Abstract: Combustion apparatuses (e.g., burners) and methods, such as those configured to encourage mixing of fluid, flame stability, and synthesis of materials (e.g., nano-particles), among other things.

Abstract: Logins within a private network are classified as benign or malicious by (a) receiving login patterns within a private network, wherein each login pattern includes one or more attributes of each of (i) a user uniquely associated with the login, (ii) a source computer uniquely associated with the login, and (iii) a destination computer uniquely associated with the login, and wherein each login pattern is characterized as one of (A) a normal login pattern, (B) a benign login pattern, or (C) a malicious login pattern; (b) receiving a new login; and (c) classifying the new login as benign or malicious using the login patterns for the private network that were received.

Abstract: Combustion apparatuses (e.g., burners) and methods, such as those configured to encourage mixing of fluid, flame stability, and synthesis of materials (e.g., nano-particles), among other things.

Abstract: A security system and service, which improves the performance of SECaaS services, is described. A security server system tracks the content that has successfully passed through its security modules and distributes this information to the end user client devices as hashlist information. The remote client devices can then safely bypass the cloud for a significant fraction of Web object requests by using information on a locally stored hashlist to validate Web objects.

Abstract: The problem of obtaining a multi-touch input sequence for use in user authentication is solved by determining, at a plurality of time instances, a mapping from an unordered set of at least four touch points to a an ordered set of at least four fingertips, wherein for at least one of the plurality of time instances, the mapping from the unordered set of at least four touch points to the ordered set of at least four fingertips is subject to a constraint that the ordered set of at least four touch points defines a simple polygon.

Abstract: A peer-to-peer (P2P) bot(s) in a network is identified using an already identified P2P bot. More specifically, such embodiments may facilitate determining a candidate set of computers, which may be potential P2P bots, by identifying computers in a network that have a private mutual contact with a seed bot, which is a computer identified as a P2P bot, and identifying additional computers that have private mutual contacts with the identified computers. Further, a confidence level indicative of a certainty of a membership of each of the candidate computers in the P2P botnet is determined and responsive to a determination that the confidence level of the candidate computer exceeds a determined threshold confidence level, the candidate computer is identified as a P2P bot.

Abstract: For user authentication, finger touch information from a user is accepted via a touch sensitive element, the finger touch information including at least a time series of finger touch samples that define a trace of the user's signature, and each of the finger touch samples including centroid coordinates and non-centroid information, the non-centroid information including at least one of (A) a shape of the finger touch sample, (B) a size of the finger touch sample, (C) an orientation of the finger touch sample, and (D) characteristics of a multi-touch finger touch sample. A similarity of such finger touch samples with previously entered and stored finger touch samples is determined and compared with a threshold for purposes of user authentication.

Abstract: A security system and service, which improves the performance of SECaaS services, is described. A security server system tracks the content that has successfully passed through its security modules and distributes this information to the end user client devices as hashlist information. The remote client devices can then safely bypass the cloud for a significant fraction of Web object requests by using information on a locally stored hashlist to validate Web objects.

Abstract: The problem of obtaining a multi-touch input sequence for use in user authentication is solved by determining, at a plurality of time instances, a mapping from an unordered set of at least four touch points to a an ordered set of at least four fingertips, wherein for at least one of the plurality of time instances, the mapping from the unordered set of at least four touch points to the ordered set of at least four fingertips is subject to a constraint that the ordered set of at least four touch points defines a simple polygon.

Abstract: File carving is a technique whereby data files are extracted from a digital device without the assistance of file tables or other disk meta-data, and can therefore be used to recover files that are fragmented. Sequential hypothesis testing procedures are used to detect a fragmentation point of a file by sequentially comparing adjacent pairs of blocks from the starting block of a file until the fragmentation point is reached. The detected fragmentation point can be used to help recover the fragmented file. Such a serial analysis helps to minimize errors and improve performance.

Abstract: Several promising techniques have been recently proposed to bind an image or video to its source acquisition device. These techniques have been intensively studied to address performance issues, but the computational efficiency aspect has not been given due consideration. Considering very large databases, the efficiency of the sensor fingerprint based source device identification technique is described. Novel schemes that improve search complexity as compared to a conventional approach are described.

Abstract: Several promising techniques have been recently proposed to bind an image or video to its source acquisition device. These techniques have been intensively studied to address performance issues, but the computational efficiency aspect has not been given due consideration. Considering very large databases, the efficiency of the sensor fingerprint based source device identification technique is described. Novel schemes that improve search complexity as compared to a conventional approach are described.

Abstract: Flexible network policies might be enforced by (a) obtaining a flow of network packets, (b) determining a content characteristic by characterizing content of the flow using bit-stream level statistics, (c) determining content-independent flow characteristics, port-independent flow characteristics, and/or application header-independent flow characteristics, and (d) enforcing a policy on the flow using both (1) the determined content characteristic and the (2) determined content-independent flow characteristics, port-independent flow characteristics, and/or application header-independent flow characteristics.

Abstract: Host malware (or change) may be detected by (1) receiving baseline set of response time information for each of one or more transactions involving (A) the host and (B) at least one peer of the host, (2) determining or receiving a later set of response time information for each of the one or more transactions involving the host and the at least one peer of the host, and (3) determining whether or not host slowdown has occurred using the baseline set of response time information and the later set of response time information. The execution of a host malware (or change) protection policy may be controlled using at least the determination of whether or not host slowdown has occurred.

Abstract: Whether or not a node is a relay node may be determined by, for each of a plurality of active flows, assigning a random number to the flow, wherein each of the random numbers is drawn from a distribution. Then, for each of a plurality of time slots, any incoming flows to the node and any outgoing flows from the node may be determined, random numbers assigned to any active flow of the incoming flows may be summed to generate a first sum, random numbers assigned to any active outgoing flows may be summed to generating a second sum, and the first sum may be multiplied with the second sum to generate a product associated with the time slot. The products over the plurality of time slots may then be summed to obtain a summed product. This may be repeated, reassigning random values to each of the plurality of flows, thereby obtaining a plurality of summed products. A variance of the plurality of summed products may be determined and compared with a threshold to obtain a comparison result.

Abstract: A peer-to-peer (P2P) bot(s) in a network is identified using an already identified P2P bot. More specifically, such embodiments may facilitate determining a candidate set of computers, which may be potential P2P bots, by identifying computers in a network that have a private mutual contact with a seed bot, which is a computer identified as a P2P bot, and identifying additional computers that have private mutual contacts with the identified computers. Further, a confidence level indicative of a certainty of a membership of each of the candidate computers in the P2P botnet is determined and responsive to a determination that the confidence level of the candidate computer exceeds a determined threshold confidence level, the candidate computer is identified as a P2P bot.

Abstract: Files can be reassembled from fragments by (a) accepting (or determining) adjacency scores for each pair of fragments from a set of fragments, (b) identifying header fragments from among the fragments of the set of fragments, and (c) for each of the header fragments identified, reconstructing a corresponding one of two or more files from the fragments of the set of fragments such that the sum of the adjacency scores are optimized. Any of the fragments, other than the identified header fragments, are permitted to belong, at least provisionally, to more than one of the at least two files when reconstructing the file(s).

Abstract: A hierarchical data structure of digested payload information (e.g., information within a payload, or information spanning two or more payloads) allows a payload excerpt to be attributed to earlier network flow information. These compact data structures permit data storage reduction, while permitting efficient query processing with a low level of false positives. One example of such a compact data structure is a hierarchical Bloom filter. Different layers of the hierarchy may correspond to different block sizes.

Abstract: Files can be reassembled from fragments by (a) accepting adjacency scores for each pair of fragments from the set of fragments, (b) identifying header fragments from among the fragments of the set of fragments, and (c) for each of the header fragments identified, reconstructing a corresponding one of the two or more files from the fragments of the set of fragments such that the sum of the adjacency scores are optimized, wherein each of the fragments is permitted to belong to only one of the at least two files, and wherein at least two files are reconstructed such that the results are independent of the order in which the files are reconstructed.

Abstract: Host reboots may be detected passively by tracking and analyzing host initialization events and/or by tracking and analyzing temporal skews in periodic events. Detected host reboots may then be used to determine or help determine whether or not the host has a possible malware infection.