Abstract: A computing system includes an anonymizer server. The anonymizer server is communicatively coupled to a data repository configured to store a personal identification information (PII) data. The anonymizer server is configured to perform operations including receiving an anonymized data request, and creating an anonymized data repository based on the anonymized data request. The anonymizer server is also configured to perform operations including anonymizing the PII data to create an anonymized data by applying a cluster-based process, and storing the anonymized data in the anonymized data repository.

Abstract: Fairness and output authenticity for secure distributed machine learning is provided by way of an encrypted output of a garbled circuit which is simultaneously provided to a garbler and an evaluator by an output discloser. Related systems, methods and articles of manufacture are also disclosed.

Abstract: Disclosed is a system and method of de-identifying data. A method includes splitting, at a first entity, a byte of data of an original record into a first random portion and a second random portion, inserting first random bits into the first random portion to yield a first new byte and inserting second random bits into the second random portion to yield a second new byte. The method then includes transmitting the second new byte to a second entity, receiving, at the first entity, a first portion of an algorithm from the second entity and processing the first new byte by the first portion of the algorithm to yield a first partial result. The first partial result can be combined with a second partial result from the second entity processing the second new byte by a second portion of the algorithm.

Abstract: The invention relates to a method for defending against a Denial of Service attack, the method comprises: monitoring data traffic; detecting that at least one source computer is involved in a Denial of Service attack; in response to the detection generating at least one data frame by modifying at least one data frame obtained from the data traffic transmitted from the at least one source computer so that a plurality of data fields representing address information of the host server as a source of the at least one generated data frame are set to correspond to address information of the at least one source computer; transmitting the generated data frame to the source computer. The invention relates also to a network device and a computer program product.

Abstract: A computer method and system for detecting a Denial of Service (DoS) attack by detecting changes in recent cardinality of a network traffic flow. Packet traffic flows are received from external device (networks), and a cardinality estimation is then performed on a received packet traffic flow. A series of cardinalities is maintained for prior packet traffic flows. Changes in cardinalities associated with prior packet traffic flows are detected when compared to cardinalities of a current packet traffic flow. An alert condition for the network traffic flow is generated regarding a suspected DoS attack based upon the detected changes in cardinalities regarding comparison of the cardinalities associated with prior packet traffic flows compared to cardinalities of a current packet traffic flow.

Abstract: A forged-physiological-characteristic filtering device includes: a physiological characteristic scanning circuit for conducting a plurality of times of physiological characteristic scanning operations; a control circuit for acquiring a plurality of unverified-user physiological characteristics and generating a plurality of corresponding unverified-user action records, and for calculating time interval between two consecutive unverified-user physiological characteristics to generate corresponding unverified-user time interval records; and a secure circuit for respectively comparing the plurality of unverified-user physiological characteristics with a plurality of valid-user physiological characteristics, for respectively comparing the plurality of unverified-user action records with a plurality of valid-user action records, and for comparing the unverified-user time interval record with a valid-user time interval record.

Abstract: A forged-physiological-characteristic filtering device includes: a physiological characteristic scanning circuit for conducting a plurality of times of physiological characteristic scanning operations; a control circuit for acquiring a plurality of unverified-user physiological characteristics and generating a plurality of corresponding unverified-user action records, and for calculating time interval between two consecutive unverified-user physiological characteristics to generate corresponding unverified-user time interval records; and a secure circuit for respectively comparing the plurality of unverified-user physiological characteristics with a plurality of valid-user physiological characteristics, for respectively comparing the plurality of unverified-user action records with a plurality of valid-user action records, and for comparing the unverified-user time interval record with a valid-user time interval record.

Abstract: A forged-physiological-characteristic filtering device includes: a physiological characteristic scanning circuit for conducting a plurality of times of physiological characteristic scanning operations; a control circuit for acquiring a plurality of unverified-user physiological characteristics and generating a plurality of corresponding unverified-user action records, and for calculating time interval between two consecutive unverified-user physiological characteristics to generate corresponding unverified-user time interval records; and a secure circuit for respectively comparing the plurality of unverified-user physiological characteristics with a plurality of valid-user physiological characteristics, for respectively comparing the plurality of unverified-user action records with a plurality of valid-user action records, and for comparing the unverified-user time interval record with a valid-user time interval record.

Abstract: A forged-physiological-characteristic filtering device includes: a physiological characteristic scanning circuit for conducting a plurality of times of physiological characteristic scanning operations; a control circuit for acquiring a plurality of unverified-user physiological characteristics and generating a plurality of corresponding unverified-user action records, and for calculating time interval between two consecutive unverified-user physiological characteristics to generate corresponding unverified-user time interval records; and a secure circuit for respectively comparing the plurality of unverified-user physiological characteristics with a plurality of valid-user physiological characteristics, for respectively comparing the plurality of unverified-user action records with a plurality of valid-user action records, and for comparing the unverified-user time interval record with a valid-user time interval record.

Abstract: Detecting a Denial of Service (DoS) attack in a network by a network edge router device whereby network traffic flows from the edge router to a core router in the network. Storing DoS attack traffic information in storage associated with the edge router which receives network traffic. Determining in the edge router if a portion of the received network traffic matches at least a portion of the stored DoS attack information. Determining in the edge router an alert condition exists if a portion of the received network traffic is determined to match at least a portion of the stored DoS attack information. Send an alert signal from the edge router to an attack mitigation device if it is determined an alert condition exists causing the attack mitigation device to transition to a mitigation state for mitigating effects of a DoS attack upon the network.

Abstract: Systems and methods described herein securely compute private data on a cloud platform. A network device in the cloud platform obtains a product or service description from a first user. The description includes a combination of public data and encrypted private data based on a first encryption key. The network device receives a query from an end device of a second user and retrieves, based on the query, the product or service description. The network device forwards the description to a trusted execution environment (TEE) instance for decryption of the encrypted private data, processing of the private data, and re-encryption of the private data with a second encryption key. The network device receives the re-encrypted private data from the TEE instance and assembles the re-encrypted private data and the public data into a query response for presentation on the end device. The network device sends, to the end device, the query response including the re-encrypted private data and the public data.

Abstract: An automation task program is inspected for unsecure data flow. The task program is parsed to generate a parse tree, which is visited to generate control flow graphs of functions of the task program. The control flow graphs have nodes, which have domain-agnostic intermediate representations. The control flow graphs are connected to form an intermediate control flow graph. The task program is deemed to have an unsecure data flow when data is detected to flow from a data source to a data sink, with the data source and the data sink forming a source-sink pair that is indicative of an unsecure data flow.

Abstract: A biometric attribution approach identifies a keyboard actor based on timing between entered keystrokes. Patterns tend to emerge in a timing interval between keystrokes entered by an actor. The keystroke patterns of an actor are analyzed to compute a signature exhibited by the actor. Gathered or intercepted keystroke patterns of an unknown actor are compared to identify a likelihood that typing sessions emanated from a common actor. Keystroke activity of a purported suspect actor can be compared to a database or model of keystroke attributes for determining if the keystroke activity emanated from the same actor as other keystroke sequences. Keystroke patterns rely only on the timing between keystrokes, as key data and upstroke information need not be gathered since the comparisons reply only on keystroke timing deltas.

Abstract: A method includes compressing data to generate compressed data having a first block size corresponding to a block-size requirement of a client device. The method further includes encrypting the compressed data to generate an encrypted data packet. The method further includes adding, by a processing device, a padding bit pattern to the encrypted data packet to generate a data block for storage, the data block having a second block size determined by a buffer size of a storage array.

Abstract: A method for preventing Medium Access Control (MAC) spoofing attacks in a communication network may include obtaining, by a protection layer, a connecting request for connecting a terminal to the communication network. The method may include issuing, by the protection layer, a MAC authentication request to a Network Access Control (NAC) server, the MAC authentication request may be a request to determine whether a MAC address of the terminal is whitelisted. The method may include responding, by the NAC server, to the MAC authentication request of the protection layer by allowing the terminal to join the communication network based on whether the MAC address of the terminal is whitelisted. The method may include sending, by the NAC server, a log message to a log analyzer server, the log message including a result identifying whether the MAC address of the terminal is whitelisted.

Abstract: A vehicle control system, including an in-vehicle bus and a plurality of electronic control units (ECUs) coupled to the in-vehicle bus, wherein at least one ECU of the plurality of ECUs is configured to: receive, at a respective at least one ECU of the plurality of ECUs, a message in a message stream on the in-vehicle bus; evaluate the message to determine at least one of a confidence value of the security classification, a significance value of the message, or a bounds check value of the message; and determine in real-time to allow or deny the message to the vehicle control system based on at least one of the significance value of the message, the bounds check value of the message, or the confidence value of the security classification of the message, to provide a sanitized message stream to the vehicle control system.

Abstract: Methods, systems, and computer readable media for providing computer security analysis are described. In some implementations, a system providing computer security analysis comprises one or more processors coupled to a non-transitory computer readable storage having software instructions stored thereon configured to cause the one or more processors to: perform a Markov Decision Process (MDP) as part of a cyber-attack mechanism and a Discrete Time Markov Chain (DTMC) process as part of a cyber-defense mechanism, preferably, the cyber-attack and cyber-defense system is modeled as MDP whereas the security analyst SA is modeled as DTMC; synchronize the cyber-attack mechanism with the cyber-defense mechanism through an attack-defense synchronization action; and synchronize an update action, wherein the attack-defense synchronization action includes initiating the DTMC process, and wherein the synchronization of the update action results from one or more actions taken by the DTMC process.

Abstract: A DDOS attack preventer implements an unconventional way of detecting and preventing DDOS attacks. The attack preventer receives and analyzes requests from a particular IP address or device. The attack preventer will track various characteristics of each request (e.g., characteristics of the data in the requests, characteristics of the input used to generate the requests, and characteristics of the device used to generate the requests). The attack preventer will analyze these characteristics to determine whether the requests are human-generated or machine-generated. If the requests are human-generated, the attack preventer services the requests. If the requests are machine-generated, the attack preventer rejects the requests.

Abstract: A method allows a random sample of a large population of voters to cast votes and for both the unpredictability/un-manipulability of the sample selection and the integrity of the tally to be verified by any interested parties using public information. The problem of vote selling is addressed. Also, a variant allows voters to remain substantially anonymous.

Abstract: A method, device, storage medium, processor and terminal are for identifying security threats. In an embodiment, the method includes collecting a plurality of security-related security events, each security event containing a plurality of fields; for a first security event of the plurality of security events, searching one or more second security events related to the first security event from the plurality of security events according to one or more fields of the plurality of fields of the first security event, one or more second security events and the first security event forming event graphs; calculating the weights of the event graphs; and sorting the event graphs according to the weights.