Abstract: A media playback system for presenting to a user a composition of a plurality of media streams. It has a media selection component configured to receive a scenario dataset, to receive user input for selecting viewing times defining segments of media and composition selections, and to output a list of segments of media from the scenario dataset that are authorized to be viewed by the user. The system has a playback control component configured to retrieve from media storage at least the segments of media from the output list of segments, to decode the segments of media, and to compile composition instructions. The system has a media playback component configured to receive the rendered media and the composition instructions.

Abstract: Methods, apparatus, systems, and articles of manufacture to provide and monitor efficacy of artificial intelligence models are disclosed. An example apparatus includes a model trainer to train an artificial intelligence (AI) model to classify malware using first training data; an interface to deploy the AI model to a processing device; a model implementor to locally apply second training data to the AI model to generate output classifications, the second training data generated after generation of the first training data; and a report generator to generate a report including an efficacy of the AI model based on the output classifications.

Abstract: An information processing apparatus configured to manage information regarding a user includes a reception unit configured to receive an execution request for executing first processing involving authentication of the user from a server configured to provide a service to the user, a verification unit configured to verify whether the execution request is valid, a message transmission unit configured to transmit, to a terminal operated by the user, a message including a link for accessing the server on a basis of a result of verification. The message is a message to provide the terminal with a screen that allows the server to execute second processing depending on a result of the first processing.

Abstract: As described herein, a system, method, and computer program provide a computer attack response service. In use, a notification is received that a transfer of at least one electronic file to a computing device has been detected as a potential incoming threat to the computing device. Responsive to the receiving the notification, at least one honeypot is created. Additionally, data within the at least one electronic file is accessed, using the at least one honeypot. Responsive to accessing the data within the at least one electronic file, activity associated with the incoming threat is monitored.

Abstract: Method and system for protecting an executing environment from malicious code elements, one exemplary method including compiling a set of trustworthy code elements, each code element being executable using an application. The method further includes determining whether the file contains an embedded code element. If the file contains an embedded element, the embedded code element can be authenticated based on the stored set of code elements, to determine whether the embedded code element is trustworthy. Access to the file can be enabled in response to an authentication result that the embedded code element is trustworthy.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprising an analytic server, which automatically detects malicious electronic files. The analytic server receives electronic files, runs a file extraction module to recursively scan the electronic files, and extracts all of the embedded and linked electronic files. The analytic server runs an exploit scanner against the extracted electronic files, and extracts code included in the electronic files. The analytic server deobfuscates the extracted code and examines the deobfuscated code by applying a set of malicious behavior rules against the deobfuscated rules. The analytic server identifies potentially malicious electronic files based on the examination. The analytic server applies a set of whitelist rules on the potentially malicious electronic files to eliminate false alarms. The analytic server transmits alert notifications to an analyst regarding the malicious electronic files and updates the whitelist rules based on analyst's feedback.

Abstract: Techniques for packet classification for network routing are disclosed. In some embodiments, packet classification for network routing includes receiving packets associated with a new flow at a security controller from a network device, in which the network device performs packet forwarding; classifying the flow; and determining an action for the flow based on a policy (e.g., a security policy). In some embodiments, the network device is a Software Defined Network (SDN) network device (e.g., a packet forwarding device that supports the OpenFlow protocol or another protocol).

Abstract: Provided is a method, system, and apparatus for authenticating a user device. The method includes registering a device identifier with at least one transformation rule, receiving a request for authentication comprising a device identifier associated with a user device, obtaining a one-time password (OTP) in response to receiving the request, communicating the OTP to the user device, receiving a transformed OTP from the user device, and authenticating the user device based on the OTP, the transformed OTP, and the at least one transformation rule.

Abstract: A method by a WiFi AP for setting-up a WiFi connection with a wireless device, includes sending WiFi service credentials to a Light Fidelity (Li-Fi) AP for transmission through Li-Fi signaling that is broadcast for reception by wireless devices. The method receives and authenticates an authentication request that is received via a RF transceiver of the WiFi AP from the wireless device, which is responding to the WiFi service credentials that were broadcast through the Li-Fi signaling. The method then establishes a WiFi RF connection with the wireless device responsive to the authentication.

Abstract: Techniques for particle-based threat scanning are described. A method of extracting particles from high entropy data may include obtaining a sample from a sample source, identifying an anchor particle in the sample, generating a plurality of particles following the anchor particle based on a particle limit, wherein each particle from the plurality of particles is an array of unique bytes generated based on one or more particle properties, and storing the plurality of particles following the anchor particle in a particle database.

Abstract: A file is received from external to the gateway device and, prior to runtime, the received file is detected as being compressed. Also before runtime, a compression type of the received file is differentiated as packed, protected, and/or archived. Identification of a specific packer, a specific protector or a specific archiver corresponding to the compression type is attempted. Responsive to successful identification, the received file is decompressed and a static type of malware analysis is selected for the received file. Responsive to unsuccessful identification, decompress the received file is attempted with a general unpacker, a general unprotector or a general unarchiver, and responsive to successful decompression, the static type of malware analysis is selected for the received file. Responsive to unsuccessful decompression, a dynamic type of malware analysis on the received file is selected.

Abstract: Embodiments of the present disclosure describe systems, methods, and computer program products for redacting sensitive data within a database. An example method can include examining a first column of a plurality of columns of a database to identify a first category of sensitive data in a first location of the first column and a second category of sensitive data in a second location of the first column, receiving a masking policy for the first column, the masking policy identifying the first category of sensitive data, and, in response to a data query accessing the first column, executing a redaction operation to redact the first category of sensitive data from the first location of the first column to generate redacted data for a response to the data query.

Abstract: A malware detection method that uses federated learning includes transmitting file characterization information for one or more local files, receiving a first malware detection model and labeled training data that is generated by a remote device, training the first malware detection model using the labeled training data set, transmitting parameters of the trained first malware detection model to the remote device, and receiving, from the remote device, a second malware detection model, wherein the second malware detection model is trained by federated learning using the parameters of the trained first malware detection model and additional parameters provided by one or more additional remote devices.

Abstract: A system for detecting malware includes a server and processor that executes instructions to receive, from the server, a first malware detection model and a database of known malicious files; label each file of a training data set as either malicious or clean by comparing each file of the training data set to the database, where if a match is not found to in the database, the model is used to predict maliciousness; train the first malware detection model using the labeled training data set; transmit parameters of the trained first malware detection model to the server; and receive, from the server, a second malware detection model, wherein the second malware detection model is trained by federated learning using the parameters of the trained first malware detection model and additional parameters provided by one or more remote devices.

Abstract: A method of securing a software routine implemented in a software instance executing in an execution environment, the method comprising: initializing a code block of the software instance with a reference to the software routine by storing the reference such that the stored reference is inaccessible to code outside of the code block; and returning a reference to the code block, the reference to the code block used by the software instance outside of the code block to invoke the software routine; wherein the code block is configured to: (a) invoke the software routine using the stored reference, and, (b) after a predetermined number of invocations of the software routine by the code block, modify the stored reference so as to prevent further invocation of the software routine by the code block.

Abstract: A data protection system is provided to detect data and execute security actions on the detected data using multiple tiers of parallel processing and incremental processing. For example, the data protection system can employ parallel job-submission and parallel-job execution to cataloging, scanning, searching, and other processes. Only source data that has not already been processed or has modified may be loaded to a cataloging data queue and a scanning data queue to reduce processing time. Scan results can include different data groups and can be used to search for specific data sets.

Abstract: A method and a system for modifying network connection access rules using multi factor authentication (MFA) are provided herein. The method may include the following steps: receiving, at a computer network, an access request from a client device; retrieving a user identification data associated with said client device; presenting a message over said client device, wherein the message contains details associated with said access request; responsive to the user confirmation of said details, initiating an MFA process, wherein the MFA process comprises presenting an authentication message over the client device; and only in a case that the user has been authenticated by the MFA process, establishing the requested connection access.

Abstract: A resource-access management system detects whether a user is authorized to access resources. The system may include a user device being configured to include a sensor that detects sensor data associated with the user. Further, the system includes a client qualification engine that determines whether or not a client is authorized to access the resources by comparing the sensor data with a plurality of patterns for evaluating whether or not the user is an authorized user. User scores are generated based on the compared sensor data and the plurality of patterns. Further, a composite score corresponding to the user is generated using the sensor data, plurality of patterns, and one or more additional criteria. Whether the user is granted access to the resources, presented with unauthorized user tests, or blocked from access to the resources depends on the composite score and threshold values.

Abstract: Systems and methods for advanced data and program protection are provided. Some embodiments extend the data-at-rest protection naturally provided by some self-encrypting drives in order to provide additional assurances to data-in-motion and data-in-use in the host computer to which the attached storage device is attached. In some embodiments, this protection is available even if only intermittently attached, and it requires no software to be installed on the host machines because the software run on the host is run in the host off the attached storage drive itself.

Abstract: Systems and methods of anti-vishing OTP protection via machine learning techniques are disclosed. In one embodiment, an exemplary computer-implemented method may comprise: receiving a permission indicator identifying a permission by the user to detect OTPs and calls being received by a computing device; receiving an indication of an OTP data item being received; processing the OTP data item to determine a time duration during which a particular OTP included therein is valid; utilizing a trained OTP protection machine learning model to determine phone number(s) as presenting a security risk with respect to the OTP data item; and instructing the computing device to commence at least one security measure based at least in part on a contact list updated with an indication that the phone number(s) present a security risk with regard to the particular OTP during the time duration of the particular OTP.