Abstract: Approaches presented herein enable detecting and assessing evidence of malware intrusion. More specifically, scans of a system are performed, where the scans detect evidence of malware intrusion, and each of the scans generates a respective result. A severity score is assigned to each respective result of the scans, and an assessment score for the system is computed based on the severity score assigned to each respective result of the scans.

Abstract: A computer-implemented method for protecting a processing environment from malicious incoming network traffic may be provided. The method comprises: in response to receiving incoming network traffic comprising a data packet, performing a packet and traffic analysis of the data packet to determine whether said data packet is non-malicious and malicious, and processing of the data packet in a sandbox environment. Furthermore, the method comprises: in response to detecting that the data packet is non-malicious based on the packet and traffic analysis, releasing the processed data packet from the sandbox environment for further processing in the processing environment, and in response to detecting that the data packet is malicious based on the packet and traffic analysis discarding the data packet.

Abstract: A method for providing protection of a computing resource constrained device against cyberattacks may include collecting threat intelligence data in form of indicators of compromise (IoC). The indicators may include cyberattack chain related data. The method may also include determining a relevance of the cyberattack chain for the device, measuring a utilization of security measures in terms of their detection of the respective IoCs and their respective responses to the IoCs, measuring a resource consumption of the security measures, and determining a benefit value for at least one the security measure expressed by its utilization and a relevance value of the IoCs detected with it.

Abstract: A computer system with access to remote files stored on a remote system can predict that a portion of a remote file is likely to be necessary. The computer system may download the portion of the remote file to a local file and update metadata of the local file to reflect the downloaded portion.

Abstract: A node in a blockchain network may generate a secret information proof, generate a private/public key pair, encrypt the secret information proof with the private/public key pair, and submit the proof to a blockchain network.

Abstract: A method for processing security events by applying a rule-based alarm scheme may be provided. The method includes generating a rule index of rules and an indicator of compromise index for each of the rules. The method includes also processing the incoming security event by applying the rules, increasing a current rule counter relating to a triggered rule, and increasing a current indicator of compromise counter pertaining to the triggered rule. Furthermore, the method includes generating a pseudo security event from received data about known attacks and related indicators of compromise, processing the pseudo security events by sequentially applying the rules, increasing a current rule counter of pseudo security events, and increasing a current indicator of compromise counter for pseudo security events, and sorting the rules and sorting within each rule the indicator of compromise values in the indicator of compromise index.

Abstract: A computer-implemented method for managing access rights to a knowledge graph is provided. The method comprises splitting, for each user system, its respective portion of the knowledge graph into a plurality of knowledge subgraphs, encrypting each of the knowledge subgraphs, and generating a plurality of private summary graphs. The method also comprises maintaining a collaboration graph comprising one vertex per user system and edges representing collaborations between the users, mapping all private subgraphs of all user systems to one public summary graph, each vertex of the public summary graph comprises less data than the related vertex of the related private summary graphs and wherein none of the vertices of the summary graph comprises any encryption or decryption key, and granting access to a selected knowledge subgraph from a first user system to a second user system.

Abstract: Methods, computer program products, and systems are presented. The methods include, for instance: obtaining passenger information of one or more passenger traveling within a transportation network; and providing one or more output based on a processing of the passenger information.

Abstract: A computer-implemented method for dynamically identifying security threats comprising a cyber-attack chain composed of a sequence of partial cyber-attacks represented by attack patterns may be provided. The method comprises receiving a sequence of security events, determining, a first cyber-attack pattern by applying a set of predefined rules for detecting an indicator of compromise of a first partial cyber-attack of the cyber-attack chain—thereby, identifying a specific cyber-attack chain—and determining a type and an attribute in the pattern of the first partial cyber-attack. The method comprises further configuring at least one rule for a downstream partial cyber-attack in the specific cyber-attack chain based on the type and the attribute in the attack pattern of the first partial cyber-attack, and adding the at least one configured rule to the set of predefined rules to be used by the correlation engine for dynamically identifying security threats to information technology systems.

Abstract: The exemplary embodiments disclose a method, a computer system, and a computer program product for detecting malware. The exemplary embodiments may include aggregating known malware patterns by storing malware patterns and related malware categories of the malware patterns. The exemplary embodiments may additionally include training a first machine-learning system, comprising a generator portion and a discriminator portion, by using the known malware patterns and the related malware categories as training data. The exemplary embodiments may also include generating additional synthetic code patterns by feeding random code samples to the trained first machine-learning system. The exemplary embodiments may further include training a second machine-learning system by using benevolent code patterns and the generated additional synthetic code patterns as training data.

Abstract: A computer-implemented method for managing access rights to a knowledge graph is provided. The method comprises splitting, for each user system, its respective portion of the knowledge graph into a plurality of knowledge subgraphs, encrypting each of the knowledge subgraphs, and generating a plurality of private summary graphs. The method also comprises maintaining a collaboration graph comprising one vertex per user system and edges representing collaborations between the users, mapping all private subgraphs of all user systems to one public summary graph, each vertex of the public summary graph comprises less data than the related vertex of the related private summary graphs and wherein none of the vertices of the summary graph comprises any encryption or decryption key, and granting access to a selected knowledge subgraph from a first user system to a second user system.

Abstract: Load testing a service having a plurality of different states is provided. A multitude of simulated users accessing the service are divided into a plurality of cohorts. Simulated users within a given cohort share a similar personality type. A load test of the service is performed by applying a set of service requests from each respective cohort to the service. In response to a percentage of simulated users of each cohort encountering a particular state in the service, a user response is determined for the percentage of simulated users within each cohort at that particular state based on a probabilistic user behavior model corresponding to a personality type of each cohort such that user responses at that particular state are distributed in accordance with the probabilistic user behavior model. Distributed user responses at that particular state are applied to the load test in accordance with the probabilistic user behavior model.

Abstract: A processor may detect a risk on a local machine. The processor may determine that the risk warrants a heightened-level remediation. The processor may connect the local machine to a cloud-based desktop environment. The processor may perform the heightened-level remediation on the local machine. The processor may merge data from the cloud-based desktop environment to the local machine in response to the heightened-level remediation being performed.

Abstract: A computer system controls access to data. A secure container that is based on an image file is instantiated at an endpoint device of a user, wherein the secure container includes encrypted data corresponding to the user. An access request to the secure container is authenticated by verifying credentials of the user. In response to verifying the credentials of the user, access to the data is granted. Access to the data is controlled by decrypting and enabling access to a portion of the data, wherein additional portions of the data are decrypted and made accessible based on user behavior.

Abstract: A method for providing protection of a computing resource constrained device against cyberattacks may include collecting threat intelligence data in form of indicators of compromise (IoC). The indicators may include cyberattack chain related data. The method may also include determining a relevance of the cyberattack chain for the device, measuring a utilization of security measures in terms of their detection of the respective IoCs and their respective responses to the IoCs, measuring a resource consumption of the security measures, and determining a benefit value for at least one the security measure expressed by its utilization and a relevance value of the IoCs detected with it.

Abstract: Embodiments of the present invention provide systems, methods, and computer program products for processing responses from services (e.g., content providers) and managing content tailoring by services and/or recommender systems used by those services. Embodiments of the present invention can afford users with the ability to control the diversity of content in responses provided by services based one or more detected themes of the responses. Furthermore, embodiments of the present invention may be used to provide users with enriched responses from services, without needing cooperation of those services.

Abstract: Aspects of the present invention disclose a method, computer program product, and system for detecting a malicious process by a selected instance of an anti-malware system. The method includes one or more processors examining a process for indicators of compromise to the process. The method further includes one or more processors determining a categorization of the process based upon a result of the examination. In response to determining that the categorization of the process does not correspond to a known benevolent process and a known malicious process, the method further includes one or more processors executing the process in a secure enclave. The method further includes one or more processors collecting telemetry data from executing the process in the secure enclave. The method further includes one or more processors passing the collected telemetry data to a locally trained neural network system.

Abstract: Automatic file transfer is provided. A file is obtained utilizing a file generating application on a mobile device in response to an input from a user. The mobile device connected to a network. The file is automatically transferred from the mobile device to a target service via the network utilizing a high-speed file transfer application running on the mobile device such that high-speed transfer of the file from the mobile device to the target service is enabled even though the file generating application does not support the high-speed transfer.

Abstract: User bioelectrical authentication is provided. A bioelectrical configuration signature of a user in physical contact with a hardware token is received, via a token reader, during a low range radio frequency user authentication process to permit a secure transaction by the user. The bioelectrical configuration signature of the user is utilized as part of the low range radio frequency user authentication process to authenticate the user to perform the secure transaction.

Abstract: A computer-implemented method for protecting a processing environment from malicious incoming network traffic may be provided. The method comprises: in response to receiving incoming network traffic comprising a data packet, performing a packet and traffic analysis of the data packet to determine whether said data packet is non-malicious and malicious, and processing of the data packet in a sandbox environment. Furthermore, the method comprises: in response to detecting that the data packet is non-malicious based on the packet and traffic analysis, releasing the processed data packet from the sandbox environment for further processing in the processing environment, and in response to detecting that the data packet is malicious based on the packet and traffic analysis discarding the data packet.