Abstract: A system to determine an intrusion risk and take action is described. The system collaboratively filters a combination based on a user access and a network item in a computer network to determine an associated recommendation score. The system determines connected components of a model of the computer network and separately collaboratively filters the connected components to determine the recommendation score as a measure of intrusion risk. An action is taken on the user access based on the intrusion risk.

Abstract: Malware detection logic executed by a secured device residing in a home network may receive a message from an unsecured device of a first unsecured network and intended for a destination device of the home network, the destination device comprising a security client. The malware detection logic may establish a secure communication channel between the malware detection logic of the secured device and the security client of the destination device. The malware detection logic may execute a validation test on the message to determine that the message includes malware. The malware detection logic may report an alarm to the security client of the destination device. The malware detection logic may transmit information related to the malware to a cloud computing server. The malware detection logic may prevent an application associated with the destination device from processing the message.

Abstract: The invention provides a computer-implemented control method and corresponding system. The method may control or influence a device, system or other resource such as a technical process. The invention can provide a mechanism for emulating or otherwise executing the functionality of a logic gate via a computer-based distributed ledger (blockchain). This may be the Bitcoin blockchain or an alternative network/protocol. The invention provides logic embedded within a redeem script such that it determines which particular private keys have been used to sign an unlocking script, and then interprets the provision of those keys in accordance with a predetermined function.

Abstract: A server system obtains, for machines in a distributed system, system risk information, such as information identifying open sessions between respective users and respective machines, information identifying vulnerabilities in respective machines; and administrative rights information identifying groups of users having administrative rights to respective machines. The server system determines security risk factors, including risk factors related to lateral movement between logically coupled machines, and generates machine risk assessment values for at least a subset of the machines, based on a weighted combination of the risk factors. A user interface that includes a list of machines, sorted in accordance with the machine risk assessment values is presented to a user.

Abstract: The present invention relates to a method for automatic derivation of attack paths in a network comprising defining the topology of the network as an enriched network topology, identifying the vulnerabilities of the topology as vulnerabilities information artifacts, building the atomic attack database of the network based on the topology and the vulnerabilities, translating the enriched network topology, the vulnerabilities information artifacts and the atomic attack database into a predefined formal model, executing a predefined SMT-based model checker for the predefined formal model to seek counterexamples and deriving the attack paths from the counterexamples, wherein the defining the topology comprises running, by a computerized data processing unit operatively connected to the network, a module of deep packet inspection of the network to build a network topology based on the information derived from the deep packet inspection module, running, by the computerized data processing unit, a module of active q

Abstract: Systems and methods for preventing insider threats. An identity provider system at least one of identifies and authenticates one or more users. A relying party system provides access to at least one electronic resource. A storage system stores one or more immutable records. The immutable records store user credential reference information associated with the users, including verifiable assurance of user identity mutually written by the identity provider and relying party systems. The identity provider system and the relying party system are configured to independently at least one of verify and validate a user request associated with at least one user among the users based on the user credential reference information stored in the immutable records.

Abstract: A network device may receive a first data packet. The network device may determine that a level of available computing resources satisfies a threshold level. The network device may perform a secure socket layer (SSL) proxy function based on the level of available computing resources satisfying the threshold level. The network device may receive a second data packet. The network device may determine that the level of available computing resources fails to satisfy the threshold level. The network device may determine a security characteristic associated with the second data packet. The network device may determine a security rating associated with the second data packet based on the security characteristic. The network device may selectively perform the SSL proxy function based on the security rating.

Abstract: Method and systems described herein may provide multifactor mutual authentication. A first server may provide a first party and a second party with at least two authentication components in order for the first party to authenticate the identity of the second party, and vice versa. The first authentication component may include a color-based authentication component, while the second authentication component may include a code-based authentication component. Both factors need to be validated in order for the authentication to be successful. The color-based authentication component, in combination with the code-based authentication component, may improve the speed with which the mutual authentication is performed.

Abstract: A request to store a container image is received from a device associated with a customer of a computing resource service provider. Validity of a security token associated with the request is authenticated using a cryptographic key maintained as a secret by the computing resource service provider. One or more layers of the container image is built based at least in part on at least one build artifact to form a set of built layers. The software image including the set of built layers is stored in a repository associated with the customer. A manifest of metadata for the set of built layers is stored in a database of a structured data store. The container image is obtained in the form of an obtained container image. The obtained container image is deployed as the software container in at least one virtual machine instance associated with the customer.

Abstract: A system for verifying a user's request to access a resource determines a set of entitlement attributes from the request. The set of entitlement requests indicates a type of permission to access a particular resource, including at least one of a write-access and a read-access to the particular resource. The system determines whether there is any rule that is violated by the set of entitlement attributes. In response to determining that there is at least one rule that is violated by the set of entitlement attributes, the system denies the request.

Abstract: An information processing device 10 comprises a data reception unit 13 that accepts transmission information of an email received by each of a plurality of mail servers 12, the transmission information being extracted from the emails; a transmission information determination unit 14 that determines whether the transmission source of the email is appropriate based on the transmission information; and a whitelist distribution unit 16 that distributes the transmission source determined to be appropriate to each of the plurality of mail servers.

Abstract: A computer implemented system and method provide for a transfer learning platform system. The method provides an introduced enterprise security policy (IESP) to a first enterprise system. During a threat, the IESP is toggled on and off. A first change element is determined that represents a change in a logging system of the first enterprise between a first and second log element of the first enterprise captured when the IESP was toggled on and off, respectively. The IESP is provided to a second enterprise system. A second change element is determined that represents a change in a logging system of the second enterprise between a first log element of the second enterprise. The method further determines that the first and second change element are different, and, conditioned upon the determining that the second change element is different than the first change element, removes the IESP from the second enterprise system.

Abstract: Disclosed is a method performed by an authentication server for authentication of users requesting access to a restricted data resource from a communication device, the authentication server being situated in the restricted data resource. After checking that a username and password received from a communication device matches a stored username and password, the authentication server sends, using the RADIUS protocol, a request to the communication device to enter an approver ID. After receiving an approver ID from the communication device in response to the request, via the RADIUS protocol, the authentication server sends an approval request including user ID to an approver device indicated by the approver ID, and if the approver approves the request, the authentication server receives an accept to the approval request and grants the user access to the restricted data resource.

Abstract: Systems and methods may be provided for masking data on public networks, such as social networking sites. At a publishing node, the system may monitor data input fields in a webpage, and intercept and encode content, such as text, images, and video input at the data input fields, prior to the content being posted online on a public service provider's website. A privacy agent may process input field content to try to detect encoding markers in the input field content, which define portions of the content that are to be encoded. A third party key server may be used to store decoding keys. A URI reference to the decoding key may be used to access the decoding key by a node attempting to view the decoded version of the input field content.

Abstract: Various embodiments are discussed that provide systems and methods for identifying possible unsecured devices on a network. In some cases, embodiments discussed relate to systems and methods for identifying possible unsecured devices; clustering the identified devices with other similar devices, and/or determining default or simplified access processes for a given cluster of the identified devices.

Abstract: Embodiments are directed to declaring network policies using natural language. A policy statement for the management of the network resources may be generated based on a statement. A prompt dataset may be generated for large language models based on the policy statement and a prompt template. In response to providing the prompt dataset to train the large language models further actions may be performed, including: generating a candidate configuration profile based on information provided by the trained large language models such that the candidate configuration profile may include field names or field values that may be associated with providing the management of the network resources; in response to validation of the candidate configuration profile for the management of the network resources, the validated candidate configuration profile may be provided to an infrastructure security computer (ISC) such that the ISC updates network policies based on the validated candidate configuration profile.

Abstract: A method, apparatus and computer program product for homomorphic inference on a decision tree (DT) model. In lieu of HE-based inferencing on the decision tree, the inferencing instead is performed on a neural network (NN), which acts as a surrogate. To this end, the neural network is trained to learn DT decision boundaries, preferably without using the original DT model data training points. During training, a random data set is applied to the DT, and expected outputs are recorded. This random data set and the expected outputs are then used to train the neural network such that the outputs of the neural network match the outputs expected from applying the original data set to the DT. Preferably, the neural network has low depth, just a few layers. HE-based inferencing on the decision tree is done using HE inferencing on the shallow neural network. The latter is computationally-efficient and is carried without the need for bootstrapping.

Abstract: One disclosed example involves a client device joining a videoconferencing meeting in which there is end-to-end encryption, where the end-to-end encryption is implemented by the client devices participating in the meting using a meeting key provided by the meeting host. Thereafter, the client device receives a public key of an asymmetric key pair corresponding to the host of the meeting, where the public key is different from the meeting key. The client device then generates a security code based on the public key and output the security code on a display device. The security code can be compared to another security code generated by another client device participating in the meeting to verify if the meeting is secure. The client device may also receive encrypted videoconferencing data, decrypt it using the meeting key, and output the decrypted videoconferencing data on the display device.

Abstract: A method for generating a network-level attack graph is described. A first computing device in a network generates a first attack graph and transmits the first attack graph to a central computing device in the network. A second computing device in the network generates a second attack graph, wherein the second computing device is different than the first computing device, and transmits the second attack graph to the central computing device. The central computing device generates, based on the first attack graph and the second attack graph, a network-level attack graph by merging the first attack graph, the second attack graph, and an attack graph stencil of cross-device vulnerability interactions.

Abstract: Attack scenario information describes each state of an information processing system to be attacked and an attack scenario including a chain of actions that can be taken in the state, an action that transitions from a first state to a second state is obtained with reference to state information, action information, and attack tactics information, a reward of the action is obtained with reference to reward information, the action information, and the attack tactics information, an expected reward of the reward of the action that transitions from the first state to the second state is obtained with reference to success probability information, the highest expected reward is set as a state value of reinforcement learning of the first state among the expected rewards of the action, and the attack scenario is generated by the reinforcement learning.