Abstract: A cyber security system includes a plurality of event sensors to detect events, a plurality of inference servers, and a server in communication with the plurality of inference servers. Each inference server of the plurality is in communication with a subset of event sensors of the plurality of event sensors. Each inference server has a portion of an event lattice and is to compare the event detected by the subset of event sensors to the event lattice. Each inference server is to identify an originator having a behavior pattern indicative of an attack and communicating an identifier associated with the originator. The server is to provide an interface indicating the behavior pattern indicative of an attack and the identifier of the originator.

Abstract: A domain security assurance system includes a computing platform having processing hardware and a memory storing software code. The processing hardware is configured to execute the software code to obtain domain inventory data identifying multiple domains, to predict, using the domain inventory data, which of the domains are owned by the same entity to identify commonly owned domains, and to determine, using the domain inventory data and the commonly owned domains, which of the commonly owned domains are controlled by the same administrator to identify one or more group(s) of commonly administered domains. When executed, the software code also removes, using the domain inventory data, duplicate domains included in the group(s) to identify non-duplicate domains, evaluates a susceptibility of each of the non-duplicate domains to a cyber-attack to identify one or more target domain(s) vulnerable to the cyber-attack, and identifies the target domain(s) for a security assessment.

Abstract: Methods, non-transitory computer readable media, protection server apparatuses, and network security systems that improve network security for web applications by mitigating cyberattacks that cause the exfiltration of data are illustrated. With this technology, network request(s) are received from a client that specify domain(s) to which the client has sent data during rendering of a webpage. The webpage includes instrumentation code configured to intercept and post the network requests. A determination is then mage when one of the domain(s) is a malicious domain. Interceptor code is generated based on a type of attack that is associated with the one of the domains, when the determination indicates the one of the domains is a malicious domain. The instrumentation code is then updated to include the interceptor code. The interceptor code is configured to mitigate the attack when the webpage is subsequently rendered by another client.

Abstract: Embodiments of the present invention use a limited-use public/private key pair to encrypt and decrypt messages sent through an intermediary. The messages may contain sensitive information and may be transmitted between entities over one or more networks. In some embodiments, the entities and/or the networks may be untrusted. Nevertheless, the content of the messages may remain protected by virtue of the limited-use key pair infrastructure.

Abstract: The disclosure provides an approach for detecting and preventing attacks in a network. Embodiments include determining a plurality of network behaviors of a process by monitoring the process. Embodiments include generating a plurality of intended states for the process based on subsets of the plurality of network behaviors. Embodiments include determining a plurality of intended state clusters by applying a clustering technique to the plurality of intended states. Embodiments include determining a state of the process. Embodiments include identifying a given cluster of the plurality of intended state clusters that corresponds to the state of the process. Embodiments include selecting a novelty detection technique based on a size of the given cluster. Embodiments include using the novelty detection technique to determine, based on the given cluster and the state of the process, whether to generate a security alert for the process.

Abstract: Embodiments for securing fine timing measurement (FTM) communications are described. FTM communications include FTM frames sent and received from an initiating station (ISTA) and a responding station (RSTA). The RSTA records a plurality of parameters associated with the FTM frames and uses the plurality of parameters to learn and identify a device profile for the ISTA. The device profile is used to determine a behavior filter for the FTM from the ISTA and the RSTA filters FTM traffic according to the behavior filter to prevent malicious attacks in the FTM communications.

Abstract: In an example aspect, a method includes receiving a plurality of login attempts from a network address over a length of time, querying log data to determine, for the network address, an average number of login failures of the plurality of login attempts over the length of time, calculating a failure rate metric based on the average number of login failures, determining that the failure rate metric exceeds a reference number of login failures for the length of time, the reference number of login failures based on a historical average number of login failures for the length of time, and based in part on the determining, adding the network address to a system deny list.

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed to securely audit communications. An example apparatus includes a participant list generator to, responsive to a command to provision a secured group of devices in a network to prevent malicious activity, generate a participant device list including one or more endpoint devices and a control plane server; a privilege controller to, based on a policy indicated in the command, set read and write privileges for the one or more endpoint devices and the control plane server; a command controller to, based on the command, determine whether to generate a shared communication key using a shared system key; and a communication processor to encrypt communications between the one or more endpoint devices and the control plane server using the shared communication key.

Abstract: A system and method for determining a point in time compliance status of a computing system with a security guideline standard (SGS) wherein the computing system has a command line shell available through a native operating system, the method comprising inputting into a host computer of the computing system a SGS package that represents a scripted SGS that is a non-text file and is encrypted that provides instructions for an evaluation of a computing system's compliance with the SGS under consideration wherein the SGS package performs at least a portion of an automated evaluation of a compliance status at the point in time of the computing system under consideration when the SGS package is decrypted by the computing system; sending a command query from the decrypted SGS package to the selected device of the computer system; compiling in a locally hosted database of the host computer compliance results sent from the selected device of the computing system in response to the command query from the decrypted SGS

Abstract: A method of generating a trusted chain code (“TCC”) message, comprising: receiving a smart contract whose execution causes a transfer of value in response to at least one of an occurrence of an event or a fulfillment of a condition, wherein the smart contract is digitally signed by a first entity private key and a second entity private key; generating a chain code comprising a hash of a chain code of the smart contract, the chain code corresponding to at least one of an occurrence of an event or a fulfillment of a condition of the smart contract; and posting the TCC message to a distributed ledger, wherein an execution of a portion of the chain code in response to at least one of the occurrence of the event or the fulfillment of the condition is validated against corresponding chain code in the chain code manifest.

Abstract: Aspects described herein may allow for the generation of a message to be sent to an intended recipient of a request for a communication session prior the initiation of the communication session. The system may monitor applications and associated devices to determine the initiation of the communication session. Based on such a determination, the system may generate a message to be presented to a communication initiating user and to be sent to an intended recipient of the communication session. The system may determine data for the message based on an analysis of the data associated with the communication initiating user, and the system may apply a machine learning model to generate draft messages for the user. Messages may be generated to authenticate a user with an intended recipient of the communication session.

Abstract: Systems and methods include obtaining telemetry from a plurality of security agents each operating on a device in a network, wherein the telemetry is collected locally related to datagram protocol packets; analyzing the telemetry to determine applications associated with the datagram protocol packets flowing in the network and virtual circuits between each of the applications; determining enforcement policies for each application that communicates with other applications over a datagram protocol; and providing the enforcement policies to the plurality of security agents for allowing and blocking communications associated with the datagram protocol.

Abstract: A method, computing device and system are disclosed for evaluating security of virtual infrastructures of tenants in a cloud environment. At least one security metric may be calculated for virtual infrastructures of a tenant based on information associated with at least one virtual resource of the first tenant and at least one interaction of the at least one virtual resource of the first tenant with at least one virtual resource of at least one other tenant in a multi-tenant virtualized infrastructure. At least one security parameter may be evaluated for the first tenant based at least in part on at least one of the at least one calculated security metric for monitoring a security level of the first tenant relative to the at least one other tenant in the multi-tenant virtualized infrastructure.

Abstract: Systems and methods are provided for smart-landmark-based positioning. Such methods may include detecting, using a sensor mounted on a vehicle, a landmark object, obtaining landmark information of the detected landmark object, the landmark information including identification of the landmark object and an encrypted location of the landmark object, transmitting, from the vehicle over a wireless network, a query including at least part of the obtained landmark information, receiving, by the vehicle over the wireless network, a query response including additional information of the landmark.

Abstract: Provided herein are identification of a distributed denial of service attack and automatic implementation of preventive measures to halt the distributed denial of service attack. At substantially the same time as the attack, valid users/customers (e.g., devices) are provided quality of service and continued access to a website experiencing the distributed denial of service attack. Further, service to temporary or unknown users (e.g., devices) with public access to the website is suspended during the duration of the distributed denial of service attack.

Abstract: A method of registering a person as an authorized user of a portable device includes acquiring biometric data or a combination of pieces of biometric data of a person, encrypting the acquired biometric data or the combination of pieces of biometric data of the person, generating a code from the encrypted biometric data or the combination of pieces of biometric data of the person, inserting the code in an extension field of a public key certificate stored in the portable device, generating a private key and a public key that corresponds to the private key, based on the public key certificate, wherein the private key contains the code, transmitting the public key to a remote entity that is in communication with the portable device, thereby enabling the remote entity to register the person as an authorized user of the portable device, and modifying the public key to generate a modified public key configured to be used in case that the remote entity is disconnected from a service providing server.

Abstract: A method of registering a person as an authorized user of a portable device includes acquiring biometric data or a combination of pieces of biometric data of a person, encrypting the acquired biometric data or the combination of pieces of biometric data, generating a code from the encrypted biometric data or the combination of pieces of biometric data, inserting the code in an extension field of a public key certificate stored in the portable device, generating a private key and a public key that corresponds to the private key, based on the public key certificate, wherein the private key contains the code, and transmitting the public key to a remote entity, thereby enabling the remote entity to register the person as an authorized user of the portable device. The extension field of the public key certificate further contains a code associated with identification information of the person.

Abstract: Provided is a process for mobile-initiated authentications to web services. Credential values of the user are established within a trusted execution environment of the mobile device and representations are transmitted to a server. The user of the mobile device may authenticate with the mobile device to the server, which may convey access to a web-based service from a relying device. The server may pass credentials corresponding to the web-service received from the mobile device and verified to permit user access to the web-service to the relying device. The relying device presents credentials to the web-service to login, authenticate, or otherwise obtain user-level permission for the user on the relying device. The user of the mobile device may authenticate with the mobile device to the server, and may initiate the authentication process from the mobile device, without inputting credentials corresponding to the web-service on the relying device.

Abstract: Various embodiments are generally directed to detecting fraudulent activity on a user account based at least in part on a dynamic fraudulent user blacklist. The fraudulent activity may be identified based on a similarity of forensic profiling across multiple user accounts, for example, fraudulent activity occurring by the same fraudster or perpetrator may have a similar or identical fraudulent pattern across the multiple user accounts. By identifying the fraudulent user patterns associated the same fraudster and dynamically updating a blacklist to include these fraudulent user patterns, the same types of attacks may be prevented on the other existing user accounts.

Abstract: A system for identifying missing organizational security detection system rules, the system includes at least one processing circuitry configured to provide a known cyber-attack techniques repository including information of known cyber-attack techniques and required SIEM (or any other organizational security detection system such as EDR, firewall, etc.) rules required for protecting against each of the known cyber-attack techniques, the known rules being in a generic SIEM rules format; obtain existing SIEM rules of a SIEM of an organization, the existing SIEM rules being in a vendor-specific language, other than the generic SIEM rules format; translate the existing SIEM rules to the generic SIEM rules format, using a translation system, giving rise to translated SIEM rules; compare the translated SIEM rules to the required SIEM rules to identify missing rules, being the required SIEM rules not included in the translated SIEM rules.