Abstract: A method and an apparatus for Wi-Fi connection based on Wi-Fi Protected Setup (WPS) in a portable terminal are provided. The method includes entering a group owner mode of Wi-Fi Direct when enabling of WPS is requested, after entering the group owner mode, entering a WPS session mode where the portable terminal is operable in a WPS registrar mode, determining whether an Access Point (AP) whose WPS session of the WPS registrar mode is enabled or a device whose group owner mode is enabled, exists nearby, and when an AP whose WPS registrar mode is enabled is discovered, disabling the WPS registrar mode and the group owner mode, enabling a WPS session where the portable terminal is to operate in a WPS enrollee mode, and accessing the discovered AP.

Abstract: Infrastructure attacks based on graph edge context are identified by receiving an execution graph constructed by a central service based on behaviors monitored by a plurality of agents deployed on respective systems including a first system. The execution graph comprises a plurality of execution trails. One or more tags are applied to each edge of an execution trail of the execution graph based on at least one of temporal context or spatial context associated with the edge. One or more behaviors associated with the edge of the execution trail happen across an enterprise infrastructure involving the first system. The execution trail enriched with the one or more tags is analyzed. An action that is performed to mitigate security risks in the execution graph is determined based on the analysis.

Abstract: Aspects of the subject disclosure may include, for example, determining that quantum entanglement be established between first and second nodes of a service provider network including a software defined network (SDN) that facilitates delivery of a service to a subscriber and identifying a path between the first node and the second node based on pre-provisioned information supplied by the SDN. A path length of the path is estimated based on the pre-provisioned information supplied by the SDN, and a repeater node is selected responsive to the path length exceeding a threshold, wherein the path includes a first segment having a segment length that does not exceed the threshold. A quantum entanglement state is shared between the first and second nodes based on transportation of a first photon of a first entangled pair of photons via the first segment. Other embodiments are disclosed.

Abstract: A quantitative method for the security access strategy selection of the edge computing terminals includes the following steps: S1. Quantifying and ranking the security risks according to the terminals and data application requirements under the edge computing system. S1. Quantifying and ranking the security risks according to the terminals and data application requirements under the edge computing system. S2. Calculating the security quantification value of terminal and data application. S3. Giving the weight coefficients for the security risk protection of the security access strategies for the terminal and data in the edge computing side. S4. Give the corresponding value of each security strategy to the corresponding terminal and data security protection. S5. Select the corresponding algorithm according to the data set in S4 to select the security strategies.

Abstract: Improved systems and methods of providing computer security and countering attacks on computing systems by protecting control data such as a return address from being disclosed or modified. A stack canary is enhanced with randomization to prevent brute-force attacks and information leakage, providing a more effective sentinel to detect attempts to overwrite a return address on the stack. A shadow stack is enhanced with concealment of the return address from the stack, encoding of the return address in memory, and replacement of the real return address with a substitute value to detect attempted manipulation of the return address on the call stack and prevent it from succeeding. By enhancing randomization of the stack canary and using a shadow stack to encode and conceal the return address, the disclosed technology enhances security of a computing system against stack smashing, ROP attacks, and JIT-ROP attacks.

Abstract: A method for detecting hypertext transfer protocol secure (HTTPS) flood denial-of-service (DDoS) attacks. The method estimating traffic telemetries of at least ingress traffic directed to a protected entity; providing at least one rate-base feature and at least one rate-invariant feature based on the estimated traffic telemetries, wherein the rate-base feature and the rate-invariant feature demonstrate a normal behavior of HTTPS traffic directed to the protected entity; evaluating the at least one rate-base feature and the at least one rate-invariant feature with respect to at least one baseline to determine whether the behavior of the at least HTTPS traffic indicates a potential HTTPS flood DDoS attack; and causing execution of a mitigation action when an indication of a potential HTTPS flood DDoS attack is determined.

Abstract: Systems and methods described herein enable data analytics for secure cloud compute data that protects the integrity and confidentiality of the underlying data. A network device in a network creates an instance of a Trusted Execution Environment (TEE). The network device generates, in the TEE instance, transactional data that includes private information and removes the private information from the transactional data to generate extracted data. The network device encrypts, within the TEE instance, the extracted data and exports the encrypted extracted data to a memory outside of the TEE instance.

Abstract: Novel tools and techniques are provided for implementing web-based monitoring and detection of fraudulent or unauthorized use of voice calling service. In various embodiments, a computing system might receive, from a user device associated with an originating party, a request to initiate a call session with a destination party, the request comprising user information associated with the originating party and a destination number associated with the destination party; might query a database with session data (including user information) to access permission data and configuration data; and might configure fraud logic using received configuration data from the database. The computing system might analyze the session data and permission data using the configured fraud logic to determine whether the originating party is permitted to establish the requested call session with the destination party; if so, might initiate one or more first actions; and, if not, might initiate one or more second actions.

Abstract: Disclosed is a computer-implemented method to identify and anonymize personal information, the method comprising analyzing a first corpus with a personal information sniffer, wherein the first corpus includes unstructured text, wherein the personal information sniffer is configured to detect a set of types of personal information, and wherein the personal information sniffer produces a first set of results. The method comprises analyzing the first corpus with a set of annotators, wherein each annotator is configured to identify all instances of a type of personal information in the corpus, and wherein the set of annotators produces a second set of results. The method comprises comparing the first set of results and the second set of results, determining, the first set of results does not match the second set of results, and updating, based on the determining, the personal information sniffer.

Abstract: Systems and methods are described for scanning or monitoring of Domain Name System (DNS) records of an entity for identifying anomalous changes to the DNS records that may be indicative of possible DNS hijacking. According to one embodiment, DNS monitoring engine running on a network security appliance protecting a private network, or implemented as a cloud-based service can be used for monitoring DNS records of the entity. Any modification in the monitored DNS record(s) can be detected within a pre-defined or configurable time-frame. The detected modification can be determined to be anomalous or not, by assigning a criticality value based on current value and previous value of one or more fields of the DNS record, one or more attributes of the DNS record and one or more derived attributes based on the DNS record.

Abstract: A method of detecting patterns for automated filtering of data is provided. The method includes receiving network traffic including bad traffic and good traffic, wherein an attack is known to be applied to the bad traffic, and the good traffic is known to be free of an applied attack. Processing the good and bad traffic includes generating, for each unique packet, each potential unique combination of the packet's fields, storing each combination with associated bad match and good match counters, and incrementing a combination's respective good and bad match counters for each occurrence it matches one of the packets of the respective good and bad traffic. The combinations are sorted based on the good match counter associated with each combination, a number of fields in each combination, and the bad match counter associated with each combination. One or more combination is selected based on results of the sorting for provision to a network traffic filtering component.

Abstract: When a third party wants to redeem a user's personally identifiable information (PII), the third party presents to the system a token representing the PII, which indicates a request for the PII. The system seeks consent from the user for sending the PII to the third party. If the user grants consent, then the system prepares the PII for the third party. In some embodiments, the third party can initiate a telephone call with a dispatch to receive the PII. In some embodiments, the third party can receive the PII directly from the system.

Abstract: Computer instructions corresponding to a neural-network model are received and encrypted using an encryption technique. Training data encrypted using the encryption technique is received from a data source. The model is trained using the training data using, for example, a gradient descent technique. If the model performs in accordance with a quality metric, it is sent to a device of a model user.

Abstract: Computer instructions corresponding to a neural-network model are received and encrypted using an encryption technique. Training data encrypted using the encryption technique is received from a data source. The model is trained using the training data using, for example, a gradient descent technique. If the model performs in accordance with a quality metric, it is sent to a device of a model user.

Abstract: Identifying and protecting against an attack against an anomaly detector machine learning classifier (ADMLC). In some embodiments, a method may include identifying training data points in a manifold space for an ADMLC, dividing the manifold space into multiple subspaces, merging each of the training data points into one of the multiple subspaces, training a subclassifier for each of the multiple subspaces to determine a decision boundary for each of the multiple subspaces between normal training data points and anomalous training data points, receiving an input data point into the ADMLC, determining whether the input data point is an attack on the ADMLC due to a threshold number of the subclassifiers classifying the input data point as an anomalous input data point, and, in response to identifying the attack against the ADMLC, protecting against the attack.

Abstract: A system and method detects and handles replay attacks using counters maintained for each of several different periods for various values of IP addresses and browser description attributes encountered.

Abstract: Provided with a calculation device for performing a calculation for an encryption data in a virtual execution environment protected from a standard execution environment, the calculation device has a virtual execution environment construction unit for constructing the virtual execution environment, and the virtual execution environment includes: an encryption data acquisition unit for acquiring the encryption data; a source code acquisition unit for acquiring a source code for the calculation; a key acquisition unit for acquiring the system key; a decryption unit for decrypting the encryption data by the acquired system key; a source code execution unit for executing the source code; an encryption unit for encrypting a calculation result to which the source code is executed by the system key; and a calculation result providing unit for providing the encrypted calculation result to the standard execution environment.

Abstract: A device implementing a system for associating a profile with an active user account includes a processor configured to receive, from an application running on a device, a request to identify an active user account on the device. The processor is further configured to generate, in response to the request, a unique identifier corresponding to the active user account on the device, the unique identifier being distinct from a user account identifier of the active user account. In addition, the processor is configured to provide the unique identifier to the application for differentiation, by the application, of the active user account on the device relative to at least one other account on the device.

Abstract: Provided is a process including: obtaining, with a domain controller of a private computer network, a set of user-authentication credentials comprising a first username and a first password; querying a distributed credential-monitoring application; receiving query results including one or more passwords associated with the first username; determining that at least some of the one or more passwords in the query results match the obtained first password; and in response to the determination, blocking, with the domain controller, access to a first user account on the private computer network associated with the obtained first username and first password.

Abstract: A computer system may generate alerts related to a potential cyber attack an resource of an organization. The computer system may receive activity information associated with activity on a computer network of the organization, access contextual information about the resource, determine, based on the contextual information, select, based at least in part on the contextual information, one or more indicators that are indicative of a cyber attack against the resource to form a second plurality of indicators, and generate, based at least in part on the second plurality of indicators and the contextual information, a risk score, wherein the risk score indicates a probability that the resource is at risk of a cyber attack. In response to the risk score satisfying a threshold value, the computer system may generate an alert. Alerts may be presented using a graphical user interface. Analysts' actions may be tracked for review.