Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for controlling agents using reporter neural networks.

Abstract: Distinguishing between functional tracking domains and nonfunctional tracking domains on a host web page. In particular, a list of known tracking domains that load content into host web pages may be received. This list of tracking domains may include tracking domains that are functional and tracking domains that are nonfunctional. The tracking domains that are functional may be determined by evaluating various behaviors and characteristics of the tracking domains. Once functional tracking domains have been determined, these functional tracking domains may be allowed, and other tracking domains may be blocked from loading content onto host web pages thereby preserving the functionality of the web pages.

Abstract: Location-based anomaly detection based on geotagged digital photographs. In some embodiments, a method may include identifying a completed transaction associated with a user. The method may also include determining a transaction geographic location associated with the completed transaction. The method may further include identifying a mobile device associated with the user. The method may also include identifying one or more geotagged digital photographs taken by the mobile device. The method may further include extracting one or more photograph geographic locations from the one or more geotagged digital photographs. The method may also include, in response to determining that the transaction geographic location is not within a threshold distance of any of the one or more photograph geographic locations, identifying the completed transaction as a suspicious transaction and performing a remedial action.

Abstract: The disclosed computer-implemented method for protecting user privacy may include (i) receiving an indication to protect a photo with privacy-protecting blurring, (ii) generating a blurred version of the photo, (iii) generating, based on the blurred version of the photo, a video that progressively de-blurs the photo, (iv) linking through metadata the blurred version of the photo and the video that progressively de-blurs the photo as a combined motion-photo-object, and (v) storing the combined motion-photo-object in a configured location such that a photo display program uses the blurred version of the photo as a preview of the motion-photo-object when browsing but plays the video that progressively de-blurs the photo in response to additional user input selecting the preview. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Systems and methods for identifying and removing a tracking capability from an external domain that performs a tracking activity on a host web page. Tracking capabilities of an external domain may be removed by altering web requests and/or responses to API calls. Once these tracking capabilities of the external domain have been removed, the altered web requests and/or altered responses to API calls may be transmitted to a web browser and/or entity making the API call thereby protecting user privacy while allowing the external domain to interact with the host web page.

Abstract: Tracking of health and resilience of physical equipment and related systems are disclosed. A system includes physical equipment and one or more processors. The physical equipment includes one or more assets. The one or more processors are configured to determine a resilience metric for the physical equipment. The resilience metric includes a real power component and a reactive power component based, at least in part, on an aggregation of real components and reactive components of adaptive capacities of the one or more assets. A cyber-physical system includes physical equipment, network equipment configured to enable the physical equipment to communicate over one or more networks, a physical anomaly detection system (ADS) configured to detect anomalies in operation of the physical equipment and provide a physical component of a cyber-physical metric, and a cyber ADS configured to detect anomalies in network communications over the one or more networks.

Abstract: Identifying and removing a tracking capability from an external domain that performs a tracking activity on a host web page. Tracking capabilities of an external domain may be removed by altering web requests and/or responses to API calls. Once these tracking capabilities of the external domain have been removed, the altered web requests and/or altered responses to API calls may be transmitted to a web browser and/or entity making the API call thereby protecting user privacy while allowing the external domain to interact with the host web page.

Abstract: The disclosed computer-implemented method for authenticating digital media content may include (i) receiving digital media content that has been captured by a capturing device and digitally signed through a cryptoprocessor embedded within the capturing device to provide an assurance of authenticity regarding how the capturing device captured the digital media content, and (ii) encoding an identifier of the received digital media content and a digital signature to an encrypted distributed ledger, the digital signature including at least one of a digital signature of the digital media content by the capturing device or a digital signature of the digital media content by an entity encoding the received digital media content such that the encoding becomes available for subsequent verification through the encrypted distributed ledger. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method for optimizing network decision nodes is described. In one embodiment, the method includes generating an initial network of decision nodes constructed according to one or more rules, rearranging one or more decision nodes of the initial network based at least in part on a conversion of the one or more rules to a disjunctive normal form, analyzing the rearranged network of decision nodes in an upstream direction, and optimizing the rearranged network by merging two or more decision nodes of the rearranged network based at least in part on the analysis of the rearranged network. In some cases, the decision nodes include one or more levels of parent nodes and child nodes, each level of child nodes being connected to respective parent nodes. In some cases, the upstream direction is in a direction from the child nodes to the parent nodes.

Abstract: Adaptive security filtering on a client device. A method may include applying a data filter to a client device to obtain a first set of data associated with the client device, determining a risk level of a datum of the first set of data, determining a resource level associated with obtaining the first set of data, adjusting the data filter to an adjusted filter based on the determined risk level of the datum and the determined resource level, and applying the adjusted filter to the client device.

Abstract: The disclosed method for assuring authenticity of electronic sensor data may include (i) capturing, using a sensor within a device, electronic sensor data, and (ii) digitally signing, using a cryptoprocessor embedded within the device, the electronic sensor data to create a digital signature that verifies that the signed electronic sensor data has not been modified since the electronic sensor data was captured by the sensor. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for controlling uploading of potentially sensitive information to the Internet may include (i) loading, at the computing device, at least a portion of a webpage and (ii) performing a security action including (A) converting, at the computing device, components of the webpage from an online status to an offline status, (B) receiving a sensitive information input to a respective offline component of the webpage, (C) converting, based on a stored user preference and in response to receiving the sensitive information input, the respective offline component to the online status, (D) buffering an outgoing network request comprising the sensitive information input, (E) receiving an approval input indicating approval to transmit the potentially sensitive information to the Internet, and (F) releasing the outgoing network request in response to receiving the approval input. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method for improving memory efficiency of production rule systems is described. In one embodiment, the method includes identifying a rule associated with production rule systems, constructing a production rule network based at least in part on the rule, identifying a positional constraint associated with the rule, and implementing an alpha memory gate in the production rule network based at least in part on the positional constraint. In some cases, the alpha memory gate is one of a plurality of nodes of the production rule network.

Abstract: The disclosed computer-implemented method for establishing restricted interfaces for database applications may include analyzing, by a computing device, query behavior of an application for query requests from the application to a remote database in a computer system and identifying, based on the analysis, an expected query behavior for the application. The method may include establishing, between the application and the remote database, a restricted interface. The method may include receiving, at the restricted interface, a query request from the application to the remote database and limiting, by the restricted interface, the query request from the application to the remote database based on the expected query behavior. The method may include determining, by checking the query request against the expected query behavior, that the query request is anomalous query behavior and performing a security action with respect to the computer system.

Abstract: Systems, apparatuses, methods, and computer readable mediums for modeling malicious behavior that occurs in the absence of users. A system trains an anomaly detection model using attributes associated with a first plurality of events representing system activity on one or more clean machines when users are not present. Next, the system utilizes the trained anomaly detection model to remove benign events from a second plurality of events captured from infected machines when users are not present. Then, the system utilizes malicious events, from the second plurality of events, to train a classifier. Next, the classifier identifies a first set of attributes which are able to predict if an event is caused by malware with a predictive power greater than a threshold.

Abstract: Decrypting network traffic on a middlebox device using a trusted execution environment (TEE).

Abstract: Decrypting network traffic on a middlebox device using a trusted execution environment (TEE).

Abstract: Decrypting network traffic on a middlebox device using a trusted execution environment (TEE).

Abstract: A computer-implemented method for increasing security on computing systems that launch application containers may include (1) authenticating an application container that facilitates launching at least one application on a host computing system by verifying that the application container meets a certain trustworthiness threshold, (2) intercepting, via a policy-enforcement proxy, a command to perform a deployment action on the host computing system in connection with the authenticated application container, (3) determining that the deployment action potentially violates a security policy applied to the authenticated application container, and then in response to determining that the deployment action potentially violates the security policy, (4) modifying, via the policy-enforcement proxy, the command to prevent the potential violation of the security policy. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for detecting malware-induced crashes may include (1) identifying, by analyzing a health log associated with a previously stable computing device, the occurrence of an unexpected stability problem on the previously stable computing device, (2) identifying, by analyzing an event log associated with the previously stable computing device, an event that is potentially responsible for the occurrence of the unexpected stability problem on the previously stable computing device, (3) determining, due at least in part to the event being potentially responsible for the occurrence of the unexpected stability problem on the previously stable computing device, that the event is potentially malicious, and (4) performing a security action in response to determining that the event is potentially malicious. Various other methods, systems, and computer-readable media are also disclosed.