Abstract: A method for relating different types of records. The method may include providing comparison functions, wherein each comparison function corresponds to a semantical class, and wherein a computational cost is associated with each comparison function. The method may include determining one or more attribute pairs between the different types of records. The method may include sorting the comparison functions according to a determined accuracy. The method may include selecting a set of comparison functions associated with semantical classes according to a predefined rule. The method may include determining a total computational cost based on the computational cost of the selected set of comparison functions. The method may include determining whether two or more records are related using the selected set of comparison functions. The method may include relating the two or more records. The method may include determining a rate of false negative records.

Abstract: Systems and methods are disclosed for online authentication of online attributes. One method includes receiving an authentication request from a rely party, the authentication request including identity information to be authenticated and credential information to be authenticated; determining whether a user account is associated with the received identity information by accessing an internal database; accessing user data of the user account determined to be associated with received identity information; determining authentication data to obtained from a user associated with the user account based on the user data of the user account and the credential information to be authenticated; transmitting a request for authentication data; receiving authentication data associated with the user; transmitting authentication data associated with the user; and receiving an authentication result from the verification data source server for the user associated with authentication data.

Abstract: In several aspects of the present invention, a processor receives, from a rule-based intrusion detection system, an intercepted request sent by a hacker. A processor analyzes the intercepted request to determine, in part, a type of service and a type of hacker. A processor builds a first layer of a honeypot maze based on the analyzed intercepted request. A processor simulates the first layer of the honeypot maze to the hacker. A processor iteratively builds additional layers of the honeypot maze based on additional intercepted requests from the hacker.

Abstract: An attack path detection method, attack path detection system and non-transitory computer-readable medium are provided in this disclosure. The attack path detection method includes the following operations: establishing a connecting relationship among a plurality of hosts according to a host log set to generate a host association graph; labeling at least one host with an abnormal condition on the host association graph; calculating a risk value corresponding to each of the plurality of hosts; in a host without the abnormal condition, determining whether the risk value corresponding to the host without the abnormal condition is greater than a first threshold, and utilizing a host with the risk value greater than the first threshold as a high-risk host; and searching at least one host attach path from the high-risk host and the at least one host with the abnormal condition according to the connecting relationship of the host association graph.

Abstract: The computer system is connected to a DB that stores data acquired from a production system in which a plurality of machines operate, and includes a generation unit and a data search unit. The DB stores operation data and environment data. The generation unit generates, by analyzing schedule information including a production schedule of the plurality of products, first owner information for storing first access control data including an owner, the machines, and a first access period set based on operation time, and generates, based on the first owner information, second owner information for storing second access control data including the owner, a type of the environment data, and a second access period set based on the first access period. The data search unit controls accesses to the DB based on the first owner information and the second owner information.

Abstract: Briefly, example methods, apparatuses, and/or articles of manufacture are disclosed that may be implemented, in whole or in part, using one or more processing devices to develop compilers and microcode for generation of runtime images for secure execution according to an instruction set architecture (ISA) on a computing device. For example, a co-development of a paired compiler and microcode may obscure how such a paired compiler and microcode are to express program instructions into binary runtime image.

Abstract: A server can receive a device public key and forward the device public key to a key server. The key server can perform a first elliptic curve Diffie-Hellman (ECDH) key exchange using the device public key and a network private key to derive a secret X1. The key server can send the secret X1 to the server. The server can derive an ECC PKI key pair and send to the device the server public key. The server can conduct a second ECDH key exchange using the derived server secret key and the device public key to derive a secret X2. The server can perform an ECC point addition using the secret X1 and secret X2 to derive a secret X3. The device can derive the secret X3 using (i) the server public key, a network public key, and the device private key and (ii) a third ECDH key exchange.

Abstract: Disclosed herein is a method performed by an apparatus. In the method, a payload information item is obtained that is to be communicated to at least one recipient. An encrypted payload information item is obtained by encrypting said payload information item such that it is decryptable by use of a first decryption key and a second decryption key. Further, a message containing said encrypted payload information item is sent or triggered to be sent to said recipient.

Abstract: A system, method, and computer-readable medium are disclosed for management of a distributed web application firewall (WAF) cluster that supports one or more protected applications. A WAF cluster infrastructure is configured for the protected applications. The WAF cluster includes one or more WAFs that are used to route traffic directed to the protected applications. The WAF cluster infrastructure is validated as to be current and updated. The validated WAF cluster infrastructure is then used as routing service.

Abstract: Systems, computer program products, and methods are described herein for dynamically permitting and restricting access to and modification of computer resources. The present invention may be configured to receive a change request identifying computer resources to be modified, determine whether privileged access is required to modify the computer resources, and receive credentials from a user device. The present invention may be further configured to generate an encrypted configuration file, determine whether the change request is valid, and further encrypt the encrypted configuration file based on determining that the change request is valid.

Abstract: A system is provided and includes a securable resource, a locking element configured to assume a locked condition in which the securable resource is locked and an unlocked condition in which the securable resource is unlocked and a controller. The controller is receptive of an instruction to authorize users to unlock the securable resource and is configured to perform operating system (OS) level authentication of the users and OS level control of the locking element in accordance with the instruction to authorize users and the OS level authentication.

Abstract: The present invention relates to a method for automatic aggregating and enriching data from honeypots comprising defining a plurality of identified honeypots of a different type to be monitored in a network; collecting metadata and samples from said honeypots of a different type in said network, which in turn comprises defining a predefined collection model for the honeypots such as to collect homogeneous metadata and samples among the honeypots of a different type, extracting the metadata according to the collection model defining a model metadata, and extracting the samples according to the collection model defining model samples; enriching said metadata and sample collected, which in turn comprises scanning the model metadata to extract IoCs, scanning the model samples to extract IoCs, recursively scanning the model samples to generate secondary model metadata and scanning the secondary model metadata to extract IoCs, until no further IoCs can be generated, recursively obtaining secondary samples from the

Abstract: A system and method for securing virtual cloud assets in a cloud computing environment against cyber threats. The method includes: determining a location of a snapshot of at least one virtual disk of a protected virtual cloud asset, wherein the virtual cloud asset is instantiated in the cloud computing environment; accessing the snapshot of the virtual disk based on the determined location; analyzing the snapshot of the protected virtual cloud asset to detect potential cyber threats risking the protected virtual cloud asset; and alerting detected potential cyber threats based on a determined priority.

Abstract: A system for detecting data leakage is disclosed. The system intercepts web traffic data, de-duplicates the web traffic data, and extracts data elements from the web traffic data. The system further groups the data elements into multiple clusters based on data types associated with the data elements. The system then identifies data elements in a cluster that were previously sent to a user and identifies allowed data elements from an allow table that are supposed to be sent to the user. The system determines whether there is a data leakage by determining whether the identified data elements in the cluster comprises at least one data element that is not in the identified allowed data elements in the allow table.

Abstract: A system, method, and computer program product are provided for preventing access to data associated with a data access attempt. In use, a data access attempt associated with a remote data sharing session is identified. Further, access to the data is prevented.

Abstract: Systems and methods are disclosed for automatically predicting a risk score of a user login attempt by receiving a user login attempt and generating a login feature vector associated with the user login attempt. The systems and methods further train a machine learning technique to establish a relationship between the login feature vector and the risk score. The trained machine learning technique is applied to new user login attempts to predict a risk score associated with the login attempt and issue an authentication challenge to the user if the risk score exceeds a predetermined threshold value.

Abstract: A method for securing a networked computer system executing an application includes identifying a vulnerable computer resource in the networked computer system, determining all computer resources in the networked computer system that are accessible from, or are accessed by, the vulnerable computer resource, and prioritizing implementation of a remediation action to secure the vulnerable computer resource if a vulnerability path extends from the vulnerable computer resource to a critical computer resource that contains sensitive information. The remediation action to secure the vulnerable computer resource is a safe remediation action that does not impact availability of the application executing on the networked computer system.

Abstract: Systems, devices, media, and methods are presented for determining a level of abusive network behavior suspicion for groups of entities and for identifying suspicious entity groups. A suspiciousness metric is developed and used to evaluate a multi-view graph across multiple views where entities are associated with nodes of the graph and attributes of the entities are associated with levels of the graph.

Abstract: A computing device includes a memory and at least one processor configured to cooperate with the memory. The processor is to boot the computing device, and direct generated data to data storage. The data storage includes at least one persistent layer and a non-persistent layer. The processor determines if the data is to be stored in the at least one persistent layer or the non-persistent layer based on a version of the operating system being used to boot the computing device.

Abstract: The present embodiments provide an environment where a user first creates or imports a document comprising of fields to be completed by one or more users. All users who have view-only access or can act on a document are considered to be “in the workflow.” All users in the workflow (except view-only users) can take actions in the document by editing, adding or entering values or signatures in those fields. When the document is complete, a computing device adds an encrypted token visualization element to the document that uniquely identifies and secures the document. Thereafter, a copy of the original document, all attachments, authentication, security and validation information, and all other relevant information about the document and users will be available to view in the chain of custody and audit trail by the authorized users by scanning the token visualization element within the platform (web application or mobile application).