Abstract: Techniques are described for implementing a system that deploys and monitors training simulations and exercises across a network, and that enables the development and execution of virtual training. An example system outputs, for display in a web browser of a trainee computing system, a graphical user interface that includes one or more training exercises, and initiates execution of software agent(s) associated with skill(s) to be demonstrated by a trainee. The example system outputs, at the trainee computing system, content corresponding to scene(s) of an at least partially virtual environment for a training exercise, where the content is rendered for display at least in the web browser of the trainee computing system. After receiving interaction data collected by the software agent(s) during the training exercise, the example system determines, based on the interaction data, that the skill(s) associated with the training exercise have been demonstrated.

Abstract: Disclosed herein are embodiments for managing a task including one or more skills. A server stores a virtual environment, software agents configured to collect data generated when a user interacts with the virtual environment to perform the task, and a predictive machine learning model. The server generates virtual entities during the performance of the task, and executes the predictive machine learning model to configure the virtual entities based upon data generated when the user interacts with the virtual environment. The server generates the virtual environment and the virtual entities configured for interaction with the user during display by the client device, and receives the data collected by the software agents. The system displays a user interface at the client device to indicate a measurement of each of the skills during performance of the task. The server trains the predictive machine learning model using this measurement of skills during task performance.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise an analytic server, which provides a terrain segmentation and classification tool for synthetic aperture radar (SAR) imagery. The server accurately segments and classifies terrain types in SAR imagery and automatically adapts to new radar sensors data. The server receives a first SAR imagery and trains an autoencoder based on the first SAR imagery to generate learned representations of the first SAR imagery. The server trains a classifier based on labeled data of the first SAR imagery data to recognize terrain types from the learned representations of the first SAR imagery. The server receives a terrain query for a second SAR imagery. The server translates the second imagery data into the first imagery data and classifies the second SAR imagery terrain types using the classifier trained for the first SAR imagery. By reusing the original classifier, the server improves system efficiency.

Abstract: Disclosed herein are embodiments of systems, methods, and products that provide adversary detection and threat hunting. A server may comprise a user side virtual machine facing the cyber protection users, a collection virtual machine facing the at-risk network, and a data repository. The server may receive user requests requesting status data from the at-risk network via the user side virtual machine. The server may collect status data from the at-risk network via the collection virtual machine and store the collected data into the data repository. Different users may request duplicate information from the at-risk network. The server may retrieve the requested information from the data repository for duplicate requests and return the responses immediately for such requests. Because the server does not query the at-risk network for duplicate requests, the server may reduce the amount of bandwidth needed to acquire and distribute the requested information.

Abstract: A warehouse management system may receive a predictive analytics request associated with one or more warehouses and may, in response, input data associated with the one or more warehouses into a warehouse management model to determine one or more predictive analytics associated with the one or more warehouses, where the warehouse management model is trained via machine learning to determine the predictive analytics. The warehouse management system may perform simulations of operations of the one or more warehouses based on the one or more predictive analytics to determine one or more warehouse actions to meet one or more operational requirements. The warehouse management system may communicate the one or more warehouse actions to one or more devices associated with the one or more warehouses to enable the one or more devices to operate according to the one or more warehouse actions to meet the one or more operational requirements.

Abstract: Embodiments relate to a system for modeling correlation in a sourcing model. The system can include a processor configured to collect voting output from plural voting sources and store the voting output in memory. The system can include a correlation modeling module configured to retrieve at least two voting outputs from memory. In some embodiments each voting output is from a different voting source. The correlation modeling module can determine correlation among at least two voting sources by measuring consensus among the at least two voting sources using an agreement metric. The correlation modeling module can determine a degree of a first-order interaction among the at least two voting sources. The correlation modeling module can determine a degree of correlation among the at least two voting sources having a degree of first-order interaction.

Abstract: Disclosed herein are embodiments of systems and methods that dynamically reconfigure a multi-tiered system of network devices and software applications in response to an ongoing and/or anticipated cyber-attack. The dynamic reconfiguration of the network devices may consist of a wide range of processes, which may include generating new network addresses for individual network devices; reconfiguring the network devices by creating firewalls, changing protocols between the network devices in a multi-tier reconfiguration solution, changing the cloud infrastructure provider of the network devices, even when the underlying network infrastructure ecosystem differs across cloud service providers (CSPs); and maintaining a secure and updated data model of a record of reconfigured network devices and their dependencies to allow legitimate users of the network devices to understand reconfiguration actions that are hidden from malicious users such as hackers and cyber-attackers.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise an analytic server, which improves the cybersecurity of a unified system comprising a plurality of sub-systems. The analytic server may instantiate a sub attack tree for each network sub-system within the unified system of distributed network infrastructure. The analytic server may access the sub attack trees of the network sub-systems based on the corresponding identifiers. The analytic server may build a high-level attack tree of the unified system by aggregating the sub attack tree of each sub-system. The analytic server may determine how the interconnection of the plurality of network sub-systems may affect the unified system security. The analytic server may update one or more nodes of the attack tree to reflect the changes produced from the interconnection. The analytic server may build the attack tree based on a set of aggregation rules.

Abstract: Disclosed herein are embodiments for managing a task including one or more skills. A server stores a virtual environment, software agents configured to collect data generated when a user interacts with the virtual environment to perform the task, and a predictive machine learning model. The server generates virtual entities during the performance of the task, and executes the predictive machine learning model to configure the virtual entities based upon data generated when the user interacts with the virtual environment. The server generates the virtual environment and the virtual entities configured for interaction with the user during display by the client device, and receives the data collected by the software agents. The system displays a user interface at the client device to indicate a measurement of each of the skills during performance of the task. The server trains the predictive machine learning model using this measurement of skills during task performance.

Abstract: An example network security and threat assessment system is configured to determine, based on one or more events that have occurred during execution of one or more applications, a potential security vulnerability of a target computing system, where the one or more events correspond to a node represented in the hierarchical risk model. The system is further configured to identify, based on a mapping of the node represented in the hierarchical risk model to a node represented in a hierarchical game tree model, one or more actions that are associated with the potential security vulnerability and that correspond to the node represented in the hierarchical game tree model, and to output, for display in a graphical user interface, a graphical representation of the potential security vulnerability and the one or more actions associated with the potential security vulnerability.

Abstract: An attack tree model for an aviation system comprises a plurality of tree nodes organized as a tree. For each tree node of the attack tree model model, the tree node corresponds to a respective event that may befall aviation system. An analysis computing system generates one or more attack tree models for the aviation system, wherein the aviation system includes one or more systems, sub-systems, or components. The analysis computing system further performs an assessment of one or more of the system, sub-systems, or components of the aviation system using the one or more attack tree models, and outputs metrics indicative of the assessment.

Abstract: Disclosed herein are embodiments of systems, methods, and products that execute tools to identify non-malicious faults in source codes introduced by engineers and programmers. The tools may execute a machine learning model on the source codes to perform sentiment analysis and pattern analysis on information associated with the source codes to generate annotated source code files identifying anomalies based on the sentiment analysis and the pattern analysis. One or more threat levels are then identified and ranked based on the one or more anomalies and a ranked list of the one or more threat levels is displayed on a graphical user interface of a computer.

Abstract: Disclosed herein are embodiments of systems, methods, and products that provide adversary detection and threat hunting. A server may comprise a user side virtual machine facing the cyber protection users, a collection virtual machine facing the at-risk network, and a data repository. The server may receive user requests requesting status data from the at-risk network via the user side virtual machine. The server may collect status data from the at-risk network via the collection virtual machine and store the collected data into the data repository. Different users may request duplicate information from the at-risk network. The server may retrieve the requested information from the data repository for duplicate requests and return the responses immediately for such requests. Because the server does not query the at-risk network for duplicate requests, the server may reduce the amount of bandwidth needed to acquire and distribute the requested information.

Abstract: For each respective virtual machine (VM) of a plurality of VMs, a distributed computing system generates a unique Application Binary Interface (ABI) for an operating system for the respective VM, compiles a software application to use the unique ABI, and installs the operating system and the compiled software application on the respective VM. A dispatcher node dispatches, to one or more VMs of the plurality of VMs that provide a service and are in the active mode, request messages for the service. Furthermore, a first host device may determine, in response to software in the first VM invoking a system call in a manner inconsistent with the unique ABI for the operating system of the first VM, that a failover event has occurred. Responsive to the failover event, the distributed computing system fails over from the first VM to a second VM.

Abstract: Disclosed herein are embodiments for managing a virtual reality (VR) training exercise via a management server. The management server outputs a graphical dashboard including one or more skill nodes, and selects one or more software agents associated with the skill nodes. The management server provides the software agents to at least one host computing system communicatively coupled to a near-to-eye display device. The near-to-eye display device is configured to display a virtual three dimensional (3D) training environment including a plurality of interactive 3D virtual objects. The software agents are configured to collect VR observables data while the trainee performs actions within the virtual 3D training environment. Based on the VR observables data collected, the management server determines that one or more skills have been demonstrated during the training exercise, and updates the one or more skill nodes to graphically indicate the one or more skills demonstrated by the trainee.

Abstract: Disclosed herein are embodiments of systems and methods that dynamically reconfigure a multi-tiered system of network devices and software applications in response to an ongoing and/or anticipated cyber-attack. The dynamic reconfiguration of the network devices may consist of a wide range of processes, which may include generating new network addresses for individual network devices; reconfiguring the network devices by creating firewalls, changing protocols between the network devices in a multi-tier reconfiguration solution, changing the cloud infrastructure provider of the network devices, even when the underlying network infrastructure ecosystem differs across cloud service providers (CSPs); and maintaining a secure and updated data model of a record of reconfigured network devices and their dependencies to allow legitimate users of the network devices to understand reconfiguration actions that are hidden from malicious users such as hackers and cyber-attackers.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise an analytic server, which provides a SilverlineRT system that prioritizes and analyzes security alerts and events. The server builds an attack tree based on attack detection rules. The server monitors large-scale distributed systems and receives alerts from various devices. The server determines attacks using the attack tree while excluding false alarms. The server determines impact and risk metrics for attacks in real-time, and calculates an impact score for each attack. The server ranks and prioritizes the attacks based on the impact scores. The server also generates real-time reports. By consider the mission and system specific context in the analysis alert information, the server gives insight into the overall context of problems and potential solutions, improving decision-making. By showing the impacts of alters, the server allows security personnel to prioritize responses and focus on highest value defense activities.

Abstract: Disclosed herein are embodiments for managing a task including one or more skills. A server stores a virtual environment, software agents configured to collect data generated when a user interacts with the virtual environment to perform the task, and a predictive machine learning model. The server generates virtual entities during the performance of the task, and executes the predictive machine learning model to configure the virtual entities based upon data generated when the user interacts with the virtual environment. The server generates the virtual environment and the virtual entities configured for interaction with the user during display by the client device, and receives the data collected by the software agents. The system displays a user interface at the client device to indicate a measurement of each of the skills during performance of the task. The server trains the predictive machine learning model using this measurement of skills during task performance.

Abstract: An example method includes initializing, by an obfuscation computing system, communications with nodes in a distributed computing platform, the nodes including one or more compute nodes and a controller node, and performing at least one of: (a) code-level obfuscation for the distributed computing platform to obfuscate interactions between an external user computing system and the nodes, wherein performing the code-level obfuscation comprises obfuscating data associated with one or more commands provided by the user computing system and sending one or more obfuscated commands to at least one of the nodes in the distributed computing platform; or (b) system-level obfuscation for the distributed computing platform, wherein performing the system-level obfuscation comprises at least one of obfuscating system management tasks that are performed to manage the nodes or obfuscating network traffic data that is exchanged between the nodes.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise an analytic server, which detects and defends against malware in-flight regardless of the specific nature and methodology of the underlying attack. The analytic server learns the system's normal behavior during testing and evaluation phase and trains a machine-learning model based on the normal behavior. The analytic server monitors the system behavior during runtime comprising the runtime behavior of each sub-system of the system. The analytic server executes the machine-learning model and compares the system runtime behavior with the normal behavior to identify anomalous behavior. The analytic server executes one or more mitigation instructions to mitigate malware. Based on multiple available options for mitigating malware, the analytic server makes an intelligent decision and takes the least impactful action that have the least impact on the system to maintain mission assurance.