Abstract: Traditional deep learning techniques are performed by high-performance system with direct access to the data to train large models. An approach of training the model from a collaboration of similar stakeholders where they pool together their data in a central server. However, data privacy is lost by exposing said models and data security while accessing heterogeneous data. Embodiments of the present disclosure provide a method and system for a cross-silo serverless collaborative learning among a plurality of clients in a malicious client threat-model based on a decentralized Epsilon cluster selection. Protocols are initialized and considered to iteratively train local models associated with each client and aggregate the local models as private input based on the multi-party computation to obtain global model. Non-linear transformation of a silhouette score to an Epsilon probability without implementing a server to select rth model from an active set to assign as the global model.

Abstract: Organizations across the world faces major losses due to cyber-attacks. Hence training users regarding URL can reduce the chances of cyber-attacks. The training content offered by the existing training platform is generic and static in nature. Hence there is a challenge in providing dynamic training content without exploiting working hours of users/employees. The present disclosure provides real time cybersecurity training for users which provides continuous feedback and dynamic content to train the users in URL components. This training allows employees to learn and apply their skills in their actual work environment, making it more practical and relevant. The present disclosure computes priority of training content to be displayed based on user performance and weight associated with URL components dynamically.

Abstract: Quantum computers pose significant threat to modern day cryptography. To mitigate this risk, migration of enterprise applications to a quantum safe state is needed. Crypto inventory, an automatic process to discover all crypto application programming interfaces usage in an enterprise application, is a first problem to be addressed in the migration journey. Embodiments of the present disclosure provide a method and system for a dynamic generation of rules. An input program statement includes an unseen crypto application programming interface (API) is received which represents a method invocation. The invoked method is mapped by the input program statement with a rules database to infer and generate new rules for an unseen crypto application programming interface (API) belonging to (a) a same library by a weighted distance approach, (b) a library implementing known contracts by a graph traversal approach, and (c) a library implementing unknown contracts by a pattern matching approach respectively.

Abstract: Even though serverless computing has advantages like lower cost, simplified scalability, simplified backend code and quicker turnaround, they have also given rise to a new form of cyber-attacks. Most of the conventional approaches are reactive based where steps are taken to control the aftereffects of an attack and preventive mechanism is of less focus. The present honeypot based approach for serverless cloud architecture, honeypots capture unauthorized users in order to provide security of the overall system. The honeypots redirect the attackers to a set of dummy nodes that form a random loop. Using a controlled time based loop, the attacker could be trapped for a maximum amount of time, thus penalizing the attacker by a negative award. It would result in exhaustion of resources and bandwidth of attacker. The present disclosure is also applicable to multi-cloud or hybrid cloud setup.

Abstract: Decisions related to need to service selection in the multi-cloud environment be taken by the enterprise at the cloud adoption phase as well as post cloud adoption phase. Existing approaches addressing the cloud selection and data placement are not capable of various requirements/parameters that are to be considered for optimum selection of cloud data centers. Method and system disclosed herein facilitate carbon-aware storage service selection in the multi-cloud environment. The system facilitates selection of storage in the multi-cloud environment by generating a plurality of migration solutions. The migration solutions are generated by the system by selectively prioritizing a) a migration cost, b) an operational cost, and c) a carbon footprint. After migrating the non-compliant UCs by selective prioritization, a list of feasible solutions is obtained. These solutions are used as input to obtain optimal solutions with minimal migration cost, operational cost and carbon footprint lower than the new threshold.

Abstract: There is a need for design and implementation of interfaces for providing user-friendly feedback while creating and updating compliant passwords. This disclosure relates to a method of creating compliant password by in-place feedback to a password composition policy (PCP). A policy-enabled-virtual keyboard (PKBD) receives input from a user and is processed based on parameters associated with the PCP to identify accessible and inaccessible keys on the PKBD with in-place feedback. The in-place feedback is provided to highlight accessible keys of the PKBD for the user, if class associated with character, or mandated number of characters by the PCP are received are covered. Alternatively, the keys of the PKBD are disabled for access to the user by validating if class associated with character received are not covered, and a deviation of the parameters. A compliant password is created based on the PCP by providing in-place feedback for a resultant validation.

Abstract: This disclosure relates generally to method and system for providing data privacy in service operations. Identifying risk arising from processing of user request in service operations is time consuming and monitoring insider threats is a difficult task. The method includes receiving a user request for a service comprising a plurality of sensitive attributes and further a vulnerability rating is assigned to each sensitive attribute. To mitigate the risk, the method estimates a disclosure proportion for the plurality of sensitive attributes and a masking operation is performed. Further, a sensitivity score is computed to allocate the user request to an agent associated with an agent registry with enabled data privacy and minimal data exposure. The agent is monitored by computing an agent mis-usability score to assess an insider threat risk. Additionally, a feedback alert is notified to autotune the plurality of privacy settings.

Abstract: This disclosure provides methods and systems for enabling a hybrid architecture in an enterprise application. The present disclosure addresses problems of conventional approaches which falls back on a common representation or pluggable framework to handle challenges of composing multiple libraries. Conventional approaches work for the problem of maintaining performance while handling diversity of libraries which cannot be reused either in as-is form or with a slight modification. The present disclosure provide a method and system that enable hybrid architecture in an enterprise application to mitigate quantum attacks. The method of the present disclosure changes codebase of the enterprise application to enable hybrid architecture. New paths are created within the enterprise application to support execution of a new library code that enables double encryption of data being processed by the application.

Abstract: The present disclosure provides an efficient system for cancelable biometric template protection which is not available in the conventional systems. Initially, the system receives a biometric template from a user. The biometric template is one of, a face image, a fingerprint, an iris image and a palmprint. Further, a vector embedding is computed based on the biometric template using a pretrained neural network. After computing the vector embedding, a key based permutation is computed based on the vector embedding and a permutation key. The permutation key is generated based on an Identification number (ID) associated with the user using a random number based key generation technique. Finally, a protected biometric template is generated by computing a permuted embedding corresponding to the biometric template based on the key based permutation using a plurality of fully connected layers pretrained using a weight based center triplet loss function.

Abstract: The present disclosure provides weight based slotted synchronous blockchain client network. Conventional blockchain consensus protocols heavily rely on synchrony assumptions of the underlying network. However, little attention has so far been given to similar assumptions on blockchain client networks. Such assumptions would be useful in deriving bounds on confirmation times of transactions through the blockchain protocol. To overcome the challenges of the conventional approaches, the present disclosure provides a weight based slotted synchronous blockchain client network. The blockchain client network of the present disclosure is slotted, wherein at most one transaction is submitted in each slot by one of the client nodes. Further, there exists a notion of synchrony in the peering between the client nodes and the blockchain nodes. In an embodiment, for each submitted transaction, there is an upper-bound on the number of slots on the reception of the said transaction at an arbitrary blockchain node.

Abstract: The embodiments of present disclosure herein address the need of minimizing web services relocation and user centers reallocation to comply with data residency regulations and change in latency threshold for web services based on user demands. The method and system provide a framework that assists enterprises in migrating web services and user center allocation to different data centers with lower additional operational cost from its current configurations and minimal changes (migrations). In case of change in data regulations and invocation frequency from users demand, non-compliant users are allocated to compliant data centers with minimal changes in the original configuration. Though the key decision is to serve the customers effectively, web services need to be deployed across a finite number of servers, there are multiple sub-problems such as minimizing latency and reduction in operational cost that needs to be addressed.

Abstract: State of the art code matching approaches have the disadvantage that they rely on the line numbers provided by source code and binary parsers to establish mapping and do not work since changes introduced by compiler may be much more complex. Some approaches do not work as the source code of application and its binary version may not share the vocabulary. Machine learning based techniques have the disadvantage that they require significant amount of training data, which may not be available in abundance. Method and system disclosed herein provide a mechanism matching score for each of a plurality of code fragments in the intermediate representation of the source code file for each of a plurality of binary fragments in the intermediate representation of the binary file.

Abstract: Finding optimal solutions to Web Service Location Allocation Problem (WSLAP) using exhaustive algorithms and exact approaches is not practical. Computational time required to solve WSLAP using exact approaches increases exponentially with the problem size. The disclosure herein generally relates to service deployment, and, more particularly, to a method and system for web service location allocation and virtual machine deployment. The system identifies a plurality of web-services that are associated with the WSLAP and then decomposes the WSLAP to a plurality of sub-problems. For each sub-problem, the system determines at least one non-dominating solution, which are then merged to generate the solution for the WSLAP. The generated solution to the WSLAP can be used for perform Virtual Machine (VM) deployment under uncertainties, using a stochastic approach, wherein the uncertainties refer to dynamic change in requirements in terms of parameters such as but not limited to configuration, and cost.

Abstract: Several data breaches are occurring in organizations due to insecure handling security-sensitive data. Conventional methods utilize static analysis tools and fail to capture all security vulnerabilities. The present disclosure identifies a security vulnerability by analyzing a source code. Initially, a System Dependence Graph (SDG) associated with the source code is received. Forward slicing is performed on the SDG and a plurality of forward function nodes are obtained. A plurality of security parameters associated with the security-sensitive variable are obtained. A backward slicing is performed based on a plurality of security parameters to obtain a plurality of backward function nodes. Further, a plurality of common function nodes is obtained from the plurality of forward and the backward function nodes and utilized to generate a plurality of enumerated paths. The enumerated paths are evaluated to obtain a plurality of feasible paths and are further analyzed to identify security vulnerability.

Abstract: Existing data residency compliance techniques suffer from inherent drawbacks to discover the spread of data, understanding the data residency regulations and semantics behind them and most importantly placement of data in cloud datacenters such that it is data residency compliant. Embodiments herein provide a method and system for optimizing placement of data to a cloud datacenter complying data residency regulations. The system selects one serving cloud datacenter for a user center. The selection considers three conflicting objectives such as minimum data placement cost, provide good quality of service (i.e. latency) and to comply with data residency regulations. The system essentially covers data residency compliance problem in three phases namely, violation detection, decision support and recommendation. Herein, the system trades-offs latency with data placement cost.

Abstract: This disclosure provides system and method for auto repairing vulnerable code program fragments of a software. The present disclosure addresses problems of conventional approaches which are dependent on test cases. In the present disclosure, vulnerabilities in an input application are identified and repaired. First, a plurality of vulnerability detection rules is executed against an application in binary form (i.e., input application) and a plurality of vulnerable code fragments are identified. Post identification of the plurality of vulnerable code fragments, a mapping is created from the application in binary form to its source code files. Post mapping, paths capturing different application functionalities are extracted. Subsequently, a plurality of vulnerable source code program fragments is extracted and auto repair rules are applied on entire application functionality.

Abstract: The present disclosure a method for data regulations-aware cloud storage and processing service allocation. Conventional approaches fail to address the technical problem of data placement for storage as well as processing, considering multiple criteria. Further, the conventional approaches fail to address compliance with data regulations, tier pricing policy for multiple Cloud Service Providers (CSPs) which impacts storage and processing center selection and constraint satisfaction. The present disclosure proposes a joint optimization model for the selection of storage and processing services from multiple cloud service providers, taking into practical consideration of data regulations and tiered pricing, which has not been addressed in the prior art. To solve this hard multi-objective combinatorial optimization problem, the present disclosure utilizes a cost-reduction-based algorithm for obtaining optimal solution.

Abstract: This disclosure relates generally to data anonymization using clustering techniques. In Typically, data anonymization using global recoding can overgeneralize the data. However, preservation of information while anonymization the data is of equal importance as obscuring the relevant information that can be used by the attackers. The disclosed method and system utilized attribute taxonomy tree for generalization to optimize the generalization of the records. The disclosed method uses clustering-based approach and after clustering, each cluster is solved independently using ILP model for K-Anonymization. The ILP model is solved by generalizing the value of the attributes. Sometimes, even after clustering the number of possible patterns is large, thus the disclosed method generates patterns on the fly during multiple iterations.

Abstract: The disclosure relates to sequencing of asset segments of privacy policies. The asset segments are sequenced based on a set of constraints. In an embodiment the asset segments are sequenced using a set of pre-defined predecessors and a set of pre-defined successors of each asset segment through a feasible sequence generation technique and a sequence generation technique based on the constraints, wherein the constraints are preferences associated with the source entity and the target entity. Hence the disclosure bridges a communication gap between the source entity and the target entity by optimally displaying the most relevant privacy policy (mapped to the asset segments) based on the constraints associated with the source entity and the target entity. Further the disclosed system also determines a violation factor that represents a conflict between the preferences associated with the source entity and the target entity.

Abstract: This disclosure relates generally to system and method for assessing insider influence on enterprise assets. Existing work focuses on the detection of insider threat and does not consider the influence of an insider on their peers and subordinates. The present disclosure aggregates and preprocesses the enterprise data specific to the individuals received from various sources, and further creates an enterprise graph between entities. Weights of every edge connected between any two entities in the enterprise graph is then calculated. Community of the individuals are detected wherein, relevant insider(s) are identified, and susceptibility of the individuals for probable influence by relevant insider(s) based on the analysis scenarios(s) is calculated. Paths taken by the relevant insider(s) is calculated for estimating probability of data loss.