Abstract: A method for managing a plurality of access control devices is provided. The method includes at a backend server, receiving a request to schedule a first task of the at least a subset of tasks. The backend server identifies one or more access control devices that a non-occupant account is to be granted credentials in order to complete the task. The backend server then provisions credentials for the one or more access control devices associated with the first task to the non-occupant account selected to complete the task.

Abstract: Example techniques described herein determine a validation dataset, determine a computational model using the validation dataset, or determine a signature or classification of a data stream such as a file. The classification can indicate whether the data stream is associated with malware. A processing unit can determine signatures of individual training data streams. The processing unit can determine, based at least in part on the signatures and a predetermined difference criterion, a training set and a validation set of the training data streams. The processing unit can determine a computational model based at least in part on the training set. The processing unit can then operate the computational model based at least in part on a trial data stream to provide a trial model output. Some examples include determining the validation set based at least in part on the training set and the predetermined criterion for difference between data streams.

Abstract: A method for managing a plurality of access control devices is provided. The method includes at a backend server, receiving a request to schedule a first task of the at least a subset of tasks. The backend server identifies one or more access control devices that a non-occupant account is to be granted credentials in order to complete the task. The backend server then provisions credentials for the one or more access control devices associated with the first task to the non-occupant account selected to complete the task.

Abstract: Methods and systems are provided for training a machine learning model to embed feature vectors in a feature space which magnifies distances between discriminating features of different malware families. In a labeled family dataset, labeled features which discriminate between different families are embedded in a feature space on a triplet loss function. Training may be performed in phases, starting by excluding hardest-positive and hardest-negative data points to provide reliable feature embeddings for initializing subsequent, more difficult phases. By training an embedding learning model to distinguish labeled malware families apart from training a classification learning model, the trained feature embedding may boost performance of classification learning models with regard to novel malware families which can only be distinguished by novel features.

Abstract: Example techniques described herein determine a validation dataset, determine a computational model using the validation dataset, or determine a signature or classification of a data stream such as a file. The classification can indicate whether the data stream is associated with malware. A processing unit can determine signatures of individual training data streams. The processing unit can determine, based at least in part on the signatures and a predetermined difference criterion, a training set and a validation set of the training data streams. The processing unit can determine a computational model based at least in part on the training set. The processing unit can then operate the computational model based at least in part on a trial data stream to provide a trial model output. Some examples include determining the validation set based at least in part on the training set and the predetermined criterion for difference between data streams.

Abstract: A method for managing a plurality of access control devices is provided. The method includes at a backend server, receiving a request to schedule a first task of the at least a subset of tasks. The backend server identifies one or more access control devices that a non-occupant account is to be granted credentials in order to complete the task. The backend server then provisions credentials for the one or more access control devices associated with the first task to the non-occupant account selected to complete the task.

Abstract: Example techniques described herein determine a signature or classification of a data stream such as a file. The classification can indicate whether the data stream is associated with malware. A processor can locate training analysis regions of training data streams based on predetermined structure data, and determining training model inputs based on the training analysis regions. The processor can determine a computational model based on the training model inputs. The computational model can receive an input vector and provide a corresponding feature vector. The processor can then locate a trial analysis region of a trial data stream based on the predetermined structure data and determine a trial model input. The processor can operate the computational model based on the trial model input to provide a trial feature vector, e.g., a signature. The processor can operate a second computational model to provide a classification based on the signature.

Abstract: Example techniques described herein determine a validation dataset, determine a computational model using the validation dataset, or determine a signature or classification of a data stream such as a file. The classification can indicate whether the data stream is associated with malware. A processing unit can determine signatures of individual training data streams. The processing unit can determine, based at least in part on the signatures and a predetermined difference criterion, a training set and a validation set of the training data streams. The processing unit can determine a computational model based at least in part on the training set. The processing unit can then operate the computational model based at least in part on a trial data stream to provide a trial model output. Some examples include determining the validation set based at least in part on the training set and the predetermined criterion for difference between data streams.

Abstract: Example techniques herein determine that a trial data stream is associated with malware (“dirty”) using a local computational model (CM). The data stream can be represented by a feature vector. A control unit can receive a first, dirty feature vector (e.g., a false miss) and determine the local CM based on the first feature vector. The control unit can receive a trial feature vector representing the trial data stream. The control unit can determine that the trial data stream is dirty if a broad CM or the local CM determines that the trial feature vector is dirty. In some examples, the local CM can define a dirty region in a feature space. The control unit can determine the local CM based on the first feature vector and other clean or dirty feature vectors, e.g., a clean feature vector nearest to the first feature vector.

Abstract: Example techniques described herein determine a classification of a variable-length source data such as an executable code. A neural network system that includes a convolution filter, a recurrent neural network, and a fully connected layer can be configured in a computing device to classify executable code. The neural network system can receive executable code of variable length and reduce its dimensionality by generating a variable-length sequence of features extracted from the executable code. The sequence of features is filtered, and applied to one or more recurrent neural networks and to a neural network. The output of the neural network classifies the data. Other disclosed systems include a system for reducing the dimensionality of command line input using a recurrent neural network. The reduced dimensionality of command line input may be classified using the disclosed neural network systems.

Abstract: Example techniques described herein determine a classification of a variable-length source data such as an executable code. A neural network system that includes a convolution filter, a recurrent neural network, and a fully connected layer can be configured in a computing device to classify executable code. The neural network system can receive executable code of variable length and reduce its dimensionality by generating a variable-length sequence of features extracted from the executable code. The sequence of features is filtered, and applied to one or more recurrent neural networks and to a neural network. The output of the neural network classifies the data. Other disclosed systems include a system for reducing the dimensionality of command line input using a recurrent neural network. The reduced dimensionality of command line input may be classified using the disclosed neural network systems.

Abstract: Example techniques herein determine that a trial data stream is associated with malware (“dirty”) using a local computational model (CM). The data stream can be represented by a feature vector. A control unit can receive a first, dirty feature vector (e.g., a false miss) and determine the local CM based on the first feature vector. The control unit can receive a trial feature vector representing the trial data stream. The control unit can determine that the trial data stream is dirty if a broad CM or the local CM determines that the trial feature vector is dirty. In some examples, the local CM can define a dirty region in a feature space. The control unit can determine the local CM based on the first feature vector and other clean or dirty feature vectors, e.g., a clean feature vector nearest to the first feature vector.

Abstract: A method obtains a first data item signature for a first data item, the first data item signature comprising an association between a plurality of synch points in the first data item and a corresponding plurality of block signatures. The process attempts to find one of the synch points in a second data item; and, if such a synch point is found, then a block signature of a corresponding block of bits in the second data item is determined. The process ascertains whether the synch point and corresponding block signature from the second data item correspond to a synch point and block signature in the first data item. If a predetermined number of synch points and corresponding block signatures match, the first and second data items are considered to match. In response to said determining, one or more actions associated with the first data item are performed.

Abstract: Example techniques described herein determine a validation dataset, determine a computational model using the validation dataset, or determine a signature or classification of a data stream such as a file. The classification can indicate whether the data stream is associated with malware. A processing unit can determine signatures of individual training data streams. The processing unit can determine, based at least in part on the signatures and a predetermined difference criterion, a training set and a validation set of the training data streams. The processing unit can determine a computational model based at least in part on the training set. The processing unit can then operate the computational model based at least in part on a trial data stream to provide a trial model output. Some examples include determining the validation set based at least in part on the training set and the predetermined criterion for difference between data streams.

Abstract: Example techniques described herein determine a signature or classification of a data stream such as a file. The classification can indicate whether the data stream is associated with malware. A processor can locate training analysis regions of training data streams based on predetermined structure data, and determining training model inputs based on the training analysis regions. The processor can determine a computational model based on the training model inputs. The computational model can receive an input vector and provide a corresponding feature vector. The processor can then locate a trial analysis region of a trial data stream based on the predetermined structure data and determine a trial model input. The processor can operate the computational model based on the trial model input to provide a trial feature vector, e.g., a signature. The processor can operate a second computational model to provide a classification based on the signature.

Abstract: A method obtains a first data item signature for a first data item, the first data item signature comprising an association between a plurality of synch points in the first data item and a corresponding plurality of block signatures. The process attempts to find one of the synch points in a second data item; and, if such a synch point is found, then a block signature of a corresponding block of bits in the second data item is determined. The process ascertains whether the synch point and corresponding block signature from the second data item correspond to a synch point and block signature in the first data item. If a predetermined number of synch points and corresponding block signatures match, the first and second data items are considered to match. In response to said determining, one or more actions associated with the first data item are performed.

Abstract: The presently disclosed subject matter includes a system and method which enable to identify one or more causes for excessive energy consumption in a computer executing one or more processes. Information indicating that consumption of a computer-resource of at least one of said processes is greater than a predefined threshold is obtained and one or more threads of said at least one process which are in running state are identified. Thread performance information of at least one thread in running state is collected and used for identifying one or more functions that are the cause for said state of the respective thread. The identified functions are associated with their respective modules in order to identify one or more modules of said process, which are the cause for said excessive energy consumption.

Abstract: A system is disclosed for identifying one or more causes of a computer executing one or more processes running slowly, the system includes: apparatus for detecting states of one or more threads of the one or more processes; apparatus for identifying one or more of said one or more processes that have one or more threads with wait states that occur above a threshold to indicate which modules within a process or processes is causing said computer to run slowly. In one embodiment the system as the apparatus for detecting states periodically polls the one or more threads of the processes. The system can also include a data structure to store the states of each of said one or more threads each time said thread is polled. The system can be one in which one or more threads are UI threads.

Abstract: A tracing system that provides automated tuning of execution tracing by adjusting the collection of trace data is described. In one embodiment, the user sets an initial tracing profile for a tracing program. In addition, the user sets an upper limit for the tracing performance penalty. The auto-tuning system monitors the performance penalty induced by tracing and, when the performance impact is excessive, removes trace points that are causing the most impact on performance. Auto tuning is especially useful for performing software recording in mission-critical and/or time-critical applications, such as servers, real-time applications, etc. The system typically adjusts relatively quickly such that most users do not feel the influence of the tracer.

Abstract: A system is disclosed for identifying one or more causes of a computer executing one or more processes running slowly, the system includes: apparatus for detecting states of one or more threads of the one or more processes; apparatus for identifying one or more of said one or more processes that have one or more threads with wait states that occur above a threshold to indicate which modules within a process or processes is causing said computer to run slowly. In one embodiment the system as the apparatus for detecting states periodically polls the one or more threads of the processes. The system can also include a data structure to store the states of each of said one or more threads each time said thread is polled. The system can be one in which one or more threads are UI threads. In still another embodiment the system the apparatus for detecting states includes apparatus for hooking voluntary API calls.