Abstract: Anti-impersonation techniques using device-context information and user behavior information from a session. The session can include a time period where a user of the client computer is performing an activity on the client computer (e.g., the session includes the user logging into an account online). The behavior information can include information on ways the user uses user input devices during the session. The device-context information can include HTTP session information. The techniques can include generating feature vector(s) for the received information, and comparing the feature vector(s) against model(s) of related historical information. The comparisons can provide level(s) of deviation of the feature vector(s) from the model(s). Also, the techniques can include determining whether the session is anomalous or normal according to the level(s) of deviation, and performing a security action in response to determining the session is anomalous.

Abstract: The disclosed techniques utilize round-trip times (RTTs) from back-and-forth communications with distant servers to detect impersonations in a computer network, such as impersonations using IP spoofing. Also, the techniques can use machine learning to enhance analysis in spoofing detection. The techniques can include sending a computer program to a client device. The client device can have an IP address, and the computer program can be executed by the client device after it is received by the client device. The computer program can measure RTTs for messages the computer program sends to multiple pre-selected location servers at different remote or distant locations and for corresponding reply messages that are returned to the computer program. The IP address of the client device and the measured RTTs can then be received and used to determine whether the measured RTTs are anomalous or not; and thus, determine a possible impersonator or a legitimate user.

Abstract: The disclosed techniques include systems and methods for implementing liveliness detection in an authentication process using pupil or iris tracking. The disclosed techniques can utilize a combination of facial recognition and pupil or iris tracking for liveliness detection in an authentication process to provide an extra layer of security against impersonation attacks.

Abstract: Methods and systems to compute credit worthiness of an online merchant from results of keyword searches for items of the merchant in an online marketplace. Measures of performance (e.g., popularity/consumer feedback) of the items are determined from the search results, and the credit worthiness is computed from the measures of performance. The credit worthiness may be computed from an average star rating of the items, a percentage of the items that are identified as best-selling items, total a number of items that appear in the search results, a number of reviews associated with items in a predetermined number of pages of the search results, and/or rankings of the merchant items based on relative positions of the items within the search results. A word score may be computed from a subset of the measures of performance, and the credit worthiness may be computed from the word score.

Abstract: Technologies for classification of web security certificates using artificial neural networks. Some of the example technologies disclosed herein are directed specifically at classification of TLS certificates using artificial neural networks. The technologies include methods for identifying malicious use and generation of web security certificates, by using deep neural networks. In one example embodiment, content of TLS certificates can be used as input for deep neural networks to successfully identify certificates of malicious actors as well as malicious patterns used by attackers.

Abstract: Phishing enhancement and phishing detection enhancement technologies. The technologies can include determinations of an effectiveness rate of one or more phishing threat actors. The technologies can also include selection of effective URLs from at least one effective phishing threat actor. The technologies can also include generation or adjustment of a phishing system using a machine learning process to identify patterns in the selected effective URLs that enable the selected effective URLs to avoid detection by the phishing detection system. The technologies can also include generation of synthetic phishing URLs using the phishing system and the identified patterns. The technologies can also include adjustments or training of the phishing system or the phishing detection system according to the synthetic phishing URLs to enhance the systems.

Abstract: The disclosed techniques utilize round-trip times (RTTs) from back-and-forth communications with distant servers to detect impersonations in a computer network, such as impersonations using IP spoofing. Also, the techniques can use machine learning to enhance analysis in spoofing detection. The techniques can include sending a computer program to a client device. The client device can have an IP address, and the computer program can be executed by the client device after it is received by the client device. The computer program can measure RTTs for messages the computer program sends to multiple pre-selected location servers at different remote or distant locations and for corresponding reply messages that are returned to the computer program. The IP address of the client device and the measured RTTs can then be received and used to determine whether the measured RTTs are anomalous or not; and thus, determine a possible impersonator or a legitimate user.

Abstract: The disclosed techniques include systems and methods for implementing liveliness detection in an authentication process using pupil or iris tracking. The disclosed techniques can utilize a combination of facial recognition and pupil or iris tracking for liveliness detection in an authentication process to provide an extra layer of security against impersonation attacks.

Abstract: Anti-impersonation techniques using device-context information and user behavior information from a session. The session can include a time period where a user of the client computer is performing an activity on the client computer (e.g., the session includes the user logging into an account online). The behavior information can include information on ways the user uses user input devices during the session. The device-context information can include HTTP session information. The techniques can include generating feature vector(s) for the received information, and comparing the feature vector(s) against model(s) of related historical information. The comparisons can provide level(s) of deviation of the feature vector(s) from the model(s). Also, the techniques can include determining whether the session is anomalous or normal according to the level(s) of deviation, and performing a security action in response to determining the session is anomalous.

Abstract: Technologies for classification of web security certificates using artificial neural networks. Some of the example technologies disclosed herein are directed specifically at classification of TLS certificates using artificial neural networks. The technologies include methods for identifying malicious use and generation of web security certificates, by using deep neural networks. In one example embodiment, content of TLS certificates can be used as input for deep neural networks to successfully identify certificates of malicious actors as well as malicious patterns used by attackers.