Abstract: A video gateway device at a worksite (or other location) automatically locates cameras on the network, authenticates the gateway device with the cameras, and initiates streaming of a video stream (and/or other camera sensor data) from the cameras. For example, a worksite with existing cameras from multiple manufacturers, models, and/or capabilities may all be automatically registered with the video gateway devices through a series of automated communication and authentication attempts.

Abstract: A system and method for operating a terminal facility handling containers may comprise: a sensor set sensing containers entering and/or exiting the facility for providing container identification data and location data to a relational database; and container handling equipment having a sensor set for providing container identification data and location data to the database when a container is grasped and/or released. Sensors may sense when the equipment grasps and/or releases a container for storing a record thereof in the database, and/or geo-tagged identification data and location data relating to carriers that are to pick up and/or to deliver a container is received and stored as records in the database. The relational database contains records representing the current location of each container and each container handling equipment substantially in real time and can estimate arrival time.

Abstract: Techniques described herein can allow users to share cached results of an original query with other users while protecting sensitive information. The techniques described herein can check whether the other users have access to the underlying data queried before allowing those users to see the stored query results. That is, the system may perform privilege checks on the shared users before giving them access to the stored query results but without having to re-run the original query.

Abstract: A method for securing data in a storage grid is provided. The method includes generating a storage key from key shares of at least two storage clusters of a storage grid having at least three storage clusters and generating a grid key from the storage key and an external secret. The method includes encrypting data with the grid key to yield once encrypted data and encrypting the once encrypted data with the storage key to yield twice encrypted data. The method includes storing the twice encrypted data in a first storage cluster of the storage grid and storing the twice encrypted data in a second storage cluster of the storage grid, wherein at least one method operation is performed by a processor.

Abstract: An approach for detecting anomalous flows in a network using header field entropy. This can be useful in detecting anomalous or malicious traffic that may attempt to “hide” or inject itself into legitimate flows. A malicious endpoint might attempt to send a control message in underutilized header fields or might try to inject illegitimate data into a legitimate flow. These illegitimate flows will likely demonstrate header field entropy that is higher than legitimate flows. Detecting anomalous flows using header field entropy can help detect malicious endpoints.

Abstract: In general, various aspects of the present invention provide methods, apparatuses, systems, computing devices, computing entities, and/or the like for mapping the existence of target data within computing systems in a manner that does not expose the target data to potential data-related incidents. In accordance with various aspects, a method is provided that comprises: receiving a source dataset that comprises a label assigned to a data element used by a data source in handling target data that identifies a type of target data and data samples gathered for the data element; determining, based on the label, that the data samples are to be anonymized; generating supplemental anonymizing data samples associated with the label that comprise fictitious occurrences of the type of the target data; generating a review dataset comprising the supplemental anonymizing data samples intermingled with the data samples; and sending the review dataset to a review computing system.

Abstract: A method at a network element for monitoring user plane traffic for a user equipment, the method including configuring a set of characteristics and a range of values for each of the set of characteristics for user plane traffic between the user equipment and the network element; monitoring user plane traffic for the user equipment at the network element, the monitoring determining whether at least one characteristic of the user plane traffic falls outside of the configured range of a values, resulting in a characteristic violation; and if the at least one characteristic of the user plane traffic falls outside the configured range of a values, performing an action resulting from the characteristic violation.

Abstract: A cybersecurity solution that includes a system, method, or computer program for detecting and remediating malicious code in a communicating device on a computer network that connects to the Internet through a proxy server. The solution includes an operating system arranged to monitor all computing resource (CR) processes on an operating system kernel on the communicating device, determine process parameters for each CR process, determine whether each CR process is a connecting CR process by determining whether it is connecting to the proxy server, compare at least one of the process parameters for each connecting CR process with a whitelist, generate an event notification when at least one process parameter for a connecting CR process does not match the whitelist, and remediate the connecting CR process that has the at least one process parameter.

Abstract: Methods for detecting insider threats are disclosed. A method includes collecting server access data and application access data, based on the server access data and the application access data, determining nearest neighbors of an employee, and based on the nearest neighbors of the employee, determining a peer group of the employee, determining an average rank distance (ARD) of the nearest neighbors based on a ranking of the nearest neighbors in a plurality of time periods, identifying ARD gaps between the nearest neighbors, and generating scores corresponding to the ARD gaps between the nearest neighbors. One or more employees are identified that represent an internal threat to an organization based on the scores corresponding to the ARD gaps.

Abstract: Systems, methods, and software products, determine permission profiles for computer executable functions (functions). The systems, methods and software products, utilize both static analysis and dynamic analysis, in order to determine the minimal set of permissions based on the inter-relations between these two analysis methods, i.e., static analysis, and dynamic analysis, to determine the permission profiles for computer executable functions (functions).

Abstract: A cluster visualization apparatus is disclosed. A cluster visualization apparatus according to the present disclosure includes a state detector configured to obtain state information of a cluster configured with a plurality of boxes, a display, and a controller configured to display a three-dimensional model image configured with a plurality of layers corresponding to a plurality of network layers and to display an image corresponding to each of the plurality of boxes over at least one layer of the plurality of layers, based on the state information.

Abstract: An attack/abnormality detection device includes: a command extraction unit configured to extract elements having the same command destination as a command destination of an additionally received actual manufacturing command from among each of a set of normal manufacturing commands and a set of actual manufacturing commands, which contain information on a command destination and an arrival order, and are stored in a command storage region; and a detection unit configured to detect an attack or an abnormality by comparing details of the commands with each other for each arrival order of both extracted elements.

Abstract: Embodiments of the present disclosure may provide a data clean room allowing secure data analysis across multiple accounts and across different regions and cloud providers. The data clean room may also restrict which data may be used in the analysis and may restrict the output. The overlap data may be anonymized to prevent sensitive information from being revealed. A version of a provider account can be created that is similar to a client account, such as in the same cloud type or the same region as the client database account. The client account can share data that is replicated to the provider account to complete client requests using an anonymized data and the cross reference table.

Abstract: An industrial control system (ICS) communicates via ICS protocols. A model is deployed in an information technology (IT) and operation technology (OT) network. Security policies are dynamically updated as the particular IT and OT network are used, patched, and modified. A deep packet inspection is used to enforce ICS constraints and ICS behaviors defined by the initial model. A state of the deep packet inspection is reported for situational awareness and debugging purposes. An alert is transmitted when anomalies are detected when ICS protocol traffic traverses ICS firewall network paths that execute ICS policies.

Abstract: An information processing device according to the present invention includes: a memory; and at least one processor coupled to the memory. The processor performs operations. The operations includes: extracting, based on a first data extraction policy being a policy for extracting first processing data to be used for counting a first frequency related to a transmission source from communication data, the first processing data from the communication data; counting, based on a first counting policy being a policy for counting the first frequency relating to the transmission source in the first processing data, the first frequency related to the transmission source in the first processing data; and extracting, based on a first transmission-source extraction policy being a policy for extracting the transmission source and the first frequency, the transmission source.

Abstract: Generator of physically unclonable cryptographic keys (PUF) has two adjustable speed ring oscillators (GPRS, GPRS?), which outputs (o-GPRS, o-GPRS?) are connected to inputs (i1-DF, i2-DF) of a phase detector (DF), which output (o-DF) is connected to control inputs of the adjustable speed ring oscillators (s-GPRS, s-GPRS?) through a control system (US) and is also connected to a output (o-PUF) of the generator of physically unclonable cryptographic keys (PUF) through a sample and compare circuit (URP). Generator has a initializing input (i-UCH) connected to both initializing inputs of the adjustable speed ring oscillators (i-GPRS, GPRS?) and to the first input of the sample and compare circuit (i-URP), which second input (z-URP) is connected to the output (o-GPRS?) of one of adjustable speed ring oscillators (GPRS?).

Abstract: A device comprising a cluster engine implemented by a processor. The cluster engine is configured to obtain a reference correlithm object and compute a set of Anti-Hamming distances between the reference correlithm object and the set of correlithm objects. The cluster engine is further configured to identify a subset of correlithm objects from the set of correlithm objects that are associated with an Anti-Hamming distance that is greater than a first bit threshold value. The cluster engine is further configured to compute a set of Hamming distances between the reference correlithm object and the subset of correlithm objects and to identify correlithm objects associated with a Hamming distance that exceeds a second bit threshold value. The cluster engine is further configured to remove the identified correlithm objects that are associated with a Hamming distance that exceeds the second bit threshold value and generate the cluster.

Abstract: In a system for determining vulnerabilities associated with a web property, requests are communicated to network accessible servers associated with a set of one or more domains. Software components indicated in responses from the network accessible servers are identified. Vulnerability information is obtained for the software components. An aggregate vulnerability is determined for each network accessible server based on at least one of a ratio of software components of the network accessible server indicated as vulnerable by the vulnerability information to total software components used by the network accessible server and a frequency of use of those of the plurality of software components of the network accessible server indicated as vulnerable by the vulnerability information. Vulnerability of the network accessible servers is indicated based on the aggregate vulnerabilities.

Abstract: An adversarial reinforcement learning system is used to simulate a security checkpoint. The system includes a simulation engine configured to simulate a security checkpoint and various threat objects and threat-mitigation objects therein. The system further includes an attack model configured to control threat objects in the simulation and a defense model configured to control threat-mitigation objects in the simulation. A first portion of the simulation is executed by the simulation engine in order to generate an outcome of the first portion of the simulation. The defense model then generates a threat-mitigation input to control threat-mitigation objects in a subsequent portion of the simulation, and the attack model then generates a threat input to control threat objects in the subsequent portion of the simulation, wherein the inputs are based in part on the outcome of the first portion of the simulation.

Abstract: Technologies for trusted I/O include a computing device having a hardware cryptographic agent, a cryptographic engine, and an I/O controller. The hardware cryptographic agent intercepts a message from the I/O controller and identifies boundaries of the message. The message may include multiple DMA transactions, and the start of message is the start of the first DMA transaction. The cryptographic engine encrypts the message and stores the encrypted data in a memory buffer. The cryptographic engine may skip and not encrypt header data starting at the start of message or may read a value from the header to determine the skip length. In some embodiments, the cryptographic agent and the cryptographic engine may be an inline cryptographic engine. In some embodiments, the cryptographic agent may be a channel identifier filter, and the cryptographic engine may be processor-based. Other embodiments are described and claimed.