Abstract: A cybersecurity service protects endpoint devices from cybersecurity attacks. The cybersecurity service deploys cybersecurity attack feature vectors to agents in the field. The cybersecurity attack feature vectors are created in the cloud to efficiently describe observed groups of cybersecurity attacks. One method to assemble these is to generate clustering centroids for the observed groups. Each agent monitors its host according to the cybersecurity attack feature vectors. Each agent monitors its host's event behaviors and locally extracts an event behavior feature vector. The agent compares the cybersecurity attack feature vectors to the event behavior feature vector and, if similarity is determined, then the agent determines that the host's event behaviors are evidence of a cybersecurity attack. The agent may implement threat procedures, such as suspending/terminating the event behaviors and generating alerts.

Abstract: The invention provides a method for transmission of sensitive information via an untrusted party. The sensitive information is held by a trusted computer and is transmitted via an untrusted computer to a recipient computer. Before transmission, the trusted computer encrypts the sensitive information using an encryption key that is associated with the recipient computer. The untrusted computer does not have access to a corresponding decryption key and is therefore unable to decrypt the sensitive information. The recipient computer is able to decrypt the encrypted sensitive information using a decryption key that it has access to and is thus able to gain access to the sensitive information without further communication with the trusted computer. This method has utility in payment transactions, particularly e-commerce transactions.

Abstract: Methods, systems, and computer storage media for providing a local protocol server associated with a secure networking engine that provides client-side forwarding in a secure networking system. The local protocol server (e.g., local TCP/UDP server)—on a client device—operates based on client-side forwarding operations that include: IP assignment, operating system (OS) routing, destination network address translation, and original destination retrieval to support accessing a network resource (e.g., socket connection) on the client device and support communications between client applications on the client device and the local protocol server on the same client device. In this way, the local protocol server supports communications of a diverse set of data traffic or network traffic (e.g.

Abstract: Technologies for secure multi-party computation include computing first double-encrypted data, computing second double-encrypted data, and, in a trusted execution environment, executing a query on the first double-encrypted data and the second double encrypted data to create a query-processed double-encrypted data set. The trusted execution environment can provide the query-processed double-encrypted data set to a requester such as another computer, system, or process.

Abstract: A system for hosting a virtual environment-to-virtual environment interaction session receives a request to grant access to a particular location in a host virtual environment. The request includes avatar information associated with a first avatar in a first virtual environment. The system generates a software token that uniquely identifies the particular location in the host virtual environment. The system communicates the software token to a computing device associated with a first virtual environment. The system detects that the first avatar presents the software token to gain access to the particular location in the host virtual environment. The system determines that the software token is valid. The system hosts an interaction session between the first avatar and a second avatar associated with the host virtual environment in the particular location of the host virtual environment.

Abstract: Systems and methods are described for synergistically combining network security technologies to improve automated response to security incidents. An endpoint security agent running on the endpoint device detects an incident, generates a security incident alert by proactively collecting data regarding the incident, and causes a network access control (NAC) agent to execute an automated network operation based on the security incident alert. In an embodiment, a security device is operable to use EDR data and NAC data in combination to improve asset discovery. The security device may use the EDR data and the NAC data in combination for performing deep vulnerability assessment and taking remedial actions.

Abstract: A trained machine learning model distinguishes between human-driven accounts and machine-driven accounts by performing anomaly detection based on sign-in data and optionally also based on directory data. This machine versus human distinction supports security improvements that apply security controls and other risk management tools and techniques which are specifically tailored to the kind of account being secured. Formulation heuristics can improve account classification accuracy by supplementing a machine learning model anomaly detection result, e.g., based on directory information, kind of IP address, kind of authentication, or various sign-in source characteristics. Machine-driven accounts masquerading as human-driven may be identified as machine-driven. Reviewed classifications may serve as feedback to improve the model's accuracy. A precursor machine learning model may generate training data for training a production account classification machine learning model.

Abstract: The present disclosure relates to methods, devices, and systems for generating a signature of a message by a first device based on a secret key and a public key. The method includes generating a first parameter based on a first multiplication operation on the secret key and a first random number. The method further includes generating a first electronic signature based on the first parameter and the public key. The method further includes generating a second parameter based on the first random number, a second random number, and the message. The method further includes generating a second electronic signature based on the first parameter, the second parameter, the second random number, and the first electronic signature. The method further includes outputting, to a second device, the message, the first electronic signature, and the second electronic signature.

Abstract: Systems are provided for generating, modifying and using SBOMs for facilitating risk assessment and threat mitigation for corresponding programs, and particularly for large programming builds. The creation and modification of the SBOMs includes processes for omitting declarations referenced in chunk SBOMs of program chunks incorporated into a final programming build associated with a build SBOM, but which are not actually utilized by the final programming build, as well as processes for adding new declarations for code segments that are not declared in the related chunk SBOMs, even though the code segments are utilized by the final programming build. Systems are also configured to use SBOMs in combination with configuration restriction records to assess and resolve threat events in a manner that can prevent unnecessary remedial actions for threat events that appear to be relevant to one or more files or dependencies incorporated into a program.

Abstract: A cryptosystem processor includes a twiddle factor memory, a SRDGT BFU, and a SPN. The twiddle factor memory has ZETA ports. The at least one SRDGT BFU has six input ports and four output ports and switchable among operation in DGT/IDGT/CWM mode, in which two of the input ports electrically communicate with the ZETA ports, respectively. The SRDGT BFU is configured to read and write two data points when working under the DGT/IDGT mode and is configured to read and write four data points when working under the CWM mode. The SPN electrically communicates with the SRDGT BFU and has at least one dual-port BRAM serving as memory cache configured to store polynomial, in which the SPN is configured to support the required number of data points reading or writing per cycle in the DGT/IDGT/CWM mode.

Abstract: Systems, apparatuses, and methods for managing privacy of data are provided. The method includes providing at least one processor in communication with the at least one database, a memory device including readable instructions, and at least one of an agent device and a user device in communication with the at least one processor via a network connection; receiving at least one communication request related to user data; collecting usage data of the user data; and transmitting the communication containing the usage data to a user.

Abstract: Provided is a system, method and API that provides HSM customers with an ability to request different levels of service for any cryptographic workload. It provides the customer with an API that by way of a Class of Service (CoS) attribute signals a higher class/level of service at the application level, such as a faster response time, for example, certain time-sensitive or high priority requests, that are not currently available in HSM deployments. The CoS attribute resides at the application level and provides developers of crypto API client application to prioritize crypto transaction performance.

Abstract: Embodiments of this application provide a key update method and a related apparatus. One example method includes: sending a first key update request to a second node, where the first key update request includes a first key negotiation parameter and first identity authentication information, and the first identity authentication information is generated by using a first shared key; receiving a first response message from the second node, where the first response message includes second identity authentication information; performing verification on the second identity authentication information by using the first shared key; and if the verification on the second identity authentication information succeeds, determining a first target key based on the first key negotiation parameter.

Abstract: A method and system are provided for detecting malicious code using graph neural networks. A call graph is created from the computer code by identifying functions in the computer code and vectorizing the identified functions using a stream of application programming interfaces (APIs) called by the functions and using tokens generated for the functions using a byte pair tokenizer. A trained graph neural network (GNN) and a trained attention neural network are applied to the call graph to generate an output graph with each node representing a function and each node assigned weights based on a probability distribution of the maliciousness of the corresponding function. A graph embedding is generated by calculating a weighted sum of the assigned weights and a trained deep neural network is applied to the graph embedding to generate a malicious score for the computer code identifying the computer code as malicious or benign.

Abstract: An anomaly detection system is disclosed capable of reporting anomalous processes or hosts in a computer network using machine learning models trained using unsupervised training techniques. In embodiments, the system assigns observed processes to a set of process categories based on the file system path of the program executed by the process. The system extracts a feature vector for each process or host from the observation records and applies the machine learning models to the feature vectors to determine an outlier metric each process or host. The processes or hosts with the highest outlier metrics are reported as detected anomalies to be further examined by security analysts. In embodiments, the machine learnings models may be periodically retrained based on new observation records using unsupervised machine learning techniques. Accordingly, the system allows the models to learn from newly observed data without requiring the new data to be manually labeled by humans.

Abstract: Computing system defenses to rotating IP addresses by malicious entities during computing attacks are disclosed. An online entity may utilize a framework having computing operations for detecting and protecting from computing attacks using IP address rotation through multiple IP addresses to hide the malicious conduct. The threat detection system and framework may perform processes that indicate whether IP addresses are correlated and being used in the same computing operations, which may be malicious or fraudulent. If correlated, the framework may further determine that the IP addresses are being used to perpetrate the same or similar computing attack from a malicious actor. The framework may the execute one or more processes to protect from the computing attack that uses the rotation of IP addresses, including IP address blocking, manual challenges, and changing status code identifiers for webpage access requests.

Abstract: An initial risk of an electronic message is determined. Based on the initial risk, it is determined whether to modify the electronic message. In an event it is determined to modify the electronic message: the electronic message is modified; the modified electronic message is allowed to be delivered to an intended recipient of the electronic message; a secondary computer security risk assessment of the electronic message is automatically performed; and based on the secondary computer security risk assessment, the modified message is updated.

Abstract: Systems are provided for improving computer security systems that are based on user risk scores. These systems can be used to improve both the accuracy and usability of the user risk scores by applying multiple tiers of machine learning to different the user risk profile components used to generate the user risk scores and in such a manner as to dynamically generate and modify the corresponding user risk scores.

Abstract: Systems and methods for efficient computation of stream ciphers. An example system for implementing a stream cipher, may comprise: a sub-round computation circuit of a first type configured to perform a subset of transformations of a cipher computation round on a round input state, each transformation of the subset of transformations including at least one of: a bitwise addition operation, a bitwise exclusive disjunction operation, or a bitwise rotation operation. The sub-round computation circuit of the first type may comprise: one or more of sub-round computation circuits of a second type, wherein each sub-round computation circuit of the second type is configured to perform the subset of transformations of the cipher computation round on a respective part of the round input state.

Abstract: Techniques for allowing third-party DNS service providers to programmatically initiate changes to DNS resource records using an interface provided by a registrar or registry are disclosed. Further, techniques for validating change requests received at such an interface are disclosed. The disclosed techniques reduce errors and increase convenience.