Abstract: A system for generating a set of rules for detecting Controller Area Network (CAN) messages anomalies, the system comprising a processing resource configured to: obtain a training set including a plurality of CAN messages, each CAN message having properties; train a model, using the training set, the model characterizing statistical relationships between one or more first types of CAN messages of respective first CAN message type and one or more second types of CAN messages each of respective second CAN message type, wherein the statistical relationships are based on one or more of the properties of the CAN messages of the training set; wherein the model is usable for identifying anomalies within a sequence of input CAN messages.

Abstract: A method executes upon receiving data (email, IP address) associated with an account registration. In response, an encoding is applied to the data to generate a node vector. The node vector indexes a database of such node vectors that the system maintains (from prior registrations). The database potentially includes one or more node vector(s) that may have a given similarity to the encoded node vector. To determine whether there are such vectors present, a set of k-nearest neighbors to the encoded node vector are then obtained from the database. This set of k-nearest neighbors together with the encoded node vector comprise a virtual graph that is then fed as a graph input to a Graph Neural Network previously trained on a set of training data. The GNN generates a probability that the virtual graph represents a NAF. If the probability exceeds a configurable threshold, the system outputs an indication that the registration is potentially fraudulent, and a mitigation action is taken.

Abstract: A method, apparatus and computer program product for real-time new account fraud detection and prevention. The technique leverages machine learning. In this approach, first and second computational branches of a machine learning model are trained jointly on a corpus of emails. Following training, an arbitrary email is received. The arbitrary email is then applied through the computational branches of the machine learning model. The first branch has an attention layer, and the second branch has a convolutional layer. The outputs of the branches are aggregated into an output that is then applied through another self-attention layer to generate a score. Based on the score, the arbitrary email is characterized. If the email is characterized as fraudulent, a mitigation action is taken.

Abstract: A system for generating a set of rules for detecting Controller Area Network (CAN) messages anomalies, the system comprising a processing resource configured to: obtain a training set including a plurality of CAN messages, each CAN message having properties; train a model, using the training set, the model characterizing statistical relationships between one or more first types of CAN messages of respective first CAN message type and one or more second types of CAN messages each of respective second CAN message type, wherein the statistical relationships are based on one or more of the properties of the CAN messages of the training set; wherein the model is usable for identifying anomalies within a sequence of input CAN messages.

Abstract: A system for identifying one or more sub-fields within a field of a given field type, the field comprising a plurality of field bits, and each of the sub-fields comprising a distinct sub-group of the field bits having one or more fixed consecutive bit positions within each instance of a plurality of instances of the field, the system including a processing resource configured to: obtain one or more input time-series, each input time-series of the one or more input time-series including a plurality of input instances of the field; generate one or more 10 new time-series, each new time-series of the generated new time-series being associated with at least one input time-series of the one or more input time-series and including a plurality of new instances of the field; generate a bit-field based on selected instances of the new instances in each new time-series of the generated new time-series; and analyze the bit-field to identify the fixed consecutive bit positions of at least one of the sub-fields within the

Abstract: Systems and computerized and computer-implemented methods operate to detect malicious applications (APPs). A method, which is performed on a suitably designed computerized system, comprises: obtaining text associated with an application; inputting a representation of the text into a classifier; and, the classifier processing the representation of the text. The classifier processes the representation of the text by processes including: applying weights to words of the text for which the classifier has provided weights by a words attention process, such that the weighted words of each sentence form a sentence vector; analyzing the sentence vectors by a sentence attention process to obtain a single summary vector for the sentence vectors; and, from the single summary vector, determining a score that the application is malicious.