Abstract: Techniques for distributed federated learning leverage a multi-layered defense strategy to provide for reduced information leakage. In lieu of aggregating model updates centrally, an aggregation function is decentralized into multiple independent and functionally-equivalent execution entities, each running within its own trusted executed environment (TEE). The TEEs enable confidential and remote-attestable federated aggregation. Preferably, each aggregator entity runs within an encrypted virtual machine that support runtime in-memory encryption. Each party remotely authenticates the TEE before participating in the training. By using multiple decentralized aggregators, parties are enabled to partition their respective model updates at model-parameter granularity, and can map single weights to a specific aggregator entity. Parties also can dynamically shuffle fragmentary model updates at each training iteration to further obfuscate the information dispatched to each aggregator execution entity.

Abstract: Techniques for distributed federated learning leverage a multi-layered defense strategy to provide for reduced information leakage. In lieu of aggregating model updates centrally, an aggregation function is decentralized into multiple independent and functionally-equivalent execution entities, each running within its own trusted executed environment (TEE). The TEEs enable confidential and remote-attestable federated aggregation. Preferably, each aggregator entity runs within an encrypted virtual machine that support runtime in-memory encryption. Each party remotely authenticates the TEE before participating in the training. By using multiple decentralized aggregators, parties are enabled to partition their respective model updates at model-parameter granularity, and can map single weights to a specific aggregator entity. Parties also can dynamically shuffle fragmentary model updates at each training iteration to further obfuscate the information dispatched to each aggregator execution entity.

Abstract: Handshake protocol layer features are extracted from training data associated with encrypted network traffic of a plurality of classified devices. Record protocol layer features are extracted from the training data. One or more models are trained based on the extracted handshake protocol layer features and the extracted record protocol layer features. The one or more models are applied to an observed encrypted network traffic stream associated with a device to determine a predicted device classification of the device.

Abstract: A random value generator is provided that comprises a carbon nanotube structure that generates a random output current in response to a voltage input. The random value generator includes a random value output circuit coupled to the carbon nanotube structure that receives the random output current from the carbon nanotube structure and generates a random output value based on the received random output current from the carbon nanotube structure.

Abstract: Handshake protocol layer features are extracted from training data associated with encrypted network traffic of a plurality of classified devices. Record protocol layer features are extracted from the training data. One or more models are trained based on the extracted handshake protocol layer features and the extracted record protocol layer features. The one or more models are applied to an observed encrypted network traffic stream associated with a device to determine a predicted device classification of the device.

Abstract: Systems and methods for protecting a data item include, upon initiation of transfer of the data item from a server to a client device, determining a sensitivity score and a current protection, level of the data item. A policy is applied to determine an appropriate protection for the data item based upon the sensitivity score and the current protection level. A protected data item is provided to the client device by applying the appropriate protection to the data item.

Abstract: A random value generator is provided that comprises a carbon nanotube structure that generates a random output current in response to a voltage input. The random value generator includes a random value output circuit coupled to the carbon nanotube structure that receives the random output current from the carbon nanotube structure and generates a random output value based on the received random output current from the carbon nanotube structure.

Abstract: A random value generator is provided that comprises a carbon nanotube structure that generates a random output current in response to a voltage input. The random value generator includes a random value output circuit coupled to the carbon nanotube structure that receives the random output current from the carbon nanotube structure and generates a random output value based on the received random output current from the carbon nanotube structure.

Abstract: Dynamic risk communication associated with a computer device may include automatically detecting one or more security risk factors for the computer device based on current context information associated with the computer device. Whether an attempt is being made via the computer device to manipulate the one or more risk factors in an attempt to reduce a security level of a computer-implemented authentication procedure may be determined. Responsive to determining that the attempt is being made to manipulate the one or more risk factors, a new challenge for additional identification may be communicated for presentation on a user interface device of the computer device while suppressing one or more security risk factors from being presented on the user interface device. Responsive to determining that an attempt is not being made to manipulate the one or more risk factors, the new challenge and one or more security risk factors may be communicated.

Abstract: A random value generator is provided that comprises a carbon nanotube structure that generates a random output current in response to a voltage input. The random value generator includes a random value output circuit coupled to the carbon nanotube structure that receives the random output current from the carbon nanotube structure and generates a random output value based on the received random output current from the carbon nanotube structure.

Abstract: Embodiments include a network data collection and response system for enhancing security in an enterprise network providing a user-supplied computing device with access to the network. A network data collection and response system tracks network activity of the device and maintains a device inventory recording the device type and configuration information for the device along with a resource utilization profile for the device. The network data collection and response system detects high-risk or unauthorized network activity involving the device through passive monitoring without utilization of a data monitoring agent installed on the device and implements a response action to mitigate the high-risk or unauthorized network.

Abstract: Generating a behavior profile is provided. A newness score is calculated for a data point corresponding to a context of an access request to a resource made by a user of a client device. Newness scores for a plurality of data points corresponding to contexts of a plurality of access requests are aggregated to form an aggregated newness score. In response to determining that the aggregated newness score is greater than or equal to a pre-defined newness score threshold, data points stored in a data point cache and a long-term storage are used to generate a new behavior profile for the user or update an existing behavior profile for the user.

Abstract: Dynamic risk communication associated with a computer device may include automatically detecting one or more security risk factors for the computer device based on current context information associated with the computer device. Whether an attempt is being made via the computer device to manipulate the one or more risk factors in an attempt to reduce a security level of a computer-implemented authentication procedure may be determined. Responsive to determining that the attempt is being made to manipulate the one or more risk factors, a new challenge for additional identification may be communicated for presentation on a user interface device of the computer device while suppressing one or more security risk factors from being presented on the user interface device. Responsive to determining that an attempt is not being made to manipulate the one or more risk factors, the new challenge and one or more security risk factors may be communicated.

Abstract: Dynamic risk communication associated with a computer device may include automatically detecting one or more security risk factors for the computer device based on current context information associated with the computer device. Whether an attempt is being made via the computer device to manipulate the one or more risk factors in an attempt to reduce a security level of a computer-implemented authentication procedure may be determined. Responsive to determining that the attempt is being made to manipulate the one or more risk factors, a new challenge for additional identification may be communicated for presentation on a user interface device of the computer device while suppressing one or more security risk factors from being presented on the user interface device. Responsive to determining that an attempt is not being made to manipulate the one or more risk factors, the new challenge and one or more security risk factors may be communicated.

Abstract: Systems and methods for protecting a data item include, upon initiation of transfer of the data item from a server to a client device, determining a sensitivity score and a current protection level of the data item. A policy is applied to determine an appropriate protection for the data item based upon the sensitivity score and the current protection level. A protected data item is provided to the client device by applying the appropriate protection to the data item.

Abstract: Dynamic risk communication associated with a computer device may include automatically detecting one or more security risk factors for the computer device based on current context information associated with the computer device. Whether an attempt is being made via the computer device to manipulate the one or more risk factors in an attempt to reduce a security level of a computer-implemented authentication procedure may be determined. Responsive to determining that the attempt is being made to manipulate the one or more risk factors, a new challenge for additional identification may be communicated for presentation on a user interface device of the computer device while suppressing one or more security risk factors from being presented on the user interface device. Responsive to determining that an attempt is not being made to manipulate the one or more risk factors, the new challenge and one or more security risk factors may be communicated.

Abstract: Systems and methods for protecting a data item include, upon initiation of transfer of the data item from a server to a client device, determining a sensitivity score and a current protection, level of the data item. A policy is applied to determine an appropriate protection for the data item based upon the sensitivity score and the current protection level.

Abstract: A technique is provided for continuous user authentication through real-time fusion and correlation of multiple factors. Monitored data is continuously obtained from a computer. The monitored data is related to user actions on the computer of a user. A server analyzes the monitored data of the computer to execute a windowing system event sequences modality, a network footprint modality, an application specific user actions modality, and/or a forensic linguistic analysis modality for the user. The user is authenticated on the computer based on a combination of the windowing system event sequences modality, the network footprint modality, the application specific user actions modality, and/or the forensic linguistic analysis modality.

Abstract: Generating a behavior profile is provided. A newness score is calculated for a data point corresponding to a context of an access request to a resource made by a user of a client device. Newness scores for a plurality of data points corresponding to contexts of a plurality of access requests are aggregated to form an aggregated newness score. In response to determining that the aggregated newness score is greater than or equal to a pre-defined newness score threshold, data points stored in a data point cache and a long-term storage are used to generate a new behavior profile for the user or update an existing behavior profile for the user.

Abstract: Systems and methods for protecting a data item include, upon initiation of transfer of the data item from a server to a client device, determining a sensitivity score and a current protection level of the data item. A policy is applied to determine an appropriate protection for the data item based upon the sensitivity score and the current protection level. A protected data item is provided to the client device by applying the appropriate protection to the data item.