Abstract: In one example embodiment, an electronic device is provided and configured to: acquire authentication data for an authorized user; store the authentication data in an enclave; acquire identification data for a potential user, and compare, in the enclave, the identification data to the authentication data for recognizing if the potential user is the authorized user. In another embodiment, a server is provided and includes at least one processor; at least one memory; at least one driver, where the server is configured to: receive assertion data from an electronic device, where the assertion includes an authentication signing key and results from a comparison of acquired data and reference data; and determine it the assertion data is valid by: comparing the results to a threshold; and comparing the authentication signing key to an authentication signing key assigned to the electronic device.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to detect deepfake content. An example apparatus to determine whether input media is authentic includes a classifier to generate a first probability based on a first output of a local binary model manager, a second probability based on a second output of a filter model manager, and a third probability based on a third output of an image quality assessor, a score analyzer to obtain the first, second, and third probabilities from the classifier, and in response to obtaining a first result and a second result, generate a score indicative of whether the input media is authentic based on the first result, the second result, the first probability, the second probability, and the third probability.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to detect deepfake content. An example apparatus to determine whether input media is authentic includes a classifier to generate a first probability based on a first output of a local binary model manager, a second probability based on a second output of a filter model manager, and a third probability based on a third output of an image quality assessor, a score analyzer to obtain the first, second, and third probabilities from the classifier, and in response to obtaining a first result and a second result, generate a score indicative of whether the input media is authentic based on the first result, the second result, the first probability, the second probability, and the third probability.

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed to classify a sample as clean or malicious. An example apparatus includes instruction identifies circuitry to convert a sample into a sequence of instructions, abstract language circuitry to transform the sequence of instructions into an abstract language representation, transition matrix circuitry to create a Markov transition matrix, the Markov transition matrix to represent transitions within the abstract language representation, and classifier circuitry to classify an unknown sample as clean or malicious, the classification in response to whether the Markov transition matrix is closer to a clean group of Markov transition matrices or a malicious group of Markov transition matrices.

Abstract: There is disclosed in one example a computing apparatus, including: a processor; and logic encoded into one or more computer-readable mediums, the logic to instruct the processor to: capture first data from an intermediate data source across a first temporal interval; perform partial signal processing on the first data to classify the first temporal interval as either suspicious or not suspicious, wherein the first temporal interval is classified as suspicious if it is determined to potentially represent at least a portion of a cryptomining operation; classify second through N temporal intervals as either suspicious or not suspicious; based on the first through N temporal intervals, classify the apparatus as either operating a cryptomining function or not; and upon classifying the apparatus as operating a cryptomining function and determining that the cryptomining function is not authorized, take remedial action on the apparatus.

Abstract: A collection of techniques is disclosed to allow for the detection of malware that leverages pattern recognition and machine learning to effectively provide “content-less” malware detection, i.e., detecting a process as being an ‘anomaly’ not based on its particular content, but instead based on comparisons of its behavior to known (and characterized) ‘trusted’ application behaviors, i.e., the trusted applications' “phenotypes” and/or the phenotypes of known malware applications. By analyzing the patterns of normal behavior performed by trusted applications as well as malware applications, one can build a set of sophisticated, content-agnostic behavioral models (i.e.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to detect deepfake content. An example apparatus to determine whether input media is authentic includes a classifier to generate a first probability based on a first output of a local binary model manager, a second probability based on a second output of a filter model manager, and a third probability based on a third output of an image quality assessor, a score analyzer to obtain the first, second, and third probabilities from the classifier, and in response to obtaining a first result and a second result, generate a score indicative of whether the input media is authentic based on the first result, the second result, the first probability, the second probability, and the third probability.

Abstract: In one example embodiment, an electronic device is provided and configured to: acquire authentication data for an authorized user; store the authentication data in an enclave; acquire identification data for a potential user, and compare, in the enclave, the identification data to the authentication data for recognizing if the potential user is the authorized user. In another embodiment, a server is provided and includes at least one processor; at least one memory; at least one driver, where the server is configured to: receive assertion data from an electronic device, where the assertion includes an authentication signing key and results from a comparison of acquired data and reference data; and determine it the assertion data is valid by: comparing the results to a threshold; and comparing the authentication signing key to an authentication signing key assigned to the electronic device.

Abstract: Methods, apparatus, systems and articles of manufacture to detect steganographically hidden content in a media file are disclosed. An example system includes a media classifier to determine type of a media file, and a detector to apply a detection technique to the media file. The detector selects the detection technique from a plurality of steganographically-based detection techniques based on the media file type. The system also includes a remediator to apply a remediation technique to the media file based on whether the detector detects steganographically hidden content in the media file.

Abstract: In one example embodiment, an electronic device is provided and configured to: acquire authentication data for an authorized user; store the authentication data in an enclave; acquire identification data for a potential user; and compare, in the enclave, the identification data to the authentication data for recognizing if the potential user is the authorized user. In another embodiment, a server is provided and includes at least one processor; at least one memory; at least one driver, where the server is configured to: receive assertion data from an electronic device, where the assertion includes an authentication signing key and results from a comparison of acquired data and reference data; and determine if the assertion data is valid by: comparing the results to a threshold; and comparing the authentication signing key to an authentication signing key assigned to the electronic device.

Abstract: A collection of techniques is disclosed to allow for the detection of malware that leverages pattern recognition and machine learning to effectively provide “content-less” malware detection, i.e., detecting a process as being an ‘anomaly’ not based on its particular content, but instead based on comparisons of its behavior to known (and characterized) ‘trusted’ application behaviors, i.e., the trusted applications' “phenotypes” and/or the phenotypes of known malware applications. By analyzing the patterns of normal behavior performed by trusted applications as well as malware applications, one can build a set of sophisticated, content-agnostic behavioral models (i.e.

Abstract: There is disclosed in one example a computing apparatus, including: a processor; and logic encoded into one or more computer-readable mediums, the logic to instruct the processor to: capture first data from an intermediate data source across a first temporal interval; perform partial signal processing on the first data to classify the first temporal interval as either suspicious or not suspicious, wherein the first temporal interval is classified as suspicious if it is determined to potentially represent at least a portion of a cryptomining operation; classify second through N temporal intervals as either suspicious or not suspicious; based on the first through N temporal intervals, classify the apparatus as either operating a cryptomining function or not; and upon classifying the apparatus as operating a cryptomining function and determining that the cryptomining function is not authorized, take remedial action on the apparatus.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a performance monitoring unit (PMU); and one or more tangible, non-transitory computer-readable mediums having stored thereon executable instructions to provide a kernel space threat detection engine to: receive a PMU event; correlate the PMU event to a computer security threat including extracting artifacts from the PMU event, and correlating the artifacts to an artifact profile for a known attack; and identify a process associated with the PMU event as a potential attack.

Abstract: A collection of techniques is disclosed to allow for the detection of malware that leverages pattern recognition and machine learning to effectively provide “content-less” malware detection, i.e., detecting a process as being an ‘anomaly’ not based on its particular content, but instead based on comparisons of its behavior to known (and characterized) ‘trusted’ application behaviors, i.e., the trusted applications' “phenotypes” and/or the phenotypes of known malware applications. By analyzing the patterns of normal behavior performed by trusted applications as well as malware applications, one can build a set of sophisticated, content-agnostic behavioral models (i.e.

Abstract: Methods, apparatus, systems and articles of manufacture to detect steganographically hidden content in a media file are disclosed. An example system includes a media classifier to determine type of a media file, and a detector to apply a detection technique to the media file. The detector selects the detection technique from a plurality of steganographically-based detection techniques based on the media file type. The system also includes a remediator to apply a remediation technique to the media file based on whether the detector detects steganographically hidden content in the media file.

Abstract: A system and method of securing data displayed to two or more individuals on two or more displays, wherein the two or more displays include a first display and a second display. One or more fixations of a first individual on the first display are determined. One or more fixations of a second individual on the second display are determined. A first frame buffer is associated with the first display. A second frame buffer is associated with the second display. Segments of the content in the first and second frame buffers are displayed while other segments are obfuscated.

Abstract: A system and method of securing data displayed to two or more individuals on two or more displays, wherein the two or more displays include a first display and a second display. One or more fixations of a first individual on the first display are determined. One or more fixations of a second individual on the second display are determined. A first frame buffer is associated with the first display. A second frame buffer is associated with the second display. Segments of the content in the first and second frame buffers are displayed while other segments are obfuscated.

Abstract: A collection of techniques is disclosed to allow for the detection of malware that leverages pattern recognition and machine learning to effectively provide “content-less” malware detection, i.e., detecting a process as being an ‘anomaly’ not based on its particular content, but instead based on comparisons of its behavior to known (and characterized) ‘trusted’ application behaviors, i.e., the trusted applications' “phenotypes” and/or the phenotypes of known malware applications. By analyzing the patterns of normal behavior performed by trusted applications as well as malware applications, one can build a set of sophisticated, content-agnostic behavioral models (i.e.

Abstract: In one example embodiment, an electronic device is provided and configured to: acquire authentication data for an authorized user; store the authentication data in an enclave; acquire identification data for a potential user; and compare, in the enclave, the identification data to the authentication data for recognizing if the potential user is the authorized user. In another embodiment, a server is provided and includes at least one processor; at least one memory; at least one driver, where the server is configured to: receive assertion data from an electronic device, where the assertion includes an authentication signing key and results from a comparison of acquired data and reference data; and determine if the assertion data is valid by: comparing the results to a threshold; and comparing the authentication signing key to an authentication signing key assigned to the electronic device.

Abstract: A system and method of securing data displayed to two or more individuals on two or more displays, wherein the two or more displays include a first display and a second display. One or more fixations of a first individual on the first display are determined. One or more fixations of a second individual on the second display are determined. A first frame buffer is associated with the first display. A second frame buffer is associated with the second display. Segments of the content in the first and second frame buffers are displayed while other segments are obfuscated.