Abstract: Upon receiving malware detection rules that are to be identified with respect to an input traffic stream, a rule database that requires less storage capacity than the malware detection rules is generated by substituting tokens for selected symbol strings within the malware detection rules. A compressed traffic stream is generated by substituting the tokens for instances of the selected symbol strings within the input traffic stream, and then compared with the rule database to determine whether the input traffic stream contains one or more symbol sequences that correspond to any of the malware detection rules.

Abstract: In some examples, in response to a reset of an electronic device, a method disables hardware write locking of a first region in a non-volatile memory, and executes a first boot code portion from the first region to begin a boot procedure. The executed first boot code portion checks whether an update code for the first boot code portion exists. In response to determining that no update code for the first boot code portion exists, the executed first boot code portion causes hardware write locking of the first region. After causing the hardware write locking of the first region, the boot procedure continues, the boot procedure comprising verifying an integrity of a second boot code portion.

Abstract: Examples associated with application approval are described. One example includes receiving an application package. The application package contains an application from a service provider and a privacy description for the application from a review provider. The application operates on private data controlled by a user. The application package is validated to ensure components of the application package is properly credentialed. An application summary for the user is generated from the privacy description. The application summary describes what portions of private data will be accessed by the application and how portions of the private data will be transmitted. An authorization is received from the user, and execution of the application is controlled based on the authorization of the user.

Abstract: Example methods are provided for filter-based control information query in a software-defined networking (SDN) environment that includes a host and a network management entity. One example method may comprise identifying a first query key for the host to query for control information associated with the first query key from the network management entity; and applying a set membership filter to determine whether the first query key is possibly a member of a set of second query keys that are known to the network management entity. The method may also comprise, in response to determination that the first query key is possibly a member of the set of second query keys, generating and sending a query message to the network management entity over a control-plane channel to query for the control information associated with the first query key.

Abstract: An event interface system facilitates the creation of a blockchain object and deployment of the blockchain object on a blockchain. The system also provides an interface between events that may affect the blockchain object and the blockchain object stored on the blockchain. Additionally, the system can monitor a state of the blockchain object and control interactions with the blockchain object and updates to the blockchain object according to the determined state.

Abstract: The disclosed computer-implemented method for generating passwords may include (i) accessing a vault of confidential information describing a user, (ii) extracting, from the vault, a set of multiple items of confidential information describing the user, (iii) executing a programmed heuristic on the set of multiple items of confidential information to generate multiple candidate passwords that each derives from a respective semirandom permutation of the multiple items of confidential information, and (iv) displaying electronically the multiple candidate passwords to the user to enable the user to select a password from the multiple candidate passwords as a specific password for accessing a protected computing resource. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

Abstract: A reference message deciding method used in unauthorized communication detection. The deciding method includes: identifying, from information relating to an attack message on the onboard network system, a communication pattern indicating features related to change in data values or communication timing of an attack message; determining whether or not a message sent out onto the network matches a communication pattern identified in the identifying; and deciding a reference message used in determining whether or not the message sent out is an attack message, using determination results of the determining.

Abstract: Systems and methods are provided herein for dynamic, non-invasive taint tracking using auto-generated datatypes. A proxy entry point component of a taint-aware environment continuously monitors for a request to initiate an application. The application has an associated runtime environment and profile parameters specific to the application. Upon identifying the request, a core component of the taint-aware environment generates a set of augmented classes based on the profile parameters. The set of augmented classes contains taint-tracking functionality. The proxy entry point component modifies an initiation pathway of the application to force the runtime environment to retrieve the set of augmented classes prior to execution of the application. The runtime environment continuously monitors for tainted data or tainted code passed through or contained within the application based on the taint-tracking functionality of the set of augmented classes.

Abstract: The subject disclosure relates to methods of sharing resources across multiple devices in online meetings. A server manages an online meeting, in which a first client device, a second client device, and a third client device participate. The first client device is a primary device associated with a first user, the second client device is a secondary device associated with the first user, and the third client device is associated with a second user. The server receives from the first client device a command for the second client device to share a resource with the third client device. The server forwards the command to the second device. Next, the server receives data associated with the resource, the data being sent from the second client device in response to the command. The server then forwards the data to the third client device. Systems and computer readable media are also provided.

Abstract: Disclosed are methods, apparatus, systems and computer program products for database system communications with external content management data sources. In some implementations, the data sources are identified in a user interface. An authorization selection enables authorization of a given identified data source, and a customization selection enables customization of one or more search settings for searching content of the data source. Persistent objects representing content objects of the data sources can be stored in one or more databases. A database search can be performed on both native database files and the persistent objects.

Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

Abstract: In one embodiment, an elimination point device in a network obtains a master secret from a network controller. The elimination point device assesses, using the master secret, whether an incoming packet received by the elimination point device from a redundant path between the elimination point device and a replication point device in the network includes a valid message integrity check (MIC). The elimination point device determines whether the incoming packet was injected maliciously into the redundant path, based on the assessment of the incoming packet. The elimination point device initiates performance of a mitigation action in the network, when the elimination point device determines that the incoming packet was injected maliciously into the redundant path.

Abstract: A system may use metadata to identify and extract specific upstream data, provision data batches, and provide dynamic downstream data access. Workflow data is received by the system from a business process management application and modeled for downstream use. Use of a data staging engine includes utilization of a metadata repository that assists with the extraction, organization, transformation and loading of workflow data from a proprietary format to a modeled relational format. A self-service batch provisioning tool enables users and applications to request and receive batch payloads in an automated fashion. Users are presented with a graphical interface for submitting authorization credentials and justifications for workflow data request. Scope of accessible workflow data based on user-provided credentials and justifications are presented via the graphical interface and allow the user to select specific data subcategories for batch provisioning.

Abstract: Certain aspects of the present disclosure provide techniques for encrypting fields in a profile. One example method generally includes adding a profile associated with a user to a profile snapshot queue and receiving an update to the profile from the user. The method further includes encrypting updated fields of the profile with private keys and encrypting the private keys with a public key of a first consumer of a plurality of consumers to generate encrypted keys. The method further includes storing the encrypted keys in a header of the update and adding the update to a live update queue. The method further includes receiving a request by the first consumer to access the profile, transmitting the profile from the profile snapshot queue to the first consumer and transmitting the update from the live update queue to the first consumer.

Abstract: In a network that includes a client, a server and one or more proxy entities that intercept network traffic between the client and the server, a computer-implemented method is provided including: establishing trust with a permissioned distributed database; computing hashes from packet payloads of network traffic originated, intercepted or received; storing the hashes to the permissioned distributed database so that the permissioned distributed database maintains hashes computed from packets of the network traffic originated, intercepted or received by the client, server and the one or more proxy entities; and validating the hashes by comparing, with each other, the hashes stored to the permissioned distributed database by the client, server and the one or more proxy entities to determine whether any packet payload of the network traffic was modified in transit.

Abstract: Non-limiting embodiments of the present technology are directed to a field of computer science, and particularly to the methods and systems for remote access detection when browsing web resource pages. A method comprises receiving data representative of a periodicity of a computer mouse movement events; generating a statistical model, the statistical model representative of a typical periodicity of the computer mouse movement events associated with a legitimate user of the electronic device; receiving an indication of computer mouse movement events from the electronic device during a browsing session of the web resource; comparing a periodicity of the computer mouse movement events with the statistical model; in response to detecting a deviation in computer mouse movement events, generating a notification determining a presence of a remote connection to the browsing session; transmitting the notification to an entity associated with the web resources.

Abstract: According to some aspects, disclosed methods and systems may comprise generating a profile that is based on monitoring a communication pattern associated with a device. Subsequent communications associated with the device may be monitored. Based on the profile and the subsequent communication, a security status may be associated with the device.

Abstract: An automation system comprises a local threat information server operating within automation plant and a plurality of field devices operating at a control layer of the automation plant. The local threat information server is configured to: receive threat information from one or more external sources, receive plant information from one or more internal sources, set a threat level according to one or more of the threat information and the plant information, and distribute an indication of the threat level to one or more control layer devices. Each respective field device is configured to: receive the indication of the threat level, identify one or more security operations corresponding to the threat level, and execute the one or more security operations.

Abstract: Techniques are disclosed relating to automating permission requests, e.g., in the context of multi-factor authentication. A mobile device may allow a user to automate responses to future permission requests for multi-factor authentication procedures. The mobile device may automatically respond to subsequent permission requests based on one or more automation criteria. Authorized actions may include login, transaction approval, physical access, vehicle ignition, account recovery, etc. The automation criteria may include location, acceleration, velocity, wireless connectivity, proximity to another device, temperature, lighting, noise, time, biometrics, altitude, pressure, image characteristics, etc. Disclosed techniques may increase authorization security while reducing user interaction for multi-factor authentication, in some embodiments.