Abstract: Methods and systems are presented for detecting malicious webpages based on dynamically configuring a device to circumvent one or more evasion techniques implemented within the malicious webpages. When a known malicious webpage is obtained, programming code of the known malicious webpage is analyzed to determine one or more evasion techniques implemented within the known malicious webpage. The one or more evasion techniques may cause a webpage classification engine to falsely classify the known malicious webpage as a non-malicious webpage. A software update is generated based on one or more feature parameters extracted from the one or more evasion techniques. The software update is used to for modify the webpage classification engine such that the webpage classification engine would correctly classify the known malicious webpage.

Abstract: Methods and devices for communicating sensitive data to applications are provided. A wearable device can wirelessly connect with a second computing device. The wearable device can be configured to obtain sensitive data. The second computing device can provide a first software application and a second software application. The wearable device can wirelessly receive a first request for the sensitive data from the first application. The wearable device can send a response denying the first request to the first application. The wearable device can wirelessly receive a second request for the sensitive data from the second application. The wearable device can determine whether the second request is authenticated to be associated with the second application. After determining that the second request is authenticated to be associated with the second application, the wearable device can wirelessly send the sensitive data to the second application.

Abstract: A secure computing hardware apparatus includes at least a secret generator module, the at least a secret generator module configured to generate a module-specific secret, and a device identifier circuit communicatively connected to the at least a secret generator, the device identifier circuit configured to produce at least an output comprising a secure proof of the module-specific secret. Secret generator module may implement one or more physically unclonable functions to generate the module-specific secret.

Abstract: A system and method for facilitating controlled access by a client device to one or more services provided by a server are disclosed. The client device's access to the services provided by the server may be dynamically controlled by a controller, which may generate instructions to an agent to effectuate the access control. The agent may be configured to control one or more access components associated with the server. The instructions generated by the controller may instruct the agent to cause the access control components to grant or remove the client device's access to the services provided by the server. In some implementations, the controller may generate such instructions based on a status of a session established between the controller and the client device.

Abstract: Systems, methods, and software can be used to analyze security risks of a binary software code. In some aspects, a computer-implemented method comprises: receiving, by at least one hardware processor, a binary software code; determining, by the at least one hardware processor, that the binary software code accesses one or more network addresses; for each of the one or more network addresses that are accessed by the binary software code: determining, by the at least one hardware processor, whether the binary software code uses an insecure network protocol to access the network address; and generating, by the at least one hardware processor, a security notification indicating the network address that is accessed by the binary software code using the insecure network protocol.

Abstract: A computer-implemented method includes obtaining, by one or more processing devices, a wireless message of an Internet of Things (IoT) device by monitoring a wireless signal sent by the IoT device; determining, by the one or more processing devices, a target running feature of the IoT device based on the wireless message; comparing, by the one or more processing devices, the target running feature with a historical normal running feature of the IoT device; and determining, by the one or more processing devices, whether the IoT device runs abnormally based on the comparing of the target running feature with the historical normal running feature of the IoT device.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for authenticating users based on a sequence of biometric authentication challenges. In one aspect, a process includes receiving a first image of the face of the user and processing the first image according to a first authentication process to determine whether the face of the user shown in the first image matches the face of an authorized user. A second authentication process including a sequence of biometric authentication challenges is identified. The sequence includes at least one facial expression challenge. The user is authenticated in response to determining that the first authentication process is satisfied based on the face of the user shown in the first image matching the face of the authorized user and the second authentication process is satisfied based on the user providing a valid biometric response to each biometric authentication challenge.

Abstract: Embodiments are directed to monitoring network traffic using NMCs that may be arranged to provide scores based on threat assessments associated with anomaly classes such that the anomaly classes may be associated with types of anomalous activity. NMCs may employ the anomaly classes, the scores, characteristics of the anomaly classes, or the like, to determine triage models. The NMCs may modify the scores based on the triage models or archival information associated with the anomaly classes. The NMCs may associate the modified scores with the anomaly classes. In response to detecting anomalous activity, the NMCs may provide other scores based on the anomalous activity and provide a report that includes the other scores to a user.

Abstract: The present invention relates to an electronic device and a method for performing authentication. The electronic device of the present invention comprises: a communication module; a memory; a processor electrically connected to the communication module and the memory; and an authentication module configured so as to be stored in the memory and executed by the processor, wherein the authentication module can be configured so as to transmit, on the basis of at least a part of a request, authentication information stored in the memory to an external electronic device, when the authentication request related to the external electronic device is obtained.

Abstract: A computer-implemented method includes: generating a first list of uniform resource locators (URLs) available on a page when accessed using privileged credentials; storing one or more first URL outputs associated with the first list of URLs including the content of webpages accessed using the privileged credentials; generating a second list of URLs when accessed using non-privileged credentials; generating a third list of URLs, wherein the third list of URLs includes URLs included in the first list of URLs and not included in the second list of URLs; storing a second URL output including content of a webpage mapped to a particular URL in the third list of URLs when the particular URL is accessed using the non-privileged credentials; determining that the second URL output matches a particular first URL output associated with the particular URL; and outputting an alert identifying that the webpage is accessible by an unauthorized user.

Abstract: A method for unlocking a screen by using a fingerprint includes: sending, by a fingerprint sensor, a first notification to a control chip and concurrently sending a second notification to a display driver chip of a screen when detecting that a finger presses or touches a fingerprint recognition area; completing, by the display driver chip according to the second notification, preparation work before the screen is turned on; verifying, by the control chip according to the first notification, fingerprint information collected by the fingerprint sensor and pre-stored fingerprint information; and if the verification succeeds, unlocking the screen and turning on the screen.

Abstract: An integrated circuit includes one or more intellectual property (IP) cores, one or more general purposes input/output (GPIO) interfaces, each GPIO interface having one or more ports, and one or more security circuits, each security circuit being coupled between an IP core and a GPIO interface. A security circuit, in operation, selectively enables communications between the IP core and the GPIO interface coupled to the security circuit based on an indication of the security status of the IP core, an indication of the security status of the GPIO interface or both the indication of the security status of the IP core and the indication of the security status of the GPIO interface.

Abstract: A safeguarding method, a safeguarding apparatus, and a computer storage medium are provided. The method includes detecting a program operating on a terminal, and intercepting an operation performed by the program; identifying an object on which the program performs the operation; obtaining configuration information of the object on the terminal, and determining, based on the configuration information, that the object is a targeted monitored object. The method further includes determining, based on the configuration information of the targeted monitored object, whether the operation performed by the program on the object is a legitimate operation; and canceling intercepting the operation if the operation is a legitimate operation, and continuously intercepting the operation if the operation is an illegitimate operation.

Abstract: An intrusion prevention system includes a machine learning model for inspecting network traffic. The intrusion prevention system receives and scans the network traffic for data that match an anchor pattern. A data stream that follows the data that match the anchor pattern is extracted from the network traffic. Model features of the machine learning model are identified in the data stream. The intrusion prevention system classifies the network traffic based at least on model coefficients of the machine learning model that are identified in the data stream. The intrusion prevention system apples a network policy on the network traffic (e.g., block the network traffic) when the network traffic is classified as malicious.

Abstract: Sharing IoT device (IoTd) profile data is provided, comprising: generating at least one access control rule to protect an IoTd; publishing first IoTd profile data in a first new block (FNB) of a blockchain of a blockchain network (BN), wherein the first IoTd profile data comprises the at least one access control rule; and committing the FNB to the blockchain based on a consensus algorithm by: a manufacturer of the IoTd committing the FNB to the blockchain; a security vendor (SV) participating in the BN committing the FNB to the blockchain when the SV is a sole SV participating in the BN; or the SV committing the FNB to the blockchain based on consensus among at least the SV and a plurality of security vendors when the SV and the plurality of security vendors are participating in the BN.

Abstract: A method comprises creating a word vector from a message, wherein the word vector comprises creating a word vector from a message stored in a database, wherein the word vector comprises an entry for each word of the plurality of words and each entry indicating a number of occurrences in the message of the word for that entry. The method further comprising calculating a cosine difference between the word vector and each group vector of a plurality of group vectors and assigning the word vector to a group for a group vector of the plurality of group vectors based on the calculated cosine difference between the word vector and the group vector for the group. The method may also comprise reformatting the message to include a phrase and assigning the phrase to the same group that the word vector is assigned to. The method may also comprise notifying the user.

Abstract: Devices and methods for detecting a compromised social media account are disclosed. A method includes: receiving, by a computing device, social media content corresponding to a plurality of social media accounts; determining, by the computing device, a plurality of affinity groups, each including two or more social media accounts from the plurality of social media accounts, based upon the received social media content; determining, by the computing device, whether or not a particular social media account of the plurality of social media accounts is compromised using the received social media content and the determined plurality of affinity groups; and in response to determining that the particular social media account is compromised, the computing device providing a notification indicating that the particular social media account is compromised.

Abstract: Disclosed are systems and methods for limiting access of a user profile to dangerous content in a social network service. The described system produces a social graph for a given user profile in the social network service, and identifies clusters of objects (e.g., other user profiles, contents) within the social graph. The described system analyzes whether certain objects in the social graph should be characterized as suspicious based on their clustering and on a database of known forbidden objects. The described system may further learn and add unknown objects to the database of forbidden objects.

Abstract: An example operation may include one or more of identifying pending blockchain transactions in a transaction queue, determining states of the pending blockchain transactions, determining whether the pending blockchain transactions in the transaction queue are valid based on the determined states, retrieving a list of potential blockchain transaction conflicts associated with the pending blockchain transactions, and determining whether any conflicts exist for one or more of the pending blockchain transactions based on the list of blockchain transaction conflicts.

Abstract: A computerized method involves obfuscating one or more segments of data that is part of a flow prior to analysis of the flow for malware. Each of the one or more obfuscated data corresponds to one or more anonymized data. Thereafter, an identifier is generated for each of the one or more anonymized data, and each identifier is substituted for its corresponding anonymized data. The anonymized data and its corresponding identifiers are separately maintained from the stored flow.