Abstract: Described herein are systems utilizing a DevSecOps model comprising a CI/CD template, framework interfacing with a CI/CD pipeline that can integrate the assemblage of software components that collectively automate the building, testing, and delivery of applications within various hosting environments. Also described herein are methods utilizing the aforementioned systems.

Abstract: Techniques for capturing query execution statistics are disclosed. The disclosed system determines which queries are executing during a sampling interval. The system identifies related queries that share similarity criteria with the currently executing query. The system obtains query execution statistics for the query executing during the sampling interval and any related queries. The system generates or obtains statistics during a monitoring window that spans a longer period of time than a single intervening period between the current sampling interval and a prior interval. The statistics are stored in permanent storage or transmitted to a requesting computer. The system refrains from analyzing statistics for queries (and any related queries) that did not execute during a current sampling interval.

Abstract: Systems and methods for detecting regions of interests (ROIs) in biomedical images are described herein. A computing system may identify a biomedical image having an ROI. The computer system may apply an object detection model to the biomedical image. The object detection model may generate a feature map using the biomedical image. The object detection model may generate an anchor box corresponding to a portion of the pixels in the feature map. The computing system may apply an instance segmentation model to identify a segment of the biomedical image within the anchor box corresponding to the ROI. The computer system may provide an output based on the segment to identify the ROI in the biomedical image.

Abstract: A segmentation server configures and distributes rules for enforcing a segmentation policy that includes one or more virtual patches. The rules including the virtual patches are enforced by distributed enforcement modules that may execute on host devices or on network devices upstream from the host devices. An enforcement module enforces the rules using traffic filters that filter traffic based on network layer data. To implement a virtual patch, the traffic filters are configured to redirect traffic to or from an application being patched to a transparent application proxy. The transparent application proxy implements an application layer filter that filters traffic based on application layer data to block specific types of traffic associated with a vulnerability addressed by the virtual patch.

Abstract: Embodiments provide methods and systems for predicting chargeback behavioral data of an account holder. The method performed by a server system includes accessing payment transaction data associated with the account holder from a transaction database. The payment transaction data includes a set of transaction indicators corresponding to payment transactions performed by the account holder within a predetermined time period. The method further includes generating a set of transaction features based on the set of transaction indicators. Furthermore, the method includes computing, via a chargeback risk prediction model, a set of chargeback risk probability scores corresponding to one or more time intervals associated with the account holder based, at least in part, on the set of transaction features. The method also includes transmitting a notification to an issuer server associated with the account holder based, at least in part, on the set of chargeback risk probability scores.

Abstract: A policy management server manages a segmentation policy for segmenting a network and a deception policy for implementing deception services. The policy management server distributes segmentation rules and deception rules to distributed enforcement modules that configure respective traffic filters to enforce the policies. The deception rule may be enforced directly by the traffic filter acting as a deception service, or the traffic filter may act as a proxy to an external deception service. The deception service can behave similarly to a real service to obtain information about the malicious actor that is reported to the policy management server to enable the policy management server to take a remedial action. Furthermore, the policy management server may automatically generate the deception policy based on the segmentation policy such that connection requests that are not allowed by the segmentation policy are automatically sent to a deception service.

Abstract: A system for extracting data from a plurality of electromagnetic data signals encoding the data is provided. The system includes a phase modulator which receives an electromagnetic beam, and generates an electromagnetic primary reference beam with a defined phase. The system further includes one or more mixing units, each mixing unit being arranged to receive a respective one of the data signals and a reference beam, and to generate two mixed signals. The one or more mixing units include a first mixing unit for which the reference beam is the primary reference beam. The system also includes a plurality of detection units. Each detection unit is arranged to receive a respective one of the data signals and a respective mixed signal from one of the mixing units, and to obtain a difference measurement indicative of a difference between the respective data signal and the respective mixed signal.

Abstract: A policy management server detects attack patterns in traffic flows reported by distributed enforcement modules enforcing the segmentation policy. The policy management server generates a traffic flow graph representing traffic flows between workloads or groups of workloads. Traffic flows matching one or more traffic flow patterns may be tagged in the traffic flow graph. For example, if an attack pattern is present in a connection that is blocked under the segmentation policy, the policy management server may block updates to the segmentation policy that attempt to enable the connection or may alert an administrator prior to enabling the update. If an attack pattern is present in a connection that is allowed under the segmentation policy, the segmentation policy may be updated to block the connection, alert an administrator, redirect traffic to a deception service, or take other remedial action.

Abstract: Techniques for capturing query execution statistics are disclosed. The disclosed system determines which queries are executing during a sampling interval. The system identifies related queries that share similarity criteria with the currently executing query. The system obtains query execution statistics for the query executing during the sampling interval and any related queries. The system generates or obtains statistics during a monitoring window that spans a longer period of time than a single intervening period between the current sampling interval and a prior interval. The statistics are stored in permanent storage or transmitted to a requesting computer. The system refrains from analyzing statistics for queries (and any related queries) that did not execute during a current sampling interval.

Abstract: Systems and methods in accordance with various embodiments of the invention enable quality based streaming. A content player in accordance with an embodiment of the invention includes: a processor; a network interface; and memory containing a content player application. The content player application can direct the processor to: receive quality metadata describing a plurality of streams, where: the plurality of streams are encoded at different maximum bitrates; each stream is divided into content segments; and the quality varies between content segments in each stream. Furthermore, the content player application directs the processor to measure available bandwidth; request content segments from the plurality of streams based upon the available network bandwidth and the quality metadata, where the requested content segments include content segments encoded at a maximum bitrate and having quality that is the lowest maximum bitrate that achieves a target quality level.

Abstract: A policy management server manages a segmentation policy for segmenting a network and a deception policy for implementing deception services. The policy management server distributes segmentation rules and deception rules to distributed enforcement modules that configure respective traffic filters to enforce the policies. The deception rule may be enforced directly by the traffic filter acting as a deception service, or the traffic filter may act as a proxy to an external deception service. The deception service can behave similarly to a real service to obtain information about the malicious actor that is reported to the policy management server to enable the policy management server to take a remedial action. Furthermore, the policy management server may automatically generate the deception policy based on the segmentation policy such that connection requests that are not allowed by the segmentation policy are automatically sent to a deception service.

Abstract: A policy management server detects attack patterns in traffic flows reported by distributed enforcement modules enforcing the segmentation policy. The policy management server generates a traffic flow graph representing traffic flows between workloads or groups of workloads. Traffic flows matching one or more traffic flow patterns may be tagged in the traffic flow graph. For example, if an attack pattern is present in a connection that is blocked under the segmentation policy, the policy management server may block updates to the segmentation policy that attempt to enable the connection or may alert an administrator prior to enabling the update. If an attack pattern is present in a connection that is allowed under the segmentation policy, the segmentation policy may be updated to block the connection, alert an administrator, redirect traffic to a deception service, or take other remedial action.

Abstract: A system selects a set of advertisement media associated with a product. A set of persistent advertisement media from the set of advertisement media is identified based on one or more tests. A Gaussian Bayesian (GB) network based on the set of advertisement media. A net persistence rate for each of the set of persistent advertisement media is determined based on the GB network. a competitor factor associated with another vendor of the product is computed based on one or more marketing parameters associated with the another vendor. A predicted sales (PS) value associated with each of the set of persistent advertisement media is determined. A persistent advertisement medium is selected in real time based on corresponding PS value. An advertisement is rendered on the selected persistent advertisement medium in real time for marketing the product.

Abstract: A computer-based method includes receiving an input signal at a neuron in a computer-based neural network that includes a plurality of neuron layers, applying a first non-linear transform to the input signal at the neuron to produce a plain signal, and calculating a weighted sum of a first component of the input signal and the plain signal at the neuron. In a typical implementation, the first non-linear transform is a function of the first component of the input signal and at least a second component of the input signal.

Abstract: An enforcement module operating on a server or on a network midpoint device obtains a management instruction controlling communications of a target workload. The enforcement module configures a firewall of a network midpoint device upstream from the target workload to enforce the management instruction. The configuration mechanism may be dependent on the particular capabilities and characteristics of the network midpoint device.

Abstract: A method, referred to herein as upside down reinforcement learning (UDRL), includes: initializing a set of parameters for a computer-based learning model; providing a command input into the computer-based learning model as part of a trial, wherein the command input calls for producing a specified reward within a specified amount of time in an environment external to the computer-based learning model; producing an output with the computer-based learning model based on the command input; and utilizing the output to cause an action in the environment external to the computer-based learning model. Typically, during training, the command inputs (e.g., “get so much desired reward within so much time,” or more complex command inputs) are retrospectively adjusted to match what was really observed.

Abstract: A segmentation server configures and distributes rules for enforcing a segmentation policy that includes one or more virtual patches. The rules including the virtual patches are enforced by distributed enforcement modules that may execute on host devices or on network devices upstream from the host devices. An enforcement module enforces the rules using traffic filters that filter traffic based on network layer data. To implement a virtual patch, the traffic filters are configured to redirect traffic to or from an application being patched to a transparent application proxy. The transparent application proxy implements an application layer filter that filters traffic based on application layer data to block specific types of traffic associated with a vulnerability addressed by the virtual patch.

Abstract: Apparatus (300, 400) and method (600) for passive remote control are provided. The apparatus (300) includes at least two radio-frequency identification (RFID) tag devices (330_1, 330_2, 330_N, 430_1, 430_2) each operable to transmit a signal when activated and a first switch coupled to the at least two RFID tag devices (310_1, 310_2, 310_K, 410_1) and operable to activate the at least two RFID tag devices when the first switch is in a first switch state, said first switch being a first key identified by RFID tag information of the at least two RFID tag devices. Apparatus (110) and method (700) for receiving RFID signals are also provided.

Abstract: A system provides a configurable market mix modeling (MMM) platform based on machine-learning (ML). The system may include configurable MMM pipelines in which an end user may identify portions and/or inputs to the MMM pipelines to be included or excluded from ML modeling. The system may apply ML to market data to automatically discover variables that correlate with a key performance indicator (PKI) such as sales to be used for modeling. The system may automatically generate multiple models, filter the models for robustness and ensemble the filtered models to generate a unified model. The unified model may be optimized using a multi-layered approach and introducing deviations into the model.

Abstract: A method of detecting eavesdropping, i.e. a physical layer attack, on an optical communications channel. The method comprises sending a first, classical message over an optical channel by encoding the message onto an optical carrier using a classical communications technique and sending a second, quantum message over the optical channel using a quantum cryptographic technique, e.g. a Continuous Variable Quantum Key Distribution (CV-QCD) technique; and detecting eavesdropping of the classical message on the optical channel by detecting the eavesdropping of the quantum message. In implementations the classical and quantum signals may be substantially indistinguishable to hinder an adversary from eavesdropping on the first signal without influence the second signal.