Abstract: Methods of sensory input integrity attestation are provided. Artifacts included within devices under test inject a known noise signal into the output signal of one or more output devices that are detectable by one or more input devices (i.e., sensors) of an embedded device, and monitor the received input data. By comparing the received signal against the expected noise signal, attestation of the validity of sensory input data is possible. Such sensory input data attestation is capable either locally or using a remote attestation device with knowledge of the expected data stream.

Abstract: A domain name registrar may provide a service for a domain name registrant to automatically and without further action by the domain name registrant (other than possibly paying for the service) enable secure socket layer (SSL) for a domain name to a third party hosting service, even when the domain name registrar does not own or control the third party hosting service. The invention allows a user (that may or may not be the domain name registrant) to use the domain name registered to the domain name registrant to communicate with a domain name registrant account (possibly a website) on the third party hosting service via a proxy server. The communication between the user and the proxy server may be encrypted such as by the SSL protocol.

Abstract: In one embodiment, a system includes a Headend apparatus including a watermark processor to generate secondary video streams from sections of a primary video stream, group the secondary video streams in groups of at least two secondary video streams, the secondary video streams including units of data for use in watermarking across cryptoperiods in an end-user device which selects one secondary video stream in each group for rendering as part of a composited video stream in order to embed units of data of an identification in the composited video stream, wherein in each cryptoperiod, the watermark processor is operative to generate different groups of the secondary video streams from different non-overlapping portions of the primary video stream, and an encryption processor to generate control words, encrypt each secondary video stream with a different control word, and change the control word of each secondary video stream every cryptoperiod.

Abstract: The present disclosure relates to a sensor network and Internet of Things (IoT) as applied to intelligent services based technologies such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. An apparatus and method for controlling an electronic device through a mesh network of such electronic devices are provided. In a method for controlling an electronic device, a terminal transmits to the electronic device, a terminal identifier for authenticating the terminal and information for authenticating a user of the terminal. If authentication of the terminal is successfully completed, the terminal transmits control information containing at least one service identifier classified according to service types to the electronic device. The control information is transmitted to another electronic device, based on the service identifier, through a network in which the electronic device is connected to another electronic device.

Abstract: An authentication packet including a user identifier is received. The user identifier identifies a user of a second computing device being monitored by the first computing device. Authentication data is parsed from the authentication packet. A peer group identifier is determined that identifies a peer group to which the user is assigned. Members of the peer group are identified based on an expected network activity behavior. The authentication data and the peer group identifier are buffered into a first event block object and into a second event block object. The first event block object is sent to a first source window of an event stream processing engine (ESPE) that processes a netflow packet. The second event block object is sent to a second source window of the ESPE that processes the authentication packet. The first source window and the second source window are different source windows of the ESPE.

Abstract: A method of cyber protection of a machine based on acquiring acoustic signals from a vicinity of the machine, while the machine is operative. The method includes analyzing the acquired acoustic signals to determine whether the machine or a controller of the machine is operating suspiciously and initiating a cyber measure on the controller of the machine, responsive to a determination based on the acquired acoustic signals that the machine or the controller is operating suspiciously.

Abstract: Systems and methods for dynamic filtering of content posted to a social network are disclosed. In aspects, a method of the system includes generating, by a computing device, a user profile list for a user of a social network, the user profile list including data regarding the user's preferences with respect to undesirable content; monitoring, by the computing device, a content post on the social network to determine if the content post includes the undesirable content, the content post being displayed to the user through a social network interface; determining, by the computing device, that the content post includes the undesirable content; and effecting a change in the display of the content post in accordance with one or more predetermined display rules based on the determining that the content post includes the undesirable content.

Abstract: First information about regions of storage space in a storage environment available for a volume is provided to a service provider, with the storage environment being external to the service provider. The service provider is notified that information usable to locate a storage destination of a portion of the volume is unavailable. Second information that includes the storage destination in the storage environment is obtained from the service provider. A data operation is performed at the storage destination, with the storage destination determined based at least in part from the second information.

Abstract: Systems and methods for detecting security threats using application execution and connection lineage tracing with embodiments of the invention are disclosed. In one embodiment, detecting suspicious activity in a network includes receiving at a collector server a first activity data including a first set of attributes, combining a first set of context information with the first activity data to generate a first activity record, comparing the first activity record to a set of baseline signatures, incrementing a count of a first matching baseline signature when the first activity record has the same values for all attributes, receiving a second activity data including a third set of attributes, combining a second set of context information with the second activity data to generate a second activity record, and generating an alert when the attributes of the second activity record differ from all baseline signatures.

Abstract: Some embodiments of the invention provide a novel architecture for capturing contextual attributes on host computers that execute one or more machines, and for consuming the captured contextual attributes to perform services on the host computers. The machines are virtual machines (VMs) in some embodiments, containers in other embodiments, or a mix of VMs and containers in still other embodiments. Some embodiments execute a guest-introspection (GI) agent on each machine from which contextual attributes need to be captured. In addition to executing one or more machines, each host computer in these embodiments executes a context engine and one or more attribute-based service engines. Through the GI agents of a host's machines, the context engine of that host in some embodiments collects contextual attributes associated with network and/or process events on the machines, and provides the contextual attributes to the service engines to use to identify service rules for processing.

Abstract: Described herein is a system transmits and combines local models, that individually include a set of local parameters computed via stochastic gradient descent (SGD), into a global model that includes a set of global model parameters. The local models are computed in parallel at different geographic locations (e.g., different instances of computing infrastructure) along with symbolic representations. Network transmission of the local models and the symbolic representations, rather than transmission of the large training data subsets processed to compute the local models and symbolic representations, conserves resources and decreases latency. The global model can then be used as a model to determine a likelihood that at least a portion of current and/or recently received data traffic is illegitimate data traffic that is associated with a cyber attack. In some instances, the system can implement a remedial action to mitigate the effects of the cyber attack on computing infrastructure.

Abstract: In general, techniques are described for provided result reporting via authentication, authorization and accounting (AAA) protocols. An authorization server comprising a control unit may be configured to perform the techniques. The control unit may authorize a network access server to allow an endpoint device to access one or more services in accordance with a network access protocol. The control unit may also request, in accordance with the network access protocol, a result from the network access server as to whether the one or more authorized services are presently provided for use by the endpoint device.

Abstract: Systems and methods for phishing and brand protection of websites via copycat detection are disclosed herein. An example apparatus includes at least one processor, a display, and memory including instructions that, when executed, cause the at least one processor to determine a first hash of a first image in a webpage and a second hash of a second image in the webpage, the second image different from the first image, the first hash different from the second hash, generate a temporary page profile associated with the webpage based on the first hash and the second hash, fuzzy match the temporary page profile to a baseline page profile, and in response to a determination that the temporary page profile does not match the baseline page profile, generate an alert to be displayed via the display to indicate that fraud has been detected for the webpage.

Abstract: Localized and global detection and mitigation of network attacks in a distributed platform are provided. The localized detection identifies attacks occurring at individual nodes of the distributed platform based on packet analysis conducted by each individual node. The global detection identifies attacks occurring across the distributed platform based on packet analysis conducted on traffic aggregated from across the distributed platform. Either detection involves inspecting headers of the sampled packets. Each header property is scored based on an amount of deviation from threshold values. The sum of scores identifies the header properties that form an attack signature. Attack protections are implemented against subsequently arriving packets with header properties matching the attack signature.

Abstract: A method includes receiving, by a server, a request to revoke the access rights of a user device to a lock; transmitting, by the server, a revocation command to the user device to remove an access credential from the user device; identifying, by the server, one or more trusted devices that have access rights to the lock in response to unsuccessfully transmitting the revocation command to the user device; transmitting, by the server, a key change command to the one or more trusted devices including an updated key to replace a key on the lock; transmitting, by a first one of the one or more trusted devices to encounter the lock, the key change command to the lock; and replacing, by the lock, the key with the updated key such that the user device is unable to access the lock using the access credential.

Abstract: A method for biometry based signing of documents. In an embodiment, the method includes receiving, on a terminal, a signature request associated to a document from a requester, and displaying the document to the user on the user terminal. The process also includes requesting at least once a biometric identification of the user to create at least one signing receipt, associating the signing receipt to the document, and transmitting the document and/or the signing receipt from the user terminal to the requester.

Abstract: The present invention discloses a software security verification method, a device, and a system, and relates to the communications field, so as to resolve a problem in the prior art that security verification on a VNF packet increases a VNF instantiation delay and reduces VNF instantiation performance. In a specific solution, after a first device receives an instantiation request of a VNF, the first device performs security verification on a stored VNF packet of the VNF when or after starting to instantiate the VNF according to the instantiation request of the VNF, and the first device sends first result information to a second device when security verification on the VNF packet of the VNF succeeds. The first result information includes information that security verification on the VNF packet of the VNF succeeds. The present invention is applied to software security verification.

Abstract: A security service of a computing resource service provider provides security scores for application program interfaces (APIs) and other security information to an API marketplace or other endpoints. The security score may be based at least in part on component information associated with computing resources implementing the API. The security service may obtain access to the computing resources and collect various components from the computing resources. The components may then be used to determine a security score of an API offered from consumption on the API marketplace. The security service may then publish the security score to the API marketplace or other endpoint.

Abstract: A method and system for modeling cyber-security events are provided. The method includes receiving a plurality of cyber-security events, wherein each of the plurality of the cyber-security events defines at least one entity; for each of the plurality of received cyber-security events, processing a received cyber-security event to identify at least one key-value; mapping the at least one identified key-value to at least one data field; modeling the received cyber-security event to a security model, wherein the security model defines a specific activity related to the at least one entity, wherein the modeling is based on at least one modeling rule and the at least one identified key-value; and generating a graph based on the security model.

Abstract: A system for enforcing a security policy on an application stored at a mobile device has an application at the device provided with software code for issuing a request for authenticating a user, and a security enforcement unit; an authentication agent at the device, which is separate from the application, and which is configured with an authentication data collecting unit for collecting authentication data upon receipt of the request for user authentication from the application, and for conveying the collected authentication data to an authentication-authorization server; and an authentication-authorization server for receiving the collected authentication data, evaluating the same, and issuing an enforcement level signal which is conveyed to the security enforcement unit. Upon receipt of the enforcement level signal, the security enforcement unit accordingly applies a security level at the application.