Abstract: The invention relates to an assembly for a turbomachine, comprising: —a nacelle comprising an inlet lip which defines an air inlet, and—a device for modifying the geometry of the air inlet, comprising: —a first spout, and—a second spout, the first spout and the second spout being translatably movable in relation the nacelle between: —a first configuration, in which the first spout forms the inlet lip and the second spout extends inside the nacelle, and—a second configuration, in which the first spout extends away from the inlet lip, and the second spout forms the inlet lip so as to define an air flow channel between a downstream surface of the first spout and an upstream surface of the second spout.

Abstract: Methods, apparatus, and processor-readable storage media for evaluating cyber attacker behavior using machine learning to identify anomalies are provided herein. An example method includes obtaining, based on events associated with changes in one or more of a registry and a computer process, baseline models comprising a user context representing normal behavior for a first subset of features associated with the events with respect to a given user, an inverse context that represents normal behavior for at least one feature with respect to a particular value of one or more features in the first subset, and a global context representing a behavior of the features across the plurality of users; detecting a new event attributable to the given user; calculating a score for the new event using one or more of the baseline models; and determining that the new event is an anomaly in response to the score satisfying a threshold.

Abstract: A method comprises detecting a plurality of floating code instances associated with one or more endpoint devices of a computer network, obtaining metadata of each of the floating code instances, and generating floating code signatures for respective ones of the floating code instances based at least in part on their respective metadata. The floating code signatures are utilized to categorize one or more of the floating code instances as at least potentially malicious floating code instances. A given one of the floating code instances illustratively comprises an executable code block dynamically allocated in a memory of a corresponding one of the endpoint devices and does not include any file structure counterpart. The metadata utilized to generate the floating code signature of a given one of the floating code instances illustratively comprises at least one of image hook metadata and thread metadata of the given floating code instance.

Abstract: A method in an illustrative embodiment comprises receiving a plurality of indicators relating to an entity of a computer network, arranging the indicators in a plurality of categories of increasing risk, assigning weights to the indicators in the categories as a function of the number of categories and the number of indicators in each category, generating a risk score for the indicators based at least in part on the assigned weights, and initiating at least one automated action relating to the entity of the computer network based at least in part on the risk score. The risk score generation is configured such that a weighted contribution to the risk score of indicators in a relatively low one of the categories decreases as a number of indicators in a relatively high one of the categories increases. Similarly, a weighted contribution to the risk score of indicators in a relatively low one of the categories increases as a number of indicators in a relatively high one of the categories decreases.

Abstract: A method includes obtaining a given web page, parsing the given web page to identify one or more frame tags for one or more inline frames of the given web page, and extracting a set of features of a given inline frame from a given one of the identified frame tags in the given web page, the extracted set of features comprising one or more style features, one or more destination features and one or more context features of the given identified frame tag. The method also includes classifying the given inline frame as one of a malicious frame type and a benign frame type utilizing at least one model and at least a portion of the extracted set of features, and controlling access by one or more client devices associated with an enterprise to the given web page responsive to classifying the given inline frame as the malicious frame type.

Abstract: Disclosed herein is a wiper blade assembly including: a contact member; an elastic member for supporting the contact member; a cover member for covering the elastic member; and a coupling cover to be fastened to the elastic member. The cover member includes: a spoiler; an extended plate extended from one end of the spoiler; a first coupling protrusion located in a first predetermined position of the extended plate; and a first coupling hole located in a second predetermined position of the extended plate adjacent to the first coupling protrusion. The coupling cover includes: a second coupling hole located in an inner space thereunder and receiving the first coupling protrusion of the cover member; and a second coupling protrusion located adjacent to the second coupling hole and inserted into the first coupling hole of the cover member. The cover member can be reliably fixed to the wiper blade assembly.

Abstract: Methods, apparatus, and processor-readable storage media for evaluating cyber attacker behavior using machine learning to identify anomalies are provided herein. An example method includes obtaining, based on events associated with changes in one or more of a registry and a computer process, baseline models comprising a user context representing normal behavior for a first subset of features associated with the events with respect to a given user, an inverse context that represents normal behavior for at least one feature with respect to a particular value of one or more features in the first subset, and a global context representing a behavior of the features across the plurality of users; detecting a new event attributable to the given user; calculating a score for the new event using one or more of the baseline models; and determining that the new event is an anomaly in response to the score satisfying a threshold.

Abstract: A method comprises detecting a plurality of floating code instances associated with one or more endpoint devices of a computer network, obtaining metadata of each of the floating code instances, and generating floating code signatures for respective ones of the floating code instances based at least in part on their respective metadata. The floating code signatures are utilized to categorize one or more of the floating code instances as at least potentially malicious floating code instances. A given one of the floating code instances illustratively comprises an executable code block dynamically allocated in a memory of a corresponding one of the endpoint devices and does not include any file structure counterpart. The metadata utilized to generate the floating code signature of a given one of the floating code instances illustratively comprises at least one of image hook metadata and thread metadata of the given floating code instance.

Abstract: A method in an illustrative embodiment comprises receiving a plurality of indicators relating to an entity of a computer network, arranging the indicators in a plurality of categories of increasing risk, assigning weights to the indicators in the categories as a function of the number of categories and the number of indicators in each category, generating a risk score for the indicators based at least in part on the assigned weights, and initiating at least one automated action relating to the entity of the computer network based at least in part on the risk score. The risk score generation is configured such that a weighted contribution to the risk score of indicators in a relatively low one of the categories decreases as a number of indicators in a relatively high one of the categories increases. Similarly, a weighted contribution to the risk score of indicators in a relatively low one of the categories increases as a number of indicators in a relatively high one of the categories decreases.

Abstract: A method includes obtaining a given web page, parsing the given web page to identify one or more frame tags for one or more inline frames of the given web page, and extracting a set of features of a given inline frame from a given one of the identified frame tags in the given web page, the extracted set of features comprising one or more style features, one or more destination features and one or more context features of the given identified frame tag. The method also includes classifying the given inline frame as one of a malicious frame type and a benign frame type utilizing at least one model and at least a portion of the extracted set of features, and controlling access by one or more client devices associated with an enterprise to the given web page responsive to classifying the given inline frame as the malicious frame type.

Abstract: A method includes preparing a representation of data associated with a plurality of software modules, the representation comprising similarity-based hashing of signatures constructed from a first subset of features of the plurality of software modules. The method also includes performing a similarity-based query utilizing the similarity-based hashing of signatures to identify one or more of the plurality of software modules as candidate software modules matching a received seed software module. The method further includes computing distances between the candidate software modules and the seed software module utilizing a second subset of features of the plurality of software modules, classifying one or more of the candidate software modules as a designated type based on the computed distances, generating a notification comprising a list of the classified candidate software modules, and controlling access by one or more client devices associated with an enterprise to the candidate software modules in the list.

Abstract: Disclosed herein is a wiper blade assembly including: a contact member; an elastic member for supporting the contact member; a cover member for covering the elastic member; and a coupling cover to be fastened to the elastic member. The cover member includes: a spoiler; an extended plate extended from one end of the spoiler; a first coupling protrusion located in a first predetermined position of the extended plate; and a first coupling hole located in a second predetermined position of the extended plate adjacent to the first coupling protrusion. The coupling cover includes: a second coupling hole located in an inner space thereunder and receiving the first coupling protrusion of the cover member; and a second coupling protrusion located adjacent to the second coupling hole and inserted into the first coupling hole of the cover member. The cover member can be reliably fixed to the wiper blade assembly.

Abstract: A method comprises obtaining at least a first software module not classified as benign or potentially malicious, extracting a set of features associated with the first software module including static, behavior and context features, computing distance metrics between the extracted feature set and feature sets of a plurality of clusters including one or more clusters of software modules previously classified as benign and exhibiting a first threshold level of similarity relative to one another and one or more clusters of software modules previously classified as potentially malicious and exhibiting a second threshold level of similarity relative to one another, classifying the first software module as belonging to a given cluster based at least in part on the computed distance metrics, and modifying access by a given client device to the first software module responsive to the given cluster being a cluster of software modules previously classified as potentially malicious.

Abstract: A computer-implemented technique provides rules for use in a malicious activity detection system. The technique involves performing evaluation operations on a plurality of malicious activity detection rules. The technique further involves ranking the plurality of malicious activity detection rules in an order based on results of the evaluation operations (e.g., sorting the rules systematically in an order based on measures such as precision, recall, correlation to other rules already in use, etc.). The technique further involves, based on the order of the plurality of malicious activity detection rules, providing a malicious activity detection rule report which recommends a set of malicious activity detection rules of the plurality of malicious activity detection rules for use in the malicious activity detection system.