Abstract: A bot traffic detection system detects scripted network traffic. The bot traffic detection system may use a one-sided unsupervised machine learning technique to estimate distributions for human, non-scripted traffic (clean distributions). The clean distributions may be dynamically updated based on the latest traffic patterns. To estimate the clean distributions the bot traffic detection system may identify, for a certain subset of network traffic, feature values of the certain subset of network traffic that do not include bot traffic (clean buckets). Using clean traffic may provide more robust and stable behavior that can be tracked over time. Using the clean distributions, the bot traffic detection system may generate a rules table that indicates a likelihood that network traffic with a given combination of feature values is scripted network traffic. The bot traffic detection system may apply the rules table in real time to identify scripted network traffic.

Abstract: A secure control system includes a network of multiplexers that control end/field devices of an infrastructure system, such as an electric power grid. The multiplexers have a default secure lockdown state that prevents remote access to data on the multiplexers and prevents modification of software or firmware of the multiplexer. One or more of the multiplexers include a physical authentication device that confirms the physical proximity of a trusted individual when remote access is requested. A user accesses the network and one of the multiplexers remotely by way of login credentials. The trusted individual confirms the identity of the remote user and operates the physical authentication device connected with and in proximity to that multiplexer, thereby confirming that the remote user can be trusted to access data and reconfigure the multiplexers.

Abstract: In aspects of user authentication facilitated by an additional device, a computing device can maintain authentication data usable to authenticate a user to use the computing device. The computing device implements an authentication control module that can determine an additional device is equipped to facilitate authentication of a user to the computing device. The authentication control module can then receive additional authentication data associated with the user from the additional device, and authenticate the user to use the computing device based in part on the additional authentication data received from the additional device.

Abstract: Presented herein are techniques in which a network device obtains a request from an Internet of Things (IoT) device to access a wireless wide area (WWA) access network. The request includes a token and an identifier associated with the IoT device. The network device transmits a verification request to an IoT vendor associated with the IoT device to determine whether the token and the identifier are valid and obtains an indication from the IoT vendor that the token and the identifier are valid. The network device facilitates connection of the IoT device to the WWA access network based on obtaining the indication that the token and the identifier are valid.

Abstract: A method includes importing an object into a first data storage device, obtaining static metadata relating to the object, and obtaining dynamic metadata relating to the importation of the object. The static metadata and the dynamic metadata are hashed to create a block hash for the object and the importation of the object. The imported object and the block hash are stored in the first data storage device.

Abstract: A method for processing information security events of a computer system includes receiving information related to a plurality of information security events occurred in the computer system. Each of the events includes an event related to a possible violation of information security of the computer system. A verdict is determined for each of the events. The verdict includes: i) information security incident or ii) false positive. The verdict is false positive if the probability of a false positive for the corresponding event is greater than a first threshold. Verdicts are changed for a subset of the events from the false positive to the information security incident. A number of events in the subset is lower than a second threshold. An analysis of the events having a verdict of the information security incident is performed to determine if the computer system is under a cyberattack.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for user authentication are disclosed. In one aspect, a method includes the actions of receiving a request to access a streaming service on an electronic device. The actions further include, in response to receiving the request to access the streaming service on the electronic device, determining, by the computing device, that a subscriber device is in a vicinity of the electronic device. The actions further include, based on determining that the subscriber device is in the vicinity of the electronic device, determining, by the computing device, a user identifier associated with the subscriber device. The actions further include determining that the user identifier is associated with a valid subscription to the streaming service. The actions further include providing data to access the streaming service.

Abstract: Methods and devices for detecting a spoofing attack are provided. The method includes receiving a speech signal; applying a Fast Fourier Transform (FFT) to the speech signal to extract FFT features therefrom and feeding the extracted FFT features to a pre-trained deep neural network to assign a first confidence score to the speech signal; applying a Discrete cosine transform (DCT) to the speech signal to extract DCT features therefrom and feeding the extracted DCT features to a pre-trained deep neural network to assign a second confidence score to the speech signal; applying a pre-trained deep convolutional network (DCN) based on an end-to-end architecture to the speech signal to assign a third confidence score to the speech signal; computing a total confidence score based on the assigned confidence scores; and comparing the computed total confidence score to a predefined threshold to detect whether the received speech signal is spoofed.

Abstract: A computer implemented method of detecting a phishing threat using a pre-defined statistical model to determine whether a network resource is a potential phishing threat based on features extracted from a network resource identifier for the network resource. The method includes: receiving a request to access a network resource; determining, from the request, a network resource identifier for the requested network resource; extracting one or more features from the network resource identifier; applying the pre-defined statistical model to the extracted features; and classifying the network resource as a phishing threat if the output of the statistical model, when applied to the extracted features, determines that the network resource is a potential phishing threat.

Abstract: A vehicle communication access framework and a method are provided. The vehicle communication access framework comprises: a first device residing in a vehicle, a first processing system operated by a trusted third party, a second processing system operated by an original equipment manufacturer (OEM) of the vehicle, and a third processing system operated by a third party provider; wherein communication accesses among the first device, second processing system and third processing system are based on Identity Based Cryptography (IBC) private keys generated by the first processing system to respective first device, second processing system and third processing system.

Abstract: A device may receive, from a client device, a request with a single packet authorization (SPA) packet that includes data identifying a universal client device identifier. The device may generate a shared key associated with the universal client device identifier, and may determine that the SPA packet matches a comparison message authentication code (MAC) generated based on the shared key. The device may provide, based on the SPA packet matching the comparison MAC, a MAC associated with the SPA packet to the client device to enable the client device to validate the device.

Abstract: An information management system implements a method for securing a media agent from unauthorized access, where the method includes configuring a secondary storage computing device to initialize a filter driver at boot time and monitor process calls to a media agent, where the media agent provides read and write operations to a secondary storage device in communication with the secondary storage computing device. The filter driver may detect a process call to the media agent, and determine whether the process call is authorized. In response to a determination that the process call is authorized, the filter driver may allow the process call to request an operation be performed by the media agent, and the media agent may then perform the requested operation. If the filter driver determines that the process call is not authorized, the filter driver may ignore the process call for the requested operation.

Abstract: An apparatus for detecting a phishing website based on website icons is disclosed. A disclosed example apparatus includes a parser to locate a first website icon corresponding to a first website, an icon hasher to generate a first hash of the first website icon, and a hash checker to determine whether the first hash matches a second hash of a second website icon corresponding to a second website in an icon hash database, the hash checker to, in response to the first hash matching the second hash, determine whether a first portion of a first Uniform Resource Locator (URL) corresponding to the first website matches a second portion of a second URL corresponding to the second website, the hash checker to, in response to the first portion not matching the second portion, identify the first website as a phishing website.

Abstract: Methods, systems, and devices for encrypting and decrypting data. In one implementation, an encryption method includes inputting plaintext into a recurrent artificial neural network, identifying topological structures in patterns of activity in the recurrent artificial neural network, wherein the patterns of activity are responsive to the input of the plaintext, representing the identified topological structures in a binary sequence of length L and implementing a permutation of the set of all binary codewords of length L. The implemented permutation is a function from the set of binary codewords of length L to itself that is injective and surjective.

Abstract: Techniques and screening messages based on tags in an automotive environment, such as, messages communicated via a communication bus, like the CAN bus. Messages can be tagged with either a binary or probabilistic tag indicating whether the message is fraudulent. ECUs coupled to the CAN bus can receive the messages and the message tags and can determine whether to fully consume the message based on the tag.

Abstract: A communication method and a communications apparatus are provided. The method includes: when receiving a first PDU session establishment request sent by a UE, encrypting, by an access and management network element (AMF), user information in the request, to obtain encrypted user information; and sending, by the AMF, a second PDU session establishment request to an SMF in response to the first PDU session establishment request, where the second PDU session establishment request carries the encrypted user information. In this manner, after the UE accesses a core network, an AMF entity may encrypt user information of the UE. The interaction information between NF entities, for example, the AMF entity and an SMF entity, carries the encrypted user information, which helps prevent user privacy leakage.

Abstract: An apparatus to facilitate data cache security is disclosed. The apparatus includes a cache memory to store data; and prefetch hardware to pre-fetch data to be stored in the cache memory, including a cache set monitor hardware to determine critical cache addresses to monitor to determine processes that retrieve data from the cache memory; and pattern monitor hardware to monitor cache access patterns to the critical cache addresses to detect potential side-channel cache attacks on the cache memory by an attacker process.

Abstract: Facial recognition-based authentication comprises obtaining a first image of a target object, updating projection information associated with a display by a display device, obtaining a second image of the target object, the second image being an image of the target object after the projection information is updated, obtaining an image difference data based at least in part on the first image and the second image, and determining whether the target object is a virtual object based at least in part on the image difference data.

Abstract: A method includes: determining, by a computer device, affinities between components in a networked computer system; determining, by the computer device, a risk level of each of the components; determining, by the computer device, a risk level of the networked computer system; detecting, by the computer device, a threat in the networked computer system; determining, by the computer device, an action based on the threat, the risk level of ones of the components affected by the threat, and the risk level of the system; and reconfiguring, by the computer device, the networked computer system based on the determined action.

Abstract: This disclosure relates to systems and methods generating and distributing protected software applications. In certain embodiments, integrity checking mechanisms may be implemented using integrity checking code in software code prior to compilation into machine code. Following compilation and execution of the application, the introduced code may check the integrity of the application by determining whether the application behaves and/or otherwise functions as expected. By introducing integrity checking in this manner, integrity checking techniques may be injected into the application prior to compilation into machine code and/or independent of the particular manner in which the application is compiled.