Abstract: A large-scale Ethernet mesh network including a plurality of dual-mode peer devices in signal communication with one another so as to establish a group connectivity association (CA). Each dual-mode peer device simultaneously operates in a supplicant mode and authenticator mode. Each of dual-mode peer device encrypts data using a shared group encryption key (SAK), and exchanges the encrypted data with peer devices in the group CA.

Abstract: Disclosed embodiments relate to iteratively developing profiles for network entities. Operations may include accessing a set of permissions associated with a network entity; obtaining a set of permission vectors for the network entity based on the set of permissions; evaluating each permission vector within the set of permission vectors for iteratively developing a profile for the network entity, the evaluation being based on at least: whether each permission vector within the set of permission vectors provides sufficient privileges for the network entity to perform an action, and a predefined rule; creating a new set of permission vectors for the network entity based on at least the selected group of the set of permission vectors; iterating the evaluation for the new set of permission vectors; determining whether an iteration termination condition has been met; and terminating the iteration based on the iteration termination condition being met.

Abstract: A method for storing application program information including segmenting the application program information into program sub-information, with an information segmentation algorithm of the application program information having undergone algorithm obfuscation processing; and storing the program sub-information. The present disclosure significantly reduces the possibility of application program information being acquired by hackers and the like, and improves the security of application program information and electronic devices.

Abstract: A method for extending a blockchain includes, at a space server in a distributed network: storing a plot file. The method also includes accessing a blockchain: during a current slot in the series of slots, accessing a proof-of-space challenge based on a current slot challenge associated with the current slot and a challenge chain signage point; in response to accessing the proof-of-space challenge, retrieving a proof-of-space based on the proof-of-space challenge and the plot file; calculating a quality-based number of iterations based on the quality of the proof-of-space; generating a block comprising the proof-of-space, the challenge chain signage point, and a reward chain signage point; and broadcasting the block to the distributed network.

Abstract: A method for generating a random number comprises selecting a group of at least two servers within a network; receiving a server specific string from at least two servers of the group; and using the server specific strings to generate the random number.

Abstract: A method for performing segmenting locking and merging control of encrypted digital assets based on time dimension is provided. The method being mainly provided to achieve segmenting locking and merging control of encrypted digital assets by adding a time attribute to encrypted digital asset. Using the method for performing segmenting locking and merging control of encrypted digital assets based on time dimension of the present invention, through the processing of encrypted digital assets in the time dimension, which not only can use smart contracts or hash locking to realize the automated transfer of encrypted digital assets in the future, and the transferred encrypted digital asset before the set time, also can transfer and transaction; meanwhile, since the segmentation object is based on the assets currently held by the user, therefore the deterministic payment of future value rights also can be ensured, has a wider range of applications.

Abstract: Systems and methods for distorting CAPTCHA images with generative adversarial networks include an image distortion interface that can select an image record from a database, determine the size of the selected image, and apply an adversarial attack algorithm to create an array of pixels that is the same size as the selected image so that the majority of the pixels in the array are zero values and the remaining pixels in the array are in the red-green-blue value range. The image distortion interface can merge the array of pixels with the selected image to form a distorted image. A server can include a CAPTCHA test interface that can select a set of images having the same label, retrieve corresponding distorted images, and provide a CAPTCHA test using the distorted images. The CAPTCHA test can use distorted images with different applied adversarial attack algorithms.

Abstract: An event can be analyzed for association with a security violation. Characters or other values of event data (e.g., command-line text) associated with the event can be provided sequentially to a trained representation mapping to determine respective representation vectors. Respective indicators can be determined by applying the vectors to a trained classifer. A token in the event data can be located based on the indicators. The event's can be determined to be associated with a security violation based on the token satisfying a token-security criterion. The representation mapping can be trained by adjusting model parameters so the trained representation predicts, based on a character of training command-line text, an immediately following character in the training command-line text. The classifier can be determined based on the trained representation mapping and classification training data indicating whether respective portions of training event data are associated with security violations.

Abstract: A system includes a virtual machine to transmit an input/output request to a data storage system and a hypervisor configured to maintain a map of the virtual machine to a virtual disk, wherein the virtual disk is a slice of a persistent storage device. A virtual machine server is configured to maintain a map of the virtual disk to a start address and an end address and to update the input/output request with the start address, the end address, and a virtual disk identifier associated with the virtual machine. A processor determines whether the start address and the end address are valid, and if the start address and the end address are valid, then process the input/output request. The response is transmitted to the input/output request.

Abstract: An exemplary system having a processor and a memory therein includes means for creating an isolation group, in which creating the isolation groups includes: defining isolation requirements, identifying a group of features utilizing call-out functions, and selecting from among the group of features utilizing call-out functions a group of features having the defined isolation requirements; deploying platform software integrating the isolation requirements, in which the platform software contains instructions to map the isolation requirements to a customer organization; creating the customer organization; creating a unique variant of the customer organization, in which creating the unique variant of the customer organization includes declaratively applying an isolation layer containing isolation requirements on top of a base layer for the customer organization; and deploying the unique variant of the customer organization onto the customer organization's computing infrastructure, in which the unique variant vali

Abstract: A query string for an encrypted database storing a plurality of encrypted data records is received from a requestor. The query string is segmented to obtain at least one word. The at least one word is encrypted with the irreversible encryption algorithm to obtain at least one encrypted word. At least one first encrypted item with a co-occurrence weight higher than a preset threshold based on the at least one encrypted word and a co-occurrence statistics model is acquired. The co-occurrence statistics model is built to provide co-occurrence weights, each indicating a probability that the at least one encrypted word appears in a first encrypted data item of the plurality of encrypted data records. At least one second encrypted data item corresponding to the at least one first encrypted data item is acquired from the plurality of encrypted data records.

Abstract: The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that, among other things, authenticate device identity and authorize exchanges of data in real-time based on dynamically generated cryptographic data. For example, an apparatus may receive a first signal that includes a first cryptogram associated with a client device, and may perform operations that authenticate an identity of the client device based on a comparison of the received first cryptogram and a second cryptogram generated by a computing system associated with an application program executed by the client device. In response to the authenticated identity, the apparatus may load profile data associated with the client device from a storage unit, and perform operations consistent with the profile data in accordance with the authenticated identity.

Abstract: An apparatus and method for determining a recommended cyber-attack security action are provided. The apparatus includes a processor and a memory communicatively coupled to the at least a processor. The memory contains instructions configuring the at least a processor to receive a cyber profile associated with a digital environment. The processor is further configured to receive a risk profile associated with the cyber profile and determine at least one security action based on the risk profile. In addition, the processor is configured to generating a user interface data structure configured to display the determined at least one security action.

Abstract: A method including determining, by a device, an assigned key pair including an assigned public key and an assigned private key; determining, by the device for a folder including encrypted content, a folder access key pair including a folder access public key and a folder access private key; encrypting, by the device, the folder access private key by utilizing the assigned public key; and accessing, by the device, the encrypted content based at least in part on decrypting the folder access private key. Various other aspects are contemplated.

Abstract: The present invention provides a text classification backdoor attack method, system, device and a computer storage medium. The method includes: training a pretraining model by using a clean training set to obtain a clean model; generating a pseudo label data set by using a positioning label generator; performing multi-task training on a Sequence-to-Sequence model by using the pseudo label data set to obtain a locator model; generating a backdoor data set by using the locator model; and training the clean model by using the backdoor data set to obtain a dirty model. A pseudo label data set is generated by using a pretrained clean model without manual annotation. A backdoor attack location in a text sequence may be dynamically predicted by using a locator model based on a Sequence-to-Sequence and multi-task learning architecture without manual intervention, and a performance indicator obtained by dynamically selecting an attack location is better.

Abstract: A method including determining, by a first device for a folder, a folder access key pair including a folder access public key and a folder access private key; determining, by the first device, a sharing encryption key based on the folder access private key and an assigned public key associated with a second device; and encrypting, by the first device, the folder access private key based on utilizing the sharing encryption key; determining, by a second device, a sharing decryption key based on the folder access public key and an assigned private key associated with the second device; decrypting, by the second device, the folder access private key based on utilizing the sharing decryption key; and accessing, by the second device, the folder based on utilizing the folder access private key. Various other aspects are contemplated.

Abstract: The present disclosure includes apparatuses, methods, and systems for run-time code execution validation. An embodiment includes a memory, and circuitry configured to monitor run-time executable code stored in a secure array of the memory device and receive an indication that a portion of the run-time executable code executed, wherein the indication includes a received Message Authentication Code (MAC) and take an action in response to the indication that the portion of the run-time executable code failed to execute.

Abstract: Methods and systems for automatic provisioning of security policies for content streaming control within a Content Delivery Network (CDN) are provided. According to one aspect, a method for automatic provisioning of security policies for content streaming control by a network node within a CDN that supports at least one streaming media protocol comprises: obtaining a manifest, the manifest being generated in response to a user requesting a streaming content from the CDN; determining a first security policy associated with the user and/or the requested streaming content in accordance with the manifest; updating a set of firewall rules for implementing security policies in accordance with the determined first security policy; and applying the updated set of firewall rules to validate requests from the user for the streaming content. The policies are dynamically configured and may be sparsely provisioned, e.g., downloaded only to the pertinent nodes and activated only when necessary.

Abstract: A machine learning (ML) based web application firewall (WAF) is described. Transformation(s) are applied to raw data including normalizing and generating a signature over the normalized data. The signature and the normalized data are vectorized to create a first and second vector of integers that are input into an ML model that includes a first stage that operates on the first vector of integers to identify candidate signature tokens that are commonly associated with different classes of attack, and a second stage that operates on the candidate signature tokens and the second vector of integers and conditions attention on the second vector of integers on the candidate signature tokens. The ML model outputs a score that indicates a probability of the raw data being of a type that is malicious. A traffic processing rule is enforced that instructs a WAF to block traffic when the score is above a threshold.

Abstract: Methods, systems, and apparatuses are described herein for improving the accuracy of authentication questions using e-mail processing. A request for access to an account may be received from a user device. A plurality of organizations may be identified. One or more e-mail associated with the account may be identified. The e-mails may be processed to identify one or more organizations that correspond to transactions conducted by a user. A modified plurality of organizations may be generated by removing, from the plurality of organizations, the one or more organizations. An authentication question may be generated and provided to the user device. A response to the authentication question may be received, and the user device may be provided access based on the response.