Abstract: The implementations of the present specification provide an image privacy protection method, apparatus, and device. The method includes: performing privacy content recognition on an original image; in response to a privacy content being recognized, determining a local region including the privacy content from the original image; performing privacy protection processing on image data for the determined local region to generate data of a privacy-protected original image, the privacy protection processing including at least one of image scrambling processing or image obfuscation processing; and performing image compression processing on the data of the privacy-protected original image to generate data of a compressed image, and using the compressed image as image data to be transmitted or stored.

Abstract: A cybersecurity platform is described that processes collected data using a data model to identify and link anomalies and in order to identify generate security events and intrusions. The platform generates graph data structures using the security anomalies extended using additional data. The graph data structures represent links between nodes, the links being events, the nodes being machines and user accounts. The platform processes the graph data structures by combining similar nodes or grouping security events with common features to behaviour indicative of a single or multiple security events to identify chains of events which together represent an attack.

Abstract: A method including correlating a network address of a user to a domain name in a domain name system of a computing network, based on a service log, is provided. The method includes identifying a user group, generating a watch list of servers that control access to a new resource, and establishing a baseline behaviour for a client device based on a first access and a last access to one server in the watch list of servers during a time to live period. The method also includes adding the true network address and a correlated domain name to the baseline behaviour, retrieving a timestamp of an access by the client device to the network address, and flagging, as a violation, the access by the client device to the network address when the access is outside of a legitimate window around the baseline behaviour.

Abstract: The present disclosure generally relates to web page analysis, and more particularly to detecting malicious behavior using an accomplice model. In certain embodiments, the accomplice model may determine that a URI is associated with malicious behavior based upon the URI being associated with an attribute determined to be related to malicious behavior. Examples of an attribute include a host system, a domain, or an element of a document used to render the web page. Examples of an element of a document used to render the web page may include an active/dynamic element (e.g., a function, a script, etc.) or an inactive/static element (e.g., a string, a number, a frame, a tracking username, a social networking username, etc.).

Abstract: A method for implementing a residential gateway service function, and a server are disclosed. The method may include: receiving, by a server, a data packet forwarded by a residential gateway (RGW) or a network side; identifying, by the server, a service type of the data packet according to information carried in the data packet; and providing, by the server, based on the service type of the data packet, a virtual residential gateway service for a user terminal connected to the RGW.

Abstract: A computing environment is disclosed that receives from devices requests directed toward services accessible in the environment, and that forwards communications from services in the environment to devices registered with the environment. During a registration process at the environment, devices are assigned a device identifier that is used to identify and authenticate each particular device and requests communicated from and to the device via the environment. The computing environment maintains state information for each device that has been registered with the system. As the device interacts with the system, the state information is updated to reflect the changes in the device. When requests to perform functions are received from devices, the computing environment determines for the particular device and the particular function requested what processing needs to be performed by the environment in response to the request.

Abstract: A computer-implemented method, computer program product and computing system for: establishing connectivity with a plurality of security-relevant subsystems within a computing platform; obtaining at least one security-relevant information set from each of the plurality of security-relevant subsystems, thus defining a plurality of security-relevant information sets; and processing the plurality of security-relevant information sets using artificial learning/machine learning to identify one or more commonalities amongst the plurality of security-relevant information sets.

Abstract: Multiple deception techniques utilized to mislead malicious entities that attempt to gather information associated with a computing device are implemented by changing a single result. In one aspect, requests for screen captures are intercepted and it is determined whether the requests are triggered due to user interaction (e.g., pressing a button and/or key) and/or received from an authorized application/device. If determined that the requests are not triggered due to user interaction and/or are received from an unauthorized application/device, a response comprising one of several pre-prepared or dynamically generated screen captures that are embedded (and/or appended) with misleading information (e.g., fake credentials, fake documents marked as important/hidden, etc.) is generated. Applications that attempt to utilize the misleading information can be flagged as malware.

Abstract: Methods, systems, and computer readable media for providing resilient computer services using systems diversity include a head device for receiving requests from clients and for replicating the requests. Variates each receive a request replicated from the head device, process the request, and generate a response to the request. At least some of the variates are different in configuration from the other. The response processing server receives the responses from the variates, selects one of the responses, and delivers the response to the client via the head device. Configuration or systems diversity and adaptation to threats and failures over time may be achieved using adaptive algorithms.

Abstract: The present disclosure relates to an identity authentication method and a communications terminal. One example method includes: performing, by a terminal, first identity authentication on first user identity feature data; if the first identity authentication succeeds, and the wearable device is in a valid worn state, when receiving an access request for a preset application, obtaining, by the terminal, a service security level of the preset application, and obtaining an authentication time point for second identity authentication and matching accuracy of the second identity authentication; determining whether a difference between a current time point and the authentication time point is less than authentication validity duration corresponding to the service security level and whether the matching accuracy is higher than lowest matching accuracy corresponding to the service security level; and if yes, accepting the access request.

Abstract: A communication apparatus that transfers received data stores a whitelist to manage an allowed object that is allowed to perform communications via the communication apparatus, comprises: a transfer unit that performs transfer control on the received data based on the whitelist; and a control unit that analyzes behavior related to communications performed by the allowed object. The control unit being configured to calculate a monitoring parameter that indicates the behavior related to the communications performed by the allowed object, and detect the allowed object where an abnormality occurred based on the monitoring parameter.

Abstract: The present disclosure relates to computer-implemented methods, software, and systems for identifying potential attacks through monitoring of user credential login attempts across a network of websites. One example method includes monitoring login attempts associated with a plurality of websites and identifying a first login attempt at a first website associated with a set of user credentials. In response to determining that the set of user credentials do not correspond to a valid set of credentials, a count value associated with an entry in a failed credential log associated with the user credentials is incremented. If the count threshold associated with a compromised user credential rule is exceeded by the current count value, then the first set of credentials is identified as a set of compromised credentials and at least one protective action is initiated.

Abstract: The appliance extension is designed and constructed to be a secure extension of the threat visualizer user interface of the cyber security appliance installed in the system with a limited set of functions including monitoring, investigating, and taking actions to counter the detected cyber threat, all of which an operator can securely take from the appliance extension; rather than, needing to log into the cyber security appliance and investigate potential cyber threats at a location where the cyber security appliance is installed in the system.

Abstract: A method for passive authentication of an individual using an individual's geo-location via a communication network includes recording of an individual's authentication data associated with a blockchain. The method includes providing an individual with a smartphone having a global positioning system (GPS) and a passive biometric user identification technology coupled to the smartphone; obtaining the geo-location of the smartphone; passively obtaining biometric characteristics that are unique to each human via the communications network; authenticating the user via the communications network for designated actions; and recording authentication data of the individual which is associated with a blockchain.

Abstract: Systems and methods are described for verifying whether simulated phishing communications are allowed to pass by a security system of an email system to email account of users. The delivery verification campaign may be configured to include the selection of the one or more types of simulated phishing communications from the plurality of types of simulated phishing communications. The selected one or more types of simulated phishing communications of the delivery verification campaign may be communicated to one or more email accounts. It is determined whether or not each of the one or more types of simulated phishing communications was allowed by the security system to be received unchanged at the one or more email accounts.

Abstract: In one embodiment, a device in a network obtains log data regarding replication of files stored on an endpoint client to a file replication service. The device tracks, based on the obtained logs, encryption changes to the files that convert the files from unencrypted files to encrypted files. The device determines that the tracked encryption changes to the files are indicative of a ransomware infection on the endpoint client. The device initiates a mitigation action regarding the ransomware infection.

Abstract: Systems and methods for preventing cyberattacks using a Density Estimation Network (DEN) for unsupervised anomaly detection, including constructing the DEN using acquired network traffic data by performing end-to-end training. The training includes generating low-dimensional vector representations of the network traffic data by performing dimensionality reduction of the network traffic data, predicting mixture membership distribution parameters for each of the low-dimensional representations by performing density estimation using a Gaussian Mixture Model (GMM) framework, and formulating an objective function to estimate an energy and determine a density level of the low-dimensional representations for anomaly detection, with an anomaly being identified when the energy exceeds a pre-defined threshold. Cyberattacks are prevented by blocking transmission of network flows with identified anomalies by directly filtering out the flows using a network traffic monitor.

Abstract: A method, an electronic device, a computer readable medium is disclosed. The method includes modifying a header of an object to include a list of applications or files. The method also includes responsive to an application attempting to access the object, interrupting access to the object. The method further includes determining whether the application that is attempting to access the object is approved based on identifying at least one application or file included in the list of the modified header that corresponds to the application. The method also includes preventing the application from accessing the object when it is determined that the application is not included in the list of the modified header.

Abstract: A computing environment is disclosed that receives from devices requests directed toward services accessible in the environment, and that forwards communications from services in the environment to devices registered with the environment. During a registration process at the environment, devices are assigned a device identifier that is used to identify and authenticate each particular device and requests communicated from and to the device via the environment. The computing environment maintains state information for each device that has been registered with the system. As the device interacts with the system, the state information is updated to reflect the changes in the device. When requests to perform functions are received from devices, the computing environment determines for the particular device and the particular function requested what processing needs to be performed by the environment in response to the request.

Abstract: A system and method for ensuring digital integrity of a blockchain is presented. The blockchain is initiated with one or more digital certificates presented in one of an initial set of blocks of the blockchain. One or more of the digital certificates may subsequently be used to sign a hash of a sequence of blocks in the blockchain at regular or semi-regular intervals. If a sequence of consecutive blocks is longer than a predetermined number and does not contain a signature from one or more of the digital certificates of a hash or one or more of the blocks in the sequence, the sequence may be considered not to comprise a part of the blockchain. In other embodiments side blocks may be signed and added to the blockchain.