Abstract: Processor(s) for detecting malicious software. A hardware virtual machine monitor (HVMM) operates under a host OS. Container(s) initialized with network application template(s)operate under a guest OS VM. A detection module operates under the guest OS VM includes a trigger detection module, a logging module and a container command module. The trigger detection module monitors activity on container(s) for a trigger event. The logging module writes activity report(s) in response to trigger event(s). The container command module issues command(s) in response to trigger event(s). The command(s) include a container start, stop and revert commands. A virtual machine control console operates under the host OS and starts/stops the HVMM. A container control module operates under the guest OSVM and controls container(s) in response to the command(s). The server communication module sends activity report(s) to a central collection network appliance that maintains a repository of activities for infected devices.

Abstract: An email revocation in which transmitted email can be recalled before a recipient is able to read the transmitted email is provided. An event server stores a transmitted email for a given time period or until being retrieved by a receiving email client. If the given time period expires or the email is recalled, the receiving email client is unable to retrieve the email.

Abstract: Systems and methods for computing data transmission characteristics of a network path are disclosed. In some embodiments, the network path has a sending host, at least one intermediate host, and a receiving host, and the data transmission characteristics are computed based on single-ended measurements performed at the sending host.

Abstract: Methods, systems, and media for enabling a software application to recover from a fault condition, and for protecting a software application from a fault condition, are provided. In some embodiments, methods include detecting a fault condition during execution of the software application, restoring execution of the software application to a previous point of execution, the previous point of execution occurring during execution of a first subroutine in the software application, and forcing the first subroutine to forego further execution and return to a caller of the first subroutine.

Abstract: Systems and methods for inhibiting attacks with a network are provided. In some embodiments, methods for inhibiting attacks by forwarding packets through a plurality of intermediate nodes when being transmitted from a source node to a destination node are provided, the methods comprising: receiving a packet at one of the plurality of intermediate nodes; determining at the selected intermediate node whether the packet has been sent to the correct one of the plurality of intermediate nodes based on a pseudo random function; and forwarding the packet to the destination node, based on the determining. In some embodiments an intermediate node is selected based on a pseudo random function. In some embodiments, systems and methods for establishing access to a multi-path network are provided.

Abstract: Systems, methods, and media for generating sanitized data, sanitizing anomaly detection models, and generating anomaly detection models are provided. In some embodiments, methods for generating sanitized data are provided. The methods including: dividing a first training dataset comprised of a plurality of training data items into a plurality of data subsets each including at least one training data item of the plurality of training data items of the first training dataset; based on the plurality of data subsets, generating a plurality of distinct anomaly detection micro-models; testing at least one data item of the plurality of data items of a second training dataset of training data items against each of the plurality of micro-models to produce a score for the at least one tested data item; and generating at least one output dataset based on the score for the at least one tested data item.

Abstract: Systems and methods for computing data transmission characteristics of a network path are disclosed. In some embodiments, the network path has a sending host, at least one intermediate host, and a receiving host, and the data transmission characteristics are computed based on single-ended measurements performed at the sending host.

Abstract: Methods, media and systems for responding to a Denial of Service (DoS) attack are provided. In some embodiments, a method includes detecting a DoS attack, migrating one or more processes that provide a service to an unaffected system; authenticating users that are authorized to use the service; and routing traffic generated by authenticated users to the unaffected system.