Abstract: Disclosed are a defense method and a model of deep learning model aiming at adversarial attacks in the technical field of image recognition, which makes full use of the internal relationship between the adversarial samples and the initial samples, and transforms the adversarial samples into common samples by constructing a filter layer in front of the input layer of the deep learning model; the parameters of the filter layer are trained by using the adversarial attack samples, so as to improve the ability of the model to resist adversarial attack; then the trained filter layer is combined with the learning model after the adversarial training, and a deep learning model with strong robustness and high classification accuracy is obtained, which ensures that the recognition ability of the initial sample is not reduced while resisting the adversarial attacks.

Abstract: A system, method, and computer-readable medium are disclosed for performing an entity behavior cataloging operation. The entity behavior cataloging operation includes: identifying a security related activity, the security related activity being based upon an observable from an electronic data source; analyzing the security related activity, the analyzing identifying an event of analytic utility associated with the security related activity; generating entity behavior catalog data based upon the event of analytic utility associated with the security related activity; and, storing the entity behavior catalog data within an entity behavior catalog, the entity behavior catalog providing an inventory of entity behaviors for use when performing a security operation.

Abstract: A system comprising a plurality of pieces of equipment, wherein the equipment included in the system communicates with other equipment by using inter-equipment pairing information, the other equipment being included in the system, and the equipment and the other equipment mutually storing the inter-equipment pairing information, a part included in the equipment communicates with an other part by using inter-part pairing information, the part and the other part being included in the equipment that is identical, and mutually storing the inter-part pairing information, and when receiving a deletion request that is information that requests deletion of the inter-equipment pairing information, the system deletes the inter-equipment pairing information stored in each of the plurality of pieces of equipment, and maintains the inter-part pairing information stored in the part.

Abstract: An information processing apparatus includes an authenticating unit, a transmitter, a receiver, and a controller. The authenticating unit authenticates a user. The transmitter transmits user identification information of the user authenticated by the authenticating unit to a management apparatus via a dedicated network used for exchanging the user identification information and restriction information. The receiver receives the restriction information of the user corresponding to the transmitted user identification information from the management apparatus via the dedicated network. The controller controls a range of a function usable by the user based on the restriction information received by the receiver.

Abstract: Systems and memory devices are disclosed for fully homomorphic encryption (FHE). The system may include a processing unit including: a data memory for storing coefficients for a polynomial; a twiddle factor (TF) memory for storing TF values associated with the polynomial; a TF register connected to the TF memory; a plurality of first registers connected to the data memory; a plurality of first MUXs connected to the first registers; a plurality of second registers connected to the plurality of first MUXs; a plurality of Butterfly (BF) cores connected to the plurality of the second registers and the TF register; wherein each of the plurality of BF cores is configured to, responsive to a control signal, perform a Butterfly Transform (BFT) operation based on two coefficients from the data memory and a TF value from the TF memory.

Abstract: Systems and methods are described herein for performing vulnerability assessment on partially functional software applications (e.g., software applications currently at a phase in the development cycle prior to a user acceptance testing phase). By doing so, the system may detect vulnerabilities, if any, more easily based on the fewer functional components of the application. Additionally or alternatively, curing any vulnerabilities will require fewer modifications to the application's software, architecture, and/or intended functionality (as these characteristics are also earlier in their development cycle).

Abstract: A method of detecting anomalous user behavior in a cloud environment includes receiving a vector that comprises counts of actions taken by the user during a current time interval; determining whether an action count in the vector is greater than a global mean; building a scale table by combining new action skills that are above a threshold and original action skills if below the threshold; and identifying outliers when the action count is greater than the global mean multiplied by a corresponding action scale from the scale table.

Abstract: Methods and systems for generating a security policy at a gateway are disclosed. A server computer and a gateway can perform a protocol in order to train a security model at a gateway, such that it can detect attack packets and prevent those attack packets from reaching the server computer via the gateway. In a learning phase, the server computer can provide training packets and test packets to the gateway. The gateway can use the training packets to train a security model, and the gateway can classify the test packets using the security model in order to test its accuracy. When the server computer is satisfied with the accuracy of the security policy, the server computer can transmit an acceptance of the security policy to the gateway, which can subsequently deploy the model in order to detect and filter attack packets.

Abstract: Techniques and mechanisms are disclosed enabling efficient collection of forensic data from client devices, also referred to herein as endpoint devices, of a networked computer system. Embodiments described herein further enable correlating forensic data with other types of non-forensic data from other data sources. A network security application described herein further enables generating various dashboards, visualizations, and other interfaces for managing forensic data collection, and displaying information related to collected forensic data and information related to identified correlations between items of forensic data and other items of non-forensic data.

Abstract: Provided are a training method and apparatus for a distributed machine learning model, a device and a medium. The training method includes: acquiring a first homomorphic encryption intermediate parameter and a second homomorphic encryption intermediate parameter; generating a first interference parameter, and forming a first encryption interference parameter by encrypting the first interference parameter by using a second homomorphic public key of a second participant; performing calculation based on the first homomorphic encryption intermediate parameter, the second homomorphic encryption intermediate parameter, the first encryption interference parameter and the homomorphic calculation function of a first submodel to generate a first encryption key parameter.

Abstract: An electronic device is disclosed. The electronic device comprises: a memory for storing at least one instruction; and a processor for executing at least one instruction, wherein the processor executes the at least one instruction so as to, when an operation command for a homomorphic ciphertext is input, obtain an operation result by using a plaintext operation corresponding to the operation command and a plaintext corresponding to the homomorphic ciphertext, and output the obtained operation result in a manner corresponding to the operation command.

Abstract: The concepts and technologies disclosed herein are directed to zero day attack detection. A system can monitor, by a sequence manager, a sequence of transaction requests. The sequence manager can determine whether a transaction request in the sequence is anomalous. In response to determining that the transaction request is anomalous, and before the allowing the system to process the transaction request, the sequence manager can provide the sequence of transaction requests to a sequence emulator. The sequence emulator can attempt to verify an output of the sequence of transaction requests. The sequence manager can receive a notification from the sequence emulator. The notification can indicate whether the output of the sequence of transaction requests can be verified. In response, the sequence manager can instruct the system to deny (if the output cannot be verified) or allow (if the output can be verified) processing of the sequence of transaction requests.

Abstract: The invention relates to a method for protecting information contained in a security module of a telecommunication device provided with a near field communication router, wherein the modification of routing table between ports of said route is subject to the checking of an authentication code inputted by a user.

Abstract: A method may include determining that a source variable receives a source value from a source function, determining that a source statement writes, using the source variable, the source value to a column in a table, and obtaining, for a first sink statement, a first set of influenced variables influenced by the source variable. The method may further include obtaining, for a second sink statement, a second set of influenced variables influenced by the first set of influenced variables, and adding nodes to a trace graph. The method may further include determining that the first sink statement reads the source value into a sink variable including an identifier of the column, generating a modified set of influenced variables by adding the sink variable to the set of influenced variables, and reporting a defect at the first sink statement, and a defect trace using the trace graph.

Abstract: Information technology/cyber security for computer-related processes in which vulnerabilities are identified and, those vulnerabilities which are technology-related are automatically remediated by determining and executing network-based tasks. The most granular level of computer-related process assessment in made possible by reliance on a critical function/process taxonomy this is automatically generated and, as such, the present invention, identifies both technology and non-technology-related vulnerabilities.

Abstract: A method includes determining, by an analysis system, a system aspect of a system for a protection evaluation. The method further includes determining, by the analysis system, at least one evaluation perspective for use in performing the protection evaluation on the system aspect. The method further includes determining, by the analysis system, at least one evaluation viewpoint for use in performing the protection analysis on the system aspect. The method further includes obtaining, by the analysis system, protection data regarding the system aspect in accordance with the at least one evaluation perspective and the at least one evaluation viewpoint. The method further includes calculating, by the analysis system, a protection rating as a measure of protection maturity for the system aspect based on the protection data, the at least one evaluation perspective, the at least one evaluation viewpoint, and at least one evaluation rating metric.

Abstract: An authentication server may use secure messaging with a remote device prior to authorizing non-secure communications between the remote device and a content server, thereby preventing unauthorized access to the content server. The secure messaging uses such security features as encryption, signatures with authentication certificates, a realm, and/or a nonce. Once non-secure communication is authorized, the remote device may act as a proxy between the content server and a user device connected to the remote device. The authentication server sends timeout notices to the remote device containing an interval and a key. To continue non-secure communications with the content server, the remote device must respond prior to the expiration of the interval by sending a keep-alive message containing the key to the authentication server.

Abstract: A stream of cybersecurity alerts is received. Each cybersecurity alert from the stream of cybersecurity alerts is associated with a set of attributes. Each cybersecurity alert from the stream of cybersecurity alerts is associated, based on the set of attributes and as that cybersecurity alert is received, to a bucket from a set of buckets. Each bucket from the set of buckets is associated with (1) an attribute from the set of attributes different than remaining buckets from the set of buckets and (2) a set cybersecurity alerts from the stream of cybersecurity alerts having the attribute. For each bucket from the set of buckets, a set of correlations between cybersecurity alerts included in the set of cybersecurity alerts for that bucket are determined, based on the set of cybersecurity alerts for that bucket, to generate an attack graph associated with that bucket.

Abstract: A method includes determining, by an analysis system, a system aspect of a system for a protection evaluation. The method further includes determining, by the analysis system, at least one evaluation perspective for use in performing the protection evaluation on the system aspect. The method further includes determining, by the analysis system, at least one evaluation viewpoint for use in performing the protection analysis on the system aspect. The method further includes obtaining, by the analysis system, protection data regarding the system aspect in accordance with the at least one evaluation perspective and the at least one evaluation viewpoint. The method further includes calculating, by the analysis system, a protection rating as a measure of protection maturity for the system aspect based on the protection data, the at least one evaluation perspective, the at least one evaluation viewpoint, and at least one evaluation rating metric.

Abstract: Techniques are disclosed for dynamically generating a digital certificate for a customer server. A customer server creates a certificate profile and receives an associated profile identifier from a certificate authority (CA). The customer server installs an agent application received from the CA. The agent application generates a public/private key pair and an identifier associated with the customer server. The agent application sends a signed request to the CA that includes the profile identifier, server identifier, and the public key corresponding to the key pair. Upon receiving the credentials, the CA generates a dynamically updatable certificate. Thereafter, if the customer changes information associated with the certificate (or if external conditions require a change to the certificate, such as a key compromise or change in security standards), the CA may generate an updated certificate based on the certificate profile changes and the public key.