Abstract: An example operation may include one or more of retrieving a predefined image from a storage, encoding data attributes to be stored on a blockchain into one or more image layers of the predefined image to generate an encoded image, generating a data block comprising the encoded image including the data attributes which are encoded into the one or more image layers, and storing the data block via a hash-linked chain of data blocks on a distributed ledger.

Abstract: Mechanisms are provided to implement an image based event classification engine having an event image encoder and a first neural network computer model. The event image encoder receives an event data structure comprising a plurality of event attributes, where the event data structure represents an event occurring in association with a computing resource. The event image encoder executes, for each event attribute, a corresponding event attribute encoder that encodes the event attribute as a pixel pattern in a predetermined grid of pixels, corresponding to the event attribute, of an event image. The event image is into to a neural network computer model which applies one or more image feature extraction operations and image feature analysis algorithms to the event image to generate a classification prediction classifying the event into one of a plurality of predefined classifications and outputs the classification prediction.

Abstract: An anomaly detection system configured to generate a plurality of tensors based on spatial attributes of a set of cybersecurity data and temporal attributes of the set of cybersecurity data. The set of cybersecurity data comprising numeric data and textual data collected from a plurality of computational sources. The anomaly detection system can provide the plurality of tensors to a Hierarchical Temporal Memory (HTM) network. The HTM network can be configured to generate respective HTM outputs for respective regions of the HTM network. The anomaly detection system can determine that at least one HTM output indicates an anomaly, convert the at least one HTM output to a notification, and provide the notification to a user interface.

Abstract: An anomaly detection system configured to generate a plurality of tensors based on spatial attributes of a set of cybersecurity data and temporal attributes of the set of cybersecurity data. The set of cybersecurity data comprising numeric data and textual data collected from a plurality of computational sources. The anomaly detection system can provide the plurality of tensors to a Hierarchical Temporal Memory (HTM) network. The HTM network can be configured to generate respective HTM outputs for respective regions of the HTM network. The anomaly detection system can determine that at least one HTM output indicates an anomaly, convert the at least one HTM output to a notification, and provide the notification to a user interface.

Abstract: An anomaly detection system configured to generate a plurality of tensors based on spatial attributes of a set of cybersecurity data and temporal attributes of the set of cybersecurity data. The set of cybersecurity data comprising numeric data and textual data collected from a plurality of computational sources. The anomaly detection system can provide the plurality of tensors to a Hierarchical Temporal Memory (HTM) network. The HTM network can be configured to generate respective HTM outputs for respective regions of the HTM network. The anomaly detection system can determine that at least one HTM output indicates an anomaly, convert the at least one HTM output to a notification, and provide the notification to a user interface.

Abstract: An anomaly detection system configured to generate a plurality of tensors based on spatial attributes of a set of cybersecurity data and temporal attributes of the set of cybersecurity data. The set of cybersecurity data comprising numeric data and textual data collected from a plurality of computational sources. The anomaly detection system can provide the plurality of tensors to a Hierarchical Temporal Memory (HTM) network. The HTM network can be configured to generate respective HTM outputs for respective regions of the HTM network. The anomaly detection system can determine that at least one HTM output indicates an anomaly, convert the at least one HTM output to a notification, and provide the notification to a user interface.

Abstract: An anomaly detection system configured to generate a plurality of tensors based on spatial attributes of a set of cybersecurity data and temporal attributes of the set of cybersecurity data. The set of cybersecurity data comprising numeric data and textual data collected from a plurality of computational sources. The anomaly detection system can provide the plurality of tensors to a Hierarchical Temporal Memory (HTM) network. The HTM network can be configured to generate respective HTM outputs for respective regions of the HTM network. The anomaly detection system can determine that at least one HTM output indicates an anomaly, convert the at least one HTM output to a notification, and provide the notification to a user interface.

Abstract: An enhanced threat disposition analysis technique is provided. In response to receipt of a security threat, a threat disposition score (TDS) is retrieved. The threat disposition score is generated from a machine learning scoring model that is built from information about historical security threats, including historical disposition of one or more alerts associated with the historical security threats. The system augments an alert to include the threat disposition score, optionally together with a confidence level, to generate an enriched alert. The enriched alert is then presented to the security analyst for handling directly. Depending on the TDS (and its confidence level), the analyst may be able to respond to the threat immediately, i.e., without further detailed investigation. Preferably, the machine learning model is updated continuously as the system handles security threats, thereby increasing the predictive benefit of the TDS scoring.

Abstract: Eye tracking for the purpose of detecting attendee disengagement with respect to a presentation including a visual display communicated over a network. The eye tracking method includes: during a play of the presentation, tracking eye positions of a set of control party(ies); during a play of the presentation, tracking eye positions of a set of non-control party(ies); determining a set of divergence value(s) corresponding to divergence between the eye position(s) of the control party(ies) and the non-control party(ies); and determining a disengagement value corresponding to relative disengagement of the non-control party(ies) based, at least in part on the set of divergence value(s).

Abstract: An approach is provided for determining a likelihood of an attack on a first computer system of a first business. Characteristics of the first business and a second business are determined. The second business has a second computer system currently or recently under attack. The characteristics include respective industries, sizes, geographical locations, types of sensitive data, and security vulnerabilities associated with the first and second businesses or first and second computer systems, an address of traffic through a device in the first computer system, and an address of an entity responsible for the attack on the second computer system. Based on a similarity between the characteristics of the first and second businesses, a likelihood that the entity responsible for the attack on the second computer system will attack the first computer system of the first business is determined.

Abstract: An approach is provided for determining a likelihood of an attack on a first computer system of a first business. Characteristics are determined for target businesses having target computer systems currently or recently under attack by an entity whose Internet Protocol (IP) address was selected from a list of suspicious IP addresses. Percentages associated with the characteristics are determined. Each percentage indicates a percentage of the target businesses whose associated characteristic matches a corresponding characteristic of the first business. A score is incremented by an amount for each of the percentages that exceeds an associated threshold. The score is incremented by twice the amount if the IP address matches an address of a source or destination of traffic through a security device in the first computer system. A recommendation to change a security policy for the first computer system is generated if the score exceeds twice the predetermined amount.

Abstract: An approach is provided for determining a likelihood of an attack on a first computer system of a first business. Characteristics are determined for target businesses having target computer systems currently or recently under attack by an entity whose Internet Protocol (IP) address was selected from a list of suspicious IP addresses. Percentages associated with the characteristics are determined. Each percentage indicates a percentage of the target businesses whose associated characteristic matches a corresponding characteristic of the first business. A score is incremented by an amount for each of the percentages that exceeds an associated threshold. The score is incremented by twice the amount if the IP address matches an address of a source or destination of traffic through a security device in the first computer system. A recommendation to change a security policy for the first computer system is generated if the score exceeds twice the predetermined amount.

Abstract: Eye tracking for the purpose of detecting attendee disengagement with respect to a presentation including a visual display communicated over a network. The eye tracking method includes: during a play of the presentation, tracking eye positions of a set of control party(ies); during a play of the presentation, tracking eye positions of a set of non-control party(ies); determining a set of divergence value(s) corresponding to divergence between the eye position(s) of the control party(ies) and the non-control party(ies); and determining a disengagement value corresponding to relative disengagement of the non-control party(ies) based, at least in part on the set of divergence value(s).

Abstract: Eye tracking for the purpose of detecting attendee disengagement with respect to a presentation including a visual display communicated over a network. The eye tracking method includes: during a play of the presentation, tracking eye positions of a set of control party(ies); during a play of the presentation, tracking eye positions of a set of non-control party(ies); determining a set of divergence value(s) corresponding to divergence between the eye position(s) of the control party(ies) and the non-control party(ies); and determining a disengagement value corresponding to relative disengagement of the non-control party(ies) based, at least in part on the set of divergence value(s).

Abstract: A computer determines a number of matches returned by a proposed security rule that result from application of the proposed security-rule to historical logged event data. The computer determines a predicted performance of the proposed security rule as part of a network security system based on the number of matches. The computer sends a message during a creation session of the proposed security-rule. The message includes a recommended change for a portion of the proposed security based on the predicted performance of the proposed security rule.

Abstract: An approach is provided for determining a likelihood of an attack on a first computer system of a first business. Characteristics of the first business and a second business are determined. The second business has a second computer system currently or recently under attack. The characteristics include respective industries, sizes, geographical locations, types of sensitive data, and security vulnerabilities associated with the first and second businesses or first and second computer systems, an address of traffic through a device in the first computer system, and an address of an entity responsible for the attack on the second computer system. Based on a similarity between the characteristics of the first and second businesses, a likelihood that the entity responsible for the attack on the second computer system will attack the first computer system of the first business is determined.

Abstract: An approach is provided for determining a likelihood of an attack on a first computer system of a first business. Characteristics of the first business and a second business are determined. The second business has a second computer system currently or recently under attack. The characteristics include respective industries, sizes, geographical locations, types of sensitive data, and security vulnerabilities associated with the first and second businesses or first and second computer systems, an address of traffic through a device in the first computer system, and an address of an entity responsible for the attack on the second computer system. Based on a similarity between the characteristics of the first and second businesses, a likelihood that the entity responsible for the attack on the second computer system will attack the first computer system of the first business is determined.

Abstract: A computer determines a number of matches returned by a proposed security rule that result from application of the proposed security-rule to historical logged event data. The computer determines a predicted performance of the proposed security rule as part of a network security system based on the number of matches. The computer sends a message during a creation session of the proposed security-rule. The message includes a recommended change for a portion of the proposed security based on the predicted performance of the proposed security rule.

Abstract: A computer receives entry of a proposed security rule during a security rule entry or editing session and determines that the proposed security rule requires review of a type of security data. The number of matches of the proposed security rule to the logged security data is determined and a user is notified as to the number of matches. The computer searches the security data and applies the proposed security rule to the security data to determine the predicted performance of the proposed security rule. The computer generates a report that may include warnings, recommendations, and information correlated to the security data. The report is presented to a user during the rule editing session, and based on the report a modification to the proposed security rule can be made.

Abstract: An approach is provided for determining a likelihood of an attack on a first computer system of a first business. Characteristics of the first business and a second business are determined. The second business has a second computer system currently or recently under attack. The characteristics include respective industries, sizes, geographical locations, types of sensitive data, and security vulnerabilities associated with the first and second businesses or first and second computer systems, an address of traffic through a device in the first computer system, and an address of an entity responsible for the attack on the second computer system. Based on a similarity between the characteristics of the first and second businesses, a likelihood that the entity responsible for the attack on the second computer system will attack the first computer system of the first business is determined.