Abstract: An example apparatus includes a first query processor to obtain a first hash key, first qualifier data and first value data associated with the first hash key, the first value data including a second hash key and a third hash key; a candidate qualifier to use the first value data to prequalify the first hash key as a candidate for subsequent signature processing associated with a first site signature, the candidate qualifier to: determine prequalification of the first hash key is successful in response to a determination that the second hash key matches a second site signature preceding the first site signature in time and that the third hash key matches a third site signature following the first site signature in time; and determine the prequalification of the first hash key is unsuccessful in response to a determination that at least one of the second hash key fails to match the second site signature or the third hash key fails to match the third site signature.

Abstract: An approach is provided for device-side probe trajectory anonymization based on negative gapping. The approach involves, for example, collecting a probe trajectory stream from a sensor of a probe device, wherein the probe trajectory stream comprises a time-sequence of location data points representing a sensed movement of the probe device. The approach also involves generating a plurality of subtrajectory streams from the probe trajectory stream. The approach further involves processing the plurality of subtrajectory streams to create a negative gap between the plurality of subtrajectory streams. The approach further involves providing the plurality of subtrajectory streams as an output in place of the probe trajectory.

Abstract: In some implementations, a computing system can manage access to media sources associated with a user's media account. For example, the system can coordinate access to a user's media account between local and network devices such that when access to the user's media account is granted to an application on a user device, the application can access both local and network media sources associated with the user's media account. Similarly, when access to the user's media account is revoked from an application at a user device or at a network device, the application is prevented from accessing both local and network media sources associated with the user's media account.

Abstract: A medical device information technology (“IT”) data transfer system in one embodiment includes a cluster domain, an external domain and an interface domain. Equipment belonging to the cluster domain may communicate in real time such that availability, safety, security, reliable integrity and performance are guaranteed. The external domain includes equipment not enabled for direct inclusion in the cluster domain, and may include equipment for external information systems, presentation equipment, personal computer equipment, shared medical equipment and bedside medical equipment. The interface domain enables external domain equipment to communicate with cluster equipment in a bidirectional manner. Communication may be via certain access nodes in the cluster. The access nodes enable exchange of information between the open external domain and the closed and private cluster domain.

Abstract: An anomaly detection system is disclosed capable of reporting anomalous processes or hosts in a computer network using machine learning models trained using unsupervised training techniques. In embodiments, the system assigns observed processes to a set of process categories based on the file system path of the program executed by the process. The system extracts a feature vector for each process or host from the observation records and applies the machine learning models to the feature vectors to determine an outlier metric each process or host. The processes or hosts with the highest outlier metrics are reported as detected anomalies to be further examined by security analysts. In embodiments, the machine learnings models may be periodically retrained based on new observation records using unsupervised machine learning techniques. Accordingly, the system allows the models to learn from newly observed data without requiring the new data to be manually labeled by humans.

Abstract: A hub device or edge device implements adaptive data compression. The model training service analyzes the received data. A machine learning model of the hub device receives time-series data from one or more data sources and classifies respective portions of the time-series data as respective patterns. A data compressor at the hub device generates compressed data by applying different compression techniques to the respective portions of the time-series data according to a mapping of the compression techniques to the respective patterns. The hub device then transmits the compressed data to an endpoint for processing (e.g., another device that uses the compressed data). The hub device receives feedback for the compressed data. In response to the feedback, the hub device changes one or more of the compression techniques that are mapped to the respective patterns.

Abstract: A system for determining the position of a movable object in space includes a marker which is to be applied to the object. The marker has a surface which is subdivided into a plurality of individual fields. The fields each have a statistical noise pattern. The system also includes an image capture unit which is remote from the object and is arranged to capture an image of the marker. The system further includes an image evaluation unit which stores a reference image of the noise patterns and is designed to locate at least one of the fields in the currently captured image of the marker by comparison with the reference image in order to determine a current position of the marker in space. There are corresponding methods for determining a position the object.

Abstract: Zero-trust dynamic discovery in provided by identifying a plurality of endpoints, including targets and initiators, connected to a software defined network, wherein the targets are provided on the software defined network according to a network addressable memory standard that lacks a native discovery service; grouping the targets into a plurality of target groups and the initiators into a plurality of initiator groups; and in response to receiving a discovery request from a given initiator grouped in a given initiator group of the plurality of initiator groups, returning addressing information for a target group of the plurality of target groups associated with the given initiator group in a security policy configuration for the software defined network.

Abstract: Embodiments of a method are disclosed. The method includes determining that the event type of an event log of a security information and event management (SIEM) cannot be identified. The method further includes generating a vectorized log using a cleaned, tokenized, and padded version of the event log. Additionally, the method includes generating a classification for the vectorized log using a deep learning classification model that is trained to identify a potential event type for the event log based on deep learning training using multiple parsed logs. The method also includes determining that a confidence level of the classification meets a predetermined threshold. The method further includes parsing the event log based on the classification.

Abstract: A method for controlling transmission of security audit logs based on a model, a method for controlling transmission of log data based on a model, and a logging system. One embodiment may comprise receiving transmitted log information from a plurality of nodes, applying a rule-based algorithm to the transmitted log information to categorize a first batch of data as included in a security analysis, a second batch of data as excluded from the security analysis, and a third batch of data as actually reviewed in the security analysis based on a user selection, training a classifier based on outcomes of the rule-based algorithm, converting the classifier to run as a trained model executable on the plurality of nodes, and transmitting the trained model executable to the plurality of nodes.

Abstract: An example operation may include one or more of receiving data from a plurality of sources associated with an entity, clustering the data into security-related topics, determining, via one or more machine learning models, maturity values of the entity for the security-related topics, respectively, and generating recommendations to improve the determined maturity values of the entity, wherein the maturity values relate to a level of security of the entity with respect to the security-related topics.

Abstract: In various embodiments, a forensic scoping application analyzes host instances in order to detect anomalies. The forensic scoping application acquires a snapshot for each host instance included in an instance group. Each snapshot represents a current operational state of the associated host instance. Subsequently, the forensic scoping application performs clustering operation(s) based on the snapshots to generate a set of clusters. The forensic scoping application determines that a first cluster in the set of clusters is associated with fewer host instances than at least a second cluster in the set of clusters. Based on the first cluster, the forensic scoping application determines that a first host instance included in the instance group is operating in an anomalous fashion. Advantageously, efficiently determining host instances that are operating in an anomalous fashion during a security attack can reduce the amount of damage caused by the security attack.

Abstract: Techniques for intent-based governance are described. For example, in some instances a method of receiving an indication of a change involving of one or more of code, a policy, a network configuration, or a governance requirement rule impacting a resource in a provider network for an account that is to be analyzed using one or more governance requirement rules; determining one or more governance requirement rules to evaluate for compliance after the update; evaluating the determined one or more governance requirement rules for compliance using one or more reasoning engines according to one or more policies; and making a result of the evaluating available to a user provides such governance.

Abstract: An approach for identifying mitigation solution based on critical situations is disclosed. The approach includes detecting one or more critical situations associated within a structure and detecting one or more location of one or more users in the structure. The approach retrieves a user-knowledge corpus based on one or more smart IoT devices or from existing database. Furthermore, the approach retrieves a critical situation knowledge corpus from various servers and creates risk mitigation action plans to address the one or more critical situations. The approach selects an optimal plan, by leveraging machine learning through combinatorial optimization technique, from the existing risk mitigation action plans and executing the optimal plan.

Abstract: A method and a first network access point (NAP) in an Information Centric Network (ICN) is disclosed. The first NAP is configured to receive a request for a Hypertext Transfer Protocol (HTTP) resource from a wireless transmit/receive unit (WTRU). The first NAP is configured to request the HTTP resource from a first server. The first NAP is configured to receive an error message. The error message may indicate that the HTTP resource is not available from the first server. The first NAP is configured to request the HTTP resource from a second NAP. The first NAP is configured to receive the HTTP resource from the second NAP. The first NAP is configured to send the HTTP resource to the WTRU.

Abstract: An access control system may include a log data parser that receives log data observations in a cloud system and extract user-permission data from the log data observations. The system may also include a clustering unit that uses the user-permission data to generate one or more clusters, each cluster associated with one or more users. Alternatively, and/or additionally, the system may include a feature extractor and a classifier. The feature extractor may extract one or more features from the user-permission data. The classifier may generate predictions of permissions for the one or more users based on the extracted one or more features. The system may also include a policy generator that uses the output of the clustering unit and/or the classifier to generate an access control policy. The policy may be executed in the cloud system to control user's access to one or more services of the system.

Abstract: Systems, methods, apparatuses, and computer program products for an interactive multimedia structure. For example, the interactive multimedia structure may include a plurality of walls on a majority of which an immersive environment is displayed. A user may interact with the immersive environment through manipulation of a user input device, which may be tracked by one or more systems associated with the interactive media structure. Based on the manipulation, the one or more systems may modify the immersive environment displayed on the majority of the walls. In certain embodiments, the one or more systems may process interaction information of the user with the one or more user input devices to adaptively and intelligently modify the immersive environment.

Abstract: A computing device including a memory and a processor is provided. The memory stores processor executable instructions for an entity engine. The processor is coupled to the memory. The processor executes the entity engine to cause the computing device to model entities, which hold or classify data. The processor executes the entity engine to cause the computing device to store in the memory a list identifying each of the entities and the entities themselves in correspondence with the list. The processor executes the entity engine to cause the computing device to provide, in response to a selection input from an external system, access to the entities based on the list. The access includes providing the list to the external system, receiving the selection input identifying a first entity of the entities, and exporting the first entity from the memory to the external system.

Abstract: Incoming packets in a switch are associated with one or more group identifiers based on content contained in the incoming packets. Rules for processing the corresponding outgoing packets are identified based at least on the group identifiers associated with the incoming packets. Actions associated with matched rules are applied to the outgoing packets.

Abstract: A post-processing of video content in order to provide a capability to insert ad content, having a method to produce a modified video content from an original video content. The method comprising: analyzing the original video content to detect at least one marker, said marker comprising a marker surface delimited by a marker identification; loading profile data of a target user; determining, based at least on the profile data a replacement content; adjusting the replacement content into the marker surface; and replacing into the original video content the marker surface by the adjusted replacement content to produce the modified video content.