Abstract: Techniques regarding augmenting one or more training datasets for training one or more AI models are provided. For example, one or more embodiments described herein can comprise a system, which can comprise a memory that can store computer executable components. The system can also comprise a processor, operably coupled to the memory, and that can execute the computer executable components stored in the memory. The computer executable components can comprise training augmentation component that can generate an augmented training dataset for training an artificial intelligence model by extracting a simplified source code sample from a source code sample comprised within a training dataset.

Abstract: Systems, computer-implemented methods, and computer program products that facilitate container inspection components of a container-based virtualization environment are provided. According to an embodiment, a system can comprise a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory. The computer executable components can comprise a container inspection control component that can define one or more constrained capabilities of a container inspection. The computer executable components can further comprise a container inspection component that can inspect a virtual container based on the one or more constrained capabilities.

Abstract: Techniques regarding AI model introspection are provided. For example, one or more embodiments described herein can comprise a system, which can comprise a memory that can store computer executable components. The system can also comprise a processor, operably coupled to the memory, and that can execute the computer executable components stored in the memory. The computer executable components can comprise model introspection component that can analyze artificial intelligence model learning behavior for a code understanding task by comparing an output of an artificial intelligence model with respect to a plurality of testing data subsets that have varying code complexity distributions.

Abstract: Techniques regarding training one or more AI models for a source code understanding task are provided. For example, one or more embodiments described herein can comprise a system, which can comprise a memory that can store computer executable components. The system can also comprise a processor, operably coupled to the memory, and that can execute the computer executable components stored in the memory. The computer executable components can comprise a training component that can train an artificial intelligence model on source code samples for a source code understanding task. The source code samples can be ranked based on code complexity.

Abstract: Techniques regarding augmenting one or more training datasets for training one or more AI models are provided. For example, one or more embodiments described herein can comprise a system, which can comprise a memory that can store computer executable components. The system can also comprise a processor, operably coupled to the memory, and that can execute the computer executable components stored in the memory. The computer executable components can comprise training augmentation component that can generate an augmented training dataset for training an artificial intelligence model by extracting a simplified source code sample from a source code sample comprised within a training dataset.

Abstract: A system, computer program product, and method are provided for probing model signal awareness. An iterative process is employed to systematically isolate one or more relevant tokens of an input sequence to generate a reduced input sequence. The reduced input sequence is validated and presented to a trained artificial intelligence (AI) model and prediction output is generated. The reduction process is continued while the prediction output stays the same as that of the input sequence, and until a minimal sub-sequence is identified. A signal existence in the minimal sub-sequence is verified and signal awareness of the trained AI model is evaluated. The evaluation includes measuring the verified signal existence against an original signal from the input sentence.

Abstract: Techniques facilitating security hardening systems that host containers are provided. In one example, a system comprises: a memory that stores computer executable components; and a processor that executes computer executable components stored in the memory. The computer executable components comprise: a boot component performs a portion of a trusted boot sequence to securely boot the system to a defined secure state wherein one or more types of administrative access to a container memory are deactivated. The computer executable components also comprise: a core service component started as a part of the trusted boot sequence and that securely obtains one or more decryption keys for use with the container memory; and a runtime decryption component that uses the one or more decryption keys to perform runtime decryption of one or more files accessed by a container associated with the container memory.

Abstract: A sandbox component, operatively coupled to a host and a guest container, the sandbox component securely extends systems data collection software with potentially untrusted third-party code. A secure environment is enabled where plugins will run inside a sidecar container that is separate from a guest container. A container consists of an entire runtime environment: an application, plus its dependencies, libraries and other binaries, and configuration files needed to run it, bundled into one package. A sidecar service is not necessarily part of the application but is connected to the guest container and follows the parent application. A sidecar is independent from its primary application in terms of runtime environment and programming language. The sidecar plugin will be given a sparse/limited set of privileges required to simply perform its intended function and the Linux kernel constructs will control data access and transfer.

Abstract: Techniques facilitating security hardening systems that host containers are provided. In one example, a system comprises: a memory that stores computer executable components; and a processor that executes computer executable components stored in the memory. The computer executable components comprise: a boot component performs a portion of a trusted boot sequence to securely boot the system to a defined secure state wherein one or more types of administrative access to a container memory are deactivated. The computer executable components also comprise: a core service component started as a part of the trusted boot sequence and that securely obtains one or more decryption keys for use with the container memory; and a runtime decryption component that uses the one or more decryption keys to perform runtime decryption of one or more files accessed by a container associated with the container memory.

Abstract: Systems, computer-implemented methods, and computer program products that facilitate container inspection components of a container-based virtualization environment are provided. According to an embodiment, a system can comprise a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory. The computer executable components can comprise a container inspection control component that can define one or more constrained capabilities of a container inspection. The computer executable components can further comprise a container inspection component that can inspect a virtual container based on the one or more constrained capabilities.

Abstract: A mechanism is provided in a data processing system for monitoring a virtual machine in a distributed computing system. An out-of-virtual machine monitor receives, via an out-of-band path, disk and memory state data of the virtual machine exposed in a hypervisor hosting the virtual machine. The out-of-virtual machine monitor interprets logical information from the virtual machine disk and memory state data. The out-of-virtual machine monitor parses the logical information to extract related system or log information for a monitoring endpoint. The out-of-virtual machine monitor translates the system or log information to a standard format expected by the monitoring endpoint. The out-of-virtual machine monitor forwards a monitoring data stream to the monitoring endpoint.

Abstract: A sandbox component, operatively coupled to a host and a guest container, the sandbox component securely extends systems data collection software with potentially untrusted third-party code. A secure environment is enabled where plugins will run inside a sidecar container that is separate from a guest container. A container consists of an entire runtime environment: an application, plus its dependencies, libraries and other binaries, and configuration files needed to run it, bundled into one package. A sidecar service is not necessarily part of the application but is connected to the guest container and follows the parent application. A sidecar is independent from its primary application in terms of runtime environment and programming language. The sidecar plugin will be given a sparse/limited set of privileges required to simply perform its intended function and the Linux kernel constructs will control data access and transfer.

Abstract: In an approach for determining optimal performance-related configurations of applications by analyzing peer data, a processor monitors instances of an application, wherein the instances of the application are running on a plurality of devices. A processor receives data related to: configuration parameters of the application, system parameters of the plurality of devices, and performance metrics of the plurality of devices. A processor determines correlation and dependencies between the configuration parameters with associated system parameters, using: an all pair analysis and a Pearson product-moment correlation coefficient (PPMCC). A processor determines dependencies between the configuration parameters with performance metrics. A processor recommends to a user, configuration settings of the application, based on the analysis of the data.

Abstract: In an approach for determining optimal performance-related configurations of applications by analyzing peer data, a processor monitors instances of an application, wherein the instances of the application are running on a plurality of devices. A processor receives data related to: configuration parameters of the application, system parameters of the plurality of devices, and performance metrics of the plurality of devices. A processor determines correlation and dependencies between the configuration parameters with associated system parameters, using: an all pair analysis and a Pearson product-moment correlation coefficient (PPMCC). A processor determines dependencies between the configuration parameters with performance metrics. A processor recommends to a user, configuration settings of the application, based on the analysis of the data.

Abstract: A mechanism is provided in a data processing system for monitoring a virtual machine in a distributed computing system. An out-of-virtual machine monitor receives, via an out-of-band path, disk and memory state data of the virtual machine exposed in a hypervisor hosting the virtual machine. The out-of-virtual machine monitor interprets logical information from the virtual machine disk and memory state data. The out-of-virtual machine monitor parses the logical information to extract related system or log information for a monitoring endpoint. The out-of-virtual machine monitor translates the system or log information to a standard format expected by the monitoring endpoint. The out-of-virtual machine monitor forwards a monitoring data stream to the monitoring endpoint.

Abstract: Described herein are various technologies pertaining to scheduling data transfer between a mobile computing device and a base station in a cellular network. A signal quality value for a signal over which data is to be transferred is computed, and transfer of data is scheduled based upon the signal quality value. If the signal quality value is above a threshold, a wireless radio of the mobile computing device is caused to commence data transfer or continue data transfer. If the signal quality value is below the threshold, and the data need not be immediately transferred, then the wireless radio is caused to transition to an idle state or remain in an idle state.

Abstract: Described herein are various technologies pertaining to scheduling data transfer between a mobile computing device and a base station in a cellular network. A signal quality value for a signal over which data is to be transferred is computed, and transfer of data is scheduled based upon the signal quality value. If the signal quality value is above a threshold, a wireless radio of the mobile computing device is caused to commence data transfer or continue data transfer. If the signal quality value is below the threshold, and the data need not be immediately transferred, then the wireless radio is caused to transition to an idle state or remain in an idle state.