Abstract: The disclosed computer-implemented method for profiling client systems may include (1) identifying one or more administrative categories used to categorize clients according to system profiles of the clients, (2) collecting attribute information that associates one or more client attributes with the administrative category, (3) generating, based at least in part on the association between the client attribute and the administrative category, an association scoring protocol that estimates an association strength between clients and the administrative category, (4) assigning, based on the association scoring protocol, an association score to one or more clients, (5) determining, based on the association score being above a threshold, that the client should be associated with the administrative category, and (6) initiating one or more customized administrative actions for the client, based at least in part by the association of the client with the administrative category.

Abstract: The disclosed computer-implemented method for determining the trustworthiness of files within organizations may include (1) identifying a file on a computing device within multiple computing devices managed by an organization, (2) in response to identifying the file, identifying at least one additional computing device within the multiple computing devices that is potentially associated with the file, (3) distributing at least a portion of the file to a user of the additional computing device with a request to receive an indication of the trustworthiness of the file, and then (4) receiving, from the additional computing device, a response that indicates the trustworthiness of the file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques are disclosed for dynamically managing hardening policies in a client computer (e.g., of an enterprise network). A hardening management application monitors activity on the client computer that is associated with a first hardening policy. The monitored activity is evaluated based on one or more metrics. Upon determining that at least one of the metrics is outside of a tolerance specified in the first hardening policy, the client computer is associated with a second hardening policy. The client computer is reconfigured based on the second hardening policy.

Abstract: The disclosed computer-implemented method for detecting security threats may include (1) detecting, by a software security program, a security incident at a client device such that the software security program generates a signature report to identify the security incident, (2) querying an association database with the signature report to deduce another signature report that a different software security program would have predictably generated at the client device, the different software security program having been unavailable at the client device at a time of detecting the security incident, and (3) performing at least one protective action to protect the client device from a security threat associated with the security incident based on the other signature report deduced by querying the association database. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for predicting security threats may include (1) predicting that a candidate security target is an actual target of a specific security attack according to a non-collaborative-filtering calculation, (2) predicting that the candidate security target is an actual target of a set of multiple specific security attacks, including the specific security attack, according to a collaborative filtering calculation, (3) filtering, based on the specific security attack also being predicted by the non-collaborative-filtering calculation, the specific security attack from the set of multiple specific security attacks predicted by the collaborative filtering calculation, and (4) notifying the candidate security target to perform a security action to protect itself from another specific security attack remaining in the filtered set of multiple specific security attacks based on an analysis of the filtered set of multiple specific security attacks.

Abstract: A computer-implemented method for identifying potentially malicious singleton files may include (1) identifying a set of benign singleton files and a set of malicious singleton files, (2) obtaining, for each singleton file in the sets of benign and malicious singleton files, file identification information that identifies the singleton file, (3) using the file identification information of the singleton files from the sets of benign and malicious singleton files to train a classifier to classify unknown singleton files, (4) detecting an unclassified singleton file, (5) analyzing, with the trained classifier, information that identifies the unclassified singleton file, (6) determining, based on the analysis of the information that identifies the unclassified singleton file, that the unclassified singleton file is suspicious, and (7) triggering a security action in response to determining that the unclassified singleton file is suspicious.

Abstract: A computer-implemented method for predicting security threat attacks may include (1) identifying candidate security threat targets with latent attributes that describe features of the candidate security threat targets, (2) identifying historical attack data that describes which of the candidate security threat targets experienced an actual security threat attack, (3) determining a similarity relationship between latent attributes of at least one specific candidate security threat target and latent attributes of the candidate security threat targets that experienced an actual security threat attack according to the historical attack data, (4) predicting, based on the determined similarity relationship, that the specific candidate security threat target will experience a future security threat attack, and (5) performing at least one remedial action to protect the specific candidate security threat target in response to predicting the future security threat attack.

Abstract: The disclosed computer-implemented method for curating file clusters for security analyzes may include (1) identifying a suspicious file that exists on at least one computing system within a computing community, (2) clustering a set of files that includes the suspicious file into a file cluster based at least in part on at least one characteristic shared by the set of files, (3) prioritizing at least one file included in the file cluster based at least in part on a contextual value of the file relative to the file cluster, (4) providing, for presentation to a security analyst, a graphical representation of the file cluster that highlights the prioritized file relative to the file cluster, and then (5) performing at least one security action on the suspicious file based at least in part on feedback received from the security analyst. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for dynamic access control over shared resources may include (1) detecting an attempt by a user to access a resource via a computing environment, (2) identifying a risk level of the user attempting to access the resource, (3) identifying a sensitivity level of the resource, (4) identifying a risk level of the computing environment through which the user is attempting to access the resource, (5) determining an overall risk level for the attempt to access the resource based at least in part on (A) the risk level of the user, (B) the sensitivity level of the resource, and (C) the risk level of the computing environment, and then (6) determining, based at least in part on the overall risk level, whether to grant the user access to the resource via the computing environment. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for file classification may include (1) identifying, by a computer security system, a cluster of files that co-occur with each other according to a statistical analysis, (2) identifying ground truth files to which the computer security system has previously assigned a security score, (3) determining that a file in the cluster of files shares an item of file metadata with another file in the ground truth files, (4) assigning a security score to the file in the cluster of files based on a security score of the other file in the ground truth files that shares the item of file metadata, and (5) assigning an overall security score to the entire cluster of files based on the security score assigned to the file in the cluster. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for creating security profiles may include (1) identifying, within a computing environment, a new actor as a target for creating a new security behavior profile that defines expected behavior for the new actor, (2) identifying a weighted graph that connects the new actor as a node to other actors, (3) creating, by analyzing the weighted graph, the new security behavior profile based on the new actor's specific position within the weighted graph, (4) detecting a security anomaly by comparing actual behavior of the new actor within the computing environment with the new security behavior profile that defines expected behavior for the new actor, and (5) performing, by a computer security system, a remedial action in response to detecting the security anomaly. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for threat detection using a software program update profile may include (1) building an update behavioral model that identifies legitimate update behavior for a software application by (a) monitoring client devices for update events associated with the software application and (b) analyzing the update events to identify the legitimate update behavior of the software application, (2) using the update behavioral model to identify suspicious behavior on a computing system by (a) detecting an update instance on the computing system, (b) comparing the update instance with the legitimate update behavior identified in the update behavioral model, and (c) determining, based on the comparison of the update instance with the legitimate update behavior, that the update instance is suspicious, and (3) in response to determining that the update instance is suspicious, performing a security action. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for detecting security threats may include (1) detecting, by a software security program, a security incident at a client device such that the software security program generates a signature report to identify the security incident, (2) querying an association database with the signature report to deduce another signature report that a different software security program would have predictably generated at the client device, the different software security program having been unavailable at the client device at a time of detecting the security incident, and (3) performing at least one protective action to protect the client device from a security threat associated with the security incident based on the other signature report deduced by querying the association database. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques for inferring security policies from semantic attributes are provided. In one aspect, a method for building a query component executable by a processor is provided. The method includes the steps of: (a) providing subjects and permissions related to making a security policy decision, as well as a training set of permission-to-subject assignments, as inputs to the security policy query component; (b) extracting semantic attributes from natural language freeform text descriptions of the subjects and the permissions; and (c) using machine learning to build the security policy query component based on the permission-to-subject assignments in the training set and the semantic attributes extracted in step (b).

Abstract: A method of forming an optical fibre assembly, comprises providing a planar substrate made of a first material; positioning an optical fibre with an outer layer of a first glass material on a surface of the substrate to form a pre-assembly; depositing a further glass material such as silica soot onto the pre-assembly, over at least a part of the optical fibre and adjacent parts of the substrate surface; and heating the pre-assembly to consolidate the further glass material into an amorphous volume in contact with at least parts of the surface of the substrate and the outer layer of the optical fibre, thereby bonding the optical fibre to the substrate to create the optical fibre assembly.

Abstract: Automatically estimating content topics of inaccessible content in a computer system, in one aspect, may comprise gathering accessible content and analyzing the accessible content to estimate one or more topics of the inaccessible content.

Abstract: Automatically estimating content topics of inaccessible content in a computer system, in one aspect, may comprise gathering accessible content and analyzing the accessible content to estimate one or more topics of the inaccessible content.

Abstract: Techniques for inferring security policies from semantic attributes are provided. In one aspect, a method for building a query component executable by a processor is provided. The method includes the steps of: (a) providing subjects and permissions related to making a security policy decision, as well as a training set of permission-to-subject assignments, as inputs to the security policy query component; (b) extracting semantic attributes from natural language freeform text descriptions of the subjects and the permissions; and (c) using machine learning to build the security policy query component based on the permission-to-subject assignments in the training set and the semantic attributes extracted in step (b).

Abstract: Automatically estimating content topics of inaccessible content in a computer system, in one aspect, may comprise gathering accessible content and analyzing the accessible content to estimate one or more topics of the inaccessible content.

Abstract: Automatically estimating content topics of inaccessible content in a computer system, in one aspect, may comprise gathering accessible content and analyzing the accessible content to estimate one or more topics of the inaccessible content.