Abstract: A method, computer system, and a computer program product for assessing anonymity of a dataset is provided. The present invention may include receiving an original dataset and an anonymized dataset. The present invention may also include preparing a testing dataset and a training dataset for a machine learning algorithm based on the received original dataset and anonymized dataset. The present invention may then include training a machine learning model based on the prepared training dataset. The present invention may further include generating an evaluation score based on the trained machine learning model and the prepared testing dataset. The present invention may also include presenting the generated evaluation score to a user.

Abstract: A method, computer system, and a computer program product for identifying a hacked database is provided. The present invention may include generating a marked account using a plurality of data. The present invention may then include initiating a first transaction using the generated marked account. The present invention may also include determining that a second transaction has occurred using the generated marked account. The present invention may further include receiving notification of the second transaction based on determining that the second transaction occurred.

Abstract: A method, including partitioning a dataset into a first number of data units, and selecting, based on a sampling ratio, a second number of the data units. A hash value is calculated for each of the selected data units, and a first histogram is computed indicating a first duplication count for each of the calculated hash values. Based on respective frequencies of the calculated hash values, a second histogram is computed indicating an observed frequency for each of the first duplication counts in the first histogram, and based on the sampling ratio and the second histogram, a target function is derived. A third histogram that minimizes the target function is derived, the third histogram including, for the first number of the storage units, second duplication counts and a respective predicted frequency for each of the second duplication counts. Finally, a deduplication ratio is determined based on the third histogram.

Abstract: A method, computer system, and a computer program product for assessing anonymity of a dataset is provided. The present invention may include receiving an original dataset and an anonymized dataset. The present invention may also include preparing a testing dataset and a training dataset for a machine learning algorithm based on the received original dataset and anonymized dataset. The present invention may then include training a machine learning model based on the prepared training dataset. The present invention may further include generating an evaluation score based on the trained machine learning model and the prepared testing dataset. The present invention may also include presenting the generated evaluation score to a user.

Abstract: A method, computer system, and a computer program product for assessing anonymity of a dataset is provided. The present invention may include receiving an original dataset and an anonymized dataset. The present invention may also include preparing a testing dataset and a training dataset for a machine learning algorithm based on the received original dataset and anonymized dataset. The present invention may then include training a machine learning model based on the prepared training dataset. The present invention may further include generating an evaluation score based on the trained machine learning model and the prepared testing dataset. The present invention may also include presenting the generated evaluation score to a user.

Abstract: A method, computer system, and a computer program product for identifying a hacked database is provided. The present invention may include generating a marked account using a plurality of data. The present invention may then include initiating a first transaction using the generated marked account. The present invention may also include determining that a second transaction has occurred using the generated marked account. The present invention may further include receiving notification of the second transaction based on determining that the second transaction occurred.

Abstract: A method, computer system, and a computer program product for identifying a hacked database is provided. The present invention may include generating a marked account using a plurality of data. The present invention may then include initiating a first transaction using the generated marked account. The present invention may also include determining that a second transaction has occurred using the generated marked account. The present invention may further include receiving notification of the second transaction based on determining that the second transaction occurred.

Abstract: A computerized method comprising, on a mobile computing device, processing a vehicle integration request made by one or more of (i) the mobile computing device and (ii) a transportation vehicle. The mobile computing device computes a risk assessment value that quantifies a security risk to the transportation vehicle as a result of connecting the mobile computing device to the transportation vehicle, where the computing is based on one or more of a hardware and a software of the mobile computing device. The mobile computing device transmits the risk assessment value to a vehicle computer integrated in the transportation vehicle. The mobile computing device completes a digital data connection with the vehicle computer when the risk assessment value complies with a vehicle access security policy of the vehicle computer.

Abstract: A method and system for calculating and ascribing reputation scores to Domain Name System (DNS) domain names, the method including capturing domain names appearing in a network during a predefined time frame and extracting features of each of the captured domain names, and calculating a reputation score for each of the captured domain names by assessing an expected life duration of each of the captured domain names based on the domain name features.

Abstract: Embodiments of the present invention disclose a method, computer system, and a computer program product for vehicle software security associated with a vehicle. The present invention may include collecting vehicle data from the vehicle. The present invention may also include collecting mobile device data from an authorized mobile device associated with an authorized operator. The present invention may then include comparing the collected vehicle data with the collected mobile device data. The present invention may further include determining that the collected vehicle data does not match the collected mobile device data. The present invention may include also sending an alert message to a security control application based on determining that the collected vehicle data does not match the collected mobile device data.

Abstract: Embodiments of the present invention disclose a method, computer system, and a computer program product for vehicle software security associated with a vehicle. The present invention may include collecting vehicle data from the vehicle. The present invention may also include collecting mobile device data from an authorized mobile device associated with an authorized operator. The present invention may then include comparing the collected vehicle data with the collected mobile device data. The present invention may further include determining that the collected vehicle data does not match the collected mobile device data. The present invention may include also sending an alert message to a security control application based on determining that the collected vehicle data does not match the collected mobile device data.

Abstract: A cooperative vehicle monitoring method including, at an intravehicular monitor configured with each of a plurality of vehicles, gathering any in-vehicle data associated with the vehicle, detecting any intravehicular anomaly associated with the vehicle by analyzing the in-vehicle data, and reporting intravehicular information including any of the detected intravehicular anomaly and the in-vehicle data, and, at an extravehicular monitor, detecting any anomaly by analyzing the reported intravehicular information in combination with extravehicular data that are external to the plurality of vehicles, and reporting any of the intravehicular information, the extravehicular data, and any anomaly detected at the extravehicular monitor.

Abstract: There is provided, in accordance with some embodiments, a method comprising using one or more hardware processors for receiving a behavioral biometric model that characterizes a human user according to pointing device data of the human user, where the pointing device data comprises screen coordinate and time stamp pairs. The method comprises an action of monitoring an input data stream from a pointing device in real time, wherein the input data stream covers two or more spatial regions of a display screen, and an action of segregating the input data stream into one or more subset streams that is restricted to one of the plurality of spatial regions. The method comprises an action of computing a similarity score based on one or more comparisons of the behavioral biometric model and the one or more subset streams, and an action of sending the similarity score to a user authorization system.

Abstract: Techniques for monitoring a controller area network bus are described herein. In one example, a system comprises a processor that is to detect a message from a source electronic control unit in a vehicle and calculate a location of the source electronic control unit based on at least two arrival times, the arrival times indicating a distance between a first monitor and the source electronic control unit. The processor can also detect that the message corresponds to a function controlled by a second electronic control unit and generate a warning that the message from the source electronic control unit is malicious.

Abstract: For real-time classification of data into data compression domains, a decision is made for which of the data compression domains write operations should be forwarded by reading randomly selected data of the write operations for computing a set of classifying heuristics thereby creating a fingerprint for each of the write operations. The write operations having a similar fingerprint are compressed together in a similar compression stream.

Abstract: Embodiments of the present invention may provide the capability to identify security breaches in computer systems from clustering properties of clusters generated based on monitored behavior of users of the computer systems by using techniques that provide improved performance and reduced resource requirements. For example, behavior of users or resources may be monitored and analyzed to generate clusters and train clustering models. Labeling information relating to some user or resource may be received. When users or resources are clustered and when a cluster contains some labeled users/resources then an anomaly score can be determined for a user/resource belonging to the cluster. A user or resource may be detected to be an outlier of at least one cluster to which the user or resource has been assigned, and an alert indicating detection of the outlier may be generated.

Abstract: Mitigating return-oriented programming attacks. From program code and associated components needed by the program code for execution, machine language instruction sequences that may be combined and executed as malicious code are selected. A predetermined number of additional copies of each of the selected machine language instruction sequences are made, and the additional copies are marked as non-executable. The machine language instruction sequences and the non-executable copies are distributed in memory. If a process attempts to execute a machine language instruction sequence that has been marked non-executable, the computer may initiate protective action.

Abstract: A cooperative vehicle monitoring method including, at an intravehicular monitor configured with each of a plurality of vehicles, gathering any in-vehicle data associated with the vehicle, detecting any intravehicular anomaly associated with the vehicle by analyzing the in-vehicle data, and reporting intravehicular information including any of the detected intravehicular anomaly and the in-vehicle data, and, at an extravehicular monitor, detecting any anomaly by analyzing the reported intravehicular information in combination with extravehicular data that are external to the plurality of vehicles, and reporting any of the intravehicular information, the extravehicular data, and any anomaly detected at the extravehicular monitor.

Abstract: A method, including partitioning a dataset into a first number of data units, and selecting, based on a sampling ratio, a second number of the data units. A hash value is calculated for each of the selected data units, and a first histogram is computed indicating a first duplication count for each of the calculated hash values. Based on respective frequencies of the calculated hash values, a second histogram is computed indicating an observed frequency for each of the first duplication counts in the first histogram, and based on the sampling ratio and the second histogram, a target function is derived. A third histogram that minimizes the target function is derived, the third histogram including, for the first number of the storage units, second duplication counts and a respective predicted frequency for each of the second duplication counts. Finally, a deduplication ratio is determined based on the third histogram.

Abstract: A method includes associating, in a graph including graph nodes connected via of edges, a respective node weight with each of the graph nodes, and organizing the graph nodes into ancestor nodes, each of the ancestor nodes having one or more descendent nodes so that the ancestor and the descendent nodes include all the graph nodes. For a given descendent node, a respective path to one or more of the ancestor nodes is identified, each of the respective paths including one or more edges, and a given ancestor node having a shortest of the identified paths is determined. A respective edge weight is assigned to each of the one or more edges in the shortest path, and, for the given descendent node, a node loss value is calculated based on the node weight and the respective edge weight of the each of the one or more edges.