Abstract: Systems and methods for monitoring suspicious communication network traffic. The methods include obtaining data associated with a sequence of communication events transmitted via the communication network and determining an entropy approximation measure associated at least one event attribute for the sequence of communication events. The method includes generating a threat prediction value based on an anomaly classification model and the entropy approximation measure. The anomaly classification model is trained based on prior sequences of communication events to identify a non-outlier anomaly range associated with the at least one event attribute. The threat prediction value is generated based on classification of the entropy approximation measure relative to the non-outlier anomaly range associated with the at least one attribute for identifying a potential threat. The method includes transmitting a signal for communicating that the sequence is a potential threat within the communication network.

Abstract: Systems and methods for monitoring suspicious communication network traffic. The methods include obtaining data associated with a sequence of communication events transmitted via the communication network and determining an entropy approximation measure associated at least one event attribute for the sequence of communication events. The method includes generating a threat prediction value based on an anomaly classification model and the entropy approximation measure. The anomaly classification model is trained based on prior sequences of communication events to identify a non-outlier anomaly range associated with the at least one event attribute. The threat prediction value is generated based on classification of the entropy approximation measure relative to the non-outlier anomaly range associated with the at least one attribute for identifying a potential threat. The method includes transmitting a signal for communicating that the sequence is a potential threat within the communication network.

Abstract: A cybersecurity platform is described that processes collected data using a data model to identify and link anomalies and in order to identify generate security events and intrusions. The platform generates graph data structures using the security anomalies extended using additional data. The graph data structures represent links between nodes, the links being events, the nodes being machines and user accounts. The platform processes the graph data structures by combining similar nodes or grouping security events with common features to behaviour indicative of a single or multiple security events to identify chains of events which together represent an attack.

Abstract: A cybersecurity platform is described that processes collected data using a data model to identify and link anomalies and in order to identify generate security events and intrusions. The platform generates graph data structures using the security anomalies extended using additional data. The graph data structures represent links between nodes, the links being events, the nodes being machines and user accounts. The platform processes the graph data structures by combining similar nodes or grouping security events with common features to behaviour indicative of a single or multiple security events to identify chains of events which together represent an attack.

Abstract: A cybersecurity platform that process collected data using a data model to generate security events linked to IP addresses, locations, or other variable information. The platform identifies potential false positive security events using a stability measure based on the variable information, which is then used to constrain the set of security events to reduce the effect of or remove the false positive security events from an output data structure.

Abstract: A cybersecurity platform that process collected data using a data model to generate security events linked to IP addresses, locations, or other variable information. The platform identifies potential false positive security events using a stability measure based on the variable information, which is then used to constrain the set of security events to reduce the effect of or remove the false positive security events from an output data structure.

Abstract: Transaction destinations are identified by identifying requests for a login page of a web server for a financial institution and determining a referring website for each of the requests; classifying the referring websites into classes, each of the classes having a risk rating; identifying logins to access the web server and determining a user associated with each login; associating each of the logins with one of the requests and the referring website for that request; for each of the users, identifying transactions occurring within a time period from when the login was initiated; for each of the transactions occurring within the time period, associating a transaction destination of that transaction with the referring website for that login; and assigning a risk rating to each of the transaction destinations based at least in part on a risk rating of the class of the associated referring website.

Abstract: A shear ram system includes an upper block positioned to transition from a first location outside a bore to a second location within the bore, the upper block including a blade control arm having a first contact surface. The shear ram system includes a lower block positioned to transition from the first location outside the bore to the second location within the bore, the lower block including a second contact surface proximate the first contact surface. The shear ram system includes a progressive gap between the first contact surface and the second contact surface larger at a first end than at a second end such that a first gap distance at the first end is greater than a second gap distance the second end.

Abstract: Websites, having associated features, are clustered by filtering entries that may be legitimate, determining feature similarity scores between the website features, and generating an aggregated similarity matrix containing website similarity scores between the websites. Websites are clustered into clusters or groups, based in part on the aggregated similarity matrix. Each cluster is identified by a cluster identifier and represents a centroid website and other websites at a normalized similarity score from the centroid. It is determined for each website whether the normalized similarity score is less than a threshold, and if so is identified as weakly-similar. Above the threshold, the website is labelled with the cluster identifier. Further clustering and thresholding is performed on the weakly-similar websites into additional clusters.

Abstract: Systems and methods for monitoring suspicious communication network traffic. The methods include obtaining data associated with a sequence of communication events transmitted via the communication network and determining an entropy approximation measure associated at least one event attribute for the sequence of communication events. The method includes generating a threat prediction value based on an anomaly classification model and the entropy approximation measure. The anomaly classification model is trained based on prior sequences of communication events to identify a non-outlier anomaly range associated with the at least one event attribute. The threat prediction value is generated based on classification of the entropy approximation measure relative to the non-outlier anomaly range associated with the at least one attribute for identifying a potential threat. The method includes transmitting a signal for communicating that the sequence is a potential threat within the communication network.

Abstract: A cybersecurity platform is described that processes collected data using a data model to identify and link anomalies and in order to identify generate security events and intrusions. The platform generates graph data structures using the security anomalies extended using additional data. The graph data structures represent links between nodes, the links being events, the nodes being machines and user accounts. The platform processes the graph data structures by combining similar nodes or grouping security events with common features to behaviour indicative of a single or multiple security events to identify chains of events which together represent an attack.

Abstract: A cybersecurity platform that process collected data using a data model to generate security events linked to IP addresses, locations, or other variable information. The platform identifies potential false positive security events using a stability measure based on the variable information, which is then used to constrain the set of security events to reduce the effect of or remove the false positive security events from an output data structure.

Abstract: A shear ram system includes an upper block positioned to transition from a first location outside a bore to a second location within the bore, the upper block including a blade control arm having a first contact surface. The shear ram system includes a lower block positioned to transition from the first location outside the bore to the second location within the bore, the lower block including a second contact surface proximate the first contact surface. The shear ram system includes a progressive gap between the first contact surface and the second contact surface larger at a first end than at a second end such that a first gap distance at the first end is greater than a second gap distance the second end.

Abstract: A water submerged device for generating a force under water. The device includes an enclosure having a piston that drives a ram, the piston dividing the enclosure into closing and opening chambers, the opening chamber connected to the low pressure recipient, and containing a first fluid. The device further includes a low pressure recipient for containing a first fluid having a lower pressure than the first fluid, and in selective fluid communication with the opening chamber of the enclosure via a first valve. In addition, the device includes a control module connected to the enclosure and in selective communication with the opening chamber of the enclosure via a second valve. The first and second valves are controlled so that only one of the low pressure recipient or the control module is in fluid communication with the opening chamber of the enclosure at a time.