Abstract: A kernel-based proactive engine can be configured to evaluate system call functions that are invoked when user-mode objects make system calls. As part of evaluating a system call function, the kernel-based proactive engine can generate a feature vector for the system call function. The kernel-based proactive engine can then analyze the feature vector using a multidimensional anomaly detection algorithm that has been trained using feature vectors of system call functions that are known to be safe. When the evaluation indicates that the feature vector is anomalous, the kernel-based proactive engine can block the system call.

Abstract: A method, system and computer-usable medium are disclosed for voice-based alerting of an individual wearing an obstructive listening device. Certain embodiments include detecting speech in an ambient environment in which the person wearing the obstructive listening device is present; determining whether the detected speech includes a name of the person wearing the obstructive listening device; if the detected speech includes the name of the person wearing the obstructive listening device determining whether the name of the person was spoken using a calling speech characteristic; and if the name of the person was spoken using a calling speech characteristic, automatically alerting the person wearing the obstructive listening device that another person in the ambient environment is calling for attention of the person wearing the obstructive listening device.

Abstract: Techniques are provided for automatically detecting disruptive orders for a supply chain. One method comprises obtaining a quote for an order; extracting features from the quote; and applying the extracted features to a disruptive quote machine learning engine that generates an anomaly score indicating a likelihood that the quote will cause a disruption, based on one or more predefined disruption criteria. The disruptive quote machine learning engine may employ an isolation forest algorithm and/or a multi-dimensional anomaly detection algorithm. The disruptive quote machine learning engine may be trained using historical order information comprising part-level information from historical orders and/or a manufacturing production plan comprising an inventory forecast.

Abstract: A kernel-based proactive engine can be configured to evaluate system call functions that are invoked when user-mode objects make system calls. As part of evaluating a system call function, the kernel-based proactive engine can generate a feature vector for the system call function. The kernel-based proactive engine can then analyze the feature vector using a multidimensional anomaly detection algorithm that has been trained using feature vectors of system call functions that are known to be safe. When the evaluation indicates that the feature vector is anomalous, the kernel-based proactive engine can block the system call.

Abstract: An information handling system may receive a plurality of rules and a file for malware testing. The information handling system may apply two or more of the plurality of rules to the received file to determine a plurality of outcomes of application of the rules to the file. The information handling system may determine whether to classify the received file as malware or not malware by applying a machine learning model to the plurality of outcomes.

Abstract: Life cycle management techniques are provided for cloud-based application executors with key-based access to other devices. An exemplary method comprises determining that a retention time for a first cloud-based application executor (e.g., a virtual machine or a container) has elapsed, wherein the first cloud-based application executor has key-based access to at least one other device using a first key; in response to the determining, performing the following steps: creating a second cloud-based application executor; and determining a second key for the second cloud-based application executor that is different than the first key, wherein the second cloud-based application executor uses the first key to add the second key to one or more trusted keys of the at least one other device and deactivates the first key from the one or more trusted keys.

Abstract: Techniques are provided for estimating a delivery time for a product in a supply chain. One method comprises obtaining an order for at least one product; calculating a similarity-based feature and/or a proximity-based feature for the order; and applying the calculated at least one of the similarity-based feature and the proximity-based feature for the order to a machine learning engine that generates an estimated delivery time for the order, wherein the machine learning engine is trained using characteristics from the historical orders. The similarity-based feature for the order can be calculated using a delivery time value of historical orders in a given order cluster where the order was assigned based on a predefined distance metric between the order and features of each order cluster. The proximity-based feature for the order can be calculated using a delivery time value of the historical orders that satisfy one or more predefined recency criteria.

Abstract: Techniques are provided for automatically detecting disruptive orders for a supply chain. One method comprises obtaining a quote for an order; extracting features from the quote; and applying the extracted features to a disruptive quote machine learning engine that generates an anomaly score indicating a likelihood that the quote will cause a disruption, based on one or more predefined disruption criteria. The disruptive quote machine learning engine may employ an isolation forest algorithm and/or a multi-dimensional anomaly detection algorithm. The disruptive quote machine learning engine may be trained using historical order information comprising part-level information from historical orders and/or a manufacturing production plan comprising an inventory forecast.

Abstract: A method, system and computer-usable medium are disclosed for voice-based alerting of an individual wearing an obstructive listening device. Certain embodiments include detecting speech in an ambient environment in which the person wearing the obstructive listening device is present; determining whether the detected speech includes a name of the person wearing the obstructive listening device; if the detected speech includes the name of the person wearing the obstructive listening device determining whether the name of the person was spoken using a calling speech characteristic; and if the name of the person was spoken using a calling speech characteristic, automatically alerting the person wearing the obstructive listening device that another person in the ambient environment is calling for attention of the person wearing the obstructive listening device.

Abstract: A method includes monitoring data of one or more containers running on one or more container host devices, a given one of the containers providing operating-system level virtualization for running at least one application. The method also includes determining a first set of behavior metrics for the given container based on the monitoring data, the first set of behavior metrics characterizing current behavior of the given container. The method further includes generating a model characterizing normal operation of the at least one application running in the given container using a second set of behavior metrics obtained during a learning period, utilizing the model to detect one or more anomalies in the first set of behavior metrics characterizing the current behavior of the given container, generating an alert responsive to detecting one or more anomalies in the first set of behavior metrics, and delivering the alert to a client device.

Abstract: Techniques are provided for data-driven ensemble-based malware detection. An exemplary method comprises obtaining a file; extracting metadata from the file; obtaining a plurality of malware detection procedures; selecting a subset of the plurality of malware detection procedures to apply to the file utilizing a likelihood that each of the plurality of malware detection procedures will result in a malware detection for the file based on the extracted metadata; applying the selected subset of the malware detection procedures to the file; and processing results of the subset of malware detection procedures using a machine learning model to determine a probability of the file being malware.

Abstract: Techniques are provided for detecting malicious software code embedded in image files, using machine learning. One method comprises obtaining metadata for an image file; applying the obtained metadata to at least one machine learning technique to classify the image file into at least one of a plurality of predefined classes, wherein the plurality of predefined classes comprises at least one malicious file class; and determining whether the image file comprises malicious software code based on the classification. The machine learning technique is trained using image files classified into at least one of the plurality of predefined classes. The machine learning technique employs a deep neural network and/or a convolutional neural network to classify the image file into the at least one predefined class.

Abstract: Methods, apparatus and computer program products are provided for detection of anomalies in containers using corresponding container profiles. An exemplary method comprises: obtaining at least one container and a corresponding container profile from a container registry, wherein the container profile characterizes an expected normal operation of an application executing in the container; comparing a behavior of the application executing in the container to the expected normal operation in the corresponding container profile to determine if the container exhibits anomalous behavior; and providing a notification of the anomalous behavior when the container exhibits the anomalous behavior. The container profile is obtained, for example, by monitoring a behavior of (i) a plurality of versions of the at least one container, and/or (ii) the at least one application executing in the at least one container on a plurality of different container host devices.

Abstract: At least one security incident indicative of at least one security event that may impact or has impacted one or more assets associated with an organization is obtained. A remediation recommendation is automatically generated for the security incident based on one or more of: (i) one or more remediation processes associated with one or more security incidents that precede the at least one security incident in time; and (ii) one or more values attributed to the one or more assets of the organization.

Abstract: Life cycle management techniques are provided for cloud-based application executors with key-based access to other devices. An exemplary method comprises determining that a retention time for a first cloud-based application executor (e.g., a virtual machine or a container) has elapsed, wherein the first cloud-based application executor has key-based access to at least one other device using a first key; in response to the determining, performing the following steps: creating a second cloud-based application executor; and determining a second key for the second cloud-based application executor that is different than the first key, wherein the second cloud-based application executor uses the first key to add the second key to one or more trusted keys of the at least one other device and deactivates the first key from the one or more trusted keys.

Abstract: Techniques are provided for data-driven ensemble-based malware detection. An exemplary method comprises obtaining a file; extracting metadata from the file; obtaining a plurality of malware detection procedures; selecting a subset of the plurality of malware detection procedures to apply to the file utilizing a likelihood that each of the plurality of malware detection procedures will result in a malware detection for the file based on the extracted metadata; applying the selected subset of the malware detection procedures to the file; and processing results of the subset of malware detection procedures using a machine learning model to determine a probability of the file being malware.

Abstract: At least one security feed indicative of at least one security event that may impact or has impacted one or more assets associated with an organization is obtained. The at least one security feed is automatically classified as being relevant or not relevant. The at least one security feed is automatically ranked in response to the at least one security feed being classified as relevant. The ranking of the at least one security feed is presented to an entity to make an assessment of the security event.

Abstract: At least one security incident indicative of at least one security event that may impact or has impacted one or more assets associated with an organization is obtained. The at least one security incident is automatically ranked based on one or more of: (i) one or more rankings associated with one or more security incidents that precede the at least one security incident in time; and (ii) one or more values attributed to the one or more assets of the organization. The ranking of the at least one security incident is presented to an entity to make an assessment of the security event.

Abstract: A customer blockchain data store is provided. An exemplary method comprises obtaining a blockchain associated with a given customer of an enterprise having multiple customer communication channels, wherein the blockchain comprises transaction data for the given customer with the customer communication channels; obtaining new transaction data for the given customer for a given one of the customer communication channels; providing the new transaction data for the given customer to additional customer communication channels; receiving a validation of the new transaction data from the additional customer communication channels based on one or more predefined validation criteria; and storing the validated new transaction data for the given customer in the blockchain associated with the given customer.

Abstract: Techniques are provided for anomaly-based ransomware detection of encrypted files. One exemplary method comprises obtaining metadata for an encrypted file; applying an anomaly detection technique to the metadata to compare at least one attribute in the metadata to one or more corresponding historical baseline values for the at least one attribute; and determining whether the encrypted file comprises a ransomware encryption based on the comparison. In some embodiments, one or more of file extension attributes, file size attributes and file name attributes in the metadata are compared to the one or more corresponding historical baseline values to identify a ransomware attack.