Abstract: A system for securing control plane traffic in a sliced communication network that is adapted to run a plurality of network functions includes a plurality of security guards, each placed at an edge of an internal security zone, wherein the internal security zone is formed by grouping one or more network functions. Each security guard is configured to receive an incoming message from a requestor external to corresponding internal security zone and validate the extracted information against each other, and against a service specification policy for the communication network, and against threat intelligence analytics data. Each security guard is configured to compute one or more risk scores indicating risk perception or incidence of attack for its associated internal security zone and to initiate one or more attack preventive measures if a computed risk score exceeds a predetermined threshold. such as modifying or correcting or dropping the incoming message.

Abstract: A multi-stage anomaly detector analyzes an anomalous process chain in real time and rapidly determines whether the process chain is indicative of a cyber threat on an endpoint computing device in a multi-host environment. The multi-stage anomaly detector is used in an analyzer module configured within a host endpoint agent on that device. The analyzer module generates an anomaly score to correlate a likelihood that the cyber threat detected is harmful to that device. The multi-stage anomaly detector includes multiple stages of anomaly detectors including a first stage, a second stage, and a third stage of the anomaly detectors. Each stage generates its own anomaly score to produce at least one rapidly determined anomaly score as well as one thoroughly determined anomaly score. Each anomaly score is generated from various computational processes and factors different from the computational processes and factors of the other stages of anomaly detectors.

Abstract: One or more computing devices, systems, and/or methods for end-to-end encryption for multiple recipient devices are provided. A first registration, comprising a first device public key, is created for a first device. A second registration, comprising a second device public key, is created for a second device. A first notify message of the second registration and second device public key is provided to the first device. A second notify message is provided to the second device of the first registration and first device public key. A secure communication invite is routed to the first device. An encrypted message, comprising a first device private key, is routed from the first device to the second device. End-to-end encrypted communication between a sender device and the first device and the second device using the first device private key is facilitated.

Abstract: A method secures hash chains via hybrid consensus. A proximate payload for a proximate chain block for a proximate chain is obtained. A first identifier of the proximate chain and the proximate payload are hashed with a hash function to generate a second identifier of the proximate chain. The proximate chain block is added to the proximate chain. The proximate chain block includes the first identifier, the second identifier, and the proximate payload. A request to add the second identifier to a reporting chain is transmitted. A response indicating that the second identifier is incorporated into the reporting chain using the consensus mechanism is received.

Abstract: Methods, systems, and computer readable media for ingress message rate limiting are disclosed. One method includes, at a network node, receiving a service request message from a service consumer network function and extracting, from the received service request message, an access token that includes a consumer network function instance identifier identifying the service consumer network function. The method further includes determining, using the consumer network function instance identifier, that an allowed ingress message rate associated with the service consumer network function has been reached or exceeded and in response to determining that the allowed ingress message rate associated with the service consumer network function has been reached or exceeded, performing a message rate limiting action.

Abstract: Methods, systems, devices and apparatuses for preventing use of fraudulent and/or counterfeit embedded devices. The anti-cloning system includes a first device configured to be coupled to or receive a first embedded device. The first embedded device has a first unique identity value. The anti-cloning system includes a controller. The controller is coupled to the first device. The controller has a controller memory. The controller memory is configured to store a public verification key. The controller has a controller processor. The controller processor is coupled to the controller memory and configured to verify the first unique identity value using the public verification key. The controller processor is configured to allow or permit the first device to operate and use the first embedded device when the first unique identity value is verified.

Abstract: The disclosure provides systems and processes for applying neural networks to detect intrusions and other anomalies in communications exchanged over a data bus between two or more devices in a network. The intrusions may be detected in data being communicated to an embedded system deployed in vehicular or robotic platforms. The disclosed system and process are well suited for incorporation into autonomous control or advanced driver assistance system (ADAS) vehicles including, without limitation, automobiles, motorcycles, boats, planes, and manned and un-manned robotic devices. Data communicated to an embedded system can be detected over any of a variety of data buses. In particular, embodiments disclosed herein are well suited for use in any data communication interface exhibiting the characteristics of a lack of authentication or following a broadcast routing scheme—including, without limitation, a control area network (CAN) bus.

Abstract: A method and a system for detecting harmful content on a network are provided. The method comprises: receiving a URL; obtaining, from the URL, an HTML document associated therewith; converting the HTML document into a text; normalizing the text associated with the HTML document, thereby generating a plurality of tokens associated therewith; aggregating, each one of the plurality of tokens into a token vector associated with the HTML document; and applying, one or more classifiers to the token vector associated with the HTML document to determine a likelihood parameter indicative of the URL being associated with the harmful content; in response to the likelihood parameter being equal to or greater than a predetermined likelihood parameter threshold: identifying, the URL as being associated with the harmful content; and storing, the URL in a database of harmful URLs.

Abstract: Systems and methods for enhanced hash transforms are disclosed. In particular embodiments, biometric data is concatenated with non-biometric data for generating a fixed-sized vector, and furthermore performing various permutations and projections on the vector. The resulting vector may be stored in a registry, and a corresponding key may be generated and provided to the user associated with the biometric data. The hash transformation may be a lossy process, such that the resulting hash includes less bytes than the initial biometric data, and a hash reversal fails to generate an exact copy of the original biometric data.

Abstract: A deep-learning based method evaluates similarities of entities in decentralized identity graphs. One or more processors represent a first identity profile as a first identity graph and a second identity profile as a second identity graph. The processor(s) compare the first identity graph to the second identity graph, which are decentralized identity graphs from different identity networks, in order to determine a similarity score between the first identity profile and the second identity profile. The processor(s) then implement a security action based on the similarity score.

Abstract: An apparatus comprising: a unit configured to verify whether a first region that specifies a verification range of a first boot code and a second region that specifies a verification range of a second boot code have been altered; a unit configured to, when the first region has not been altered, verify whether the first boot code has been altered; a unit configured to, when the first boot code has been altered and the second region has not been altered, verify whether the second boot code has been altered; and a unit configured to, when the second boot code has not been altered, restore the first boot code using the second boot code, wherein the first and second regions are regions that are not rewritten after a start of the apparatus.

Abstract: An example operation may include one or more of receiving a request for blockchain information from a user device, acquiring blockchain data from a plurality of blockchains which are actively operating and available for joining, determining an amount of trust for each blockchain among the plurality of blockchains based on acquired blockchain data of the respective blockchain, and outputting a list identifying the plurality of blockchains where each blockchain on the list comprises a trust indicator indicating a determined amount of trust for the respective blockchain.

Abstract: According to an embodiment, a number-theoretic transform processing apparatus for a noise in lattice-based cryptography includes a processor configured to perform number-theoretic transform of the noise using a precomputation table including a combination of products of one or more elements that belong to a subspace of a finite field Zq and indicate coefficients of the noise, with one or more number-theoretic transform constants.

Abstract: Provided in some embodiments are systems and methods for determining a data flow path including a plurality of network devices for routing data from a first network device to a second network device; determining for the network devices one or more flow rules that specify an input for receiving data, an output for outputting data, and a role tag indicative of a role of a network device, where the role tag for one or more flow rules for a first network device of the network devices indicates a source role; distributing, to the network devices, the one or more flow rules; determining malicious activity on the data flow path; determining that the first network device is a source based at least in part on the role tag for the first network device; and sending, to the first network device, a blocking flow rule to inhibit routing of malicious data.

Abstract: A redundancy system includes a first computational device and a second computational device each configured to receive at least one input and to generate a first output and a second output, respectively, based on the at least one input; a random sequence generator configured to generate a random bit sequence; a random delay selector configured to determine a random delay based on the random bit sequence; a first random delay circuit configured to delay outputting the at least one input to the first computational device based on the random delay; a second random delay circuit configured to delay outputting the second output based on the random delay; and a fault detection circuit configured to receive the first output and the delayed second output, and to generate a comparison result based on comparing the first input to the delayed second output.

Abstract: An apparatus comprises at least one processing device that includes a processor and a memory coupled to the processor. The at least one processing device is configured to receive storage access protocol commands directed by one or more host devices to storage devices of a storage system over a storage area network, to generate statistics relating to the received storage access protocol commands, to process the generated statistics in a machine learning system trained to recognize anomalous access patterns to the storage devices over the storage area network, and to generate an alert indicative of an access anomaly based at least in part on the processing of the generated statistics in the machine learning system. A multi-path input-output (MPIO) driver of the one or more host devices may be provided with the alert and configured to initiate one or more remediation actions responsive to the alert.

Abstract: Systems and methods are described for delivering messages from one or more service hosts to clients via a network. A first request identifying the client is received at the message server, and a connection is established and maintained between the message server and the client in response to the first request. When a subsequent request that identifies the client is received from the service host, a message is transmitted from the message server to the client over the previously-established connection. The methods and techniques may be used, for example, to provide messages from various services to placeshifting devices or other clients communicating via the network.

Abstract: Embodiments for a networking device are disclosed. The networking device includes a private identity-based cryptographic (IBC) key issued for a first device. The networking device can receive an internet protocol (IP) packet from the first device. The networking device modifies the IP packet to form a modified IP packet, wherein modify the IP packet includes add an extension header to the IP packet. The extension header includes a source identifier identifying the first device, an indication of the key generation authority and an indication of an identity-based encryption (IBE) algorithm. The networking device also generates an identity-based signature (IBS) using the IBC algorithm with the source identifier as an identity input, the modified IP packet as a message input, and the private IBC key for the first device as a private key input. The modified IP packet and the IBS is then sent towards a destination of the IP packet.

Abstract: A computer-implemented method according to one embodiment includes identifying a node within a clustered system, determining a role of the node, based on one or more characteristics of the node, and setting one or more firewall parameters for the node within the clustered system, based on the role of the node.

Abstract: The present invention prevents falsification of ABI information and makes it possible for the users to safely read data on a blockchain. A registration terminal 1 includes an extraction unit 142 that extracts from a smart contract, ABI information used to access the smart contract and a transaction issuing unit 13 that issues a transaction including bytecode generated by compiling the smart contract and the ABI information, and an approval terminal 2 includes a verification unit 152 that verifies whether it is possible to access the bytecode included in the transaction by using the ABI information included in the transaction and a block generation unit 154 that, if it is possible to access the bytecode, generates a block including the transaction and makes the block and the ABI information reflected on a distributed ledger 11 of each terminal in the blockchain system.