Abstract: A method for producing a set of indicators of unwanted activity in a computer system, comprising: receiving a plurality of input data sets, each describing system activity and comprising an infection label and system activity information collected from a computer system; producing a plurality of training sets each comprising: 1) a plurality of activity values, each indicative of execution of an instruction, extracted from one of the plurality of input data sets, and 2) a respective infection label; producing for each training set one of a plurality of sets of relevant activity values by: training a model to output, in response to the respective training set, an infection classification equal to respective infection label; and analyzing the model to identify a set of relevant activity values, of the plurality of activity values, effecting the infection classification; and analyzing the plurality of sets of relevant activity values to produce the indicators.

Abstract: Methods are provided for building and tuning a correlation data structure. The correlation data structure includes relationship correlations with relationship scores that reflect the level of correlation between alert conditions and feature set events that occurred in a machine. Each relationship correlation further includes a time of influence associated with the times of occurrence for each alert condition and corresponding feature set event. The correlation data structure is built and tuned using sourcing to leverage the alert conditions and feature set events on each machine for all machines in the network. Methods are also provided to use the correlation data structure to monitor the machines in a network, detect feature set events, and detect if alert conditions correlated with those feature set events are likely to occur. The methods further provide for mitigating those alert conditions.

Abstract: A method for producing a set of indicators of unwanted activity in a computer system, comprising: receiving a plurality of input data sets, each describing system activity and comprising an infection label and system activity information collected from a computer system; producing a plurality of training sets each comprising: 1) a plurality of activity values, each indicative of execution of an instruction, extracted from one of the plurality of input data sets, and 2) a respective infection label; producing for each training set one of a plurality of sets of relevant activity values by: training a model to output, in response to the respective training set, an infection classification equal to respective infection label; and analyzing the model to identify a set of relevant activity values, of the plurality of activity values, effecting the infection classification; and analyzing the plurality of sets of relevant activity values to produce the indicators.

Abstract: The present disclosure relates to an intelligent service (e.g., a smart home, a smart building, a smart car, etc.) based on a 5G communication technology and an IoT related technology. In accordance with an embodiment of the present disclosure, a method is provided for detecting, by a web server in a wireless communication system, a malicious code which is injected into the command stream of a widget miming on a web-based OS in a device. The method includes: analyzing the widget in the web server; determining at least one invariant condition constantly maintained and conserved while the widget is running, on the basis of a result of the analyzing; generating a metadata file including data satisfying the at least one invariant condition; and associating the metadata file with the widget and providing the widget in a state in which the associated metadata file is included in the widget.

Abstract: Methods are provided for building and tuning a correlation data structure. The correlation data structure includes relationship correlations with relationship scores that reflect the level of correlation between alert conditions and feature set events that occurred in a machine. Each relationship correlation further includes a time of influence associated with the times of occurrence for each alert condition and corresponding feature set event. The correlation data structure is built and tuned using sourcing to leverage the alert conditions and feature set events on each machine for all machines in the network. Methods are also provided to use the correlation data structure to monitor the machines in a network, detect feature set events, and detect if alert conditions correlated with those feature set events are likely to occur. The methods further provide for mitigating those alert conditions.

Abstract: The present disclosure relates to a communication technique for fusing a 5G communication system for supporting a high data transmission rate after a 4G system with the IoT technology, and a system thereof. The present disclosure can be applied to an intelligent service (e.g., a smart home, a smart building, a smart city, a smart car or connected car, healthcare, digital education, retail business, security and safety related service, etc.) based on the 5G communication technology and the IoT related technology. In accordance with an embodiment of the present disclosure, a method for detecting a malicious code which is injected into the command stream of a widget miming on a web-based OS in a device by a web server in a wireless communication system is provided.

Abstract: A method for detecting a malicious code which is injected into the command stream of a widget running by a web-based OS at a device is disclosed. The method requires (a) analyzing the widget at an App-Store to determine first invariant data; (b) recording within a metadata file first invariant data; (c) associating said metadata file with said widget, and supplying said widget within a user device; (d) upon running said widget, activating a monitoring module, analyzing the running widget and determining by said module a second invariants data, and comparing respectively said second determined invariant data with said first determined invariants data; and (e) issuing an alert upon detection of a variation above a predefined value between said second determined invariant data and said first determined invariant data, respectively.