Abstract: Examples of the disclosure include a power-distribution system, comprising a high-voltage input, a high-to-medium voltage transformer coupled to the high-voltage input, a medium-to-low voltage transformer coupled to the high-to-medium voltage transformer, a generator, a low-voltage switchgear coupled to the generator, the low-voltage switchgear being configured to receive input DC power derived from the generator and to output DC power to information technology (IT) equipment, and a first AC-DC converter coupled between the medium-to-low voltage transformer and the low-voltage switchgear.

Abstract: Techniques for searching an inverted index associating byte sequences of a fixed length and files that contain those byte sequences are described herein. Byte sequences comprising a search query are determined and searched in the inverted index. In some examples, training data for training machine learning (ML) model(s) may be created using pre-featured data from the inverted index. In various examples, training data may be used to retrain the ML model until the ML model meets a criterion. In some examples, the trained ML model may be used to perform searches on the inverted index and classify files.

Abstract: A security service can determine a synthetic context based at least in part on context data associated with a first malware sample, and detonate the first malware sample in the synthetic context to provide one or more first event records representing events performed by the first malware sample and detected during detonation. Additionally or alternatively, the security service can detonate the first malware sample and locate a second malware sample in a corpus based at least in part on the one or more first event records. Additionally or alternatively, the security service can receive event records representing events detected during a detonation of a first malware sample, the detonation based at least in part on context data, and locate a second malware sample in the corpus based at least in part on the one or more reference event records.

Abstract: Methods and systems are provided for a histogram model configuring a computing system to derive an indicator of compromise signature based on a sliding window index of identified malware samples, and a matching rule constructor configuring a computing system to generate matching signatures by selecting statistically relevant n-grams of an unidentified file sample. A matching rule constructor configures the computing system to construct a matching rule including, as a signature, 32 n-grams found in the unidentified file sample which occur most frequently, and another 32 n-grams found in the unidentified file sample which occur least frequently amongst records of the threat database across 32 discrete file size ranges.

Abstract: A system and method of using generative AI to convert NL queries to database commands for accessing one or more databases. The method includes receiving a natural language (NL) request for information associated with a private network. The method includes providing the NL request to an artificial intelligence (AI) model trained to identify, from a plurality of access objects associated with a plurality of databases and a plurality of event types, a particular access object that provides access to one or more event datasets associated with the NL request. The method includes generating, by a processing device and using the AI model, a database request associated with the particular access object based on the NL request.

Abstract: Systems and methods for providing cybersecurity notifications based on structured and unstructured data. The systems and methods receive a natural language query from a client device and processes, by an artificial intelligence model, the natural language query to identify elements of cybersecurity intelligence to monitor. The systems and methods further monitor cybersecurity intelligence for a match to the identified elements from the natural language query and provide a notification to the client device in response to the matching of the identified elements to one or more items of cybersecurity intelligence.

Abstract: The present disclosure produces a first output in response to inputting a first prompt into a large language model (LLM). The first prompt comprises a first document group that corresponds to a second document group, and the LLM is limited by a maximum token limit that is less than a token count of the second document group. The present disclosure generates a second prompt that comprises a subset of the second document group corresponding to the first output. The present disclosure then produces a second output based on the subset of the second document group in response to inputting the second prompt into the LLM.

Abstract: Systems and methods for incremental solves using LLMs for API calls is presented. The systems and methods produce, by a first large learning model (LLM), a processing plan based on a first prompt, wherein the processing plan includes a plurality of tasks corresponding to a plurality of services. The systems and methods send a plurality of messages corresponding to the plurality of tasks to a plurality of service agents, wherein the plurality of service agents correspond to the plurality of services and comprise a plurality of second LLMs that produce a plurality of agent responses. The systems and methods then generate a query response based on the plurality of agent responses.

Abstract: Systems and methods for implementing prevention of prompt injection attacks on large language models by tokenization of structured data elements is presented. The systems and methods replace one or more data elements in a database response with one or more tokens to produce a tokenized database response. The systems and methods provide the tokenized database response to a large language model (LLM). The systems and methods receive a tokenized LLM output that includes at least one of the one or more tokens. The systems and methods produce a detokenized LLM output by replacing the one or more tokens in the tokenized LLM output with the one or more data elements.

Abstract: A security service can determine a synthetic context based at least in part on context data associated with a first malware sample, and detonate the first malware sample in the synthetic context to provide one or more first event records representing events performed by the first malware sample and detected during detonation. Additionally or alternatively, the security service can detonate the first malware sample and locate a second malware sample in a corpus based at least in part on the one or more first event records. Additionally or alternatively, the security service can receive event records representing events detected during a detonation of a first malware sample, the detonation based at least in part on context data, and locate a second malware sample in the corpus based at least in part on the one or more reference event records.

Abstract: Training and use of a byte n-gram embedding model is described herein. A neural network is trained to determine a probability of occurrence associated with a byte n-gram. The neural network includes one or more embedding model layers, at least one of which is configured to output an embedding array of values. The byte n-gram embedding model may be used to generate a hash of received data, to classify the received data with no knowledge of a data structure associated with the received data, to compare the received data to files having a known classification, and/or to generate a signature for the received data.

Abstract: A security agent configured to utilize a decision validation model for a prediction model of a security agent of the computing device is described herein. The decision validation model includes non-executable data and is utilized by a function of the security agent along with the input vector and decision value of the prediction model as inputs to the decision validation model. The decision validation model then outputs a different decision value from the decision value of the prediction model. The security agent receives the decision validation model from a security service that trains the decision validation model when the prediction model is generating false predictions.

Abstract: A security service can determine a synthetic context based at least in part on context data associated with a first malware sample, and detonate the first malware sample in the synthetic context to provide one or more first event records representing events performed by the first malware sample and detected during detonation. Additionally or alternatively, the security service can detonate the first malware sample and locate a second malware sample in a corpus based at least in part on the one or more first event records. Additionally or alternatively, the security service can receive event records representing events detected during a detonation of a first malware sample, the detonation based at least in part on context data, and locate a second malware sample in the corpus based at least in part on the one or more reference event records.

Abstract: Methods and systems are provided for entropy exclusion of labeled training data by extracting windows therefrom, for training an embedding learning model to output a feature space for a feature space based learning model. Based on feature embedding by machine learning, a machine learning model is trained to embed feature vectors in a feature space which magnifies distances between features of a labeled dataset. Before training, however, sub-sequences of bytes are extracted from each sample of the labeled subset, based on a window size hyperparameter and a window distance hyperparameter. Information entropy is computed for each among a set of extracted windows, and extracted windows having highest information entropy, as well as extracted windows having lowest information entropy, are excluded therefrom. Extracted windows of the subset are stored in a data stream and accessed sequentially to derive feature vectors.

Abstract: Techniques for searching an inverted index associating byte sequences of a fixed length and files that contain those byte sequences are described herein. Byte sequences comprising a search query are determined and searched in the inverted index. In some examples, training data for training machine learning (ML) model(s) may be created using pre-featured data from the inverted index. In various examples, training data may be used to retrain the ML model until the ML model meets a criterion. In some examples, the trained ML model may be used to perform searches on the inverted index and classify files.

Abstract: Methods and systems are provided for a histogram model configuring a computing system to derive an indicator of compromise signature based on a sliding window index of identified malware samples, and a matching rule constructor configuring a computing system to generate matching signatures by selecting statistically relevant n-grams of an unidentified file sample. A matching rule constructor configures the computing system to construct a matching rule including, as a signature, 32 n-grams found in the unidentified file sample which occur most frequently, and another 32 n-grams found in the unidentified file sample which occur least frequently amongst records of the threat database across 32 discrete file size ranges.

Abstract: Training and use of a byte n-gram embedding model is described herein. A neural network is trained to determine a probability of occurrence associated with a byte n-gram. The neural network includes one or more embedding model layers, at least one of which is configured to output an embedding array of values. The byte n-gram embedding model may be used to generate a hash of received data, to classify the received data with no knowledge of a data structure associated with the received data, to compare the received data to files having a known classification, and/or to generate a signature for the received data.

Abstract: Training and use of a byte n-gram embedding model is described herein. A neural network is trained to determine a probability of occurrence associated with a byte n-gram. The neural network includes one or more embedding model layers, at least one of which is configured to output an embedding array of values. The byte n-gram embedding model may be used to generate a hash of received data, to classify the received data with no knowledge of a data structure associated with the received data, to compare the received data to files having a known classification, and/or to generate a signature for the received data.

Abstract: Techniques for searching an inverted index associating byte sequences of a fixed length and files that contain those byte sequences are described herein. Byte sequences comprising a search query are determined and searched in the inverted index. In some examples, training data for training machine learning model(s) may be created using pre-featured data from the inverted index. In various examples, training data may be used to retrain a ML model until the ML model meets a criterion. In some examples, the trained ML model may be used to perform searches on the inverted index and classify files.

Abstract: Techniques for searching an inverted index associating byte sequences of a fixed length and files that contain those byte sequences are described herein. Byte sequences comprising a search query are determined and searched in the inverted index, and an intersection of the results is determined and returned as a response to the search query. Further, search queries in the form of expressions including search terms and logical operators are searched in the inverted index and evaluated using a syntax tree constructed based on the logical operators. Also, byte sequences comprising a file are searched in the inverted index and results of the search are used to generate signatures and fuzzy hashes.