Abstract: There is provided data-efficient threat detection method in a computer network. The method can include: receiving raw data related to a network node, generating local 5 behaviour models related to the network node; generating at least one common model of normal behaviour on the basis of local behaviour models related to multiple network nodes; filtering input events by using a measure for estimating the likelihood that the input event is produced by the generated common model of normal behaviour and/or by the generated one or more local behaviour models, wherein only input events having a 10 likelihood below a predetermined threshold of being produced by any one of the models are passed through the filtering; and processing input events passed through the filtering for generating a security related decision.

Abstract: Disclosed is a threat detection network for monitoring a security threat for a computer network, including a back end system and sensors coupled to the back end system, wherein each sensor: collects data describing respective predefined events in a respective node of the network, each event involving interaction of a subject entity operating in the respective node with an object entity associated with the node, applies predefined anomaly detection models to determine respective anomaly detection scores for interactions captured in the collected data, arranges the captured interactions into a local activity graph describing interactions of subject entities operating in the node with object entities associated with the node, and transmits portions of the local activity graph as status data to the back end system depending on the anomaly scores for the respective interactions captured in the local activity graph. The back end system derives security parameters describing security threats.

Abstract: A method comprising: receiving raw data related to one or more network nodes, wherein dissimilar data types are aligned as input events; filtering one or more of the input events by using an adjustable threshold that is based on a filtering score, wherein the filtering score is an estimate of the likelihood that the input event is followed by a security related detection; processing only input events passed through the filtering by an enrichment process; and analysing the data received from the enrichment process for generating a security related decision.

Abstract: A method including: establishing an internal swarm intelligence network including security agent modules of a plurality of interconnected network nodes of a local computer network, collecting data related to the respective network nodes, sharing information based on the collected data in the established internal swarm intelligence network, and using the collected data and information received from the internal swarm intelligence network for generating and adapting models related to the respective network node nodes. In case a new threat is identified, the threat is verified and contained, a new threat model is generated and the generated new threat model is shared. The security alert and/or the generated new threat model is transmitted to a security service network for enabling the security service network to share the received security alert and/or the new threat model.

Abstract: A network node of a threat detection network, a backend server of a threat detection network, a threat detection network and a threat detection method in a threat detection network. The threat detection network comprises interconnected network nodes and a backend system, wherein at least part of the nodes comprise security agent modules which collect data related to the respective network node. The method comprises collecting and/or analyzing at the network node data related to a network node, generating at least one local behavior model at the network node related to the network node on the basis of the collected and/or analyzed data, sharing at least one generated local behavior model related to the network node with one or more other nodes and/or with the backend system, comparing user activity in a node to the generated local behavior model and/or a received behavior model, and alerting the backend and/or the other nodes, e.g.

Abstract: Electronic arrangement comprising a data interface for transferring data with external elements, at least one processor for processing instructions and other data, and memory for storing the instructions and other data, said at least one processor being configured, in accordance with the stored instructions, to obtain at least one predictive user model including one or more demographic characteristics as dependent variables to be predicted and usage statistics of applications as explanatory variables, obtain deterministic usage statistics indicative of digital applications a target user has utilized during a monitoring period, and determine, through utilization of the deterministic usage statistics obtained during the monitoring period as input to the at least one established predictive model, an estimate of said one or more of the demographic characteristics of the target user.

Abstract: A system and a method for distributing components of a threat detection model for a threat control network, the threat control network comprising interconnected network nodes. The threat control network comprises security agent modules which collect data related to the respective network node of the security agent module, share information based on the collected data in the established internal network and use the collected data and information received from the internal network for generating and adapting threat detection models related to the respective network node. At least part of the nodes comprise at least the following components of the threat detection model: detection logic part comprising detection rules, detection logic parameter part comprising parameter values, core data primitive part comprising a set of key primitives. The method comprises distributing the said components of a threat detection model to a node independently from the other said components of the same node.

Abstract: There is provided a method of detecting a threat against a computer system. The method comprises: creating a modular representation of behavior of known applications on the basis of sub-components of a set of known applications; entering the modular representation to an evolutionary analysis system for generating previously unknown combinations of the procedures; storing the generated previously unknown combinations as candidate descendants of known applications to a future threat candidate database; monitoring the behavior of the computer system to detect one or more procedures matching the behavior of a stored candidate descendant in the future threat candidate database; and upon detection of one or more procedures matching the behavior of the stored candidate descendant and if the stored candidate descendant is determined to be malicious or suspicious, identifying the running application as malicious or suspicious.

Abstract: There is provided data-efficient threat detection method in a computer network. The method comprises: receiving raw data related to a network node, generating local behaviour models related to the network node; generating at least one common model of normal behaviour on the basis of local behaviour models related to multiple network nodes; filtering input events by using a measure for estimating the likelihood that the input event is produced by the generated common model of normal behaviour and/or by the generated one or more local behaviour models, wherein only input events having a likelihood below a predetermined threshold of being produced by any one of the models are passed through the filtering; and processing input events passed through the filtering for generating a security related decision.

Abstract: A method comprising: receiving raw data related to one or more network nodes, wherein dissimilar data types are aligned as input events; filtering one or more of the input events by using an adjustable threshold that is based on a filtering score, wherein the filtering score is an estimate of the likelihood that the input event is followed by a security related detection; processing only input events passed through the filtering by an enrichment process; and analysing the data received from the enrichment process for generating a security related decision.

Abstract: A method including: establishing an internal swarm intelligence network including security agent modules of a plurality of interconnected network nodes of a local computer network, collecting data related to the respective network nodes, sharing information based on the collected data in the established internal swarm intelligence network, and using the collected data and information received from the internal swarm intelligence network for generating and adapting models related to the respective network node nodes. In case a new threat is identified, the threat is verified and contained, a new threat model is generated and the generated new threat model is shared. The security alert and/or the generated new threat model is transmitted to a security service network for enabling the security service network to share the received security alert and/or the new threat model.

Abstract: Enhanced quality of service of a cellular radio access network is provided by monitoring the operation of the network for predicting failures. For each of the predicted failures, a proactive maintenance plan is created and an alternative network configuration determined, in which alternative network configuration the impact of the planned maintenance operations is less than in the current (non-alternative) network configuration. Additionally, timing of the maintenance operations is decided based on a network traffic estimate and the network is automatically reconfigured into the alternative network configuration prior to the selected maintenance operation time. According to an embodiment, the object is achieved by means of a Pre-emptive Maintenance Node (PEM) connected to the telecommunications network, such as to an LTE or LTE-A network.

Abstract: Electronic arrangement for single-source cross-platform media measurements, comprising a communication interface arranged to receive observation data having regard to and at least partly determined at a plurality of electronic, preferably personal, devices of a number of users, at least one user of said number being associated with multiple devices of said plurality, said multiple devices belonging to mutually different technological platforms including online platforms for providing media exposure and the multiple devices comprising a usage meter to observe selected events indicative of device usage comprising media exposure, wherein the usage meter of at least one of the multiple devices being further arranged to observe user exposure to media on one or more external offline media distribution platforms, and at least one of the multiple devices being arranged to transmit observation data comprising indications of the observations towards the arrangement, at least one electronic database arranged to store th

Abstract: A method (400) for enhancing data integrity in connection with a digital panel study to be performed by an electronic arrangement preferably comprising one or more servers, wherein the method comprises obtaining data (406) having regard to a plurality of panelists, wherein one or more data points associated with each panelist characterize demographic profile, device ownership, device-level behavioral profile and/or occurrences of events or traffic involving one or more electronic devices associated with the panelist, and where there is more and less complete data associated with different panelists in terms of data points, for a certain panelist of said plurality missing a data point, determining (413), based on the obtained data, a number of other panelists that originally have corresponding data point assigned and are otherwise similar to the certain panelist in terms of a number of other data points according to a selected criterion, preferably requiring similar data point values, and completing the missin

Abstract: There is provided a method of detecting a threat against a computer system. The method includes creating a modular representation of behavior of known applications on the basis of sub-components of a set of known applications; entering the modular representation to an evolutionary analysis system for generating previously unknown combinations of the procedures; storing the generated previously unknown combinations as candidate descendants of known applications to a future threat candidate database; monitoring the behavior of the computer system to detect one or more procedures matching the behavior of a stored candidate descendant in the future threat candidate database; and upon detection of one or more procedures matching the behavior of the stored candidate descendant and if the stored candidate descendant is determined to be malicious or suspicious, identifying the running application as malicious or suspicious.

Abstract: Electronic arrangement (112) comprising a data interface (210) for transferring data with external elements, at least one processor (202) for processing instructions and other data, and memory (204) for storing the instructions and other data, said at least one processor being configured, in accordance with the stored instructions, to obtain at least one predictive user model (312,314) including one or more demographic characteristics as dependent variables to be predicted and usage statistics of applications as explanatory variables, obtain deterministic usage (316) statistics indicative of digital applications a target user has utilized during a monitoring period, and determine (318), through utilization of the deterministic usage statistics obtained during the monitoring period as input to the at least one established predictive model, an estimate of said one or more of the demographic characteristics of the target user.

Abstract: Enhanced quality of service of a cellular radio access network is provided by monitoring the operation of the network for predicting failures. For each of the predicted failures, a proactive maintenance plan is created and an alternative network configuration determined, in which alternative network configuration the impact of the planned maintenance operations is less than in the current (non-alternative) network configuration. Additionally, timing of the maintenance operations is decided based on a network traffic estimate and the network is automatically reconfigured into the alternative network configuration prior to the selected maintenance operation time. According to an embodiment, the object is achieved by means of a Pre-emptive Maintenance Node (PEM) connected to the telecommunications network, such as to an LTE or LTE-A network.