Abstract: Provided is a method for protocol parsing for network security. The method may include receiving, by a packet capture system, a plurality of packets, parsing lower layer data from each packet, and communicating a respective payload of each respective packet to at least one first queue. A routing system may route the respective payload of each respective packet to a respective second queue of a plurality of second queues based on a respective protocol of the respective packet. A respective protocol parser node of a parsing system may parse higher layer data from the respective payload of each respective packet from each respective second queue. The packet capture system may communicate the lower layer data for each packet to a third queue, and the parsing system may communicate the higher layer data for each packet to the third queue. A system and computer program product are also disclosed.

Abstract: Provided is a method for protocol parsing for network security. The method may include receiving, by a packet capture system, a plurality of packets, parsing lower layer data from each packet, and communicating a respective payload of each respective packet to at least one first queue. A routing system may route the respective payload of each respective packet to a respective second queue of a plurality of second queues based on a respective protocol of the respective packet. A respective protocol parser node of a parsing system may parse higher layer data from the respective payload of each respective packet from each respective second queue. The packet capture system may communicate the lower layer data for each packet to a third queue, and the parsing system may communicate the higher layer data for each packet to the third queue. A system and computer program product are also disclosed.

Abstract: An application or device is authenticated using secure application data validation. A server computer receives an authentication request comprising an application identifier or a user device identifier associated with a user device, the authentication request originating from the user device. The server computer receives a set of behavioral data associated with the application or the user device. Responsive to receiving the application identifier or device identifier, the server computer obtains a fuzzy vault associated with the application identifier or the user device identifier. The server computer determines a reconstructed key value using the fuzzy vault and the set of behavioral data. The application or the user device is authenticated using the reconstructed key value.

Abstract: Provided is a method for protocol parsing for network security. The method may include receiving, by a packet capture system, a plurality of packets, parsing lower layer data from each packet, and communicating a respective payload of each respective packet to at least one first queue. A routing system may route the respective payload of each respective packet to a respective second queue of a plurality of second queues based on a respective protocol of the respective packet. A respective protocol parser node of a parsing system may parse higher layer data from the respective payload of each respective packet from each respective second queue. The packet capture system may communicate the lower layer data for each packet to a third queue, and the parsing system may communicate the higher layer data for each packet to the third queue. A system and computer program product are also disclosed.

Abstract: Embodiments provide for maliciousness scores to be determined for IP addresses and/or network domains. For example, a request to evaluate malicious activity with respect to an IP address/network domain may be received. Multiple, and in some cases disparate, third-party systems may provide malicious activity information associated with the IP address and/or network domain. A feature set may be extracted from the malicious activity information and statistical values may be calculated from the extracted data and added to the feature set. The features set may be provided to a machine learning model as input and a maliciousness score/classification may be returned. A remedial action may be performed in accordance with the output of the machine learning model.

Abstract: Embodiments provide for maliciousness scores to be determined for IP addresses and/or network domains. For example, a request to evaluate malicious activity with respect to an IP address/network domain may be received. Multiple, and in some cases disparate, third-party systems may provide malicious activity information associated with the IP address and/or network domain. A feature set may be extracted from the malicious activity information and statistical values may be calculated from the extracted data and added to the feature set. The features set may be provided to a machine learning model as input and a maliciousness score/classification may be returned. A remedial action may be performed in accordance with the output of the machine learning model.