Abstract: Improved systems and methods for automated machine-learning, zero-day malware detection. Embodiments include a system and method for detecting malware using multi-stage file-typing and, optionally pre-processing, with fall-through options.

Abstract: Improved systems and methods for automated machine-learning, zero-day malware detection. Embodiments include a system and method for detecting malware using multi-stage file-typing and, optionally pre-processing, with fall-through options.

Abstract: Improved systems and methods for automated machine-learning, zero-day malware detection. Embodiments include a system and method for detecting malware using multi-stage file-typing and, optionally pre-processing, with fall-through options.

Abstract: ABSTRACT A system and method for real-time detection of anomalies in database or application usage is disclosed. Embodiments provide a mechanism to detect anomalies in database or application usage, such as data exfiltration attempts, first by identifying correlations (e.g., patterns of normalcy) in events across different heterogeneous data streams (such as those associated with ordinary, authorized and benign database usage, workstation usage, user behavior or application usage) and second by identifying deviations/anomalies from these patterns of normalcy across data streams in real-time as data is being accessed. An alert is issued upon detection of an anomaly, wherein a type of alert is determined based on a characteristic of the detected anomaly.

Abstract: A system and method for real-time detection of anomalies in database or application usage is disclosed. Embodiments provide a mechanism to detect anomalies in database or application usage, such as data exfiltration attempts, first by identifying correlations (e.g., patterns of normalcy) in events across different heterogeneous data streams (such as those associated with ordinary, authorized and benign database usage, workstation usage, user behavior or application usage) and second by identifying deviations/anomalies from these patterns of normalcy across data streams in real-time as data is being accessed. An alert is issued upon detection of an anomaly, wherein a type of alert is determined based on a characteristic of the detected anomaly.

Abstract: Improved systems and methods for automated machine-learning, zero-day malware detection. Embodiments include a system and method for detecting malware using multi-stage file-typing and, optionally pre-processing, with fall-through options.

Abstract: Improved systems and methods for automated machine-learning, zero-day malware detection. Embodiments include a method for improved zero-day malware detection that receives a set of training files which are each known to be either malign or benign, partitions the set of training files into a plurality of categories, and trains category-specific classifiers that distinguish between malign and benign files in a category of files. The training may include selecting one of the plurality of categories of training files, identifying features present in the training files in the selected category of training files, evaluating the identified features to determine the identified features most effective at distinguishing between malign and benign files, and building a category-specific classifier based on the evaluated features. Embodiments also include by a system and computer-readable medium with instructions for executing the above method.

Abstract: Improved systems and methods for automated machine-learning, zero-day malware detection. Embodiments include a method for improved zero-day malware detection that receives a set of training files which are each known to be either malign or benign, partitions the set of training files into a plurality of categories, and trains category-specific classifiers that distinguish between malign and benign files in a category of files. The training may include selecting one of the plurality of categories of training files, identifying features present in the training files in the selected category of training files, evaluating the identified features to determine the identified features most effective at distinguishing between malign and benign files, and building a category-specific classifier based on the evaluated features. Embodiments also include by a system and computer-readable medium with instructions for executing the above method.

Abstract: Improved systems and methods for automated machine-learning, zero-day malware detection. Embodiments include a method for improved zero-day malware detection that receives a set of training files which are each known to be either malign or benign, partitions the set of training files into a plurality of categories, and trains category-specific classifiers that distinguish between malign and benign files in a category of files. The training may include selecting one of the plurality of categories of training files, identifying features present in the training files in the selected category of training files, evaluating the identified features to determine the identified features most effective at distinguishing between malign and benign files, and building a category-specific classifier based on the evaluated features. Embodiments also include by a system and computer-readable medium with instructions for executing the above method.

Abstract: A system and method for real-time detection of anomalies in database or application usage is disclosed. Embodiments provide a mechanism to detect anomalies in database or application usage, such as data exfiltration attempts, first by identifying correlations (e.g., patterns of normalcy) in events across different heterogeneous data streams (such as those associated with ordinary, authorized and benign database usage, workstation usage, user behavior or application usage) and second by identifying deviations/anomalies from these patterns of normalcy across data streams in real-time as data is being accessed. An alert is issued upon detection of an anomaly, wherein a type of alert is determined based on a characteristic of the detected anomaly.

Abstract: A system and method for automatically disseminating information and queries concerning external organizations to relevant employees is disclosed. Embodiments provide a mechanism for automatically disseminating information and queries concerning an external organizational entity (such as a partner, vendor, or customer) to those and only those staff members in an organization for whom the information or query may be relevant. The method comprises filtering incoming and outgoing messages. The filtering identifies a domain name associated with a sender of each incoming message or a recipient of each outgoing message. The method also comprises determining whether the identified domain name exists in an index. Such dissemination may take place through the system automatically forwarding relevant email or automatically through an interface to be used by the initiator of the information or query.

Abstract: Improved systems and methods for automated machine-learning, zero-day malware detection. Embodiments include a method for improved zero-day malware detection that receives a set of training files which are each known to be either malign or benign, partitions the set of training files into a plurality of categories, and trains category-specific classifiers that distinguish between malign and benign files in a category of files. The training may include selecting one of the plurality of categories of training files, identifying features present in the training files in the selected category of training files, evaluating the identified features to determine the identified features most effective at distinguishing between malign and benign files, and building a category-specific classifier based on the evaluated features. Embodiments also include by a system and computer-readable medium with instructions for executing the above method.

Abstract: A lock/release mechanism for the crank handle of a winch consists of a set of one or more pins that are captured within the drive head of the handle. Within the drive head is an actuation rod, which acts on these pins. Depending on the position of the rod, the pins are either moved or pushed outward (lock position), or retracted into the drive head (unlock position). The actuation rod is moved by means of a lever that enables removal of the crank handle with one hand.

Abstract: The present invention provides a distributed resource search mechanism in a peer-to-peer computer network comprising a resource requester, search brokers, and resource providers. In a preferred embodiment of the invention, the distributed search mechanism provides methods: findResourceProviders, registerResourceProvider, GetResourceDescription, findLocalResources, and findResources. In one embodiment of the invention, a search for network resources is performed by registering resource providers with one or more search brokers on the network. When a resource requester sends a resource query to one or more search broker(s), the search broker, upon receiving the resource query, searches its local database for resource providers that may have information matching the resource query, and sends the resource query to those selected resource providers.

Abstract: The present invention provides distributed information search mechanisms in a distributed computer network comprising a resource requestor, search brokers, and resource providers. A resource provider may be used to collect and maintain resources, as well as register the resources with a search broker. A search broker may be used to register resource descriptions corresponding to resource providers. A search broker may also maintain the matches between resource descriptions and corresponding resource providers, and find matching resources for search queries. A resource requester may form a search query, receive search results, and present them to a user.

Abstract: In an iterative method and system, a route is determined from a starting point to a destination point. Sub-modules are supplied with digital messages that respectively contain at least one sub-starting point and one sub-destination point that are contained in a sub-route map that is allocated to the respective sub-module that receives the respective message. Each sub-module determines a sub-route between the respective sub-starting point and the respective sub-destination point. The route is formed from the sub-route.