Abstract: This application discloses a method and an apparatus for defending against a network attack, to resolve a problem that network defense costs are relatively high. The method includes: a network security device receives a first packet sent by an external device, and matches a destination IP address of the first packet with configuration information of a fake network. If an IP address of a node in the configuration information of the fake network has a same subnet prefix as the destination IP address, the network security device processes the first packet based on a fake network policy; if no IP address of a node in the configuration information of the fake network has a same subnet prefix as the destination IP address, the network security device processes the first packet based on a firewall policy.

Abstract: A system and methods for sandboxed malware analysis and automated patch development, deployment and validation, comprising a business operating system, vulnerability scoring engine, binary translation engine, sandbox simulation engine, at least one network endpoint, at least one database, a network, and a combination of machine learning and vulnerability probing techniques, to analyze software, locate any vulnerabilities or malicious behavior, and attempt to patch and prevent undesired behavior from occurring, autonomously.

Abstract: A system for monitoring the communication with a connected Internet of Things (IoT) device is provided. The system includes a first computing device including a least one processor in communication with at least one memory device. The at least one memory device stores a plurality of instructions, which when executed by the at least one processor cause the at least one processor to execute an IoT device communication application. The IoT device communication application monitors the IoT device. The instructions also cause the at least one processor to store IoT device data including a current location of the IoT device, determine an optimal communication path between the IoT device communication application and the IoT device based on the IoT device data, and transfer execution of the IoT device communication application to a second computing device based on the optimal communication path.

Abstract: In some examples, a method includes receiving a plaintext message including plaintext data and error detection bits. The method also includes encrypting the plaintext message based on a feedback algorithm to generate an encrypted message including a set of encrypted bits for error detection, cryptographic integrity, and cryptographic authentication. The set of encrypted bits for error detection, cryptographic integrity, and cryptographic authentication can replace the error detection bits in whole or in part. A receiver can confirm the cryptographic integrity and the cryptographic authentication of the encrypted message by decrypting the set of encrypted bits.

Abstract: Assessing a risk of a message is disclosed. A sender specified by the message is identified. A measure of authenticity that the sender specified by the message is an actual sender of the message is determined using at least one sender model associated with the sender. The sender model was at least in part automatically generated using one or more previously observed messages. The measure of authenticity is utilized to perform a risk assessment of the message.

Abstract: Systems and methods for adaptively streaming video content to a wireless transmit/receive unit (WTRU) or wired transmit/receive unit may include obtaining a media presentation description that comprises a content authenticity, requesting a key for a hash-based message authentication code; receiving the key for the hash-based message authentication code, determining a determined hash for a segment of the media presentation description, requesting a reference hash for the segment from a server, receiving the reference hash for the segment from the server, and comparing the reference hash to the determined hash to determine whether the requested hash matches the determined hash.

Abstract: Systems, methods, and devices are described herein for executing a lockdown of electronic locks deployed in a local network of interconnected devices. In example implementations, each electronic lock is provided with a unique encryption key specific to that electronic lock and is provided with a shared encryption key. To execute a lockdown of all electronic locks in the local network, a server generates a locking instruction and encrypts it using the shared encryption key. The server then transmits the encrypted locking instruction to the gateway devices of the local network which, in turn, transmit it to each of the electronic locks. Upon receipt of the encrypted locking instruction, the electronic locks attempt to decrypt it using the shared encryption key. Upon successful decryption of the encrypted locking instruction, an electronic lock toggles to a lock state.

Abstract: A method for storing hierarchical data protected by access data in an untrustworthy environment, wherein unique identification values of child nodes of at least one associated tree are determined for the data and are stored together with the data. The root node entry point is calculated based on the access data by means of a predeterminable calculation function in a volatile way, and the root node entry point represents a secret node entry point from which the identification value of a root node of the tree is subsequently calculated. The root node represents one of the child nodes in this tree, as a child node generation step is applied to generate the identification values of the child nodes based on one of the secret node entry points. A child node numbering set contains at least as many different elements as the number of child nodes to be generated is created or used.

Abstract: A computer system associates a given file of a file system with append-only policy that is specified by an owner of given file. The computer system can subsequently intercept file system operations for the file system, including file system operations that specify the given file. The computer system can unconditionally apply the append-only policy to requesting entities, independent of the requesting entities' access level with respect to the file system.

Abstract: A system for monitoring the security of a connected Internet of Things (IoT) device is provided. The system includes a network doppelgänger (ND) computer device. The ND computer device is in communication with the IoT device and a service provider computer device associated with the IoT device. The ND computer device is programmed to store a plurality of policies associated with the service provider computer device. The ND computer device is also programmed to receive a communication from the IoT device addressed to the service provider computer device. The ND computer device is further programmed to analyze the communication in view of the plurality of policies to determine whether the communication is approved. If the communication is approved, the ND computer device is programmed to route the communication to the service provider computer device.

Abstract: A system and method for provisionally authenticating a host moving from a source port of a switch device to a destination port of the switch device is disclosed. The host is initially authenticated at the source port and blocked from forwarding network traffic at the destination port. During a provisional authentication session, an authentication agent executing on the switch intercepts one or more authentication packets sourced by the host and headed for the destination port of the switch device and redirects the authentication packets to an authentication server for validating the host at the destination port of the switch device. The switch device removes the block at the destination port in response to receiving an acknowledgment of successful authentication at the destination port from the authentication server.

Abstract: A proxy device coupled to a network receives communications between a client and a server on the network. The proxy device operates transparently to the client and the server, while coupled to receive and process the communications from a node on the network via a network port in a one-armed configuration. The proxy device communicates packets of the communications with an external tool coupled to the proxy device via a tool port and operates transparently to the nod and the tool. In certain embodiments, the tool may be a network security device, such as a firewall.

Abstract: A method for operating an electronic control unit (ECU) includes a normal mode and a protected mode. In the protected mode a new security artifact is stored in a microcontroller. The security artifact is transferred from the microcontroller to a microprocessor, and, after having received the security artifact, the microprocessor uses the security artifact for authenticating a program.

Abstract: A system and method for holistic computer system cybersecurity evaluation and risk rating that takes into account the operation of the entire computer system environment comprising hardware, software, and the operating system. Not only are the hardware, software, and operating system evaluated separately for cybersecurity concerns, their interaction and operation as a whole are also evaluated and scored. The results of such analyses may be used, for example, by underwriters of cybersecurity insurance policies to determine policy terms and rates.

Abstract: The disclosure relates generally to methods, systems, and apparatuses for managing network connections. A method may include comparing a list of expected connections among a set of endpoints of a network with one or more of the actual connections indicated by configuration files of the set of endpoints to determine one or more differences between the list of expected connections and the actual connections and updating at least one of the configuration files of the set of endpoints to reflect the one or more differences detected between the list of expected connections and the actual connections.

Abstract: Security can be provided for data stored using resources that are deployed in an environment managed by a third party. Physical and logical detection mechanisms can be used to monitor various security aspects, and the resulting security data can be used to identify potential threats to these resources. In some embodiments, suspicious activity can cause resources such as data servers to be automatically and remotely rebooted such that keys stored in volatile memory on those data servers will be lost from those servers, such that an attacker will be unable to decrypt data stored on those servers. Once a determination of safety is made, the keys can be provided to the respective data servers such that data operations can resume.

Abstract: In an approach for anonymizing data, a processor receives a mixed-type dataset with at least two relational attributes and at least one textual attribute. A processor runs the mixed-type dataset through a text annotator to discover a set of personally identifiable information (PII). A processor creates a set of ghost attributes to add to the mixed-type dataset. A processor anonymizes data of the at least two relational attributes and the set of ghost attributes. A processor replaces each PII in the textual attribute with the corresponding anonymized data in the at least two relational attributes or the set of ghost attributes to create an anonymized mixed-type dataset. A processor removes the set of ghost attributes from the anonymized mixed-type dataset. A processor shuffles records of the anonymized mixed-type dataset to create a shuffled anonymized mixed-type dataset. A processor outputs the shuffled anonymized mixed-type dataset.

Abstract: There are disclosed devices, system and methods for feeding identification data of malicious creatives existing in internet advertisements to a supply side platform (SSP) by receiving reports of unwanted actions without user action by malicious creatives of internet advertisements (ads) requested from the SSP by webpages being displayed to users. The reports include a creative identification (ID), a malicious code chain of events, and a demand side platform (DSP) ID or a seat ID. The reports are pre-processed by classifying the unwanted action attempts based on the chain of events. The pre-processed reports are parsed to extract the creative IDs, the SSP IDs and the DSP IDs; and then stored in a searchable database. The stored parsed pre-processed reports are feed to SSPs based on the SSP identifications. The feed includes the creative IDs, the SSP IDs, the DSP IDs, timestamps of the unwanted action attempt and the classifications.

Abstract: Custom policies are definable for use in a system that enforces policies. A user, for example, may author a policy using a policy language and transmit the system through an application programming interface call. The custom policies may specify conditions for computing environment attestations that are provided with requests to the system. When a custom policy applies to a request, the system may determine whether information in the attestation is sufficient for the request to be fulfilled.

Abstract: A system for comprehensive cybersecurity analysis and rating based on heterogeneous data and reconnaissance is provided, comprising a multidimensional time-series data server configured to create a dataset with at least time-series data gathered from passive network reconnaissance of a client; and a cybersecurity scoring engine configured to retrieve the dataset from the multidimensional time-series data server, process the dataset using at least computational graph analysis, and generate an aggregated cybersecurity score based at least on results of processing the dataset.