Abstract: Systems and methods are disclosed for detecting high-level functionality of an application executing on a computing device. One method includes storing, in a secure memory, an application-specific virtual address mapping table for an application. The application-specific virtual address mapping table comprises a plurality of virtual address offsets in the application binary code mapped to corresponding target application functionalities. In response to launching the application, a process-specific virtual address mapping table is generated for an instance of an application process to be executed. The process-specific virtual address mapping table defines actual virtual addresses corresponding to the target application functionalities using the virtual address offsets in the application-specific virtual address mapping table.

Abstract: Aspects of the disclosure are related to a method, comprising: detecting an incorrect first address to second address mapping in an Address Resolution Protocol (ARP) cache of one or more of: a user device or a gateway device; and performing one or more containment operations, wherein the containment operations comprise one or more of: transmitting an ARP request message that requests an Internet Protocol (IP) address to Media Access Control (MAC) address mapping for a gateway device onto a subnetwork, transmitting an ARP message that comprises an IP address to MAC address mapping for a user device onto the subnetwork, or alerting a user.

Abstract: Systems and methods are disclosed for detecting high-level functionality of an application executing on a computing device. One method comprises storing, in a secure memory, an application-specific virtual address mapping table for an application. The application-specific virtual address mapping table comprises a plurality of virtual address offsets in the application binary code mapped to corresponding target application functionalities. In response to launching the application, a process-specific virtual address mapping table is generated for an instance of an application process to be executed. The process-specific virtual address mapping table defines actual virtual addresses corresponding to the target application functionalities using the virtual address offsets in the application-specific virtual address mapping table.

Abstract: Web security methods and apparatus are disclosed herein. A method includes receiving a detection model for detecting malicious webpages via a transceiver of the computing device, and storing the detection model in a non-volatile memory of the computing device. One or more JavaScripts are detected in the webpage, wherein each of the JavaScripts can be separately executed. A feature vector for each of the JavaScripts may be generated, either incrementally as the web page is being loaded or prefetching the JavaScript for the web page, to produce one or more feature vectors for the webpage, wherein a particular feature vector includes values for different features of a JavaScript. Each of the feature vectors are analyzed with the multi-instance learning based detection model to determine whether the webpage from which the JavaScripts originate is malicious or benign.

Abstract: A method and computing device for generating an intermediate representation of received source code for compiling or interpreting on the computing device are disclosed. The method may include receiving source code at the computing device and finding similar source code cached on the computing device that is not the same as the received source code. The received source code is compared to the similar source code to determine one or more differences between the received source code and the similar source code. Metadata for the similar source code is accessed, an intermediate representation of the cached source code is retrieved, and the intermediate representation of the cached source code is first copied and the copy is modified using the one or more differences in connection with the metadata to generate an intermediate representation for the received source code.