Abstract: Embodiments described herein are generally directed to the use of sidecars to perform dynamic Application Programming Interface (API) contract generation and conversion. In an example, a first sidecar of a source microservice intercepts a first call to a first API exposed by a destination microservice. The first call makes use of a first API technology specified by a first contract and is originated by the source microservice. An API technology is selected from multiple API technologies. The selected API technology is determined to be different than the first API technology. Based on the first contract, a second contract is dynamically generated that specifies an intermediate API that makes use of the selected API technology. A second sidecar of the destination microservice is caused to generate the intermediate API and connect the intermediate API to the first API.

Abstract: Provided herein are systems and methods for multi-event correlation. Receiving a stream of events, each leaf rule engine may detect a plurality of events from the stream that matches a characteristic for the leaf rule engine. Each leaf rule engine may identify, from the plurality of events and within a time window, a group of events that satisfies a condition for the respective leaf rule engine. A root conditions engine may receive a stream of leaf events corresponding to the group of events identified by each leaf rule engine. The root conditions engine may identify, from the received stream of leaf events and within a root time window, a collection of events that satisfies a condition for the root conditions engine. A trigger may execute an action according to the collection of events identified within the root time window.

Abstract: An apparatus for geotagging users for authentication comprises a processor associated with a server. The processor is configured to generate a first geotag based on residence information associated with a first user and to transmit the first geotag to a first user device for assignment to a first avatar associated with the first user in a virtual environment. The processor is further configured to receive an interaction request to authorize an interaction between the first avatar and a second avatar associated with a second user. The processor is further configured to compare a first historical log to a second historical log to determine that the first avatar is associated with the first user. In response to determining that the first avatar is associated with the first user, the processor is further configured to conduct a first step in authorizing the interaction between the first avatar and the second avatar.

Abstract: Techniques for policy-based dynamic VPN profile selection using DNS protocol are provided. In some embodiments, a system/process/computer program product for policy-based dynamic VPN profile selection using DNS protocol includes receiving, at a DNS server for an enterprise network, a Domain Name System (DNS) request for a resource from an endpoint client; determining an IP address and an authentication token for the endpoint client to access the resource using a secure tunnel; and sending a DNS response, from the DNS server, including the IP address and the authentication token to the endpoint client.

Abstract: Methods and systems for improved preparing of received data using differential diagnosis for analysis by machine learning models. In one embodiment, a method is provided that includes receiving an identifier of an event. A plurality of inquiries may be sequentially processed, and subsequent inquiries for processing may be selected based on the responses to earlier inquiries. A tensor may be used to store indications of which inquiries were processed and the responses received to the inquiries. A machine learning model may use the tensor to determine a diagnosis and whether the event is an emergency event requiring intervention. If the event is an emergency event, an intervention may be generated for the emergency event, which may include a computer system taking automatic action to respond to the emergency event.

Abstract: Methods, computer readable media, and devices to automatically construct kill-chain from security alerts are disclosed. One method may include collecting a plurality of security alerts, receiving a selection of a high severity security alert associated with a node and a user from among the plurality of security alerts, creating a security narrative for the high severity security alert by providing a set of historical security alerts to a deep learning architecture, the set including security alerts selected based on a relation to the node and the user, and identifying a subset of the set of historical security alerts, including security alerts relevant to the high severity security alert, in a reverse time order by the deep learning architecture, and providing the security narrative as part of a response to the high severity security alert.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for using additive and subtractive noise for preserving the privacy of users. In one aspect, a method includes obtaining a first set of genuine user group identifiers that identify user groups that include a user as a member. A second set of user group identifiers is generated for the user by removing zero or more genuine user group identifiers from the first set to generate the second set and adding, to the second set, one or more fake user group identifiers for user groups that do not include the user as a member. A probabilistic data structure is generated based on the second set of user group identifiers. The probabilistic data structure is transmitted. Data indicating a set of digital components including at least one digital component selected based on the probabilistic data structure is received.

Abstract: A method for securing an execution of a local application is provided and includes the steps of requesting, from the first user device, to execute, by the local application, at least one operation; generating, by the first user device, by executing the local application, a first challenge; sending, from the local application, to a second user device, the first challenge and a predetermined identifier relating to an associated key pair; and retrieving, by the second user device, based on the key pair identifier, a private key; generating by the second user device, a first response, by using the first challenge and the private key; and sending from the second user device to the local application, the first response. Other embodiments are disclosed.

Abstract: Provided are systems, methods, and computer-readable storage media that leverage artificial intelligence and machine learning to identify, diagnose, and mitigate occurrences of network faults or incidents within a network. Historical network incidents may be used to generate a model that may be used to evaluate real-time occurring network incidents, such as to identify a cause of the network incident. Clustering algorithms may be used to identify portions of the model that share similarities with a network incident and then actions taken to resolve similar network incidents in the past may be identified and proposed as candidate actions that may be executed to resolve the cause of the network incident. Execution of the candidate actions may be performed under control of a user or automatically based on execution criteria and the configuration of the fault mitigation system.

Abstract: Disclosed are various embodiments for replacing hard-coded certificate pinning with blockchain based certificate pinning. A signing device can obtain a public key from an endpoint device, produce a signature for the public key, and store the public key on a distributed data store, such as a blockchain. A client device can obtain and validate the public keys from the distributed data store and use the public keys to establish a secure connection between the client device and the endpoint device.

Abstract: A method and apparatus of a network device that allocates a shared memory buffer for an object is described. In an exemplary embodiment, the network device receives an allocation request for the shared memory buffer for the object. In addition, the network device allocates the shared memory buffer from shared memory of a network device, where the shared memory buffer is accessible by a writer and a plurality of readers. The network device further returns a writer pointer to the writer, where the writer pointer references a base address of the shared memory buffer. Furthermore, the network device stores the object in the shared memory buffer, wherein the writer accesses the shared memory using the writer pointer. The network device further shares the writer pointer with at least a first reader of the plurality of readers. The network device additionally translates the base address of the shared memory buffer to a reader pointer, where the reader pointer is expressed in a memory space of the first reader.

Abstract: Embodiments are described herein for systems and methods for continuously monitoring an electronic device to determine if tampering is possibly occurring with respect to the electronic device. For example, in certain embodiments, a hardware monitoring device may be configured to be communicatively coupled to the electronic device, and to transmit a command signal indicative of a network connectivity alarm to the electronic device in response to detecting that the hardware monitoring device has lost connection with a communication network. In addition, in certain embodiments, the hardware monitoring device may also be configured to indirectly couple the electronic device to a power source, and to transmit a command signal indicative of a tampering alarm in response to detecting that the hardware monitoring device has lost connection with the power source.

Abstract: Systems and methods provide an application programming interface to offer action suggestions to third-party applications using context data associated with the third-party. An example method includes receiving content information and context information from a source mobile application, the content information representing information to be displayed on a mobile device as part of a source mobile application administered by a third party, the context information being information specific to the third party and unavailable to a screen scraper. The method also includes predicting an action based on the content information and the context information, the action representing a deep link for a target mobile application. The method further includes providing the action to the source mobile application with a title and a thumbnail, the source mobile application using the title and thumbnail to display a selectable control that, when selected, causes the mobile device to initiate the action.

Abstract: A system includes a cluster of nodes, memory, and a processor, where the cluster includes an application programming interface (API) server and one or more components. The processor is configured to initialize an interface to the API server, where the interface is operable to send status information from the one or more components within the cluster via a single output stream. The API server is configured to modify the single output stream of the API server to output status information associated with a first component of the one or more components within the cluster. The status information is aggregated and it is determined whether the cluster is at a failure point. In response to determining that the cluster is at a failure point, an execution signal is set to false, where the execution signal is accessible to an automation tool in communication with the cluster.

Abstract: An electronic device is provided. The electronic device includes a communication device for transmitting or receiving a signal, a memory, and a processor connected to the communication device and the memory. The memory may store instructions for controlling the communication device so as to cause the processor to generate a key pair including a public key and a private key, receive authentication information from an authentication server by using the communication device, generate signature data by electronically signing the authentication information on the basis of the private key, generate transaction data including the signature data, transmit the transaction data to a blockchain network, and transmit transaction identification information corresponding to the transaction data to the authentication server.

Abstract: A method and system for intrusion detection to detect malicious insider threat activities within a network user profiles. The method includes determining a behavior pattern for each user profile based on activity events, wherein the determination of the behavior pattern is executed by a Recurrent Neural Network. The method includes determining normal activity events and abnormal activity events for each user profile based on the behavior patterns, wherein the determination of the normal activity events and the abnormal activity events is executed by a Feed-Forward Neural Network. The method includes evaluating whether a recorded activity event is a normal activity event or an abnormal activity event based on the behavior pattern and the determined normal activity events and abnormal events for that user profile. The method includes detecting malicious activity for the user profile, if the recorded activity event is evaluated as an abnormal activity event.

Abstract: Method for automatically protecting an object, a person, or an item of visual information from a risk of unwanted viewing by a third party, an unauthorized person and/or an image-recording device. The method includes the steps of: automatically detecting, by analyzing images from at least one Light Detection and Ranging (LIDAR) or from a camera arranged so as to cover a predefined surveillance area, the presence of a third party or of an unauthorized person and/or of the device in this area or nearby, the predefined surveillance area corresponding at least to an area from which the person or the device is capable of viewing the object, the person or the information, and in the event of positive detection, triggering a predefined action.

Abstract: Systems and corresponding methods employ an object-oriented (OO) memory (OOM) to effect inter-hardware-client (IHC) communication among a plurality of hardware clients included in same. A system comprises a centralized OOM and the plurality of hardware clients communicate, directly, to the centralized OOM device via OO message transactions. The centralized OOM device effects IHC communication among the plurality of hardware clients based on the OO message transactions. Another system comprises a plurality of OO memories (OOMs) capable of inter-object-oriented-memory-device communication. A hardware client communicates, directly, to a respective OOM device via OO message transactions. The inter-object-oriented-memory-device communication effects IHC communication among the plurality of hardware clients based on the OO message transactions.

Abstract: The described technology is generally directed towards homoglyph attack detection. A homoglyph attack detection service can create images of customer's protected domain names. A convolutional neural network can generate feature vectors based on the images. The feature vectors can be stored in a similarity search data store. Newly observed domain names can be compared to the customer's protected domain names, by also generating feature vectors for the newly observed domain names and conducting approximate nearest neighbor searches. Search results can be further evaluated by comparing protected domain names to newly observed domain names using a siamese neural network which applies a similarity threshold. Newly observed domain names that meet or exceed the similarity threshold can be flagged for further action.

Abstract: A method for determining a main chain of a blockchain, a device, and a storage medium. The method comprises: determining, on the basis of a detection result that it is detected that a blockchain has at least two fork chains, weights of blocks in the fork chains (110); determining, on the basis of the weights of the blocks comprised in the fork chains, the weights of the fork chains (120); and determining a main chain from the fork chains on the basis of the weights of the fork chains, and rolling back the fork chains except for the main chain (130).