Abstract: A computer-implemented method for determining container information associated with detected container mutation events is disclosed. The computer-implemented method includes: determining that a system call event to a host operating system includes a call to join a namespace and execute a parent process inside the namespace; determining that the namespace is associated with an existing container; responsive to determining that the namespace is associated with an existing container, determining that the system call event further includes a call to execute a child process inside the namespace; and responsive to determining that the system call event further includes a call to execute a child process inside the namespace: designating the child process as a mutation event to the existing container, and determining container information associated with the mutation event to the existing container. A corresponding computer system and computer program product are also disclosed.

Abstract: Methods and systems for verifying a resource definition include simulating an original resource definition to identify at least one change that is made to the original resource definition by a management service. A signature of a received resource definition is generated, omitting portions of the received resource definition that correspond to the at least one identified change. The signature of the received resource definition is compared to a signature of the original resource definition to find a match and to verify the received resource definition. The received resource definition is implemented, responsive to finding the match.

Abstract: A system for controlling access to cluster resources is provided. The system includes one or more processors; and memory operatively coupled to the one or more processors, wherein the one or more processors and the memory form a cluster of computer resources that includes an admission controller configured to receive requests and determine if the request is authorized, a request history database that stores the request information received by the admission controller from a plurality of users, a role design advisor that is configured to adjust permissions for the plurality of users based on a pattern of usage identified from the request history database, and an alert system that communicates an alert to an administrator that a request outside the pattern of requests for the user has been received by the admission controller, wherein the admission controller, request history database, and role design advisor control access to the cluster resources.

Abstract: A computer-implemented method for assessing latent security risks in Kubernetes clusters is provided including selecting a service account from a plurality of service accounts defined in namespaces of a cluster, binding a role to the selected service account based on predetermined role-binding data, and determining if the role meets at least one of a first, second, and third conditions based on predetermined role data defining permitted operations for roles, the first condition being that the role can receive secret tokens for pods within a namespace of the namespaces, the second condition being that the role can perform execution operation to other pods, and the third condition being that the role can create DaemonSet, Deployment, StatefulSet, and additional pods on the namespace.

Abstract: Guided character string alteration can be performed by obtaining an original character string and a plurality of altered character strings, traversing the original character string with a first Long Short Term Memory (LSTM) network to generate, for each character of the original character string, a hidden state of a partial original character string up to that character, and applying, during the traversing, an alteration learning process to each hidden state of a partial original character string to produce an alteration function for relating partial original character strings to partial altered character strings.

Abstract: One or more computer processors collect logs containing one or more admission requests associated with a new application installation in an empty namespace, wherein the empty namespace is a sandbox representative of a production environment. The one or more computer processors classify the one or more admission requests according to a set of conditions indicating respective levels of trust. The one or more computer processors create a set of candidates for signing containing admissions requests that are classified unsigned. The one or more computer processors generate a security policy for each candidate for signing in the set of candidates for signing.

Abstract: A system for controlling access to cluster resources is provided. The system includes one or more processors; and memory operatively coupled to the one or more processors, wherein the one or more processors and the memory form a cluster of computer resources that includes an admission controller configured to receive requests and determine if the request is authorized, a request history database that stores the request information received by the admission controller from a plurality of users, a role design advisor that is configured to adjust permissions for the plurality of users based on a pattern of usage identified from the request history database, and an alert system that communicates an alert to an administrator that a request outside the pattern of requests for the user has been received by the admission controller, wherein the admission controller, request history database, and role design advisor control access to the cluster resources.

Abstract: A computer-implemented method for assessing latent security risks in Kubernetes clusters is provided including selecting a service account from a plurality of service accounts defined in namespaces of a cluster, binding a role to the selected service account based on predetermined role-binding data, and determining if the role meets at least one of a first, second, and third conditions based on predetermined role data defining permitted operations for roles, the first condition being that the role can receive secret tokens for pods within a namespace of the namespaces, the second condition being that the role can perform execution operation to other pods, and the third condition being that the role can create DaemonSet, Deployment, StatefulSet, and additional pods on the namespace.

Abstract: One or more computer processors collect logs containing one or more admission requests associated with a new application installation in an empty namespace, wherein the empty namespace is a sandbox representative of a production environment. The one or more computer processors classify the one or more admission requests according to a set of conditions indicating respective levels of trust. The one or more computer processors create a set of candidates for signing containing admissions requests that are classified unsigned. The one or more computer processors generate a security policy for each candidate for signing in the set of candidates for signing.

Abstract: A computer-implemented method is provided for identifying words likely to be used in new combo-squatted domains of a target domain. The method includes selecting the target domain. The method further includes storing, in a memory device, a sequence of previously detected combo-squatted domains from period [t-W, t-1]. The sequence includes a set of words W. The method also includes obtaining trends associated with the target domain at time t. The method additionally includes obtaining, by a hardware processor responsive to the trends, a trend distribution associated with the target domain at time t. The method further includes ranking, by a likelihood, a set of words E that have been extracted from the trend distribution and are expected to be used in the future in the new combo-squatting domains, responsive to the set of words W.

Abstract: Methods and systems for verifying a resource definition include simulating an original resource definition to identify at least one change that is made to the original resource definition by a management service. A signature of a received resource definition is generated, omitting portions of the received resource definition that correspond to the at least one identified change. The signature of the received resource definition is compared to a signature of the original resource definition to find a match and to verify the received resource definition. The received resource definition is implemented, responsive to finding the match.

Abstract: A method for checking an integrity of an object to be deployed to a cluster is provided. The method detects a resource creation request. The method, responsive to the request being an initial resource creation request for the object, verifies the integrity of the object based on properties in the request to create a release secret in the cluster for a positive integrity verification result for the object. The release secret represents a specific deployment configuration of the object on the cluster. The method, responsive to the request being other than the initial resource request, checks if the request corresponds to the specific deployment configuration of the object by checking against the release secret in the cluster. The method, responsive to the request corresponding to a deployment of the object and the release secret being present in the cluster, creates a resource requested by the request in the cluster.

Abstract: A system for cognitive prioritization for report generation may include a processor and a memory cooperating therewith. The processor may be configured to accept a request for a new report from a user, the request having a user profile importance associated therewith and generate a predicted completion time for the new report based upon a historical completion time prediction model based upon historical data for prior reports. The processor may be configured to generate a predicted importance of the new report based upon a historical importance prediction model based upon the historical data for prior reports and determine a combined predicted importance based upon the user profile importance and the predicted importance. The processor may also be configured to generate a prioritization of the new report among other reports based upon the predicted completion time and the combined predicted importance and generate the new report based upon the prioritization.

Abstract: One embodiment provides a method for augmenting missing values in historical or market data for deals. The method comprises receiving information relating to a set of deals. For any service included in one or more deals of the set of deals but not included in one or more other deals of the set of deals, the method further comprises augmenting, for any or all of the one or more other deals that does not include the service, one or more missing values for the service with one or more recommended values based on a recommendation algorithm. The service may be at any service level of a hierarchy of services.

Abstract: A method for checking an integrity of an object to be deployed to a cluster is provided. The method detects a resource creation request. The method, responsive to the request being an initial resource creation request for the object, verifies the integrity of the object based on properties in the request to create a release secret in the cluster for a positive integrity verification result for the object. The release secret represents a specific deployment configuration of the object on the cluster. The method, responsive to the request being other than the initial resource request, checks if the request corresponds to the specific deployment configuration of the object by checking against the release secret in the cluster. The method, responsive to the request corresponding to a deployment of the object and the release secret being present in the cluster, creates a resource requested by the request in the cluster.

Abstract: A computer-implemented method is provided for identifying words likely to be used in new combo-squatted domains of a target domain. The method includes selecting the target domain. The method further includes storing, in a memory device, a sequence of previously detected combo-squatted domains from period [t-W, t-1]. The sequence includes a set of words W. The method also includes obtaining trends associated with the target domain at time t. The method additionally includes obtaining, by a hardware processor responsive to the trends, a trend distribution associated with the target domain at time t. The method further includes ranking, by a likelihood, a set of words E that have been extracted from the trend distribution and are expected to be used in the future in the new combo-squatting domains, responsive to the set of words W.

Abstract: One embodiment provides a method for estimating unit price reduction of services in a new in-flight deal using data of historical deals and market reference deals cost structures. The method includes receiving a detailed cost structure for historical information, market deals information, services quantity information and deals metadata for a first year. For each service: peer deals to the in-flight deal are selected based on the detailed cost structure; missing cost data values in the peer deals are augmented; unit cost reduction values for the peer deals estimated; the unit cost reduction for the in-flight deal from each year in total contract years to a next year without a last contract year are estimated; and a total cost for the in-flight deal for all years in the total contract years beyond the first year are estimated.

Abstract: Methods and systems for detecting mutation events include collecting change event pattern counts from one or more processing nodes. Unintended change events are identified based on the collected change event pattern counts. A corrective action is performed for the unintended change events.

Abstract: One embodiment provides a method comprising receiving historic peer deals relating to at least one service, and a baseline and cost percentage estimation for each service. Historic peer cost data for each service is clustered to form at least one cluster. Each cluster includes similar unit costs, and has an assigned label. A classification model is trained based on each baseline received, each cost percentage estimation received, and each assigned label. For each assigned label, a corresponding probability distribution is computed based on the classification model. For each service of a new client solution, an assigned label for the service is predicted based on the classification model, and, based on a probability distribution corresponding to the assigned label predicted, transforming an initial range of historic peer cost data relating to the service into a narrower range for use in estimating a cost of the service with improved accuracy.

Abstract: A code dependency influenced bug localization apparatus and method receive bug reports and source code changes of a software program. Each source code change includes a syntax component and a location component. Each bug report includes a functional description of an aspect of the software program. The apparatus and method obtain a vectorized feature representation of each bug report, apply a learning process to the source code changes based on a code dependency among the source code changes, obtain a vectorized feature representation of each source code change based on the code dependency, merge the feature representations of the bug reports and the feature representations of the source code changes into a plurality of unified feature representations, and apply a ranking process to the unified feature representations to produce a source code relating function for relating a bug report and a source code change.