Abstract: A method of detecting patterns for automated filtering of data is provided. The method includes receiving network traffic including bad traffic and good traffic, wherein an attack is known to be applied to the bad traffic, and the good traffic is known to be free of an applied attack. Processing the good and bad traffic includes generating, for each unique packet, each potential unique combination of the packet's fields, storing each combination with associated bad match and good match counters, and incrementing a combination's respective good and bad match counters for each occurrence it matches one of the packets of the respective good and bad traffic. The combinations are sorted based on the good match counter associated with each combination, a number of fields in each combination, and the bad match counter associated with each combination. One or more combination is selected based on results of the sorting for provision to a network traffic filtering component.

Abstract: When a third party wants to redeem a user's personally identifiable information (PII), the third party presents to the system a token representing the PII, which indicates a request for the PII. The system seeks consent from the user for sending the PII to the third party. If the user grants consent, then the system prepares the PII for the third party. In some embodiments, the third party can initiate a telephone call with a dispatch to receive the PII. In some embodiments, the third party can receive the PII directly from the system.

Abstract: Computer instructions corresponding to a neural-network model are received and encrypted using an encryption technique. Training data encrypted using the encryption technique is received from a data source. The model is trained using the training data using, for example, a gradient descent technique. If the model performs in accordance with a quality metric, it is sent to a device of a model user.

Abstract: Computer instructions corresponding to a neural-network model are received and encrypted using an encryption technique. Training data encrypted using the encryption technique is received from a data source. The model is trained using the training data using, for example, a gradient descent technique. If the model performs in accordance with a quality metric, it is sent to a device of a model user.

Abstract: Identifying and protecting against an attack against an anomaly detector machine learning classifier (ADMLC). In some embodiments, a method may include identifying training data points in a manifold space for an ADMLC, dividing the manifold space into multiple subspaces, merging each of the training data points into one of the multiple subspaces, training a subclassifier for each of the multiple subspaces to determine a decision boundary for each of the multiple subspaces between normal training data points and anomalous training data points, receiving an input data point into the ADMLC, determining whether the input data point is an attack on the ADMLC due to a threshold number of the subclassifiers classifying the input data point as an anomalous input data point, and, in response to identifying the attack against the ADMLC, protecting against the attack.

Abstract: A system and method detects and handles replay attacks using counters maintained for each of several different periods for various values of IP addresses and browser description attributes encountered.

Abstract: Provided with a calculation device for performing a calculation for an encryption data in a virtual execution environment protected from a standard execution environment, the calculation device has a virtual execution environment construction unit for constructing the virtual execution environment, and the virtual execution environment includes: an encryption data acquisition unit for acquiring the encryption data; a source code acquisition unit for acquiring a source code for the calculation; a key acquisition unit for acquiring the system key; a decryption unit for decrypting the encryption data by the acquired system key; a source code execution unit for executing the source code; an encryption unit for encrypting a calculation result to which the source code is executed by the system key; and a calculation result providing unit for providing the encrypted calculation result to the standard execution environment.

Abstract: Provided is a process including: obtaining, with a domain controller of a private computer network, a set of user-authentication credentials comprising a first username and a first password; querying a distributed credential-monitoring application; receiving query results including one or more passwords associated with the first username; determining that at least some of the one or more passwords in the query results match the obtained first password; and in response to the determination, blocking, with the domain controller, access to a first user account on the private computer network associated with the obtained first username and first password.

Abstract: A computer system may generate alerts related to a potential cyber attack an resource of an organization. The computer system may receive activity information associated with activity on a computer network of the organization, access contextual information about the resource, determine, based on the contextual information, select, based at least in part on the contextual information, one or more indicators that are indicative of a cyber attack against the resource to form a second plurality of indicators, and generate, based at least in part on the second plurality of indicators and the contextual information, a risk score, wherein the risk score indicates a probability that the resource is at risk of a cyber attack. In response to the risk score satisfying a threshold value, the computer system may generate an alert. Alerts may be presented using a graphical user interface. Analysts' actions may be tracked for review.

Abstract: A device implementing a system for associating a profile with an active user account includes a processor configured to receive, from an application running on a device, a request to identify an active user account on the device. The processor is further configured to generate, in response to the request, a unique identifier corresponding to the active user account on the device, the unique identifier being distinct from a user account identifier of the active user account. In addition, the processor is configured to provide the unique identifier to the application for differentiation, by the application, of the active user account on the device relative to at least one other account on the device.

Abstract: The present invention generally relates to detecting malicious network activity coming from network devices such as routers and firewalls. Specifically, embodiments of the present invention provide for detecting stealth malware on a network device by comparing inbound and outbound network traffic to discover packets originating from the network device and packets that violate configuration rules. When combined with a network traffic monitor server configured to monitor actual network traffic reports and to receive known network traffic reports from host computers, the system can detect stealth network traffic originating from both network devices and host computer systems.

Abstract: A system for managing opt-out instructions includes a global opt-out service and opt-out store in communication with regional subsystems. The opt-out service maintains a global opt-out store database of consumers for whom opt-out instructions have been received. The opt-out store includes no personal data, but instead contains only anonymized data. Before consumer data is utilized, an anonymized identifier is created by a regional data anonymizer and transmitted to the opt-out store. The opt-out instructions are applied by searching for a match in the opt-out store for a matching anonymized identifier. In this manner, the system may comply with privacy laws and regulations concerning the transmission of personal data outside of a region, while still providing a global opt-out service.

Abstract: A method for linking de-identified data identifiers to traceable data identifiers in compliance with applicable data privacy rules and regulations includes: receiving a plurality of first data identifiers from a first computing system; applying a one-way hashing algorithm and salt to the first data identifiers to generate second data identifiers; storing an association between each of the first data identifiers and the respective second data identifier; receiving one or more specific second data identifiers from a second computing system; identifying, for each of the one or more specific second data identifiers, the associated first data identifier; and transmitting each identified associated first data identifier to the first computing system.

Abstract: A system and a method are provided for integrating a sensitive data discovery engine (SDDE), a data anonymization engine (DAE), a data monitoring module (DMM), and a data retirement module (DRM) and managing sensitive data security across its lifecycle. The SDDE determines sensitive data in similar and variant data sources and applications, identifies their operating application codes, and generates sensitive data discovery intelligence (SDDI). The system generates and distributes one or more templates including the SDDI with metadata, discovery results, and data security rules to the DAE, the DMM, and the DRM deployed on each data source.

Abstract: A method of detecting an unauthorised communication from a network node in a telecommunication network is disclosed, and a network node implementing the method. Network messages are received in the telecommunication network, and statistical patterns inherent to a sequence of received network messages are generated from a plurality of identifier values associated with a legitimate network node, wherein each identifier value has been encoded by the legitimate network node in a respective network message. An identifier value encoded in a subsequently-received network message of a signalling network node is then compared with one or more of the statistical patterns and one or more unsuccessful comparisons cause the signalling network node to be detected as an unauthorised network node.

Abstract: A system and for improving security of personally identifiable information stored in a computer database. The system and method enable a user's location information to be maintained in a data storage and retrieval system in such a way that it prohibits a user from being uniquely identified by the location information stored in the data storage and the retrieval system.

Abstract: A system for analyzing computer systems and networks for potential vulnerabilities to cyber-attacks configured to (i) receive scan data from a scan of a target computer device; (ii) search for one or more vulnerabilities based on the scan data; (iii) determine at least one attack vector based on the one or more vulnerabilities; (iv) generate one or more exploits based on the one or more attack vectors and the one or more vulnerabilities; and (v) execute the one or more exploits on the target computer device.

Abstract: A privacy-enhancing system, method, and non-transitory computer-readable medium for securely identifying an individual over time without retaining sensitive biometric data. In one embodiment, the system includes a local identity server including an electronic processor, a communication interface, and a memory. The electronic processor is configured to initiate a personalization of a partner-specific identification vehicle that identifies the individual based at least in part on an individual global unique identifier associated with the individual, receive a request for a service from the individual via the communication interface, receive consent and registration information from the individual via the communication interface, generate an identity confirmation that confirms an identity of the individual, and output the identity confirmation via the communication interface.

Abstract: Example methods and systems for score-based dynamic firewall rule enforcement in a software-defined networking (SDN) environment. One example method may comprise in response to detecting a first request to access a first resource, identifying a first score associated with the user, and a firewall rule that is applicable to the user based on information associated with the user. The firewall rule may be applied to allow access to the first resource. The method may further comprise adjusting the first score to a second score that represents a more restrictive access level compared to the first score. In response to detecting a second request to access the first resource, applying the firewall rule to block the second request based on the second score.

Abstract: Devices and methods of managing data stored within a container. The container may be associated with at least one registered user. The data within the container may be encrypted by a data encryption key (DEK). A computing device includes: a security module including a crypto-processor, a main processor, and memory. The memory stores instructions that, when executed, configure a processor to: authenticate a user based on a user secret associated with the container and generate a soft key based on the user secret. The instructions cause a crypto-processor to generate a secure generator output including a crypto key component and generate a hardened user key based on a key agreement protocol using the soft key and the crypto key component. The instructions cause a processor to construct an unencrypted DEK associated with the hardened user key and decrypt the subset of data using the unencrypted DEK.