Abstract: Embodiments are directed to a sender side of a network communication, being sent from a sender to a destination over a network path, expressing certain conditions and actions in a form of a script and encoding the script into network packets, thus enabling routing decisions to be made. Routing devices along the network path are equipped with an execution environment and an application program interface (API) to allow the script to execute and intervene (i.e., “talk” with the routing device) in the routing process. Embodiments provided herein may be implemented to coexist with other existing routing protocols or may completely replace other existing routing protocols.

Abstract: According to one embodiment, a method for message-thread management with a messaging client is provided. The method may include receiving a message-thread containing a signature and a body, with the signature including a composite identifier which may include a thread identifier, a tangent identifier, a sender identifier, a depth-level identifier, and a unique message identifier, determining that message-thread content is missing from the message-thread, sending a broadcast message using a peer-to-peer protocol requesting the missing message-thread content, and receiving the missing message-thread content via the peer-to-peer protocol. The message client may include a peer-to-peer communication protocol manager for handling the peer-to-peer protocol.

Abstract: A method for automated determination of IP address information of malicious attacks. An intrusion detection system may receive an index tree for storing IP addresses in one or more nodes of the index tree in a predefined sorting order. The instruction detection system may receive a data structure including a first set of one or more IP addresses from a honeypot system. The intrusion detection may receive unstructured data indicative of a second set of one or more IP addresses from a predefined data source. The intrusion detection system may process the unstructured data to determine the second set of one or more IP addresses. The intrusion detection system may insert each IP address of the first and second sets of one or more IP addresses into one or more nodes of the index tree.

Abstract: A shared networked storage may be separated from a key vault system. A storage request with data to be stored and the storage request with a confidentiality rating may be received. The confidentiality rating may indicate a level of confidentiality the data is associated with. The storage request with the data and the confidentiality rating may be received via a shared networked storage access interface by a security layer. The data to be stored by the key vault system and the confidentiality rating may be encrypted on request of the security layer and into a data container. The shared networked storage may be categorized into Cloud zones. Each Cloud zone may be assigned a trust level. The data container may be stored in one of the Cloud zones of the shared networked storage. The trust level of the one of the Cloud zones may correspond to the confidentiality rating.

Abstract: Mechanisms are provided to implement a malicious activity response system (MARS) that automatically identifies and handles malicious activities within the data processing system. The MARS identifies threat intelligence associated with characteristics of malicious activity. The MARS forms a hypothesis for the malicious attack to identify a malicious attack that is occurring. The MARS identifies a trap for use in isolating the malicious activity; deploys the trap and automatically reconfiguring a network associated with the data processing system such that the malicious activity is routed to the trap thereby isolating the malicious activity, observes a behavior of the malicious activity within the trap; and extracts features associated with the malicious activity in the trap. The MARS then utilizes the extracted features to improve an operation of the malicious activity response system in handling future malicious activity.

Abstract: A shared networked storage may be separated from a key vault system. A storage request with data to be stored and the storage request with a confidentiality rating may be received. The confidentiality rating may indicate a level of confidentiality the data is associated with. The storage request with the data and the confidentiality rating may be received via a shared networked storage access interface by a security layer. The data to be stored by the key vault system and the confidentiality rating may be encrypted on request of the security layer and into a data container. The shared networked storage may be categorized into Cloud zones. Each Cloud zone may be assigned a trust level. The data container may be stored in one of the Cloud zones of the shared networked storage. The trust level of the one of the Cloud zones may correspond to the confidentiality rating.

Abstract: Embodiments of the present invention provide systems, methods, and computer program products for processing responses from services (e.g., content providers) and managing content tailoring by services and/or recommender systems used by those services. Embodiments of the present invention can afford users with the ability to control the diversity of content in responses provided by services based one or more detected themes of the responses. Furthermore, embodiments of the present invention may be used to provide users with enriched responses from services, without needing cooperation of those services.

Abstract: A method and a related system for a protection against unauthorized file encryption in a file system may be provided. The method may comprise providing an anti-ransomware file access unit, determining, by the anti-ransomware file access unit, an entropy value for a portion of a file to be written to the file system, and upon determining that the entropy value is equal or above a threshold value, performing a copy-on-write process to the file to be written, whereby the file is written to a copy-on-write storage area.

Abstract: Embodiments of the present invention provide systems, methods, and computer program products for processing responses from services (e.g., content providers) and managing content tailoring by services and/or recommender systems used by those services. Embodiments of the present invention can afford users with the ability to control the diversity of content in responses provided by services based one or more detected themes of the responses. Furthermore, embodiments of the present invention may be used to provide users with enriched responses from services, without needing cooperation of those services.

Abstract: A mechanism is provided for blocking IP connection addresses and prefixes. Header information is extracted from an incoming connection request. A determination is made as to whether a portion of an Internet Protocol address comprised in the header information is blacklisted. Responsive to a portion of the Internet Protocol address being blacklisted, a fingerprint is generated, and a determination is made as to whether the fingerprint is blacklisted. Responsive to the fingerprint being blacklisted, the underlying physical connection is dropped; data associated with the incoming connection request is stored in a buffer, the fingerprint is associated to the incoming connection request; the incoming connection request is merged with stored blacklisted requests of a related originating system; and shared prefixes of the Internet Protocol address of the stored blacklisted requests are filtered out.

Abstract: One or more processors generate a website mimicking a virtual message board. One or more processors receive a request message directed to the website. One or more processors analyze the request message for evidence that the request message originates from a source of spam. In response to a determination that the request message likely does originate from a spam source, one or more processors provide data about the spam source to an anti-spam system.

Abstract: Methods, computer program products, and systems are presented. The methods include, for instance: obtaining passenger information of one or more passenger traveling within a transportation network; and providing one or more output based on a processing of the passenger information.

Abstract: A mechanism is provided for blocking IP connection addresses and prefixes. Header information is extracted from an incoming connection request. A determination is made as to whether a portion of an Internet Protocol address comprised in the header information is blacklisted. Responsive to a portion of the Internet Protocol address being blacklisted, a fingerprint is generated, and a determination is made as to whether the fingerprint is blacklisted. Responsive to the fingerprint being blacklisted, the underlying physical connection is dropped; data associated with the incoming connection request is stored in a buffer, the fingerprint is associated to the incoming connection request; the incoming connection request is merged with stored blacklisted requests of a related originating system; and shared prefixes of the Internet Protocol address of the stored blacklisted requests are filtered out.

Abstract: According to one embodiment, a method for message-thread management with a messaging client is provided. The method may include receiving a message-thread containing a signature and a body, with the signature including a composite identifier which may include a thread identifier, a tangent identifier, a sender identifier, a depth-level identifier, and a unique message identifier, determining that message-thread content is missing from the message-thread, sending a broadcast message using a peer-to-peer protocol requesting the missing message-thread content, and receiving the missing message-thread content via the peer-to-peer protocol. The message client may include a peer-to-peer communication protocol manager for handling the peer-to-peer protocol.

Abstract: A shared networked storage may be separated from a key vault system. A storage request with data to be stored and the storage request with a confidentiality rating may be received. The confidentiality rating may indicate a level of confidentiality the data is associated with. The storage request with the data and the confidentiality rating may be received via a shared networked storage access interface by a security layer. The data to be stored by the key vault system and the confidentiality rating may be encrypted on request of the security layer and into a data container. The shared networked storage may be categorized into Cloud zones. Each Cloud zone may be assigned a trust level. The data container may be stored in one of the Cloud zones of the shared networked storage. The trust level of the one of the Cloud zones may correspond to the confidentiality rating.

Abstract: A shared networked storage may be separated from a key vault system. A storage request with data to be stored and the storage request with a confidentiality rating may be received. The confidentiality rating may indicate a level of confidentiality the data is associated with. The storage request with the data and the confidentiality rating may be received via a shared networked storage access interface by a security layer. The data to be stored by the key vault system and the confidentiality rating may be encrypted on request of the security layer and into a data container. The shared networked storage may be categorized into Cloud zones. Each Cloud zone may be assigned a trust level. The data container may be stored in one of the Cloud zones of the shared networked storage. The trust level of the one of the Cloud zones may correspond to the confidentiality rating.

Abstract: According to one embodiment, a method for message-thread management with a messaging client is provided. The method may include receiving a message-thread containing a signature and a body, with the signature including a composite identifier which may include a thread identifier, a tangent identifier, a sender identifier, a depth-level identifier, and a unique message identifier, determining that message-thread content is missing from the message-thread, sending a broadcast message using a peer-to-peer protocol requesting the missing message-thread content, and receiving the missing message-thread content via the peer-to-peer protocol. The message client may include a peer-to-peer communication protocol manager for handling the peer-to-peer protocol.

Abstract: According to one exemplary embodiment, a method for obfuscating a traffic pattern associated with a plurality of network traffic within a tunnel connection is provided. The method may include detecting the tunnel connection. The method may also include analyzing a connection environment associated with the detected tunnel connection. The method may then include determining a packet handling technique based on the analyzed connection environment, whereby the packet handling technique provides a way for creating a noise packet that will be discarded by a network stack at a target node or before the target node. The method may include determining a noise strategy based on the determined packet handling technique. The method may also include sending a plurality of noise packets into the tunnel connection based on the determined noise strategy to obfuscate the traffic pattern.

Abstract: Embodiments are directed to a sender side of a network communication, being sent from a sender to a destination over a network path, expressing certain conditions and actions in a form of a script and encoding the script into network packets, thus enabling routing decisions to be made. Routing devices along the network path are equipped with an execution environment and an application program interface (API) to allow the script to execute and intervene (i.e., “talk” with the routing device) in the routing process. Embodiments provided herein may be implemented to coexist with other existing routing protocols or may completely replace other existing routing protocols.

Abstract: A processor attracts and harvests spam messages. The processor simulates a message relay server. The processor receives one or more messages for the message relay server. The processor relays a message that is included in the one or more messages based on a determination that a pattern of the message matches a first identification pattern for probe messages. The processor captures a second message that originated from an IP address of the relayed probe message. The processor processes the one or more messages and the second message to generate an identification pattern that identifies potential spam messages.