Abstract: A system and method for detecting and preventing cyberintrusion of a protected system incorporates neural networks having a training mode and a host-accessible (e.g., non-training) mode. When in training mode, the neural networks observe data exchanges with a protected system via interfaces (based on test inputs) and generate system templates corresponding to observed normal behaviors of the interfaces (including “gold standard” behavior indicative of optimal performance behaviors and/or minimal threat of cyberintrusion). When in host-accessible mode, the neural networks observe operating behaviors of the interfaces for each exchange via the interfaces and apply stored system templates to the system data to most closely approximate the optimal behavior set.

Abstract: A system and method for detecting and preventing cyberintrusion of a protected system incorporates neural networks having a training mode and a host-accessible (e.g., non-training) mode. When in training mode, the neural networks observe data exchanges with a protected system via interfaces (based on test inputs) and generate system templates corresponding to observed normal behaviors of the interfaces (including “gold standard” behavior indicative of optimal performance behaviors and/or minimal threat of cyberintrusion). When in host-accessible mode, the neural networks observe operating behaviors of the interfaces for each exchange via the interfaces and apply stored system templates to the system data to most closely approximate the optimal behavior set.

Abstract: A network authorization system includes an authorization interface, an authorizer, and a network interface. The authorization interface receives a network connection request to access an external network and generates a characteristic of a portable component. The authorizer compares the characteristic to a predetermined characteristic, generates an authorization token responsive to the characteristic matching the predetermined characteristic, uses the authorization token to authenticate the network connection request, and transmits a first notification to the authorization interface that the characteristic matched the predetermined characteristic.

Abstract: A system for confirming a computing environment includes a remote computing device connected by a communication network to a computing device. The remote computing device generates a nonce, or number used once, and executes an attestation function to determine an attestation measurement value based on the contents of the memory of the remote computing device. The nonce is transmitted by the network to the computing device, which uses the nonce to execute the attestation function based on the contents of the memory of the computing device and determine an attestation measurement value. This attestation measurement value is transmitted to the remote computing device. If the attestation measurement values match, the computing device is designated as trusted. If the attestation measurement values mismatch, the computing device is designated as untrusted.

Abstract: A system for preventing a computing device from obtaining unauthorized access to a secure network includes a client agent operably connected to the computing device configured to intercept network traffic information from applications running on the computing device and transmit a network request including application information and the network traffic information. A network token broker operably connected to the network client agent contains a database of application information. The network token broker is configured to cooperate with the network client agent for i) verifying whether the network request should be granted access to the secure network, and ii) cryptographically signing the intercepted network traffic information with a network authorization token, to authorize network access for the intercepted network traffic information.

Abstract: A system for preventing computer software from communicating from a user computer in a network to untrusted remote computers. A host-based credential management agent is operably connected to a user computer for intercepting network traffic information from the user computer and transmitting a network request including credentials of the remote computer and the network traffic information. A trusted credential database contains information identifying trusted entities and corresponding cryptographic certificates. A server cooperates with the management agent for i) verifying whether the user computer in the network request should have network access, and ii) cryptographically signing the intercepted network traffic information with an authorization server key, to authorize network access for the intercepted information. A firewall is operably connected to the user computer and the authorization server.

Abstract: A method of detecting a potential security threat on a computing system is provided. The method comprises embedding time series data relating to the computing system within a reconstructed phase space and partitioning the reconstructed phase space into a plurality of regions. The method further comprises generating a first matrix having a plurality of cells. The first matrix comprises a row and a column for each of the plurality of regions. A value stored in each cell is based on a probability that the system will transition from a first region associated with the cell to a second region associated with the cell and a rate of separation of trajectories of the embedded data within at least one of the first region and the second region. The first matrix is generated using a first set of the time series data that is associated with a normal operating condition of the computing system in which the computing system is not under attack from a security threat.