Abstract: A method, computer program product, and computing system for receiving content for securely transmitting from an initiator device across a fabric to a target device. The content may be encrypted with a predefined encryption key, thus defining encrypted content. The encrypted content may be encapsulated in a Non-volatile Memory Express (NVMe) Over Fabrics (NVMe-oF) command, thus defining an encapsulated NVMe-oF security command. The encapsulated NVMe-oF security command may be transmitted across the fabric to the target device.

Abstract: Systems, methods, and related technologies for determining a risk score or value are described. The risk score determination may include accessing network traffic from a network, where the network traffic is associated with a plurality of entities. One or more values associated with one or more properties associated with an entity are determined. The one or more values may be based on the network traffic. At least one of a functional risk value, a configurational risk value, or a behavioral risk value associated with the entity are determined. A risk value for the entity is determined based on the functional risk value and at least one of the configurational risk value or the behavioral risk value associated with the entity.

Abstract: A method and apparatus for generating a malware detection dataset. The method accesses a database comprising malware files and metadata related to the files. The metadata is ranked and the rankings combined into a relevancy score. The most relevant files in the database are identified as malware samples. The malware samples and their related scores are stored in a malware detection dataset.

Abstract: Exemplary embodiments are disclosed of systems and methods for monitoring for and lowering the risk of addiction-related or restriction violation-related behavior(s).

Abstract: An artificial intelligence based Offensive Cybersecurity Appliance or OCA for launching a cyber-offensive countermeasure aimed at effectively mitigating sophisticated cyber threats such as real-time Ransomware as a Service (RaaS) directives and emergent killware instigated by malicious-threat actors or cyber attackers. The system covertly uses a vast array of penetrative counter cyber attacks, based on an Advanced Persistent Threat or APT model, to circumvent encountered information security controls instituted by security-based components of a cyber attacker's Local Area Network or LAN. Intrinsically, the penetrative counter cyber attacks are constituted of multiple blended artificial intelligence based cyber attacks.

Abstract: Methods and systems for authenticating data processing systems throughout a distributed environment without user intervention are disclosed. To authenticate data processing systems without user intervention, a system may include a network core and one or more data processing systems. A previously established root of trust between the network core and a data processing system may be lost and the network core may attempt to re-authenticate the data processing system using historical telemetry data. The historical telemetry data may be previously provided to the network core by the data processing system prior to the loss of the root of trust. The network core may provide the data processing system with a security questionnaire based on the telemetry data and the data processing system may use similar telemetry data to respond to the security questionnaire. If the answers to the security questions are considered accurate, the data processing system may be re-authenticated.

Abstract: A method of maintaining a secure relationship between a client device and a server is described. The client device receives a first challenge from the server and determines and provides a first response to the first challenge. A cookie is established associated with the secure relationship. This cookie is shared between the client and the server. To establish the secure relationship in a later interaction, the client provides the cookie to the server. The server then provides both the first challenge and a second challenge, to which the client determines a first response and a second response. The client then provides a composite response from which the first response and the second response are derivable by the server, allowing the server to be assured that the secure relationship exists. Each challenge uses a challenge function adapted to provide a fingerprint of the client device. Methods at both client and server, and suitably configured client and server, are also described.

Abstract: Detection of unknown applications is disclosed, including: detecting an event associated with accessing an application; determining target information associated with the event; and identifying the application from the target information.

Abstract: Analyzing and detecting altered documents is accomplished by accessing a target portable document format (PDF) document and extracting document content information from the target PDF document. The extracted document content information is analyzed to generate an intra document model for the target PDF document and then the extracted document content information is evaluated in accordance with the intra document model. Artifacts in the document content information are identified and an intra document score is determined based on the identified artifacts and their respective weightings. The document content information is evaluated again in accordance with one or more inter document models and artifacts in the document content information are again identified and an inter document score is similarly determined. A total alteration score is also determined based on the intra document score and inter document score.

Abstract: According to aspect of the disclosure, there are provided methods and apparatus for connecting a peripheral device to a computer system, including an apparatus for interfacing with a peripheral device, the apparatus comprising a port configured to couple to the peripheral device, a processor, a memory coupled to the processor and comprising a software module comprising instructions that when executed on the processor protect the device from a peripheral device coupled to the port, and a hardware security controller coupled to the port, the hardware security controller configured to monitor execution of the software module by the processor and to disable the port in response to determining that the software module is not executing.

Abstract: A technique for readily concealing confidential information contained in document data can be offered. An information processing apparatus according to an embodiment includes: a document data acquisition part configured to acquire first document data including sentences that contain character information; a sentence separation part configured to separate the first document data into sentences; a concealment target determination part configured to determine whether or not each of the sentences included in the first document data is a concealment target, in accordance with a preset rule; a concealment processing part configured to execute a concealment process upon the sentence when the sentence is determined to be a concealment target; and an output part configured to output second document data including a sentence obtained by executing the concealment process by the concealment processing part.

Abstract: Techniques for a security platform with external inline processing of assembled selected traffic are disclosed. In some embodiments, a system/method/computer program product for providing a security platform with external inline processing of assembled selected traffic includes monitoring network traffic of a session at a security platform; selecting a subset of the monitored network traffic associated with the session to send to a cloud-based security service for analysis based on a security policy, wherein the selected subset of the monitored network traffic is proxied to the cloud-based security service; and receiving, from the cloud-based security service, results of the analysis based on the security policy, and performing a responsive action based on the results of the analysis based on the security policy.

Abstract: Malicious homoglyphic domain name (MHDN) detection and associated cyber security applications are described. A domain name may be received that may be a potential MHDN. Homoglyphic domain name detection may be performed by, for example, generating a normalized character string corresponding to the input domain name by applying one or more normalization operations to the input domain name, wherein the one or more normalization operations may be configured to reduce homoglyphic characteristics in the input domain name; and generating a plurality of segmentations of the normalized character string, wherein generating each segmentation, of the plurality of segmentations, may comprise segmenting the normalized character string into a respective plurality of segments, and wherein each segmentation may comprise a different plurality of segments. A segmentation may be selected based on cost values corresponding to each respective segmentation determined using a cost function.

Abstract: Techniques described herein relate to a method for predicting results using ensemble models. The method may include receiving trained model data sets from a model source nodes, each trained model data set comprising a trained model, an important feature list, and a missing feature generator; receiving a prediction request data set; making a determination that the prediction request data set does not include an input feature for a trained model; generating, based on the determination and using a missing feature generator, a substitute feature to replace the input feature; executing the trained model using the prediction request data set and the substitute feature to obtain a first prediction; executing a second trained model using the prediction request data set to obtain a second prediction; and obtaining a final prediction using the first prediction, the second prediction, and an ensemble model.

Abstract: Method for detecting data traffic in a communication network, wherein in order to detect data traffic in a communication network, at least one network infrastructure device to which at least one first communication terminal and one second communication terminal are connected provides a monitoring interface that is secured against unauthorized access, is assigned to the two communication terminals, and is intended for detecting data traffic between at least the first and the second communication device, where a device detecting apparatus determines available monitoring interfaces on network infrastructure devices as well as address information assigned to the monitoring interfaces and provides this interface information to at least one recording apparatus that is separate from the at least one network infrastructure device.

Abstract: Provided is a method and system for collecting clinical trial data based on blockchain, and the method of collecting clinical trial data based on blockchain includes the steps of: receiving the clinical trial data from a researcher terminal; requesting verification of the received clinical trial data from a verification node; performing consensus verification on a verification result when the verification result according to the verification request is received from the verification node; and propagating the clinical trial data to the verification node according to a result of the consensus verification, performed by a platform.

Abstract: A battery pack comprises an enclosure; a plurality of network nodes that communicate with each other inside the enclosure and that generate a unique radio frequency (RF) signature; and a special-purpose computer processor that compares an incoming channel impulse response (CIR) of the unique radio frequency (RF) signature corresponding to an incoming packet to a plurality of stored valid RF CIR signatures and executes a resemblance metric to accept or reject the incoming packet.

Abstract: Disclosed herein are methods, systems, and processes for containing compromised credentials using deception systems. A request to authenticate a credential is received at a honeypot and a determination is made that the request includes context information that correlates the credential with network components that are part of the network. A protected host in the network associated with the credential is identified and the credential is authenticated by validating the credential with the protected host. A determination is made that the credential is compromised and the credential is deactivated.

Abstract: Artificial Intelligence (“AI”) apparatus and method are provided that correlate and consolidate operation of discrete vendor tools for detecting cyberthreats on a network. An AI engine may filter false positives and eliminate duplicates within cyberthreats detected by multiple vendor tools. The AI engine provides machine learning solutions to complexities associated with translating vendor-specific cyberthreats to known cyberthreats. The AI engine may ingest data generated by the multiple vendor tools. The AI engine may classify hardware devices or software applications scanned by each vendor tool. The AI engine may decommission vendor tools that provide redundant cyberthreat detection. The AI engine may display operational results on a dashboard directing cyberthreat defense teams to corroborated cyberthreats and away from false positives.

Abstract: Software provenance validation reports whether a validation binary matches the source code, resources, and other parts, as well as the compiler, runtime, operating system, and other context, which is specified in a provenance manifest for a release binary. Part context checksums, software versions, tool parameters, and other aspects of a build are checked. Certification signatures, timestamps, certain version differences, source code locations, and other data may be ignored for validation purposes. A provenance manifest may include other provenance manifests, including binary rewrite manifests. The provenance manifest may be stored in a debugger file with symbol information, or stored separately. Partial matches may be reported, with details of what matches or does not match. After provenance of a binary is validated, the binary's source code can be analyzed for vulnerabilities, thereby enhancing software supply chain security.