Abstract: A system and method for inferring an operating system version for a device based on communications security data. A method includes identifying a plurality of sequences in communications security data sent by the device; determining an operating system type of an operating system used by the device based on the identified plurality of sequences; applying a version-identifying model to the identified plurality of sequences, wherein the version-identifying model is a machine learning model trained to output a version identifier, wherein the applied version-identifying model is associated with the determined operating system type; and determining the operating system version of the device based on the output of the version-identifying model.

Abstract: A system is provided for detecting and remediating computing system breaches using computing network traffic monitoring. In particular, the system may identify one or more technology elements within a network as well as relationships between computing systems associated with said elements to determine a network topology. Based on the network topology, the system may use historical network traffic data associated with the technology elements in the network to generate predicted entry points and lateral pathways of a security breach that may take place within particular computing systems. Then, based on the technology elements affected as well as entry points and path traversals of the breach, the system may generate and/or implement one or more remediation steps to address existing and/or future breaches. In this way, the system may provide an intelligent method of augmenting the security of a computing network.

Abstract: Disclosed are a system and method for detecting an unauthorized Internet of things (IoT) device in a private computer network. Packets of network traffic are collected in the private computer network. An IoT packet is identified from among the collected packets. IoT data is extracted from the IoT packet and encrypted. The encrypted IoT data is transmitted to an artificial neural network in the cloud over the public Internet. The artificial neural network infers, based on the encrypted IoT data, a device type of an IoT device that transmitted the IoT packet in the private computer network. The IoT device is detected to be unauthorized in response to detecting that the device type of the IoT device is not a recognized IoT device type in the private computer network.

Abstract: Systems and methods are disclosed herein for determining the validity of certificates possessed by a plurality of computer system instances operating under a service of a computing resource service provider. A certificate authority may hold an election to determine an intermediary computer system instance among the plurality of computer system instances to communicate between the certificate authority and the plurality of computer system instances. The intermediary instance may receive a set of certificate fingerprints from the plurality of computer system instances. The intermediary instance may compare the set of certificate fingerprints to a valid certificate fingerprint generated using a valid certificate to determine the validity of certificates possessed by the plurality of computer system instances. The intermediary instance may generate a report based on the determination of the validity of the certificates.

Abstract: There is herein disclosed a method of establishing at least a portion of an encryption key, the method including transmitting a first photon along a channel, determining the length of time the first photon takes to propagate along the channel, making a modification to the channel so as to change the length of time it takes a photon to propagate along the channel, transmitting a second photon along the modified channel, determining the length of time the second photon takes to propagate along the modified channel, using the determined lengths of time to determine the at least a portion of an encryption key, and, separately, using the fact that a modification has been made to the channel to determine the at least a portion of an encryption key.

Abstract: A system includes a radio node connected to a core network through the Internet. The system further includes a load balancer connected to the Internet and the radio node, a mobility management entity connected to the Internet and the core network, and a packet data network gateway connected to the Internet and the core network. The load balancer receives a plurality of Internet connections and consolidates the Internet connections into a single Internet connection to be provided to the radio node. The mobility management entity is configured to verify a core network connection request from a user equipment using a private blockchain network, and the packet data network gateway is configured to establish a virtual private network connection between the user equipment and the core network in response to successful verification of the core network connection request to provide permitted core network services to the user equipment.

Abstract: A method for biometric identification or authentication is described. An image of a body region is obtained. A truth map for said body region is obtained, said truth map associating, with each portion of a set of portions of said image of a body region, a probability that said portion belongs to a true body region. The image of the body region is then compared with a group of reference biometric data using the truth map. Finally, the identification or authentication of said body region is validated or invalidated in response to said comparison.

Abstract: An anomaly detection system that includes a database and a server. The server is connected to the database. The server is configured to identify anomalous web traffic for a certain time period based on one or more client keys from the certain time period. The client key(s) includes at least two characteristics related to web traffic data. The server includes a processing unit and a memory. The server is configured to receive the web traffic data from the database, calculate a z-score metric for the client key, calculate a change rate metric for the client key, calculate a failure metric for the client key, determine an anomaly score based on the z-score metric, the change rate metric, and the failure metric, and determine that the certain time period is an anomalous time period based on the anomaly score.

Abstract: A computer-implemented method comprising: generating, from a key-seed associated with a user, a set of homomorphic encryption (HE) keys associated with an HE scheme; receiving, from a key management system (KMS) associated with said HE scheme, an encrypted version of said key-seed; storing said encrypted version of said key-seed, and said set of HE keys, in an untrusted storage location; and at a decryption stage, decrypting an encrypted computation result generated using said HE scheme, by: (i) recalling, from said untrusted storage location, said encrypted version of said key-seed, (ii) providing said encrypted version of said key-seed to said KMS, to obtain a decrypted version of said key-seed s associated with said user, (iii) generating, from said received decrypted version of said key-seed, a secret HE key associated with said HE scheme, and (iv) using said secret HE key to decrypt said encrypted computation result.

Abstract: Credentials management and usage in application modernization can be implemented as computer-readable methods, media and systems. A notification identifying an application modernization operation is received. The operation is to be performed on an application deployed by multiple resources arranged in multiple hierarchical levels. A resource residing at a hierarchical level of the multiple hierarchical levels is identified. The application modernization operation is to be performed on the identified resource which has a resource type. A search for a credential is performed. The credential grants access to the resource to enable performing the application modernization operation. In response to the searching, a credential included in the multiple credentials is identified. The identified credential grants access either to the resource or to resources of the resource type. In response to receiving the notification, the identified credential is provided.

Abstract: The present invention relates to a method and system of cybersecurity; and particularly relates to an encryption method and system on the basis of cognitive computing for xenomorphic cryptography or unusual form of cryptography; said method comprises generating a Functional Neural Network or KeyNode (KN) of the system by programming a chain of multiple nodes also called Artificial Mirror Neurons (AMN) based on captured information of reaction time and emotional response to a simple task; racing the nodes in the Functional Neural Network or KeyNode (KN) as an encryption device or cipher for the time of use; generating a password at the time of use based on the sum of intrinsic values of the nodes in the racing network at this time and adopting the generated password for authentication.

Abstract: A computing device receives network message data. The computing device determines a message processing type corresponding to the network message data. In accordance with a determination that the message processing type is a consensus processing type, the computing device obtains a consensus parameter corresponding to the network message data. In accordance with a determination that the consensus parameter does not meet a consensus validity condition, the computing device classifies the network processing message data as an invalid consensus message; and filters out the network message data.

Abstract: This disclosure describes techniques for preventing network attacks within messages. For instance, electronic device(s) may receive a message, such as an email, from a first electronic device. The message may include a first code with a first embedded address to a first network resource, such as a malicious network resource. As such, the electronic device(s) may analyze the message to identify the first code. The electronic device(s) may then generate a second address associated with a second network resource, such as a secure proxy, a remote browser, a click-time protection service, and/or the like. Next, the electronic device(s) may embed the second address in a second code and replace the first code within the message with the second code. After replacing the first code, the electronic device(s) may send the message to a second electronic device of the second user.

Abstract: A security system generates a digital signature for a small cell of a wireless network and assigns the digital signature to the small cell for connecting to the wireless network. The digital signature can be generated based on a connectivity schedule for the small cell. When the security system obtains a connection request from the small cell to connect to the wireless network, the security system compares an instance of the digital signature included in the connection request with an expected digital signature and compares the point in time when the connection request was communicated with an expected time indicated in the connectivity schedule. The security system detects an anomaly when the instance of the digital signature deviates from the expected digital signature or the point in time deviates from the expected time, and causes performance of an action based on a type or degree of the anomaly.

Abstract: The present disclosure provides a method and apparatus for suppressing the spread of viruses in a local area network (LAN). The method includes, in response to that an ARP packet is received, determining whether a number of interacting terminals corresponding to a target terminal that sent the ARP packet reaches a first preset threshold; in response to that the number of interacting terminals reaches the first preset threshold, further determining whether a number of abnormal terminal relationships corresponding to the target terminal reaches a second preset threshold; and in response to that the number of abnormal terminal relationships reaches the second preset threshold, providing protection to the target terminal to so to suppress virus propagation in the LAN.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to analyze telemetry data of a network device for malicious activity. An example apparatus includes an interface to obtain first telemetry data, a rules generator to, using the first telemetry data, generate a global block list using a machine learning model, the machine learning model generated based on a device specific block list and a device specific allow list, and a model manager to transmit the global block list to a gateway, the gateway to facilitate on-path classification of second telemetry data.

Abstract: Systems, methods, and related technologies for determining an anomaly based on properties associated with an entity are described. The determination of an anomaly associated with an entity may include accessing network traffic from a network and storing a first value of a property associated with an entity communicatively coupled to the network. The first value of the property is based on the network traffic. Additional network traffic associated with the entity may be accessed and a second value of the property determined based on the additional network traffic. Whether the first value of the property does not match the second value of the property may be determined and in response to the first value of the property not matching the second value of the property, an indicator that an anomaly has detected may be stored. An action may be performed based on determination of an anomaly.

Abstract: Methods and systems for detecting forged Kerberos protocol tickets are presented. In one embodiment, a method is presented that includes receiving and decrypting an authentication request including a ticket. A validity start time and a validity end time may then be extracted from the ticket and a validity period may be calculated based on the validity start time and the validity end time. The method may then include retrieving a domain validity period from a domain controller and comparing the validity period to the domain validity period. If the validity period differs from the domain validity period, the authentication request may be blocked.

Abstract: Systems, methods, and computer program products are directed to machine learning techniques that use a separate embedding layer. This can allow for continuous monitoring of a processing system based on events that are continuously generated. Various events may have corresponding feature data associated with at least one action relating to a processing system. Embedding vectors that correspond to the features are retrieved from an embedding layer that is hosted on a separate physical device or a separate computer system from a computer that hosts the machine learning system. The embedding vectors are processed though the machine learning model, which may then make a determination (e.g. whether or not a particular user action should be allowed). Generic embedding vectors additionally enable the use of a single remote embedding layer for multiple different machine learning models, such as event driven data models.

Abstract: Embodiments provide a memory device including a memory comprising at least one chip, each chip comprising one or more banks for storing a plurality of bits, each bank comprising a set of rows and columns, each row and column comprising a number of bits, the device further comprising a controller configured to generate access commands to the memory, an access command identifying an address corresponding to a given row of the memory and a command operation to be performed on the given row, wherein the device further comprises a protection device. The protection device is configured to transform an address, in response to the receipt of an access command identifying the address, into a transformed address.