Abstract: A system for streamlined analysis of access sub-networks in a cloud environment is disclosed. The system comprises memory storing access sub-networks in a cloud environment between a plurality of resources and a plurality of users, memory storing user-to-role mappings for roles assigned to the plurality of users, and accumulation logic having access to the access sub-networks and to the user-to-role mappings. The accumulation logic is configured to traverse the access sub-networks to build a number U user-to-resource mappings between the plurality of users and the plurality of resources, and evaluate the U user-to-resource mappings against the user-to-role mappings to accumulate a number R role-to-resource mappings between the roles and the plurality of resources.

Abstract: In a general aspect, risks associated with cryptography usage in network communication between computing nodes are identified. In some aspects, a network packet capture agent obtains cryptography usage data by examining network traffic communicated by computing nodes in the computing environment. A cryptography usage analysis agent identifies cryptography usage risks based on the cryptography usage data. A cryptographic risk identification agent identifies one or more applications associated with the cryptography usage risks.

Abstract: Various embodiments of the present invention provide methods, apparatuses, systems, computing devices, and/or the like that are configured to enable effective and efficient monitoring of software application frameworks. For example, certain embodiments of the present invention provide methods, apparatuses, systems, computing devices, and/or the like that are configured to perform software application framework monitoring using an interactive software application platform monitoring dashboard comprises a set of user interfaces (e.g.

Abstract: Systems and methods for securely exchanging cryptographically signed records are disclosed. In one aspect, after receiving a content request, a sender device can send a record to a receiver device (e.g., an agent device) making the request. The record can be sent via a short range link in a decentralized (e.g., peer-to-peer) manner while the devices may not be in communication with a centralized processing platform. The record can comprise a sender signature created using the sender device's private key. The receiver device can verify the authenticity of the sender signature using the sender device's public key. After adding a cryptography-based receiver signature, the receiver device can redeem the record with the platform. Upon successful verification of the record, the platform can perform as instructed by a content of the record (e.g., modifying or updating a user account).

Abstract: Embodiments described include systems and methods for incorporating tags in content of network applications. An embedded browser, which is executable on one or more processors of a client device, may detect content from a network application accessed via the embedded browser. A DRM engine of the embedded browser identifies a DRM scheme for the network application from the plurality of DRM schemes and according to the network application. The DRM engine generates a DRM tag for the content according to the DRM scheme identified for the network application. The DRM tag includes a classification of the content. The DRM engine incorporates the DRM tag into the content for managing usage of the content according to the classification.

Abstract: Systems and methods for detection and classification of malware using an AI-based approach are provided. In one embodiment, a T-node maintains a sample library including benign and malware samples. A classification model is generated by training a classifier based on features extracted from the samples. The classification model is distributed to D-nodes for use as a local malware detection model. Responsive to detection of malware in a sample processed by a D-node, the T-node receives the sample from the D-node. When the sample is not in the sample library, it is incorporated into the sample library. A feature depository is created/updated by the T-node by extracting features from the samples. Responsive to a retraining event: (i) an improved classification model is created by retraining the classifier based on the feature depository; and (ii) the D-nodes are upgraded by replacing their local malware detection models with the improved classification model.

Abstract: A system and method of wireless display, including a transmitter processing a first encrypted content into a second encrypted content without decoding, and transferring the second encrypted content over a wireless display connection to a receiver.

Abstract: In an embodiment, a distributed firewall that learns from traffic patterns to prevent attacks is configured to receive traffic comprising one or more uniform resource identifiers (URIs), where a URI of the one or more URIs includes one or more parameters and one or more corresponding values. The firewall is configured to classify the corresponding value(s) using a pre-configured classifier and obtain a statistical rule that specifies an allowable type and an allowable length for traffic containing the one or more parameters, where the statistical rule is generated based on the classification. The firewall is configured to apply the statistical rule to incoming traffic to allow or drop requests comprising the parameter(s).

Abstract: Disclosed is an improved systems, methods, and computer program products that performs user behavior analysis to identify malicious behavior in a computing system. The approach may be implemented by generating feature vectors for two time periods, performing scoring, and then performing anomaly detection.

Abstract: The present invention discloses methods and systems for sending information packets from a first network node to a second network node. An aggregated tunnel is established between the first network node and the second network node. An information packet is determined whether to be sent according to profile condition(s) of the aggregated tunnel and then according to a selected policy. When a selected policy is selected and the information packet is sent through a tunnel according to the selected policy. When no policy is selected, the information packet is sent through one of a first group of tunnels. When no profile is selected, the information packet is sent through a network interface of the first network node.

Abstract: Techniques and structures to provide secure data transfer between entities in a multi-user on-demand computing environment. An electronic device may comprise at least one physical memory device, one or more processors coupled with the at least one physical memory device, the one or more processors configurable to create a scratch destination organization within the computing environment, receive, via a user interface, a metadata selection comprising a plurality of metadata resources, extract the plurality of metadata resources from an origin organization within the computing environment into a metadata bundle, and deploy the metadata bundle in the scratch organization. Additional subject matter may be described and claimed.

Abstract: Disclosed herein are systems and methods for parallel malware scanning in a cloud environment. In one exemplary aspect, a method may comprise identifying a plurality of agents connected to a server, wherein each agent is configured to synchronize data between a different computing device and the server. The method may comprise receiving, from a first agent of the plurality of agents, a request to scan the synchronized data for malware. In response to determining, from the plurality of agents, at least one other agent that comprises the synchronized data, the method may comprise partitioning the synchronized data into a plurality of portions. The method may comprise assigning a first portion for scanning to the first agent and at least one other portion for scanning to the at least one other agent, and aggregating scan results from the first agent and the at least one other agent.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to detect an attack in an input file. An example apparatus includes a detection controller to identify a section of a number of bytes of data in a buffer including a first or second byte of data indicative of a value within a preconfigured range, the preconfigured range corresponding to a range of values indicative of memory addresses, update a merged list with a chunk of data that includes the section having the first or second byte of data indicative of the value within the preconfigured range, and a reoccurrence detector to concatenate the chunk of data in the merged list into a string to identify a number of occurrences the string matches remaining data in the buffer, and in response to a detection of the number of occurrences exceeding an occurrence threshold, determine that the data includes a malicious data stream.

Abstract: A method of anomaly detection for network traffic communicated by devices via a computer network, the method including receiving a set of training time series each including a plurality of time windows of data corresponding to network communication characteristics for a first device; training an autoencoder for a first cluster based on a time series in the first cluster, wherein a state of the autoencoder is periodically recorded after a predetermined fixed number of training examples to define a set of trained autoencoders for the first cluster; receiving a new time series including a plurality of time windows of data corresponding to network communication characteristics for the first device; for each time window of the new time series, generating a vector of reconstruction errors for the first device for each autoencoder based on testing the autoencoder with data from the time window; and evaluating a derivative of each vector; training a machine learning model based on the derivatives so as to define a fi

Abstract: Systems and methods for securing objects in a computing environment. Objects are encrypted using keys that are also encrypted after encrypting the objects. In order to access the objects, a master key that is unknown to the service storing the objects and/or managing the keys is used to decrypt the keys so that the objects can be decrypted with the decrypted key. Thus, a key is needed to access the key needed to access the object. The master key is typically maintained separately from all of the encrypted objects and corresponding encrypted keys.

Abstract: The present invention provides a method of monitoring a computer network, the method comprising: providing a plurality of sensors, wherein said sensors form a meshed network of sensors which monitor cyber-event(s); detecting, by the plurality of sensors, cyber-event(s); linking cyber-event(s) to subsequent cyber-event(s) into branches to form/extend a cyber-event tree; comparing said cyber-event tree to a baseline cyber-event tree; determining if there is any differences in said cyber-event tree to said baseline cyber-event tree to identify a cyber-event tree or a branch thereof as anomalous and thereby identify potential anomalous event(s) and/or a cyber-attack.

Abstract: An online system receives digital content and determines whether the digital content includes malicious content, such as obfuscated text, before presenting the digital content to a user. To determine whether the digital content contains malicious content, the online system renders the digital content. The online system performs optical character recognition on the content. The online system uses an obfuscation machine learning model to identify obfuscated text. The online system may deobfuscate the obfuscated text. The online system may prevent presentation of the digital content in response to detecting obfuscated text.

Abstract: A computer system that trains a neural network is described. During operation, the computer system may receive information specifying a new attack vector corresponding to fake audio content. In response, the computer system may generate a synthetic training dataset based at least in part on the new attack vector. Then, the computer system may access a predetermined neural network that classifies real audio content and fake audio content, where the predetermined neural network was training without synthetic audio content corresponding to the new attack vector. Next, the computer system may train the neural network based at least in part on the synthetic training dataset and the predetermined neural network, where the training of the neural network may include modifying predetermined weights associated with the predetermined neural network, and where a training time for training the neural network may be less than a training time for training the predetermined neural network.

Abstract: Network-based, unsupervised classifiers are provided. The classifiers identify both known and unknown attacks aimed at industrial networks without the need to have a priori knowledge of known malicious attack patterns.

Abstract: One or more computing devices, systems, and/or methods for determining whether requests for content are fraudulent are provided. A request for content may be received from a first device. A first user profile associated with the first device may be identified. The first user profile may comprise activity information associated with the first device, demographic information associated with the first device and/or interest information associated with the first device. A user profile database may be analyzed to identify a set of user profiles similar to the first user profile. A relevance score associated with the request for content may be generated based upon the resource, the set of user profiles and/or the first user profile. The relevance score may be compared with a threshold relevance to determine whether the request for content is fraudulent.