Abstract: Example methods disclosed herein to determine whether a first monitored device is compromised include determining a first entropy value for the first monitored device based on a first number of unique event identifiers included in log entries obtained for the first monitored device, the log entries associated with a first time window. Disclosed example methods also include determining a second entropy value for the first monitored device based on numbers of unique event identifiers included in corresponding groups of log entries obtained for respective ones of a plurality of monitored devices including the first monitored device, the groups of log entries associated with the first time window. Disclosed example methods further include determining whether the first monitored device is compromised based on the first entropy value and the second entropy value, and performing an action in response to a determination that the first monitored device is compromised.

Abstract: Example methods disclosed herein to determine whether a first monitored device is compromised include determining a first entropy value for the first monitored device based on a first number of unique event identifiers included in log entries obtained for the first monitored device, the log entries associated with a first time window. Disclosed example methods also include determining a second entropy value for the first monitored device based on numbers of unique event identifiers included in corresponding groups of log entries obtained for respective ones of a plurality of monitored devices including the first monitored device, the groups of log entries associated with the first time window. Disclosed example methods further include determining whether the first monitored device is compromised based on the first entropy value and the second entropy value, and performing an action in response to a determination that the first monitored device is compromised.

Abstract: Example methods disclosed herein to determine whether a first monitored device is compromised include determining a first entropy value for the first monitored device based on a first number of unique event identifiers included in log entries obtained for the first monitored device, the log entries associated with a first time window. Disclosed example methods also include determining a second entropy value for the first monitored device based on numbers of unique event identifiers included in corresponding groups of log entries obtained for respective ones of a plurality of monitored devices including the first monitored device, the groups of log entries associated with the first time window. Disclosed example methods further include determining whether the first monitored device is compromised based on the first entropy value and the second entropy value, and performing an action in response to a determination that the first monitored device is compromised.

Abstract: A computing system performs adaptive clustering of machines (e.g., computing devices) and/or machine users in an organization for attack surface reduction (ASR) responsively to event feedback including system-based exclusion events and user-based requests for exclusion. The cluster adaptation may be applied to conventional vector-quantization clustering algorithms, for example K-Means, expectation-maximization (EM) clustering, or affinity clustering, to provide adaptable clusters of machines or users. The adaptation enables aggregation or disaggregation of endpoints into clusters to minimize negative business impacts on the organization while maximizing security in view of changes in the organization that occur dynamically such as varying roles for users, new applications and updates being released, and the like.

Abstract: A computing system performs adaptive clustering of machines (e.g., computing devices) and/or machine users in an organization for attack surface reduction (ASR) responsively to event feedback including system-based exclusion events and user-based requests for exclusion. The cluster adaptation may be applied to conventional vector-quantization clustering algorithms, for example K-Means, expectation-maximization (EM) clustering, or affinity clustering, to provide adaptable clusters of machines or users. The adaptation enables aggregation or disaggregation of endpoints into clusters to minimize negative business impacts on the organization while maximizing security in view of changes in the organization that occur dynamically such as varying roles for users, new applications and updates being released, and the like.

Abstract: Example methods disclosed herein to determine whether a first monitored device is compromised include determining a first entropy value for the first monitored device based on a first number of unique event identifiers included in log entries obtained for the first monitored device, the log entries associated with a first time window. Disclosed example methods also include determining a second entropy value for the first monitored device based on numbers of unique event identifiers included in corresponding groups of log entries obtained for respective ones of a plurality of monitored devices including the first monitored device, the groups of log entries associated with the first time window. Disclosed example methods further include determining whether the first monitored device is compromised based on the first entropy value and the second entropy value, and performing an action in response to a determination that the first monitored device is compromised.

Abstract: Features of the present disclosure solve the above-identified problem by implementing user and entity behavior analytics (UEBA) system to group one or more computer machines into different clusters based on monitored behavior of the one or more computer machines. Specifically, a network device (e.g., administrator computer system) may monitor the activity of the one or more computer machines for a predetermined time period in order to identify the applications that the computer machines utilize. Based on the clustering and the identifying, the network device may automatically apply different access control policies for different clusters of machines and review those access control policies against future behavior periodically. By clustering machines based on usage behavior patterns and automatically recommending a rule set for deployment, the UEBA system may reduce potential points of failure for cybersecurity breaches.

Abstract: Detecting a malware attack includes monitoring an event log of a first device, wherein the event log identifies events indicating that the first device is likely compromised, determining an expected rate of log entries during a time window, identifying that an actual rate of log entries during the time window satisfies a threshold, determining, in response to the identifying, that the first device is a compromised device, and performing an action in response to determining that the first device is a compromised device.

Abstract: Detecting a malware attack includes monitoring an event log of a first device, wherein the event log identifies events indicating that the first device is likely compromised, determining an expected rate of log entries during a time window, identifying that an actual rate of log entries during the time window satisfies a threshold, determining, in response to the identifying, that the first device is a compromised device, and performing an action in response to determining that the first device is a compromised device.

Abstract: A system and method for managing wireless vehicular communications include a system and method for vehicle protocol conversion. The system and method for vehicle protocol conversion have the ability to receive messages through a vehicle bus connector according to a vehicle bus protocol, analyze the messages to determine whether they should be transmitted, and transmit the messages over a wireless link if they should be transmitted.

Abstract: This disclosure describes techniques for data transfer between web browsers and a server computer in a web-based environment. In particular, this disclosure describes a data transfer system that includes a set of web-based applications designed to rapidly transfer large amounts of data as a background task, and similarly transfer updated data without requiring a user to request the updated data. In accordance with the invention, a cache of data is stored on the web browser. The web browser and server computer make use of web browser components or add-ins, referred to herein as data conduit modules. The data conduit modules provide the web browsers with the ability to poll the server for updates, as a background task. Additionally, the data conduit modules are capable of retrieving changed data from the server and updating the data in the local cache. Such updates can occur automatically, and independent of user requests.

Abstract: In a railway line, thermally-induced stresses are a factor for both rail breaks and rail buckling. These stresses are in the longitudinal direction. A nondestructive measuring technique enables the residual stress in a rail to be determined, and hence the thermally-induced stress. An electromagnetic probe is used to measure the stresses in the rail web in the vertical direction, and in the direction parallel to the longitudinal axis. The residual stress in the longitudinal direction can be deduced from the measured stress in the vertical direction; hence the thermally-induced stress can be determined.

Abstract: A mobile device for a vehicle is disclosed, which uses scripts provided from a server. The scripts can include indications that indicate the appropriateness of input data. Additionally, the scripts can include conditional actions that only occur when certain input data values are recorded.