Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to detect deepfake content. An example apparatus to determine whether input media is authentic includes a classifier to generate a first probability based on a first output of a local binary model manager, a second probability based on a second output of a filter model manager, and a third probability based on a third output of an image quality assessor, a score analyzer to obtain the first, second, and third probabilities from the classifier, and in response to obtaining a first result and a second result, generate a score indicative of whether the input media is authentic based on the first result, the second result, the first probability, the second probability, and the third probability.

Abstract: Methods, apparatus, systems and articles of manufacture for producing generic Internet Protocol (IP) reputation through cross-protocol analysis are disclosed. An example apparatus includes a data collector to gather a first data set representing IP telemetry data for a first protocol, the data collector to gather a second data set representing IP telemetry data for a second protocol different from the first protocol. A label generator is to generate a training data set based on records in the first data set and the second data set having matching IP addresses, the training data set to include combined label indicating whether each of the respective matching IP addresses is malicious. A model trainer is to train a machine learning model using the training data set. A model executor is to, responsive to a request from a client device, execute the machine learning model to determine whether a requested IP address is malicious.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to detect deepfake content. An example apparatus to determine whether input media is authentic includes a classifier to generate a first probability based on a first output of a local binary model manager, a second probability based on a second output of a filter model manager, and a third probability based on a third output of an image quality assessor, a score analyzer to obtain the first, second, and third probabilities from the classifier, and in response to obtaining a first result and a second result, generate a score indicative of whether the input media is authentic based on the first result, the second result, the first probability, the second probability, and the third probability.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to analyze network traffic for malicious activity. An example apparatus includes a graph generator to, in response to obtaining one or more internet protocol addresses included within input data, generate a graph data structure based on one or more features of the one or more internet protocol addresses in the input data, a file generator to generate a first matrix using the graph data structure, the first matrix to represent nodes in the graph data structure and generate a second matrix using the graph data structure, the second matrix to represent edges in the graph data structure, and a classifier to, using the first matrix and the second matrix, classify at least one of the one or more internet protocol addresses to identify a reputation of the at least one of the one or more internet protocol addresses.

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed that improve detection of malware based on ecosystem specific data. An example apparatus includes a feedback weight controller to apply, with a machine learning model, a weight to feedback associated with a sample, the feedback obtained from at least a customer ecosystem and including endpoint feedback, human feedback, infrastructure feedback, and global feedback; and a sample conviction controller to, in response to a score based on the weighted feedback satisfying a threshold for a classification, indicate to a user, with the machine learning model, that the classification for the sample is malicious.

Abstract: Security risk evaluation across user devices is disclosed herein. An example method includes identifying a user and one or more devices associated with the user, collecting information identifying applications used by the user on the one or more devices, determining respective security sub-scores for each item of the one or more devices, computing an overall security score for the user based, at least in part, on an aggregation of the security sub-scores, and creating a user profile based on the overall security score, the user profile to enable the at least one of the one or more devices to exchange data with an external device when the overall security score meets a security score threshold, the user profile to prevent the at least one of the one or more devices from exchanging data with the external device when the overall security score does not meet the security score threshold.

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed. An example apparatus includes at least one memory, instructions; and processor circuitry to execute the instructions to train a neural network with a plurality of raw byte data samples, perform feature extraction on ones of the plurality of raw byte data samples, determine whether ones of the plurality of raw byte data samples are clean or malicious using the extracted features, and determine a family of malware to which an identified malicious sample belongs.

Abstract: Security risk evaluation across user devices is disclosed herein. An example method includes registering one or more devices associated with a first user with the computer system, determining respective security sub-scores for each item of the one or more devices, computing an overall security score for the first user based, at least in part, on an aggregation of the security sub-scores, and creating a user profile based on the overall security score, the user profile to enable the at least one of the one or more devices to exchange data with an external device when the overall security score meets a security score threshold, the user profile to prevent the at least one of the one or more devices from exchanging data with the external device when the overall security score does not meet the security score threshold.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to perform malware detection using a generative adversarial network. An example apparatus includes a first encoder network to encode an input sample into a first encoded sample, the first encoder network implemented using a multilayer perception (MLP) network, a generator network to reconstruct the first encoded sample to generate a reconstructed sample, a discriminator network to, in response to obtaining the first encoded sample and the reconstructed sample, generate a loss function based on the reconstructed sample and the input sample, and an optimization processor to, when the loss function satisfies a threshold loss value, classify the input sample as malicious.

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed that improve detection of malware based on ecosystem specific data. An example apparatus includes a feedback weight controller to apply, with a machine learning model, a weight to feedback associated with a sample, the feedback obtained from at least a customer ecosystem and including endpoint feedback, human feedback, infrastructure feedback, and global feedback; and a sample conviction controller to, in response to a score based on the weighted feedback satisfying a threshold for a classification, indicate to a user, with the machine learning model, that the classification for the sample is malicious.

Abstract: Methods, apparatus, systems and articles of manufacture for producing generic Internet Protocol (IP) reputation through cross-protocol analysis are disclosed. An example apparatus includes a data collector to gather a first data set representing IP telemetry data for a first protocol, the data collector to gather a second data set representing IP telemetry data for a second protocol different from the first protocol. A label generator is to generate a training data set based on records in the first data set and the second data set having matching IP addresses, the training data set to include combined label indicating whether each of the respective matching IP addresses is malicious. A model trainer is to train a machine learning model using the training data set. A model executor is to, responsive to a request from a client device, execute the machine learning model to determine whether a requested IP address is malicious.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to analyze network traffic for malicious activity. An example apparatus includes a graph generator to, in response to obtaining one or more internet protocol addresses included within input data, generate a graph data structure based on one or more features of the one or more internet protocol addresses in the input data, a file generator to generate a first matrix using the graph data structure, the first matrix to represent nodes in the graph data structure and generate a second matrix using the graph data structure, the second matrix to represent edges in the graph data structure, and a classifier to, using the first matrix and the second matrix, classify at least one of the one or more internet protocol addresses to identify a reputation of the at least one of the one or more internet protocol addresses.

Abstract: Methods, apparatus, systems and articles of manufacture for producing generic Internet Protocol (IP) reputation through cross-protocol analysis are disclosed. An example apparatus includes a data collector to gather a first data set representing IP telemetry data for a first protocol, the data collector to gather a second data set representing IP telemetry data for a second protocol different from the first protocol. A label generator is to generate a training data set based on records in the first data set and the second data set having matching IP addresses, the training data set to include combined label indicating whether each of the respective matching IP addresses is malicious. A model trainer is to train a machine learning model using the training data set. A model executor is to, responsive to a request from a client device, execute the machine learning model to determine whether a requested IP address is malicious.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to perform malware detection using a generative adversarial network. An example apparatus includes a first encoder network to encode an input sample into a first encoded sample, the first encoder network implemented using a multilayer perception (MLP) network, a generator network to reconstruct the first encoded sample to generate a reconstructed sample, a discriminator network to, in response to obtaining the first encoded sample and the reconstructed sample, generate a loss function based on the reconstructed sample and the input sample, and an optimization processor to, when the loss function satisfies a threshold loss value, classify the input sample as malicious.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to detect deepfake content. An example apparatus to determine whether input media is authentic includes a classifier to generate a first probability based on a first output of a local binary model manager, a second probability based on a second output of a filter model manager, and a third probability based on a third output of an image quality assessor, a score analyzer to obtain the first, second, and third probabilities from the classifier, and in response to obtaining a first result and a second result, generate a score indicative of whether the input media is authentic based on the first result, the second result, the first probability, the second probability, and the third probability.

Abstract: Methods, apparatus, systems and articles of manufacture for producing generic Internet Protocol (IP) reputation through cross-protocol analysis are disclosed. An example apparatus includes a data collector to gather a first data set representing IP telemetry data for a first protocol, the data collector to gather a second data set representing IP telemetry data for a second protocol different from the first protocol. A label generator is to generate a training data set based on records in the first data set and the second data set having matching IP addresses, the training data set to include combined label indicating whether each of the respective matching IP addresses is malicious. A model trainer is to train a machine learning model using the training data set. A model executor is to, responsive to a request from a client device, execute the machine learning model to determine whether a requested IP address is malicious.

Abstract: Security risk evaluation across user devices is disclosed herein. An example method includes registering one or more devices associated with a first user with the computer system, determining respective security sub-scores for each item of the one or more devices, computing an overall security score for the first user based, at least in part, on an aggregation of the security sub-scores, and creating a user profile based on the overall security score, the user profile to enable the at least one of the one or more devices to exchange data with an external device when the overall security score meets a security score threshold, the user profile to prevent the at least one of the one or more devices from exchanging data with the external device when the overall security score does not meet the security score threshold.

Abstract: Device users today are increasingly using multiple smart connected devices simultaneously in order to manage their online lives and increase their productivity. This makes it difficult for users to accurately gauge or feel confident about their overall online security and privacy levels, and it also increases potential attack avenues for malicious actors. Interconnections and relationships between such smart connected devices may also further increase and complicate the security implications of the user's multi-device connected world. The systems and methods disclosed herein provide a single reference point to users that allows them to evaluate the security and privacy aspects of their various online activities and multi-device ecosystem via a single Security and Privacy Score (SPS) value.

Abstract: Device users today are increasingly using multiple smart connected devices simultaneously in order to manage their online lives and increase their productivity. This makes it difficult for users to accurately gauge or feel confident about their overall online security and privacy levels, and it also increases potential attack avenues for malicious actors. Interconnections and relationships between such smart connected devices may also further increase and complicate the security implications of the user's multi-device connected world. The systems and methods disclosed herein provide a single reference point to users that allows them to evaluate the security and privacy aspects of their various online activities and multi-device ecosystem via a single Security and Privacy Score (SPS) value.

Abstract: This disclosure is directed to a system for analytic model development. In general, an analytic system may be able to formulate a model of a target system based on user interaction and data received from the system, and to perform real time activities based on the model. An analytics system may comprise at least a segment recipe module (SRM), a user interface module (UIM) and an automated analytics module (AAM). The SRM may include at least one segment recipe for use in configuring the UIM and AAM. For example, the UIM may be configured to present plain language prompts to a user. At least one of the segment recipe or data input by the user in response to the prompts may be used to configure the AAM to generate the model. The AAM may also perform real time activities that generate notifications, etc. based on the model.