Abstract: A computer system comprises a plurality of endpoints at which security agents generate security alerts and a machine-learning (ML) system that receives the security alerts from the endpoints and that separates the security alerts into a plurality of clusters, wherein the ML system is configured to execute on a processor of a hardware platform to: determine that a group of first alerts of the security alerts belongs to a first cluster of the clusters; create a first representative alert from metadata of the first alerts belonging to the first cluster; and in response to a security analytics platform evaluating the first representative alert as being harmless to the computer system, store information indicating that all of the first alerts are harmless.

Abstract: This disclosure relates to system and method to reconstruct human motion for mobile robot teleoperation using shared control. The method of the present disclosure acquire an input feed of a human operator to perform a task with assistance in a remote environment using shared control. The mobile robot reconstructs to follow a trajectory of the human operator towards the intended goal in the remote environment. The mobile robot determines at least one goal intended by the human operator based on a previously occurred state, a current kinematic state and a future trajectory of the human operator and a known position of the plurality of goals. The model predictive control generates at least one instruction to control the movement of the mobile robot to perform at least one of following the trajectory of the human operator and reaching the operator intended goal based on a joint angle position and a velocity.

Abstract: A method of filtering out new alerts generated by a security agent installed in an endpoint is based on cluster profile data of clusters that were generated by applying a clustering algorithm to locality-sensitive hash (LSH) values of prior alerts. The method includes the steps of: storing cluster profile data of each cluster that is part of a subset of the clusters; generating an LSH value of a new alert generated by the security agent; and determining that the new alert belongs to one of the clusters in the subset based on the LSH value of the new alert and, in response to said determining, filtering out the new alert from a group of alerts that require further investigation.

Abstract: A method of evaluating alerts generated by security agents installed in endpoints includes: receiving a locality-sensitive hash (LSH) value associated with an alert generated by a security agent installed in one of the endpoints; performing a search for centroids that are within a threshold distance from the received LSH value, wherein the centroids are each an LSH value that is representative of one of a plurality of groups of alerts; and assigning a security risk indicator to the alert associated with the received LSH value based on results of the search and transmitting the security risk indicator to a security analytics platform of the endpoints.

Abstract: A method of scoring alerts generated by a plurality of endpoints includes the steps of: in response to a new alert generated by a first endpoint of the plurality of endpoints, generating an anomaly score of the new alert; identifying a rule that triggered the new alert and determining a threat score associated with the rule; and generating a security risk score for the new alert based on the anomaly score and the threat score and transmitting the security risk score to a security analytics platform of the endpoints.

Abstract: Systems and methods are described for employing event context to improve threat detection. Systems and methods of embodiments of the disclosure measure both process deviation and path deviation to determine whether processes are benign or represent threats. Both a process deviation model and a path deviation model are deployed. The process deviation model determines the similarity of a process to past processes, and the path deviation model estimates whether processes have been called out of turn. In this manner, systems and methods of embodiments of the disclosure are able to detect both whether a process is in itself unusual, and whether it is called at an unusual time. This added context contributes to improved threat detection.

Abstract: Techniques for optimized performance data collection at client nodes are disclosed. In one embodiment, a client node in a client-server environment may include at least one processing resource and a computer-readable storage medium having computer-readable program code embodied therewith. The computer-readable program code being configured to obtain resource utilization data associated with a plurality of processes running on the client node, determine a list of processes having resource utilization greater than a threshold based on the resource utilization data, organize the list of processes based on predetermined criteria and the resource utilization data, generate a report including a predefined number of processes from the organized list, and transmit the report to a management node for performance monitoring.