Abstract: Systems and methods are disclosed to implement a self-learning machine assessment system that automatically tunes what data is collected from remote machines. In embodiments, agents are deployed on remote machines to collect machine characteristics data according to collection rule sets, and to report the collected data to the machine assessment system. The machine assessment system assesses the remote machines using the collected data, and automatically determines, based on what data was or was not needed during the assessment, whether an agent's collection rule set should be changed. Any determined changes are sent back to the agent, causing the agent to update its scope of collection. The auto-tuning process may continue over multiple iterations until the agent's collection scope is stabilized. In embodiments, the assessment process may be used to analyze the remote machine to determine security vulnerabilities, and recommend possible actions to take to mitigate the vulnerabilities.

Abstract: A symbol input method performed by a symbol input device having a display unit, a selector, and a determiner includes: displaying, by the display unit, a correspondence table indicating correspondences between input target symbols and selection target symbols and indicating that each of the input target symbols corresponds to one or more selection target symbols; ending the displaying by the display unit; prompting, by the selector, after the ending, a user to select one of the selection target symbols included in the displayed correspondence table; and determining, by the determiner, one input target symbol as a symbol to be input. The input target symbol is indicated in the displayed correspondence table and corresponds to the selection target symbol selected by the user in the prompting.

Abstract: Using a set of anomalies indicative of a malicious pattern of behavior collected from data to determine new alerts for anomalies included in subsequently collected data. A set of anomalies found in data collected from data sources is accessed. The set of anomalies is determined by a prior analysis to be indicative of a malicious pattern of behavior by entities associated with the set of anomalies. Data that is subsequently collected from the data sources is searched to determine if any of the data includes the set of anomalies. Alerts are generated for any of the subsequently collected data that includes the set of anomalies.

Abstract: A method includes providing, by a first electronic device, a first request to a second electronic device for the second electronic device to provide data to the first electronic device representing content that is stored in a security component of the second electronic device. The first electronic device receives the response from the second electronic device to the first request and, in response thereto, the first electronic device stores data in the first electronic device representing content that is stored in a security component of the second electronic device. The method includes performing cross-attestation. Performing the cross-attestation includes, in response to an attestation request that is provided by a verifier to the first electronic device, the first electronic device providing to the verifier data representing content that is stored in the security component of the first electronic device and data representing the content stored in the security component of the second electronic device.

Abstract: A method to authenticate a first computer system over a network to a second computer system is disclosed. A login user interface (UI) is presented to a user of the first computer system while disconnected from the second computer system. The login UI presents at least one input field to receive login input from the user and a security indicator that has been previously selected by the user and that is local to the first computer system. Login input is selectively received from the user based on a determination that the user recognizes the security indicator as having been previously selected by the user. A connection is established between the first computer system and the second computer system over the network. The received user input is transmitted using the established connection to the second computer system for authentication of the first computer system.

Abstract: A reminder terminal apparatus and authentication method are disclosed. An example authentication method includes creating a table having letter strings contained in elements respectively, where the letter strings are created at random. The method also includes creating a registration letter string using the table and registering or newly registering the registration letter string as a password for a user name of the user at a resource server. The example method further includes prompting the user to use the access terminal to extract second elements from the table in accordance with the selection sequence, arrange second letter strings contained in the extracted second elements to obtain an authentication letter string, and apply the obtained authentication letter string as a password for requesting a utilization of a resource of the resource server under the user name.

Abstract: Methods, systems, and computer program products for contextual anomaly detection across assets are provided herein. A method includes obtaining time-series data frames corresponding to assets; clustering the assets into one or more cohorts based on the time-series data frames, each cohort comprising assets having statistically similar time-series data frames; for each given asset within each cohort: applying a time-context window to the portion of the time-series data frames corresponding to the given asset to generate at least one transformed data frame, and determining an asset distribution for the given asset based on the at least one transformed data frame; determining one or more of that at least one of the assets within at least one of the cohorts is anomalous and that at least one of the cohorts is anomalous; and causing at least one remediation action to be performed based on the determining.

Abstract: Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for providing blockchain-based data authorization. One of the methods includes receiving, by a blockchain node, a data acquisition transaction submitted by a data user for obtaining target data possessed by a data owner, determining, by the blockchain node, that the data user has obtained authorization of the target data, and executing, by the blockchain node, a smart contract invoked by the data acquisition transaction to issue an authorization token to the data user in response to determining that the data user has authorization of the target data, where the authorization token is sent to a privacy computing platform.

Abstract: Implementations of the present disclosure include providing, by a security platform, graph data defining a graph that is representative of an enterprise network, the graph comprising nodes and edges between nodes, a set of nodes representing respective assets within the enterprise network, each edge representing at least a portion of one or more lateral movement paths between assets in the enterprise network, determining, for each asset, a criticality of the respective asset to operation of a process, determining a lateral movement path between a first node represented by a first asset and a second node represented by second asset within the graph, determining a path value representative of a criticality in preventing an attack through the lateral movement path, and providing an indication of the path value representative of the criticality in preventing an attack through the lateral movement path.

Abstract: Execution of an application in an application-level sandbox is disclosed. A request to launch an application is received by an operating system executing on a device. A determination is made that a stored copy of the application should be executed within an application-level sandbox. The stored copy of the application is executed in the application-level sandbox.

Abstract: An API transaction management computing device is provided that receives an API request from a source node and obtains an API response from a destination node. The device includes a receiving module configured to receive the API request from the source node, a scoring module configured to determine an assessment score based on information associated with the API request including information about a digital identity associated with the API request and match the assessment score to an actions rule comprising controlling deliverability, messaging, and content of the API request, and a transmission module configured to perform actions of the actions rule by controlling deliverability, messaging, and content of the API request to a destination node and the API response to a transmitting source node.

Abstract: Disclosed are a method and device for managing and controlling a terminal UE. The method is applied to a network data analytics function (NWDAF) entity, and the method includes acquiring feature information of a UE; analyzing the feature information, and determining that a security risk exists in the UE; sending a first indication to at least one network function entity in a network, and triggering the at least one network function entity to carry out policy update or parameter adjustment on the UE, and the first indication is used for prompting the type of the security risk confronted by the UE, or for indicating a policy or parameter for the security risk of the UE; and/or sending a second indication to the UE, and triggering the UE to raise an alarm and/or carry out risk defense.

Abstract: An encrypted device system is disclosed that includes an interface for providing the transmission of data between an encrypted data storage medium and a computer system such that a user-interactive application program may be accessed and used via the computer system.

Abstract: The present disclosure relates to a pre-5th-Generation (5G) or 5G communication system to be provided for supporting higher data rates Beyond 4th-Generation (4G) communication system such as Long Term Evolution (LTE). The present disclosure provides an apparatus and a method for handling a network attack in a software defined network (SDN). The method for handling a network attack in an SDN according to various embodiments of the present disclosure includes detecting a first candidate of the network attack in a flow during a first time interval, in response to detecting the first candidate, changing quality of service (QoS) of the flow from first QoS to second QoS, detecting a second candidate of the network attack in the flow of the second QoS during a second time interval following the first time interval, and in response to detecting the second candidate, blocking the flow.

Abstract: The present disclosure is directed to systems and methods of detecting a side-channel attack using hardware counter anomaly detection circuitry to select a subset of HPCs demonstrating anomalous behavior in response to a side-channel attack. The hardware counter anomaly detection circuitry includes data collection circuitry to collect data from a plurality of HPCs, time/frequency domain transform circuitry to transform the collected data to the frequency domain, one-class support vector anomaly detection circuitry to detect anomalous or aberrant behavior by the HPCs. The hardware counter anomaly detection circuitry selects the HPCs having reliable and consistent anomalous activity or behavior in response to a side-channel attack and groups those HPCs into a side-channel attack detection HPC sub-set that may be communicated to one or more external devices.

Abstract: In one embodiment, a secure network system includes a two-way bridge connecting a protected packet data network with an external packet data network so as so allow bidirectional communication between the protected and external networks, a one-way link unidirectionally connecting the protected network to the external network and physically configured to carry signals in one direction from the protected network to the external network and to be incapable of carrying signals in the opposite direction from the external packet data network to the protected packet data network, and a security server to receive an indication of a security threat to at least one of the networks, and in response to the indication, to deactivate the two-way bridge and activate the one-way link so as to prevent the protected network from receiving packets from the external network while allowing forwarding of packets from the protected network to the external network.

Abstract: Provided are a computer program product, system, and method for detecting a security breach in a system managing access to a storage. Process Input/Output (I/O) activity by a process accessing data in a storage is monitored. A determination is made of a characteristic of the data subject to the I/O activity from the process. A determination is made as to whether a characteristic of the process I/O activity as compared to the characteristic of the data satisfies a condition. The process initiating the I/O activity is characterized as a suspicious process in response to determining that the condition is satisfied. A security breach is indicated in response to characterizing the process as the suspicious process.

Abstract: An example method for a software container includes instantiating the following in a sandbox of a computing device: an operating system, a Berkeley Packet Filter (BPF) virtual machine within a kernel of the operating system, and a software container. The kernel monitors runtime behavior events of the software container, with the monitoring at least partially performed by the BPF virtual machine. Based on the monitoring, a respective risk score is assigned to each of the runtime behavior events that is potentially malicious, with each risk score indicating a likelihood that a corresponding behavior event is malicious. An overall risk score is assigned to the software container that indicates a likelihood that the software container is malicious based on the respective risk scores.

Abstract: Technologies are provided for the monitoring, detection, and notification of emerging, related issues within a system, which may indicate a problem. Within a computing-security system, a sudden increase in the frequency of events associated with unauthorized logon attempts signal a real-time and ongoing security risk. A method monitors system-related events and generates a vector representation for each event based on event features. Clusters of related events are determined, and a state automaton is employed to determine a strength of temporal “bursty” activity for each cluster. Hypothesis testing is performed on each cluster to determine a likelihood that the cluster is a temporally emergent cluster. Clusters with a bursting likelihood above a threshold are determined to be an emergent cluster associated with an anomalous issue. A notification regarding the detected anomaly is provided. A remedial action addressing the anomaly is performed.

Abstract: A configuration map to be transmitted to a container manager within a network is compiled on a client device and transmitted to the container manager managing a cluster of containers within the network. The configuration map is transmitted from the container manager to a validation service endpoint to attempt to validate the compiled configuration map. In response to the transmitting the configuration map from the container manager, a determination is caused to occur at the validation service endpoint whether the configuration map should be validated by the validation service endpoint. The configuration map is received from the validation service endpoint with a new environmental variable, when the validation service endpoint validates the configuration map.