Abstract: Systems and methods of electronic altered document detection. The system may conduct operations of a method to: retrieve image data representing an alterable document and determine a target region of interest representing a boundary of an alterable parameter associated with the alterable document. The system may conduct operations to generate a tuned region of interest by calibrating the target region of interest based on an object detection model. The tuned region of interest may include a re-dimensioned boundary of the alterable parameter of interest. The object detection model may be prior-trained based on non-standardized alterable documents. The system may conduct operations to generate, based on the tuned region of interest, a prediction value representing whether the alterable document was subject to unauthorized alteration and transmit a signal representing the prediction value for identifying alterable documents for downstream document deconstruction operations.

Abstract: Systems and methods for generating access entitlements to networked computing resources. Systems may be configured to: receive an input data set representing an entitlement request associated with a user identifier; generate an entitlement prediction associated with the user identifier based on an entitlement model and at least one hierarchical level, the entitlement model defining a cluster representation of entitlement similarity, and wherein the entitlement prediction is based on one or more similarity relationships corresponding to the at least one hierarchical level; and transmit a signal representing the entitlement prediction for granting downstream access to a networked computing resource.

Abstract: Methods, systems, and techniques for facilitating identification of electronic data exfiltration. A message transmission log and screenshot metadata are obtained. A screenshot corresponding to the screenshot metadata is matched to a sent electronic message, such as an email, having a file attachment represented in the message transmission log to generate an event. The screenshot metadata indicates that the screenshot was captured prior to when the message transmission log indicates the electronic message was sent. An anomaly score is determined for the sent electronic message is determined by applying unsupervised machine learning, such as by applying an isolation forest, to score the sent electronic message relative to a baseline. The anomaly score meeting or exceeding an anomaly threshold is treated as potentially being indicative of electronic data exfiltration.

Abstract: Methods, systems, and techniques for detecting a cybersecurity breach. The cybersecurity breach may be a synthetic account or an account having been subjected to an account takeover. Electronic account data representative of accounts is obtained in which a first group of the accounts includes accounts flagged as being associated with the breach, and a second group of the accounts includes a remainder of the accounts. The computer system generates from the account data nodes representing the accounts and edges based on account metadata that connect the nodes. The computer system determines, such as by applying a link analysis method to the nodes and edges, a ranking of the accounts of at least part of the second group indicative of a likelihood that those accounts are also associated with the cybersecurity breach. That ranking may be used to identify which of those accounts is also identified with the cybersecurity breach.

Abstract: Salient features are extracted from a training data set. The training data set includes, for each of a subset of known legitimate websites and a subset of known phishing websites, Uniform Resource Locators (URLs) and Hypertext Markup Language (HTML) information. The salient features are fed to a machine learning engine, a classifier engine to identify potential phishing websites is generated by applying the machine learning engine to the salient features, and parameters of the classifier engine are tuned. This enables identification of potential phishing websites by parsing a target website into URL information and HTML information, and identifying predetermined URL features and predetermined HTML features. A prediction as to whether the target website is a phishing website or a legitimate website, based on the predetermined URL features and the predetermined HTML features, is received from the classifier engine.

Abstract: There is provided a neural network system for detection of domain generation algorithm generated domain names, the neural network system comprising: an input receiver configured for receiving domain names from one or more input sources; a convolutional neural network unit including one or more convolutional layers, the convolutional unit configured for receiving the input text and processing the input text through the one or more convolutional layers; a recurrent neural network unit including one or more long short term memory layers, the recurrent neural network unit configured to process the output from the convolutional neural network unit to perform pattern recognition; and a classification unit including one or more classification layers, the classification unit configured to receive output data from the recurrent neural network unit to perform a determination of whether the input text or portions of the input text are DGA-generated or benign domain names.

Abstract: There is provided a neural network system for detection of malicious code, the neural network system comprising: an input receiver configured for receiving input text from one or more code input sources; a convolutional neural network unit including one or more convolutional layers, the convolutional unit configured for receiving the input text and processing the input text through the one or more convolutional layers; a recurrent neural network unit including one or more long short term memory layers, the recurrent neural network unit configured to process the output from the convolutional neural network unit to perform pattern recognition; and a classification unit including one or more classification layers, the classification unit configured to receive output data from the recurrent neural network unit to perform a determination of whether the input text or portions of the input text are malicious code or benign code.

Abstract: A system receives transaction data over time, and creates structured data based on the received transaction data. Purchase transactions that are associated with a purchase category are identified in the structured data and labeled. A recurrent neural network such as a long short-term memory (LSTM) network, in particular, a k-LSTM architecture using weighted averages to update hidden states and cell states, is trained to build a model. The model is used to predict the likelihood of a purchase transaction.

Abstract: There is provided a neural network system for detection of domain generation algorithm generated domain names, the neural network system comprising: an input receiver configured for receiving domain names from one or more input sources; a convolutional neural network unit including one or more convolutional layers, the convolutional unit configured for receiving the input text and processing the input text through the one or more convolutional layers; a recurrent neural network unit including one or more long short term memory layers, the recurrent neural network unit configured to process the output from the convolutional neural network unit to perform pattern recognition; and a classification unit including one or more classification layers, the classification unit configured to receive output data from the recurrent neural network unit to perform a determination of whether the input text or portions of the input text are DGA-generated or benign domain names.

Abstract: There is provided a neural network system for detection of malicious code, the neural network system comprising: an input receiver configured for receiving input text from one or more code input sources; a convolutional neural network unit including one or more convolutional layers, the convolutional unit configured for receiving the input text and processing the input text through the one or more convolutional layers; a recurrent neural network unit including one or more long short term memory layers, the recurrent neural network unit configured to process the output from the convolutional neural network unit to perform pattern recognition; and a classification unit including one or more classification layers, the classification unit configured to receive output data from the recurrent neural network unit to perform a determination of whether the input text or portions of the input text are malicious code or benign code.