Abstract: A method for monitoring or validating device compliance of the attributes of a device on a network, the method including providing a first tree data structure including compliance data associated with a network; performing a comparison of the first tree data structure with a second tree data structure comprising attribute data associated with an electronic device to compare the compliance data with the attribute data; and determining, based on the comparison, whether the electronic device is compliant with the network.

Abstract: A method for monitoring or validating compliance of the attributes of a device (709) on a network (703), the method including: obtaining, from a distributed ledger technology (701), a first tree data structure including compliance data associated with a network-(703), and a second tree data structure comprising attribute data associated with an electronic device (709); comparing the first tree data structure (705) with the second tree data structure to compare the compliance data with the attribute data; and determining, based on the comparison, whether the electronic device (709) is compliant with the network (703).

Abstract: A computer-implemented method of analysing anomalous network traffic in a telecommunications network, said telecommunications network comprising a plurality of network entities (120, 110) and a security analyser (130-3), wherein the method comprises the steps of: receiving at the security analyser a network communication from a first network entity; identifying the first network entity; by means of the security analyser: analysing the network communication and/or a performance of the first network entity thereby to identify the network communication as an anomalous communication (310); in response to identifying the network communication as an anomalous communication, communicating an instruction to the identified first network entity to respond with origin information regarding the anomalous communication, wherein the origin information identifies a preceding network entity from which the anomalous communication was directly received by the first network entity (320, 330); and commencing with the preceding n

Abstract: A method of recording a network path in a network that includes a plurality of nodes is provided. The network path includes a source node, a destination node, and one or more intermediate nodes. The method includes receiving, at an intermediate node, a transaction, the transaction including a first cryptographic object and signatures of at least a subset of any preceding intermediate nodes in the network path; generating, by the intermediate node, a second cryptographic object based on the first cryptographic object; updating, by the intermediate node, the transaction with a signature of the intermediate node and with the second cryptographic object; and sending, from the intermediate node, the transaction to a succeeding node in the network path. Each cryptographic object allows the transaction to be verified up to the node that generated that cryptographic object. Nodes and a system for implementing the method are also provided.

Abstract: A method of detecting blockchain miner code executing in a web browser including receiving a profile for the browser identifying typical resource consumption by the browser in use; responsive to a detection of a deviation of the resource consumption by the browser from the profile, intercepting a communication with the browser including a cryptographic nonce, training a plurality of classifiers based on generated training examples, each training example being generated by applying a hashing algorithm to the nonce such that each classifier is trained with training examples generated using a different hashing algorithm; intercepting one or more second communications with the browser, each of the second communications including a hash value; executing at least a subset of the classifiers based on the hash value of each of the second communications; and identifying malicious miner code executing in the browser.

Abstract: A method comprising, at a processor-controlled device, obtaining encrypted data comprising an encrypted data portion, obtaining an identifier indicative of a characteristic associated with the processor-controlled device, and performing a decryption process. The decryption process comprises decrypting the encrypted data portion to generate a decrypted data portion, and generating decrypted data comprising the decrypted data portion and an identifying portion based on the identifier.

Abstract: A computer implemented method of improved security of an application for deployment to a virtualized computing environment, the method including receiving configuration information for the application; accessing a set of configuration descriptors for a known security attack, each descriptor encoding at least a portion of an application configuration so as to identify one or more descriptors matching at least part of the configuration information, each descriptor in the set having a probability that the security attack will occur in a deployed application having a configuration consistent with the descriptor; evaluating a risk score for a risk of occurrence of the security attack, the risk score evaluated from the probabilities associated with the identified descriptors; identifying a set of compatible alternative configurations for the application; evaluating a risk score for a risk of occurrence of the security attack for each alternative configuration; selecting an alternative configuration having a risk sc

Abstract: A computer implemented method for determining a plurality of data sources providing seed parameters for generation of an encryption key by a ransomware algorithm, the method including exposing a target computer system to the ransomware algorithm; monitoring application programming interface (API) calls made to an operating system of the target computer system to identify a set of API calls for retrieving data about one or more hardware components of the target computer system, the data about the hardware components being determined to constitute the seed parameters.

Abstract: The authentication of a user across multiple devices includes the generation of authentication related data during an authentication process of a first device. The authentication process relating to a user's use of a second device is conducted in dependence on the authentication data generated during the authentication process of the first device. The authentication data may include the authentication readings that have been authenticated by the first device, a trust in the user, a location of the user, a proximity of the user to the device in use and a network device, and a time elapsed since the authentication process occurred on the first device. Beneficially, basing the authentication of a second device on the authentication process of a first device allows a trust in the user to be transferred.

Abstract: Method of Operating a Telecommunications Network A computer-implemented method (200) of operating a telecommunications network (100), the telecommunications network comprising a client device (110) and a server (140), wherein the server and the client device are connected via an access point (120), the method comprising the steps of: receiving a service request from the client device, said service request requesting a service from the server (310); identifying client device characteristic information associated with the client device (340); identifying service requirement information associated with the requested service (330); comparing the identified client device characteristic information with the identified service requirement information so as to determine if the client device information complies with the service requirement information (350); and in response to said comparison: permitting the server to provide the requested service in accordance with the service request if the client device informatio

Abstract: A method includes, at a processor-controlled device of a network, identifying a first portion of a data transmission transmitted via the network that is indicative of an anomaly. A second, different, portion of the data transmission including personal data is identified. The data transmission is modified to generate a modified data transmission, the modifying the data transmission comprising selectively anonymizing one or more portions of the data transmission such that at least the second portion of the data transmission is anonymized. The modified data transmission is sent to a remote system for identification of whether the first portion of the data transmission is indicative of malicious behavior.

Abstract: A security system in a network connected computing device, the device executing a software component that receives information stored in a matrix barcode, the information including a reference to a resource accessible via the network, the system including: a service bar that blocks the software component from accessing services of the computing device; and a logic unit that determines services of the computing device needed by the software component to access the resource, wherein the service bar is adapted to, responsive to a verification of permission of the software component to access the determined services, unblock the software component in order that the software component can access the resource and accesses the determined services.

Abstract: A device identification method, a device identification system and a device prediction component. The method can include determining, based on first power consumption data indicative of a first power consumption associated with a premises within a first time period, a predicted identity of an active device at the premises within a second time period subsequent to the first time period. A detected identity of the active device at the premises within the second time period is determined, based on second power consumption data indicative of a second power consumption associated with the premises within the second time period. A determined identity of the active device at the premises within the second time period is determined, based on at least one of the predicted identity and the detected identity.

Abstract: Systems and methods of protecting data in a message for communication from a sender to a receiver, the sender and receiver sharing a secret including splitting the message into a number of ordered message blocks, the order being a proper order such that an aggregation of the blocks in the proper order constitutes the message; generating an encoded indication of a position of the block in the proper order of blocks, the encoding being reversible and based on at least a hash value for the block, a secret shared between the sender and the receiver, and a position of the block in the proper order; communicating the blocks and the encoded indications to the receiver, the blocks being communicated in an order different to the proper order so as to obfuscate the message, such that the blocks can be reassembled by the receiver in the proper order on the basis of the shared secret.

Abstract: A computer implemented method to detect anomalous behavior of a software container having a software application executing therein, the method including receiving a sparse data representation of each of a: first set of container network traffic records; a first set of application traffic records; and a first set of container resource records, and training an hierarchical temporal memory (HTM) for each first set, wherein the container network traffic records correspond to network traffic communicated with the container, the application traffic records correspond to network traffic communicated with the software application, and the container resource records correspond to the use of computer resources by the container; receiving a sparse data representation of each of a: second set of container network traffic records; a second set of application traffic records; and a second set of container resource records; executing the trained HTMs based on each respective second set to determine a degree of recognition o

Abstract: A computer implemented security method operable with a communications network in a vehicle, the network communicatively connecting devices including sensors and actuators in the vehicle such that information provided by sensors and states of actuators are determinable by data communicated via the network, the method including defining a Markov decision process model for the vehicle, the model specifying states of the vehicle and actions constituting transitions between states, wherein a state of the vehicle is indicated by information provided by one or more sensors and a state of one or more actuators, and an action corresponds to a change in the information provided by one or more sensors and/or a change to a state of one or more actuators, each action having associated a probability of occurrence; determining, by accessing data communicated via the network, a current state of the vehicle in the model; accessing data communicated via the network; responsive to the accessed data indicating an action to chang

Abstract: A computer implemented method to determine a security configuration for a target virtual machine (VM) in a virtualized computing environment, the method including training a machine learning algorithm to determine a vector of security vulnerabilities for the target VM based on a vector of configuration characteristics for the target VM, the machine learning algorithm being trained using training examples each including a configuration for a training VM and an associated vulnerability vector based on an observed security occurrence at the training VM, wherein each training example further includes an identification of one of set of security configurations for the training VM; selecting at least a subset of the set of security configurations and, for each security configuration in the subset, executing the machine learning algorithm with the vector of configuration characteristics for the target VM and an identification of the security configuration, so as to generate a set of vulnerability vectors including a

Abstract: A computer-implemented method of automatically securing a computer system or network against a suspect binary file (SBF) by, in response to detection of the SBF, initiating an automatic defence strategy comprising an action known to mitigate a known threat posed by a closest known malicious binary file (KMBF). The method further includes identifying the closest KMBF from a plurality of KMBFs by comparing an SBF branch map generated in respect of the SBF with respective KMBF branch maps generated in respect of each of the plurality of KMBFs, the SBF and KMBF branch maps being generated by breaking each of the respective binary files down into a respective sequence of blocks and determining how each block of the sequence branches to one or more other blocks of the sequence. Further aspects of the present disclosure relate to corresponding data processing systems, computer programs, computer-readable data carriers and data carrier signals.

Abstract: A computer implemented method to generate training data for a machine learning algorithm for determining security vulnerabilities of a virtual machine (VM) in a virtualized computing environment is disclosed. The machine learning algorithm determines the vulnerabilities based on a vector of configuration characteristics for the VM.

Abstract: One aspect of the present disclosure provides a computer-implemented method of automatically securing a computer system or network against a suspect binary file (SBF) by, in response to detection of the SBF, initiating an automatic defence strategy. The automatic defence strategy includes a first action known to mitigate a known threat posed by a known malicious binary file (KMBF); and a further action predicted to mitigate a predicted threat posed by a discrepant function present in the SBF but not the KMBF. Further aspects of the present disclosure relate to corresponding data processing systems, computer programs, computer-readable data carriers and data carrier signals.