Abstract: Chlorotoxin derivatives containing amino acid sequence X0X1CMPCXS1XS2XS3DHXS4XS5ARRCX2X3CCGGYGX4CFGYQC LCX5X6X7X8 wherein (i) the N-terminal X0X1 cluster is AM, 0M, or 00; (ii) the solubility XS1XS2XS3XS4XS5 cluster is FTTQT, FTTES, SSSQT, SSSES, FSSQT, FSSES, or FSSQS; (iii) the internal X2X3X4 cluster is DKR, RDK, KDR, IKY, HKW, DRK, LKQ, KKK; and (iv) the C-terminal X5X6X7X8 cluster is N000, R000, NR00, NRG0, NRGY, NRRR, or RRRR; 0 denotes a position where no amino acid is present; the chlorotoxin derivative has a relative human MMP-2 binding that is at least 1.62 times higher than the wild-type chlorotoxin of SEQ ID NO: 1.

Abstract: A method includes receiving network traffic data relating to one or more devices of a plurality of home networks, wherein each home network of the plurality of home networks relates to a respective household. The method further includes determining one or more household related features by feature engineering the network traffic data, wherein the one or more household related features are related to one or more of: a device property, a security threat event, and an application usage, associating, in a database, the one or more household related features with identification data assigned to each household, identifying household clusters that represent groups of households comprising a predetermined number of common household related features, and providing a targeted service to a customer based on a household cluster associated with a household of the customer.

Abstract: The behavior analysis engine can identify malicious entities based on connections between the entity and other entities. The behavior analysis engine receives an entity from the network traffic hub and identifies entities that are connected to the entity within a threshold degree of separation. The behavior analysis engine applies a recursive process to the entity whereby the behavior analysis engine determines whether an entity is malicious based on whether its connections within a threshold degree of separation are malicious. The behavior analysis engine uses the maliciousness of the entities' connections to determine whether the entity is malicious and, if the entity is malicious, the behavior analysis engine may instruct the network traffic hub to block network communications associated with the malicious entity.

Abstract: The behavior analysis engine can condense stored machine-learned models and transmit the condensed versions of the machine-learned models to the network traffic hub to be applied in the local networks. When the behavior analysis engine receives new data that can be used to further train a machine-learned model, the behavior analysis engine updates the machine-learned model and generates a condensed-version of the machine-learned model. The condensed-version of the machine-learned model may be more resource efficient than the machine-learned model while capable of making similar or the same decisions as the machine-learned model. The behavior analysis engine transmits the condensed version of the machine-learned model to the network traffic hub and the network traffic hub uses the condensed-version of the machine-learned model to identify malicious behavior in the local network.

Abstract: The behavior analysis engine can also detect malicious network addresses that are sent to networked devices in the local network. The network traffic hub identifies network communications that are transmitted through the local network that contain network addresses. The network traffic hub transmits (or sends) the network address to the behavior analysis engine and the behavior analysis engine extracts network address features from the network address. The behavior analysis engine then applies an execution model to the execution features to determine a confidence score for the network address that represents the execution model's certainty that the network address is malicious. The behavior analysis engine uses the confidence score to provide instructions to the network traffic hub as to whether to allow the networked device to receive the network address.

Abstract: A network traffic hub extracts encryption metadata from messages establishing an encrypted connection between a smart appliance and a remote server and determines whether malicious behavior is present in the messages. For example, the network traffic hub can extract an encryption cipher suite, identified encryption algorithms, or a public certificate. The network traffic hub detects malicious behavior or security threats based on the encryption metadata. These security threats may include a man-in-the-middle attacker or a Padding Oracle On Downgraded Legacy Encryption attack. Upon detecting malicious behavior or security threats, the network traffic hub blocks the encrypted traffic or notifies a user.

Abstract: The behavior analysis engine can also detect malicious network addresses that are sent to networked devices in the local network. The network traffic hub identifies network communications that are transmitted through the local network that contain network addresses. The network traffic hub transmits (or sends) the network address to the behavior analysis engine and the behavior analysis engine extracts network address features from the network address. The behavior analysis engine then applies an execution model to the execution features to determine a confidence score for the network address that represents the execution model's certainty that the network address is malicious. The behavior analysis engine uses the confidence score to provide instructions to the network traffic hub as to whether to allow the networked device to receive the network address.

Abstract: A network traffic hub receives network traffic from a user device running an application. The network traffic hub aggregates the network traffic into augmented netflows. Based on netflow parameters extracted by the network traffic hub, one or more augmented netflows are associated with the application. The network traffic hub determines whether an augmented netflow is a result of the application being in an active state or a passive state based on, for example, the quantity of data within the netflow. If the quantity of data within the augmented netflow is larger than a data threshold, the augmented netflow can be classified as an active usage, and if the data is less than the data threshold, the augmented netflow can be classified as a passive usage. Thus, by classifying network traffic of an application as active or passive, a record of a user's active usage of the application can be recorded.

Abstract: A network traffic hub receives network traffic from a user device running an application. The network traffic hub aggregates the network traffic into augmented netflows. Based on netflow parameters extracted by the network traffic hub, one or more augmented netflows are associated with the application. The network traffic hub determines whether an augmented netflow is a result of the application being in an active state or a passive state based on, for example, the quantity of data within the netflow. If the quantity of data within the augmented netflow is larger than a data threshold, the augmented netflow can be classified as an active usage, and if the data is less than the data threshold, the augmented netflow can be classified as a passive usage. Thus, by classifying network traffic of an application as active or passive, a record of a user's active usage of the application can be recorded.

Abstract: A network traffic hub receives network traffic from a user device running an application. The network traffic hub aggregates the network traffic into augmented netflows. Based on netflow parameters extracted by the network traffic hub, one or more augmented netflows are associated with the application. The network traffic hub determines whether an augmented netflow is a result of the application being in an active state or a passive state based on, for example, the quantity of data within the netflow. If the quantity of data within the augmented netflow is larger than a data threshold, the augmented netflow can be classified as an active usage, and if the data is less than the data threshold, the augmented netflow can be classified as a passive usage. Thus, by classifying network traffic of an application as active or passive, a record of a user's active usage of the application can be recorded.

Abstract: A network traffic hub receives network traffic from a user device running an application. The network traffic hub aggregates the network traffic into augmented netflows. Based on netflow parameters extracted by the network traffic hub, one or more augmented netflows are associated with the application. The network traffic hub determines whether an augmented netflow is a result of the application being in an active state or a passive state based on, for example, the quantity of data within the netflow. If the quantity of data within the augmented netflow is larger than a data threshold, the augmented netflow can be classified as an active usage, and if the data is less than the data threshold, the augmented netflow can be classified as a passive usage. Thus, by classifying network traffic of an application as active or passive, a record of a user's active usage of the application can be recorded.

Abstract: The behavior analysis engine detects malicious executable files that are being downloaded by networked devices in the local network by executing the executable files in a sandboxing environment operating on the behavior analysis engine. The network traffic hub identifies network communications that are transmitted through the local network that contain executable files. The network traffic hub sends the executable file to the behavior analysis engine and the behavior analysis engine executes the executable file in a sandboxing environment that replicates the networked device that was downloading the executable. The behavior analysis engine extracts execution features from the execution of the executable file and applies an execution model to the execution features to determine a confidence score for the executable file. The behavior analysis engine uses the confidence score to provide instructions to the network traffic hub as to whether to allow the networked device to download the executable.

Abstract: A network traffic hub extracts encryption metadata from messages establishing an encrypted connection between a smart appliance and a remote server and determines whether malicious behavior is present in the messages. For example, the network traffic hub can extract an encryption cipher suite, identified encryption algorithms, or a public certificate. The network traffic hub detects malicious behavior or security threats based on the encryption metadata. These security threats may include a man-in-the-middle attacker or a Padding Oracle On Downgraded Legacy Encryption attack. Upon detecting malicious behavior or security threats, the network traffic hub blocks the encrypted traffic or notifies a user.

Abstract: A network traffic hub extracts encryption metadata from messages establishing an encrypted connection between a smart appliance and a remote server and determines whether malicious behavior is present in the messages. For example, the network traffic hub can extract an encryption cipher suite, identified encryption algorithms, or a public certificate. The network traffic hub detects malicious behavior or security threats based on the encryption metadata. These security threats may include a man-in-the-middle attacker or a Padding Oracle On Downgraded Legacy Encryption attack. Upon detecting malicious behavior or security threats, the network traffic hub blocks the encrypted traffic or notifies a user.

Abstract: The behavior analysis engine can condense stored machine-learned models and transmit the condensed versions of the machine-learned models to the network traffic hub to be applied in the local networks. When the behavior analysis engine receives new data that can be used to further train a machine-learned model, the behavior analysis engine updates the machine-learned model and generates a condensed-version of the machine-learned model. The condensed-version of the machine-learned model may be more resource efficient than the machine-learned model while capable of making similar or the same decisions as the machine-learned model. The behavior analysis engine transmits the condensed version of the machine-learned model to the network traffic hub and the network traffic hub uses the condensed-version of the machine-learned model to identify malicious behavior in the local network.

Abstract: The behavior analysis engine detects malicious executable files that are being downloaded by networked devices in the local network by executing the executable files in a sandboxing environment operating on the behavior analysis engine. The network traffic hub identifies network communications that are transmitted through the local network that contain executable files. The network traffic hub sends the executable file to the behavior analysis engine and the behavior analysis engine executes the executable file in a sandboxing environment that replicates the networked device that was downloading the executable. The behavior analysis engine extracts execution features from the execution of the executable file and applies an execution model to the execution features to determine a confidence score for the executable file. The behavior analysis engine uses the confidence score to provide instructions to the network traffic hub as to whether to allow the networked device to download the executable.

Abstract: The behavior analysis engine can also detect malicious network addresses that are sent to networked devices in the local network. The network traffic hub identifies network communications that are transmitted through the local network that contain network addresses. The network traffic hub transmits (or sends) the network address to the behavior analysis engine and the behavior analysis engine extracts network address features from the network address. The behavior analysis engine then applies an execution model to the execution features to determine a confidence score for the network address that represents the execution model's certainty that the network address is malicious. The behavior analysis engine uses the confidence score to provide instructions to the network traffic hub as to whether to allow the networked device to receive the network address.

Abstract: The behavior analysis engine can identify malicious entities based on connections between the entity and other entities. The behavior analysis engine receives an entity from the network traffic hub and identifies entities that are connected to the entity within a threshold degree of separation. The behavior analysis engine applies a recursive process to the entity whereby the behavior analysis engine determines whether an entity is malicious based on whether its connections within a threshold degree of separation are malicious. The behavior analysis engine uses the maliciousness of the entities' connections to determine whether the entity is malicious and, if the entity is malicious, the behavior analysis engine may instruct the network traffic hub to block network communications associated with the malicious entity.

Abstract: A network traffic hub extracts encryption metadata from messages establishing an encrypted connection between a smart appliance and a remote server and determines whether malicious behavior is present in the messages. For example, the network traffic hub can extract an encryption cipher suite, identified encryption algorithms, or a public certificate. The network traffic hub detects malicious behavior or security threats based on the encryption metadata. These security threats may include a man-in-the-middle attacker or a Padding Oracle On Downgraded Legacy Encryption attack. Upon detecting malicious behavior or security threats, the network traffic hub blocks the encrypted traffic or notifies a user.

Abstract: A system and method of providing personalized item recommendations in a communication system comprising a server and a plurality of client devices. At the server, a plurality of user rating vectors are received from a plurality of client devices and aggregated into a rating matrix that is factorized into a user feature matrix and an item feature matrix, with the product of the user feature and item feature matrixes approximating the user rating matrix. The factorization comprises the steps of the ALS1 or the IALS1 algorithm including: initializing the user feature matrix and the item feature matrix with predefined initial values; alternately optimizing the user feature matrix and the item feature matrix until a termination condition is met. The item feature matrix is transmitted from the server to at least one client device, and a predictive rating vector is generated as the product of the associated user feature vector and the item feature matrix.