Abstract: Techniques are provided for generating security response recommendations. In one embodiment, the techniques involve receiving scoring functions, a logical operator selection, a security graph, and external threat intelligence, generating a search pattern based on the scoring functions and the logical operator selection, evaluating the search pattern against a selected node of the security graph to identify a potential security threat represented by the security graph at the selected node, and generating a recommendation based on the evaluation and the external threat intelligence.

Abstract: Techniques are provided for generating security response recommendations. In one embodiment, the techniques involve receiving scoring functions, a logical operator selection, a security graph, and external threat intelligence, generating a search pattern based on the scoring functions and the logical operator selection, evaluating the search pattern against a selected node of the security graph to identify a potential security threat represented by the security graph at the selected node, and generating a recommendation based on the evaluation and the external threat intelligence.

Abstract: Described are techniques for automated labeling of cybersecurity incidents. The techniques include generating a set of labels for a received cybersecurity incident based on features of the received cybersecurity incident. The techniques further include prioritizing the set of labels to generate a subset of labels, and associating the subset of labels to the received cybersecurity incident.

Abstract: A method for classifying domains to malware families includes identifying a corpus of malicious domains, identifying one or more suspicious domains, extracting a timeframe corresponding to the one or more suspicious domains, calculating a rank coefficient between the one or more suspicious domains and a current seed domain of the corpus of malicious domains, determining whether the rank correlation coefficient exceeds a rank threshold for the one or more suspicious domains, comparing a number of suspicious domains whose correlation coefficients exceed the rank threshold to a relation threshold, and responsive to determining the number of suspicious domains whose correlation coefficients exceed the rank threshold exceeds the relation threshold, applying a tag to the suspicious domains indicating that the one or more suspicious domains correspond to a same malware family as the current seed domain.

Abstract: Apparatus, systems, and/or methods may involve reporting a road hazard. Road hazard data may be collected for an object on a road, which may include automatically generated data from a device associated with the object causing a hazard. The road hazard data may be provided to a service, an application, a device, a client, and so on. For example, the road hazard data may be merged with a map and provided to a map services client, a navigation client, and so on. An alert may be generated based on the road hazard data to warn of the hazard caused by the object. The alert may include a visual and/or audio representation of the hazard data. The alert may be used to automatically and/or manually avoid the hazard.

Abstract: Apparatus, systems, and/or methods may involve reporting a road hazard. Road hazard data may be collected for an object on a road, which may include automatically generated data from a device associated with the object causing a hazard. The road hazard data may be provided to a service, an application, a device, a client, and so on. For example, the road hazard data may be merged with a map and provided to a map services client, a navigation client, and so on. An alert may be generated based on the road hazard data to warn of the hazard caused by the object. The alert may include a visual and/or audio representation of the hazard data. The alert may be used to automatically and/or manually avoid the hazard.

Abstract: A method for classifying domains to malware families includes identifying a corpus of malicious domains, identifying one or more suspicious domains, extracting a timeframe corresponding to the one or more suspicious domains, calculating a rank coefficient between the one or more suspicious domains and a current seed domain of the corpus of malicious domains, determining whether the rank correlation coefficient exceeds a rank threshold for the one or more suspicious domains, comparing a number of suspicious domains whose correlation coefficients exceed the rank threshold to a relation threshold, and responsive to determining the number of suspicious domains whose correlation coefficients exceed the rank threshold exceeds the relation threshold, applying a tag to the suspicious domains indicating that the one or more suspicious domains correspond to a same malware family as the current seed domain.

Abstract: Apparatus, systems, and/or methods may involve reporting a road hazard. Road hazard data may be collected for an object on a road, which may include automatically generated data from a device associated with the object causing a hazard. The road hazard data may be provided to a service, an application, a device, a client, and so on. For example, the road hazard data may be merged with a map and provided to a map services client, a navigation client, and so on. An alert may be generated based on the road hazard data to warn of the hazard caused by the object. The alert may include a visual and/or audio representation of the hazard data. The alert may be used to automatically and/or manually avoid the hazard.

Abstract: Apparatus, systems, and/or methods may involve reporting a road hazard. Road hazard data may be collected for an object on a road, which may include automatically generated data from a device associated with the object causing a hazard. The road hazard data may be provided to a service, an application, a device, a client, and so on. For example, the road hazard data may be merged with a map and provided to a map services client, a navigation client, and so on. An alert may be generated based on the road hazard data to warn of the hazard caused by the object. The alert may include a visual and/or audio representation of the hazard data. The alert may be used to automatically and/or manually avoid the hazard.

Abstract: An example operation may include one or more of identifying a page of a website for phishing testing, attempting each of a Hypertext Transfer Protocol (HTTP) GET request and a HTTP Secure (HTTPS) GET request via the identified page of the website, attempting each of a HTTP POST request and a HTTPS POST request via the identified page of the website, determining if the website is a phishing website based on server responses to the attempted HTTP and HTTPS GET requests and the attempted HTTP and HTTPS POST requests received from the website, and in response to determining the website is a phishing website, outputting an indication of the determination for display on a display device.

Abstract: A method for producing a list of network domains comprising: producing a graph comprising a plurality of nodes, each associated with one of a plurality of domain names extracted from data captured from a digital communication network, and a plurality of edges, each associated with one or more syntactic correlations, identified in the data, between two of the plurality of domain names, where the one or more syntactic correlations indicate a possible network structure relationship between the two of the plurality of domain names; producing a list of associated domain names according to a plurality of statistical values each assigned to one of the plurality of edges or one of the plurality of nodes according to an amount of respective one or more syntactic correlations; and providing the list of associated domain names to at least one software object to perform a domain-oriented task.

Abstract: A method for producing a list of network domains comprising: producing a graph comprising a plurality of nodes, each associated with one of a plurality of domain names extracted from data captured from a digital communication network, and a plurality of edges, each associated with one or more syntactic correlations, identified in the data, between two of the plurality of domain names, where the one or more syntactic correlations indicate a possible network structure relationship between the two of the plurality of domain names; producing a list of associated domain names according to a plurality of statistical values each assigned to one of the plurality of edges or one of the plurality of nodes according to an amount of respective one or more syntactic correlations; and providing the list of associated domain names to at least one software object to perform a domain-oriented task.

Abstract: Aspects of the present invention disclose a method, computer program product, and system for updating a whitelist. The method includes one or more processors identifying candidates for a whitelist based on correlations between candidates and web domains in the whitelist. The method further includes one or more processors extracting textual information and image information from the whitelist candidates. The method further includes one or more processors classifying the candidates for the whitelist into groups of candidates based on a comparison of the extracted information from the whitelist candidates and information associated with the web domains existing in the whitelist. The method further includes one or more processors determining candidates to add to the whitelist based upon a similarity measure ranking between the web domains existing in the whitelist and the candidates for a whitelist. The method further includes one or more processors updating the whitelist to include the determined candidates.

Abstract: A method, computer system, and a computer program product for identifying a phishing attack is provided. The present invention may include receiving an alert of a suspicious URL. The present invention may include making an HTTP request to the suspicious URL. The present invention may include downloading and rendering the suspicious URL content. The present invention may include producing a screenshot of the rendered suspicious URL content. The present invention may include making an HTTP request to a domain landing page. The present invention may include downloading and rendering the domain landing page URL content. The present invention may include producing a screenshot of the rendered domain landing page URL content. The present invention may include generating a score based on comparing the produced first screenshot and the produced second screenshot.

Abstract: An example operation may include one or more of identifying a page of a website for phishing testing, attempting each of a Hypertext Transfer Protocol (HTTP) GET request and a HTTP Secure (HTTPS) GET request via the identified page of the website, attempting each of a HTTP POST request and a HTTPS POST request via the identified page of the website, determining if the website is a phishing website based on server responses to the attempted HTTP and HTTPS GET requests and the attempted HTTP and HTTPS POST requests received from the website, and in response to determining the website is a phishing website, outputting an indication of the determination for display on a display device.

Abstract: Technologies for sensor action verification include a local computing device to receive a request for the local computing device to perform a sensor action from a remote computing device. The local computing device verifies the received request to confirm that the remote computing device is authorized to request the local computing device to perform the sensor action and performs, by a sensor controller of the local computing device, the requested sensor action in response to verification of the received request. The sensor controller manages operation of one or more sensors of the local computing device. The local computing device transmits a response message to the remote computing device indicating whether the requested sensor action has been performed by the sensor controller of the local computing device.

Abstract: A head mounted display for displaying computer-generated information in conjunction with a physical display of a computer system is provided. The head mounted display includes a generation logic, a see through display, and a presentation unit. The generation logic is used to generate at least one virtual display. The presentation unit is used to present the at least one virtual display on the see-through display. The see-through display is configured to enable a user of the head mounted display to view the at least one virtual display and the physical display in a real-world scene. The at least one virtual display is presented on the see-through display as an additional object in the real-world scene, and the at least one virtual display is used in conjunction with the physical display to present the computer-generated information in an extended desktop from a visual perspective of the user.

Abstract: A method, computer system, and a computer program product for identifying a phishing attack is provided. The present invention may include receiving an alert of a suspicious URL. The present invention may include making an HTTP request to the suspicious URL. The present invention may include downloading and rendering the suspicious URL content. The present invention may include producing a screenshot of the rendered suspicious URL content. The present invention may include making an HTTP request to a domain landing page. The present invention may include downloading and rendering the domain landing page URL content. The present invention may include producing a screenshot of the rendered domain landing page URL content. The present invention may include generating a score based on comparing the produced first screenshot and the produced second screenshot.

Abstract: Aspects of the present invention disclose a method, computer program product, and system for updating a whitelist. The method includes one or more processors identifying candidates for a whitelist based on correlations between candidates and web domains in the whitelist. The method further includes one or more processors extracting textual information and image information from the whitelist candidates. The method further includes one or more processors classifying the candidates for the whitelist into groups of candidates based on a comparison of the extracted information from the whitelist candidates and information associated with the web domains existing in the whitelist. The method further includes one or more processors determining candidates to add to the whitelist based upon a similarity measure ranking between the web domains existing in the whitelist and the candidates for a whitelist. The method further includes one or more processors updating the whitelist to include the determined candidates.

Abstract: Apparatus, systems, and/or methods may involve reporting a road hazard. Road hazard data may be collected for an object on a road, which may include automatically generated data from a device associated with the object causing a hazard. The road hazard data may be provided to a service, an application, a device, a client, and so on. For example, the road hazard data may be merged with a map and provided to a map services client, a navigation client, and so on. An alert may be generated based on the road hazard data to warn of the hazard caused by the object. The alert may include a visual and/or audio representation of the hazard data. The alert may be used to automatically and/or manually avoid the hazard.