicator indicated by the mobile application, a security policy to protect the local area network from a candidate threat corresponding to the threat indicator. Various other methods, systems, and computer-readable media are also disclosed.