Abstract: A cryptocurrency miner includes compute modules and a controller. Each compute module includes a stats store, a manager, and compute engines. The controller is coupled to the compute modules via a serial bus and distributes one or more jobs to the compute modules via the serial bus. Each manager distributes jobs received by its respective compute module among the compute engines of its respective compute module. Each compute engine processes a job and reports a candidate hit found by processing the job. Each manager validates a candidate hit reported by one of the compute engines of its respective compute module, reports the validated candidate hit to the controller; and updates statistical information in the stats store of its respective compute module based on validation of the candidate hit.

Abstract: Disclosed techniques include integrated cybersecurity state change buffer service. A plurality of network-connected cybersecurity threat protection applications is accessed. A background synchronization service is initiated. The background synchronization service receives status from at least one of the plurality of cybersecurity threat protection applications. The status comprises high-volume incoming status data. The status is monitored, using the background synchronization service. A real-time state change in the status is identified, based on the monitoring. The identifying a real-time state change includes quantifying incoming data associated with the status. An actionable response is triggered, based on the state change that was identified. The actionable response enables self-healing of a connected security orchestration, automation, and response (SOAR) application system. The status is processed, using the background synchronization service, to provide the actionable response.

Abstract: Systems and methods are provided for enhanced machine learning refinement and alert generation. An example method includes accessing datasets storing customer information reflecting transactions of customers. Individual risk scores are generated for the customers based on the customer information. Generating the risk score includes providing identified occurrences of scenario definitions and customer information as input to one or more machine learning models, the scenario definitions identifying occurrences of specific information reflected in the datasets, with the machine learning models assign respective risk scores to the customers. An interactive user interface is presented.

Abstract: An example system includes a processor to generate regular expressions representing textual pattern facets of sub-formats of a composite format, and a regular expression representing a composite textual pattern of the composite format based on sub-format and composition type. The processor can search the data using generated regular expression representing composite textual patterns to detect occurrences of candidate matches. The processor can recursively match and validate the detected occurrences with the composite format and hierarchically match and validate sub-formats in the detected occurrence. The processor can mask in place the detected occurrence of the composite format in the data using ranking-based integer format preserving masking.

Abstract: There is disclosed a system and method of detecting security threats for an enterprise, including: filtering a first set of endpoint metadata records to identify a subset of metadata records, wherein filtering includes identifying endpoint security metadata records that are uncommon in context of the enterprise; and designating the subset of metadata records as indicating a potential security threat including designating the subset of metadata records for human analysis.

Abstract: Techniques for a Software-Defined Networking (SDN) controller associated with a multisite network to implement jurisdictional data sovereignty polices in a multisite network, route network traffic flows between user sites and destination services over one or more provider sites, and/or perform a routing operation on the network traffic flow(s) based on the jurisdictional data sovereignty policies. The jurisdictional data sovereignty polices may be implemented using destination group tags (DGTs) and/or source group tags (SGTs). A secure access service edge (SASE) associated with the network controller may generate, store, and distribute the DGTs to provider sites and/or the SGTs to user sites. Based on the SGT and/or DGT associated with a network traffic flow, one or more services may be applied to the network traffic flow, and the network traffic flow may be routed through a particular region of a software-defined access (SDA) transit.

Abstract: This disclosure provides systems, methods and apparatuses for classifying traffic flow using a plurality of learning machines arranged in multiple hierarchical levels. A first learning machine may classify a first portion of the input stream as malicious based on a match with first classification rules, and a second learning machine may classify at least part of the first portion of the input stream as malicious based on a match with second classification rules. The at least part of the first portion of the input stream may be classified as malicious based on the matches in the first and second learning machines.

Abstract: Embodiments of the present disclosure are directed to a photonic implementation of a processor for keys update and hash generation for digital currency (e.g., bitcoin) transactions. The processor includes a first photonic circuit and a second photonic circuit coupled to the first photonic circuit via a set of optical connections. The first photonic circuit is configured to generate a plurality of new messages based at least in part on a plurality of input messages. During a plurality of operational cycles, the second photonic circuit is configured to receive, from the first photonic circuit via the set of optical connections, the plurality of new messages, and update a plurality of keys based at least in part on the received plurality of new messages. The second photonic circuit is further configured to generate at least one hash value based on the plurality of keys generated after the plurality of operational cycles.

Abstract: Techniques are disclosed for time constrained electronic request evaluation. A server system receives, from a computing device, a request submitted via an account, including a first set of characteristics associated with the request. The system executes a first machine-learning model to determine a first risk score for the request by inputting the first set of characteristics into the first model. The system generates an initial authentication decision for the request based on the first score and sends the decision to the device. The system executes a second, different machine-learning model to determine a second risk score for the request, by inputting the first set of characteristics and a second, different set of characteristics associated with the account into the second model. Based on the second score, the system determines a final authentication decision. The disclosed techniques may advantageously improve computer security and operations via identification of malicious electronic requests.

Abstract: A system and a method are for securing a protected host. A secure channel server receives a plurality of first packets transmitted over a first network, and analyzes the plurality of first packets to obtain an analysis information. The plurality of first packets include a plurality of encrypted second packets encrypted by a terminal data processing apparatus with a certificate issued by the secure channel server. The plurality of encrypted second packets relate to an application process executed by the terminal data processing apparatus and judged as a secure process. The plurality of first packets are selectively decrypted with the certificate according to the analysis information into a plurality of decrypted first packets. The secure channel server redirects, according to a selected redirection rule, the decrypted first packets or the first packets selectively via a second network to the protected host.

Abstract: A system (1) for asymmetrical cryptography, comprising a device (10) and a network storage (30), wherein the device is communicatively connected to the network storage, wherein the network storage is configured to store a private key, wherein the device is configured to retrieve the private key from the network storage to perform a cryptographic operation using the private key in a secure execution environment (12) of the device, and wherein the secure execution environment is configured to only temporarily store the private key for the cryptographic operation.

Abstract: A method and a system for phishing detection includes converting unauthenticated web content to a browser image, determining that the browser image has a visual similarity to visual characteristics of a legitimate website, determining that a top-level domain (TLD) of the unauthenticated web content is different from a TLD of the legitimate website, and responsively determining that the unauthenticated web content is a phishing attack.

Abstract: Building and using a smart contract in order to resolve the isolation between database users and service operators for hyper-protect database as a service (DBaaS). The use of the smart contract in the hyper-protect DBaaS environment allows the service operator to perform operations on sensitive and secure data in the database owned by a user without necessarily revealing the content of the sensitive and secure data.

Abstract: Aspects of secure inter-application data communications are described. In one example, a first application executing on a computing device obtains an identity certificate. The identity certificate can include a unique identifier of the computing device and a public key of the first application. To obtain the public keys of other applications executing on the computing device, the first application can query a management computing environment using the identity certificate. Once the computing device is authenticated by the management computing environment, the management computing environment can store the public key of the first application and return any public keys of other applications executing on the computing device. Once the public keys have been exchanged between the applications, the applications can encrypt and sign data packages for secure data communications between each other.

Abstract: An information processing system includes a linkage database in which a person is linked with a property; a person database in which the person is associated with a role of the person and one or more functions that can be used by the person; a property database in which the property is associated with one or more functions used in the property; a first permission management unit configured to manage one or more functions that can be used by the person in the property, by using the person database and the property database; and a second permission management unit configured to manage one or more properties whose information can be accessed by the person, by using the linkage database.

Abstract: Disclosed herein are devices, systems, and methods for the intelligent fuzzing of cyber-physical systems, including the use of artificial intelligence (AI) for such fuzzing. In at least one embodiment, a method is disclosed for intelligent fuzzing, which includes the steps of (1) characterizing “normal” behavior of the cyber-physical system being tested, which may include, for example, utilization of a causal model to analyze causal relationships between various messages sent to and/or from the system being tested, (2) identifying dependency relationships between these various messages and/or generating a dependency graph for the messages, and (3) fuzzing an incoming message from the system under test. The fuzzing process may include querying the causal model to determine if the message is contained within the model. Fuzzing may further include altering the message's contents by, for instance, randomly manipulating particular message fields and/or replacing letters with other letters.

Abstract: A method includes accessing events associated with a network and determining an issue based on a correlation of a portion of the events, wherein the issue represents an incident associated with the portion of the events, and wherein the correlation of the portion of the events is based on information associated with the network and at least in part on an event type of the portion of the events. A priority associated with the issue is determined at least based on the event type of the portion of the events. A first event type that is associated with an operational technology (OT) entity has a higher priority than a second event type that is not associated with the OT entity. Data associated with the issue is stored.

Abstract: Adversarial attack detection operations may be applied on one or more deep generative models for defending deep generative models from adversarial attacks. The adversarial attack may be detected on the one or more deep generative models based on the one or more of a plurality of adversarial attack detection operations. The one or more deep generative models may be sanitized based on the adversarial attack.

Abstract: Described are techniques for presentation attack detection including a computer-implemented method of emitting a predetermined frequency pattern using at least one speaker communicatively coupled to a computer implementing a video-conference. The computer-implemented method further comprises collecting, by a camera communicatively coupled to the computer and overlapping with the emitting the predetermined frequency pattern, video data of a user engaged in the video-conference. The computer-implemented method further comprises determining that the video data is inconsistent with an expected response to the predetermined frequency pattern. The computer-implemented method further comprises generating an indication that the user engaged in the video-conference is performing a presentation attack.

Abstract: Aspects of the disclosure relate to monitoring a computing network to determine data exfiltration. A computing platform may use time-series modeling to determine anomalous network activity with respect to outgoing data. Additional aspects of this disclosure relate to analysis of web activities associated with a user to determine compromised user accounts/devices. The computing platform may use domain categorization to determine if web activity associated with a user is anomalous.