Abstract: A computer-implemented method for providing anonymized patient datasets, comprises: analyzing statistical population data to ascertain obfuscation parameters; and anonymizing patient datasets including quasi-identifiers as attributes by obfuscating the quasi-identifiers of the patient datasets based on the obfuscation parameters to generate the anonymized patient datasets. A system includes at least one processor and a memory, and is configured to provide the anonymized patient datasets.

Abstract: In an example of a method described herein, historical events occurring over a network are detected, and at least one of the historical events is associated with an observed value of a categorical variable. A numerical aggregate value representing the observed value is updated by applying an exponential smoothing function to (i) a prior numerical aggregate value representing prior historical events associated with the observed value and (ii) a count of the historical events associated with the observed value. An event occurring over the network is detected and is associated with the observed value. Features are extracted from the event, where the features include an encoded feature based on the numerical aggregate value to represent the observed value. A predictive model is applied to the features to determine a score representing likelihood of an outcome. Based on the score, access to a resource of the network is controlled.

Abstract: A system and methods of cybersecurity are provided, implementing: receiving multiple TCP/IP packets destined for a target host; determining from among the multiple TCP/IP packets, a subset of suspicious TCP/IP packets characterized by one or more suspicious traits; for each of the TCP/IP packets characterized by the one or more suspicious traits, extracting a TCP/IP timestamp header value and calculating a normalized timestamp value by subtracting a local system time from the TCP/IP timestamp header value; identifying a subgroup of the TCP/IP packets having a common normalized timestamp value indicative of generation by a common source host; receiving a subsequent TCP/IP packet destined for the target host; determining that the subsequent TCP/IP packet's normalized timestamp value is the common normalized timestamp value; and responsively blocking the subsequent TCP/IP packet from reaching the target host.

Abstract: A method of blocking access to files encrypted with a compromised key by mapping keys and ranges of containers encrypted by the keys. Upon notification that a key is compromised, fencing a container range corresponding to data segments encrypted by the compromised key to prevent deduplication operations on the segments. The method makes a point-in-time copy of the filesystem managing the segments, wherein each file of the file system is represented as tree structure having a root level and other levels. The method iteratively inspects in a level-wise manner, each container in each level of the file trees of the files to identify containers having segments encrypted by the compromised key, and marks files corresponding to the identified containers as not readable to block the access to the files encrypted with the compromised key.

Abstract: An agent running on an IoT device of a client's network may receive a default password from a provider network and use the received default password to determine whether the password assigned to the IoT device has been changed from the default password to a different one. The agent may retrieve a salt string, a hashing algorithm, and a hashed string from a password database of the IoT device, combine the salt string with the received default password to generate a salted default password, and apply the hashing algorithm to the salted default password to generate a new hashed string. The agent may then compare the new hashed string to the hashed string retrieved from the password database. If they match, then the agent sends an indication to the provider network that the default password is still assigned to the IoT device.

Abstract: A system, process, and computer-readable medium for securely transferring user personal identification information (PII) across platforms, based on specific permissions, are described. One or more aspects provide greater control, to a user, of when that user's PII may be released from a secure storage in a first platform and securely provided to a second platform. The timing of those releases of the PII may be controlled by specific authorizations from the user via one or more processes. Also, in addition to improving the security associated with the PII transferred between platforms, one or more aspects improve users' experiences by permitting controlled reuse of users' PII to simplify how users provide their PII to separate processes being performed on separate platforms.

Abstract: A processing method implemented by a first device including receiving first data including a challenge datum; obtaining key data including an encrypted cryptographic key which is masked by executing a cryptographic masking function; receiving an unmasking key; determining the encrypted cryptographic key by executing a cryptographic unmasking function on the basis of the unmasking key; determining a decrypted cryptographic key by a decryption by executing a decryption algorithm with white-box implementation on the basis of the encrypted cryptographic key; determining an answer datum by a cryptographic operation by executing a predetermined cryptographic algorithm on the basis of the decrypted cryptographic key and the challenge datum; and sending the answer datum to authenticate the first device.

Abstract: A system and method for locating DGA compromised IP addresses is provided. A domain name system (DNS) stream is received. The DNS stream is classified into DGA generated domains using a machine learning classifier to generate a classification output. User behavior profiling is performed to enhance the classification output. A verdict is generated based on the user behavior profiling of the classification output including identifying a compromised source IP address associated with a detected DGA malware attack.

Abstract: An information processing device, anonymizing data composed of records including one or more items through statistical processing, includes a memory, and a processor configured to acquire a data set from a server, classify respective records constituting the data into one or more first sets, based on masking target items, a dictionary, and a selected hierarchy level, classify the respective records into one or more second sets with respect to a number of records belonging to each of the one or more first sets, and calculate a ratio of records belonging to each of the one or more second sets to the records constituting the data, calculate an index value regarding merged data, change the hierarchy level based on the ratio of records, priority set in advance, and the index value, and create a statistically processed record by statistically processing records belonging to a same first set.