Abstract: Various computing technologies for various reverse engineering platforms capable of outputting, including creating or generating, a human readable and high level source code, such as C, Fortran, LISP, or BASIC, from various binary files, such as application binaries, executable binaries, or data binaries, in an original language as developed pre-compilation. For example, some of such reverse engineering platforms can be programmed to disassemble binary files from different process architectures, identify various code optimizations as compiler introduced, reverse or unwind various compiler optimizations (de-optimize), and generate a human readable and high-level source code from de-optimized data.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise an analytic server, which provides a terrain segmentation and classification tool for synthetic aperture radar (SAR) imagery. The server accurately segments and classifies terrain types in SAR imagery and automatically adapts to new radar sensors data. The server receives a first SAR imagery and trains an autoencoder based on the first SAR imagery to generate learned representations of the first SAR imagery. The server trains a classifier based on labeled data of the first SAR imagery data to recognize terrain types from the learned representations of the first SAR imagery. The server receives a terrain query for a second SAR imagery. The server translates the second imagery data into the first imagery data and classifies the second SAR imagery terrain types using the classifier trained for the first SAR imagery. By reusing the original classifier, the server improves system efficiency.

Abstract: Various embodiments described herein relate to a machine-learning based electronic media analysis software system. The system is configured to detect anomalous and predictive patterns associated with an event. The system is configured to use feature extraction techniques and semi-supervised machine-learning to detect the patterns associated with the event in the electronic media messages, which may indicate a synthetic driven behavior and conversation corresponding to the event.

Abstract: A system includes network nodes, such as, multiple computing devices and multiple software defined radios. The network nodes accurately and timely detects, identifies, locates, and responds to an unmanned aircraft system within a predetermined area. The network nodes use a communications control link between the unmanned aircraft system and a controller of the unmanned aircraft system to detect, identify, locate, and respond to the unmanned aircraft system. The network nodes are deployed over the predetermined area to maintain airspace situational awareness of the unmanned aircraft system, and deploy targeted countermeasures to counteract identified threats associated with the presence of the unmanned aircraft system within the predetermined area.

Abstract: A computer-implemented method of securing vulnerabilities in a program, the method including receiving, by a computer, state information generated by an executed application program, training, by the computer, a constraints model based on the state information, generating, by the computer, one or more constraints with the constraints model, each of the one or more constraints describing an execution constraint for executing the application program, wherein the execution constraint enforces an intended operation of the application program, and applying, by the computer, the one or more constraints to the application program.

Abstract: A plurality of distributed network nodes may provide a decentralized access gateway to multiple, diverse types of databases. The plurality of distributed network nodes may host a private party blockchain. Each node may execute a peer-to-peer (P2P) client to perform operations associated with the private party blockchain. A subset of the nodes may be configured as validator nodes that may implement gossip protocols to cooperatively validate one or more database operations and generate a new block for the private party blockchain. Another subset of nodes may be configured as host nodes that may receive the new block and update a corresponding local copy of the private party blockchain appending the new block. Utilizing the co-operative validation of database operations and the updates appending the new blocks, the private party blockchain may maintain an immutable digital record of access and updates to the multiple and diverse types of databases.

Abstract: Disclosed herein are embodiments of systems, methods, and products providing real-time anti-malware detection and protection. The computer uses artificial intelligence techniques to learn and detect new exploits in real time and protect the full system from harm. The computer trains a first machine learning model for executable files. The computer trains a second machine learning model for non-executable files. The computer trains a third machine learning model for network traffic. The computer identifies malware using the various machine learning models. The computer restores to a clean, uncorrupted state using virtual machine technology. The computer reports the detected malware to a security server, such as security information and even management (SIEM) systems, by transmitting detection alert message regarding the malware. The computer interacts with an administrative system over an isolated control network to allow the system administrator to correct the corruption caused by the malware.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise a processor, which provides runtime enforcement of data flow integrity. The processor accesses the application binary file from the disk to execute an application and translates the application binary into intermediate representation. The processor applies the logic of data flow integrity controls to the intermediate representation. Specifically, the processor identifies the vulnerable code in the intermediate representation. The processor applies data flow integrity controls to the vulnerable code. The processor adds simple instrumentation that only changes the application's behavior when unauthorized data tampering occurs while preserving the application's normal behavior. When certain operations may cause unauthorized data tampering, the processor takes proper measures to stop the operations. The processor translates the intermediate representation back to a machine code and replaces the original binary with the machine code.

Abstract: A computer-implemented method of securing vulnerabilities in a program, the method including receiving, by a computer, state information generated by an executed application program, training, by the computer, a constraints model based on the state information, generating, by the computer, one or more constraints with the constraints model, each of the one or more constraints describing an execution constraint for executing the application program, wherein the execution constraint enforces an intended operation of the application program, and applying, by the computer, the one or more constraints to the application program.

Abstract: Disclosed herein are embodiments of systems, methods, and products that execute tools to identify non-malicious faults in source codes introduced by engineers and programmers. The tools may execute a machine learning model on the source codes to perform sentiment analysis and pattern analysis on information associated with the source codes to generate annotated source code files identifying anomalies based on the sentiment analysis and the pattern analysis. One or more threat levels are then identified and ranked based on the one or more anomalies and a ranked list of the one or more threat levels is displayed on a graphical user interface of a computer.

Abstract: A plurality of distributed network nodes may provide a decentralized access gateway to multiple, diverse types of databases. The plurality of distributed network nodes may host a private party blockchain. Each node may execute a peer-to-peer (P2P) client to perform operations associated with the private party blockchain. A subset of the nodes may be configured as validator nodes that may implement gossip protocols to cooperatively validate one or more database operations and generate a new block for the private party blockchain. Another subset of nodes may be configured as host nodes that may receive the new block and update a corresponding local copy of the private party blockchain appending the new block. Utilizing the co-operative validation of database operations and the updates appending the new blocks, the private party blockchain may maintain an immutable digital record of access and updates to the multiple and diverse types of databases.

Abstract: Disclosed herein are embodiments of systems, methods, and products for modernizing and optimizing legacy software. A computing device may perform an automated runtime performance profiling process. The performance profiler may automatically profile the legacy software at runtime, monitor the memory usage and module activities of the legacy software, and pinpoint/identify a subset of inefficient functions in the legacy software that scale poorly or otherwise inefficient. The computing device may further perform a source code analysis and refactoring process. The computing device may parse the source code of the subset of inefficient functions and identify code violations within the source code. The computing device may provide one or more refactoring options to optimize the source code. Each refactoring option may comprise a change to the source code configured to correct the code violations. The computing device may refactor the source code based on a selected refactoring option.

Abstract: Various computing technologies for various reverse engineering platforms capable of outputting, including creating or generating, a human readable and high level source code, such as C, Fortran, LISP, or BASIC, from various binary files, such as application binaries, executable binaries, or data binaries, in an original language as developed pre-compilation. For example, some of such reverse engineering platforms can be programmed to disassemble binary files from different process architectures, identify various code optimizations as compiler introduced, reverse or unwind various compiler optimizations (de-optimize), and generate a human readable and high-level source code from de-optimized data.

Abstract: For each respective virtual machine (VM) of a plurality of VMs, a distributed computing system generates a unique Application Binary Interface (ABI) for an operating system for the respective VM, compiles a software application to use the unique ABI, and installs the operating system and the compiled software application on the respective VM. A dispatcher node dispatches, to one or more VMs of the plurality of VMs that provide a service and are in the active mode, request messages for the service. Furthermore, a first host device may determine, in response to software in the first VM invoking a system call in a manner inconsistent with the unique ABI for the operating system of the first VM, that a failover event has occurred. Responsive to the failover event, the distributed computing system fails over from the first VM to a second VM.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise an analytic server, which provides a SilverlineRT system that prioritizes and analyzes security alerts and events. The server builds an attack tree based on attack detection rules. The server monitors large-scale distributed systems and receives alerts from various devices. The server determines attacks using the attack tree while excluding false alarms. The server determines impact and risk metrics for attacks in real-time, and calculates an impact score for each attack. The server ranks and prioritizes the attacks based on the impact scores. The server also generates real-time reports. By consider the mission and system specific context in the analysis alert information, the server gives insight into the overall context of problems and potential solutions, improving decision-making. By showing the impacts of alters, the server allows security personnel to prioritize responses and focus on highest value defense activities.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise an analytic server, which improves security of a system. The analytic server may monitor the system by retrieving status information from various devices within the system. The analytic server may generate an attack tree model based on a set of aggregation rules that are configured based on the monitored status information. The analytic server may detect one or more attacks by associating the status information with corresponding nodes of the attack tree model and executing a logic of the attack tree model. The analytic server may determine aggregated impact and risk metrics and calculate an impact score for each attack based on aggregated impact and risk metrics. The analytic server may generate reports comprising the one or more attacks ranked based on the impact scores. The analytic server may respond to one or more attacks by taking automated actions.

Abstract: In general, this disclosure describes methods and devices for analyzing source code to detect potential bugs in the code. Specifically, a device retrieves source code of an application. For each distinct execution of a plurality of executions of the application, the device initiates the respective execution at a particular starting point of the source code and inputs, into the source code, a unique set of inputs relative to any other execution. The device stores, into a path log, an indication of each line of source code and stores, into an output log, an indication of each output object encountered during the respective execution. Each output object includes a local variable dependent on the inputs. The device analyzes, using a machine learning model, the path and output logs to identify an abnormality indicative of a potential bug in the source code. The device outputs a graphical representation of the abnormality.

Abstract: An example method includes initializing, by an obfuscation computing system, communications with nodes in a distributed computing platform, the nodes including one or more compute nodes and a controller node, and performing at least one of: (a) code-level obfuscation for the distributed computing platform to obfuscate interactions between an external user computing system and the nodes, wherein performing the code-level obfuscation comprises obfuscating data associated with one or more commands provided by the user computing system and sending one or more obfuscated commands to at least one of the nodes in the distributed computing platform; or (b) system-level obfuscation for the distributed computing platform, wherein performing the system-level obfuscation comprises at least one of obfuscating system management tasks that are performed to manage the nodes or obfuscating network traffic data that is exchanged between the nodes.

Abstract: A method for improving efficiency of a training program begins with a processor monitoring and adapting execution of a training exercise of the training program. The processor determines a training program effectiveness measure including determining trainee skill improvement demonstrated during the training exercise, and monitoring and determining correctness and timeliness of trainee actions during the training exercise. The processor then determines a training program cost measure by determining a first monetary cost for the execution of the at least one training exercise, determining a second monetary cost associated with trainee manhours for the training exercise, and generating the training program cost measure based on the first and second monetary costs. The processor then computes a ratio of the training program effectiveness measure to the training program cost measure.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise an analytic server, which detects and defends against malware in-flight regardless of the specific nature and methodology of the underlying attack. The analytic server learns the system's normal behavior during testing and evaluation phase and trains a machine-learning model based on the normal behavior. The analytic server monitors the system behavior during runtime comprising the runtime behavior of each sub-system of the system. The analytic server executes the machine-learning model and compares the system runtime behavior with the normal behavior to identify anomalous behavior. The analytic server executes one or more mitigation instructions to mitigate malware. Based on multiple available options for mitigating malware, the analytic server makes an intelligent decision and takes the least impactful action that have the least impact on the system to maintain mission assurance.