Abstract: A computer system with access to remote files stored on a remote system can predict that a portion of a remote file is likely to be necessary. The computer system may download the portion of the remote file to a local file and update metadata of the local file to reflect the downloaded portion.

Abstract: Mechanisms are provided to implement a malicious activity response system (MARS) that automatically identifies and handles malicious activities within the data processing system. The MARS identifies threat intelligence associated with characteristics of malicious activity. The MARS forms a hypothesis for the malicious attack to identify a malicious attack that is occurring. The MARS identifies a trap for use in isolating the malicious activity; deploys the trap and automatically reconfiguring a network associated with the data processing system such that the malicious activity is routed to the trap thereby isolating the malicious activity, observes a behavior of the malicious activity within the trap; and extracts features associated with the malicious activity in the trap. The MARS then utilizes the extracted features to improve an operation of the malicious activity response system in handling future malicious activity.

Abstract: A shared networked storage may be separated from a key vault system. A storage request with data to be stored and the storage request with a confidentiality rating may be received. The confidentiality rating may indicate a level of confidentiality the data is associated with. The storage request with the data and the confidentiality rating may be received via a shared networked storage access interface by a security layer. The data to be stored by the key vault system and the confidentiality rating may be encrypted on request of the security layer and into a data container. The shared networked storage may be categorized into Cloud zones. Each Cloud zone may be assigned a trust level. The data container may be stored in one of the Cloud zones of the shared networked storage. The trust level of the one of the Cloud zones may correspond to the confidentiality rating.

Abstract: A computer-implemented method for managing access rights to a knowledge graph is provided. The method comprises splitting, for each user system, its respective portion of the knowledge graph into a plurality of knowledge subgraphs, encrypting each of the knowledge subgraphs, and generating a plurality of private summary graphs. The method also comprises maintaining a collaboration graph comprising one vertex per user system and edges representing collaborations between the users, mapping all private subgraphs of all user systems to one public summary graph, each vertex of the public summary graph comprises less data than the related vertex of the related private summary graphs and wherein none of the vertices of the summary graph comprises any encryption or decryption key, and granting access to a selected knowledge subgraph from a first user system to a second user system.

Abstract: A method for automated determination of IP address information of malicious attacks. An intrusion detection system may receive an index tree for storing IP addresses in one or more nodes of the index tree in a predefined sorting order. The instruction detection system may receive a data structure including a first set of one or more IP addresses from a honeypot system. The intrusion detection may receive unstructured data indicative of a second set of one or more IP addresses from a predefined data source. The intrusion detection system may process the unstructured data to determine the second set of one or more IP addresses. The intrusion detection system may insert each IP address of the first and second sets of one or more IP addresses into one or more nodes of the index tree.

Abstract: Methods, computer program products, and systems are presented. The methods include, for instance: obtaining passenger information of one or more passenger traveling within a transportation network; and providing one or more output based on a processing of the passenger information.

Abstract: A method for processing security events by applying a rule-based alarm scheme may be provided. The method includes generating a rule index of rules and an indicator of compromise index for each of the rules. The method includes also processing the incoming security event by applying the rules, increasing a current rule counter relating to a triggered rule, and increasing a current indicator of compromise counter pertaining to the triggered rule. Furthermore, the method includes generating a pseudo security event from received data about known attacks and related indicators of compromise, processing the pseudo security events by sequentially applying the rules, increasing a current rule counter of pseudo security events, and increasing a current indicator of compromise counter for pseudo security events, and sorting the rules and sorting within each rule the indicator of compromise values in the indicator of compromise index.

Abstract: A method and a related system for a protection against unauthorized file encryption in a file system may be provided. The method may comprise providing an anti-ransomware file access unit, determining, by the anti-ransomware file access unit, an entropy value for a portion of a file to be written to the file system, and upon determining that the entropy value is equal or above a threshold value, performing a copy-on-write process to the file to be written, whereby the file is written to a copy-on-write storage area.

Abstract: A computer-implemented method for dynamically identifying security threats comprising a cyber-attack chain composed of a sequence of partial cyber-attacks represented by attack patterns may be provided. The method comprises receiving a sequence of security events, determining, a first cyber-attack pattern by applying a set of predefined rules for detecting an indicator of compromise of a first partial cyber-attack of the cyber-attack chain—thereby, identifying a specific cyber-attack chain—and determining a type and an attribute in the pattern of the first partial cyber-attack. The method comprises further configuring at least one rule for a downstream partial cyber-attack in the specific cyber-attack chain based on the type and the attribute in the attack pattern of the first partial cyber-attack, and adding the at least one configured rule to the set of predefined rules to be used by the correlation engine for dynamically identifying security threats to information technology systems.

Abstract: User bioelectrical authentication is provided. A bioelectrical configuration signature of a user in physical contact with a hardware token is received, via a token reader, during a low range radio frequency user authentication process to permit a secure transaction by the user. The bioelectrical configuration signature of the user is utilized as part of the low range radio frequency user authentication process to authenticate the user to perform the secure transaction.

Abstract: Methods, computer program products, and systems are presented. The methods include, for instance: obtaining passenger information of one or more passenger traveling within a transportation network; and providing one or more output based on a processing of the passenger information.

Abstract: Embodiments are directed to a sender side of a network communication, being sent from a sender to a destination over a network path, expressing certain conditions and actions in a form of a script and encoding the script into network packets, thus enabling routing decisions to be made. Routing devices along the network path are equipped with an execution environment and an application program interface (API) to allow the script to execute and intervene (i.e., “talk” with the routing device) in the routing process. Embodiments provided herein may be implemented to coexist with other existing routing protocols or may completely replace other existing routing protocols.

Abstract: According to one embodiment, a method for message-thread management with a messaging client is provided. The method may include receiving a message-thread containing a signature and a body, with the signature including a composite identifier which may include a thread identifier, a tangent identifier, a sender identifier, a depth-level identifier, and a unique message identifier, determining that message-thread content is missing from the message-thread, sending a broadcast message using a peer-to-peer protocol requesting the missing message-thread content, and receiving the missing message-thread content via the peer-to-peer protocol. The message client may include a peer-to-peer communication protocol manager for handling the peer-to-peer protocol.

Abstract: A method for automated determination of IP address information of malicious attacks. An intrusion detection system may receive an index tree for storing IP addresses in one or more nodes of the index tree in a predefined sorting order. The instruction detection system may receive a data structure including a first set of one or more IP addresses from a honeypot system. The intrusion detection may receive unstructured data indicative of a second set of one or more IP addresses from a predefined data source. The intrusion detection system may process the unstructured data to determine the second set of one or more IP addresses. The intrusion detection system may insert each IP address of the first and second sets of one or more IP addresses into one or more nodes of the index tree.

Abstract: A shared networked storage may be separated from a key vault system. A storage request with data to be stored and the storage request with a confidentiality rating may be received. The confidentiality rating may indicate a level of confidentiality the data is associated with. The storage request with the data and the confidentiality rating may be received via a shared networked storage access interface by a security layer. The data to be stored by the key vault system and the confidentiality rating may be encrypted on request of the security layer and into a data container. The shared networked storage may be categorized into Cloud zones. Each Cloud zone may be assigned a trust level. The data container may be stored in one of the Cloud zones of the shared networked storage. The trust level of the one of the Cloud zones may correspond to the confidentiality rating.

Abstract: Mechanisms are provided to implement a malicious activity response system (MARS) that automatically identifies and handles malicious activities within the data processing system. The MARS identifies threat intelligence associated with characteristics of malicious activity. The MARS forms a hypothesis for the malicious attack to identify a malicious attack that is occurring. The MARS identifies a trap for use in isolating the malicious activity; deploys the trap and automatically reconfiguring a network associated with the data processing system such that the malicious activity is routed to the trap thereby isolating the malicious activity, observes a behavior of the malicious activity within the trap; and extracts features associated with the malicious activity in the trap. The MARS then utilizes the extracted features to improve an operation of the malicious activity response system in handling future malicious activity.

Abstract: A shared networked storage may be separated from a key vault system. A storage request with data to be stored and the storage request with a confidentiality rating may be received. The confidentiality rating may indicate a level of confidentiality the data is associated with. The storage request with the data and the confidentiality rating may be received via a shared networked storage access interface by a security layer. The data to be stored by the key vault system and the confidentiality rating may be encrypted on request of the security layer and into a data container. The shared networked storage may be categorized into Cloud zones. Each Cloud zone may be assigned a trust level. The data container may be stored in one of the Cloud zones of the shared networked storage. The trust level of the one of the Cloud zones may correspond to the confidentiality rating.

Abstract: Embodiments of the present invention provide systems, methods, and computer program products for processing responses from services (e.g., content providers) and managing content tailoring by services and/or recommender systems used by those services. Embodiments of the present invention can afford users with the ability to control the diversity of content in responses provided by services based one or more detected themes of the responses. Furthermore, embodiments of the present invention may be used to provide users with enriched responses from services, without needing cooperation of those services.

Abstract: A method and a related system for a protection against unauthorized file encryption in a file system may be provided. The method may comprise providing an anti-ransomware file access unit, determining, by the anti-ransomware file access unit, an entropy value for a portion of a file to be written to the file system, and upon determining that the entropy value is equal or above a threshold value, performing a copy-on-write process to the file to be written, whereby the file is written to a copy-on-write storage area.

Abstract: Embodiments of the present invention provide systems, methods, and computer program products for processing responses from services (e.g., content providers) and managing content tailoring by services and/or recommender systems used by those services. Embodiments of the present invention can afford users with the ability to control the diversity of content in responses provided by services based one or more detected themes of the responses. Furthermore, embodiments of the present invention may be used to provide users with enriched responses from services, without needing cooperation of those services.