Abstract: Techniques are disclosed relating to malware clustering based on function call graph similarity. In some embodiments, a computer system may access information corresponding to a plurality of malware samples and, based on the information, generate a function call graph for each of the malware samples. In some embodiments, generating the function call graph for a given malware sample includes identifying a plurality of function calls included in the information, assigning a label to each of the function calls, identifying relationships between the function calls, and generating the function call graph based on the relationships and the labels. Based on the function call graphs, the computer system may assign each of the plurality of malware samples into one of a plurality of clusters of related malware samples.

Abstract: Disclosed embodiments relate to systems and methods for correlating software pipeline events. Techniques include receiving first data representing at least one aspect of a first software pipeline event; identifying a value as a potential identifier of the first software pipeline event; storing the value in a data structure in an associative manner with the first software pipeline event; receiving second data representing at least one aspect of a second software pipeline event; identifying an additional value as a potential identifier of the second software pipeline event; comparing additional value to the value stored in the data structure; based on the comparison, determining whether a correlation exists between the first software pipeline event and the second software pipeline event; and based on a determination that a correlation exists, providing an indication of the correlation.

Abstract: A printed circuit (PC) card apparatus can, in an absence of external power provided to a Peripheral Component Interconnect Express (PCIe) PC card, prevent and detect unauthorized access to secure data stored on a memory device mounted on the PCIe PC card. The PCIe card includes a primary battery to supply, when external power is disconnected from the PCIe card, power to an electronic security device mounted on the PCIe card. The PC card apparatus also includes a PCIe edge connector protector enclosing electrically conductive fingers of a PCIe edge card connector. The PCIe edge connector protector includes a hidden supplemental charge storage device integrated into the PCIe edge connector protector. The PCIe edge connector protector also includes electrically conductive contacts to transfer supplemental power from the supplemental charge storage device to the electronic security device.

Abstract: Methods, systems, and apparatuses are provided for flight management to configure an aircraft configuration (config) file accessible by the avionic system wherein an avionic service is implemented by a flight management system (FMS) for corroborating allowance of access using one of a set of validation procedures for corroboration prior to execution of a request for content to the config file including validating that a user request for a session is authorized based on user identification data, that a client request by an Electronic Flight Bag (EFB) application for a session is authorized based on client identification data, and in response to the client request, determining that an EFB application request is encrypted and performing a decrypt procedure of the EFB application request based on private key data of a private key; and encrypting an EFB application response based on public key data of a public key from the config file.

Abstract: A method for relating different types of records. The method may include providing comparison functions, wherein each comparison function corresponds to a semantical class, and wherein a computational cost is associated with each comparison function. The method may include determining one or more attribute pairs between the different types of records. The method may include sorting the comparison functions according to a determined accuracy. The method may include selecting a set of comparison functions associated with semantical classes according to a predefined rule. The method may include determining a total computational cost based on the computational cost of the selected set of comparison functions. The method may include determining whether two or more records are related using the selected set of comparison functions. The method may include relating the two or more records. The method may include determining a rate of false negative records.

Abstract: An attack path detection method, attack path detection system and non-transitory computer-readable medium are provided in this disclosure. The attack path detection method includes the following operations: establishing a connecting relationship among a plurality of hosts according to a host log set to generate a host association graph; labeling at least one host with an abnormal condition on the host association graph; calculating a risk value corresponding to each of the plurality of hosts; in a host without the abnormal condition, determining whether the risk value corresponding to the host without the abnormal condition is greater than a first threshold, and utilizing a host with the risk value greater than the first threshold as a high-risk host; and searching at least one host attach path from the high-risk host and the at least one host with the abnormal condition according to the connecting relationship of the host association graph.

Abstract: Systems and methods are disclosed for online authentication of online attributes. One method includes receiving an authentication request from a rely party, the authentication request including identity information to be authenticated and credential information to be authenticated; determining whether a user account is associated with the received identity information by accessing an internal database; accessing user data of the user account determined to be associated with received identity information; determining authentication data to obtained from a user associated with the user account based on the user data of the user account and the credential information to be authenticated; transmitting a request for authentication data; receiving authentication data associated with the user; transmitting authentication data associated with the user; and receiving an authentication result from the verification data source server for the user associated with authentication data.

Abstract: In several aspects of the present invention, a processor receives, from a rule-based intrusion detection system, an intercepted request sent by a hacker. A processor analyzes the intercepted request to determine, in part, a type of service and a type of hacker. A processor builds a first layer of a honeypot maze based on the analyzed intercepted request. A processor simulates the first layer of the honeypot maze to the hacker. A processor iteratively builds additional layers of the honeypot maze based on additional intercepted requests from the hacker.

Abstract: A server can receive a device public key and forward the device public key to a key server. The key server can perform a first elliptic curve Diffie-Hellman (ECDH) key exchange using the device public key and a network private key to derive a secret X1. The key server can send the secret X1 to the server. The server can derive an ECC PKI key pair and send to the device the server public key. The server can conduct a second ECDH key exchange using the derived server secret key and the device public key to derive a secret X2. The server can perform an ECC point addition using the secret X1 and secret X2 to derive a secret X3. The device can derive the secret X3 using (i) the server public key, a network public key, and the device private key and (ii) a third ECDH key exchange.

Abstract: The computer system is connected to a DB that stores data acquired from a production system in which a plurality of machines operate, and includes a generation unit and a data search unit. The DB stores operation data and environment data. The generation unit generates, by analyzing schedule information including a production schedule of the plurality of products, first owner information for storing first access control data including an owner, the machines, and a first access period set based on operation time, and generates, based on the first owner information, second owner information for storing second access control data including the owner, a type of the environment data, and a second access period set based on the first access period. The data search unit controls accesses to the DB based on the first owner information and the second owner information.

Abstract: Briefly, example methods, apparatuses, and/or articles of manufacture are disclosed that may be implemented, in whole or in part, using one or more processing devices to develop compilers and microcode for generation of runtime images for secure execution according to an instruction set architecture (ISA) on a computing device. For example, a co-development of a paired compiler and microcode may obscure how such a paired compiler and microcode are to express program instructions into binary runtime image.

Abstract: Disclosed herein is a method performed by an apparatus. In the method, a payload information item is obtained that is to be communicated to at least one recipient. An encrypted payload information item is obtained by encrypting said payload information item such that it is decryptable by use of a first decryption key and a second decryption key. Further, a message containing said encrypted payload information item is sent or triggered to be sent to said recipient.

Abstract: A system, method, and computer-readable medium are disclosed for management of a distributed web application firewall (WAF) cluster that supports one or more protected applications. A WAF cluster infrastructure is configured for the protected applications. The WAF cluster includes one or more WAFs that are used to route traffic directed to the protected applications. The WAF cluster infrastructure is validated as to be current and updated. The validated WAF cluster infrastructure is then used as routing service.

Abstract: Systems, computer program products, and methods are described herein for dynamically permitting and restricting access to and modification of computer resources. The present invention may be configured to receive a change request identifying computer resources to be modified, determine whether privileged access is required to modify the computer resources, and receive credentials from a user device. The present invention may be further configured to generate an encrypted configuration file, determine whether the change request is valid, and further encrypt the encrypted configuration file based on determining that the change request is valid.

Abstract: A system is provided and includes a securable resource, a locking element configured to assume a locked condition in which the securable resource is locked and an unlocked condition in which the securable resource is unlocked and a controller. The controller is receptive of an instruction to authorize users to unlock the securable resource and is configured to perform operating system (OS) level authentication of the users and OS level control of the locking element in accordance with the instruction to authorize users and the OS level authentication.

Abstract: The present invention relates to a method for automatic aggregating and enriching data from honeypots comprising defining a plurality of identified honeypots of a different type to be monitored in a network; collecting metadata and samples from said honeypots of a different type in said network, which in turn comprises defining a predefined collection model for the honeypots such as to collect homogeneous metadata and samples among the honeypots of a different type, extracting the metadata according to the collection model defining a model metadata, and extracting the samples according to the collection model defining model samples; enriching said metadata and sample collected, which in turn comprises scanning the model metadata to extract IoCs, scanning the model samples to extract IoCs, recursively scanning the model samples to generate secondary model metadata and scanning the secondary model metadata to extract IoCs, until no further IoCs can be generated, recursively obtaining secondary samples from the

Abstract: A system and method for securing virtual cloud assets in a cloud computing environment against cyber threats. The method includes: determining a location of a snapshot of at least one virtual disk of a protected virtual cloud asset, wherein the virtual cloud asset is instantiated in the cloud computing environment; accessing the snapshot of the virtual disk based on the determined location; analyzing the snapshot of the protected virtual cloud asset to detect potential cyber threats risking the protected virtual cloud asset; and alerting detected potential cyber threats based on a determined priority.

Abstract: A system for detecting data leakage is disclosed. The system intercepts web traffic data, de-duplicates the web traffic data, and extracts data elements from the web traffic data. The system further groups the data elements into multiple clusters based on data types associated with the data elements. The system then identifies data elements in a cluster that were previously sent to a user and identifies allowed data elements from an allow table that are supposed to be sent to the user. The system determines whether there is a data leakage by determining whether the identified data elements in the cluster comprises at least one data element that is not in the identified allowed data elements in the allow table.

Abstract: A system, method, and computer program product are provided for preventing access to data associated with a data access attempt. In use, a data access attempt associated with a remote data sharing session is identified. Further, access to the data is prevented.

Abstract: Systems and methods are disclosed for automatically predicting a risk score of a user login attempt by receiving a user login attempt and generating a login feature vector associated with the user login attempt. The systems and methods further train a machine learning technique to establish a relationship between the login feature vector and the risk score. The trained machine learning technique is applied to new user login attempts to predict a risk score associated with the login attempt and issue an authentication challenge to the user if the risk score exceeds a predetermined threshold value.