Abstract: A technique for classifying and handling threat data in a rules-based security system. For each rule in the set, a set of one or more first tags are generated. The tags categorize the rule according to a hierarchical scheme. In response to receipt of a new threat, the system automatically determines whether the existing set of rules provide an acceptable coverage for the new threat. This determination is made by generating a set of one or more second tags that categorize the new threat, and then comparing the set of one or more second tags with the set of one or more first tags according to given match criteria. Upon a determination that the set of rules do not provide an adequate coverage for the new threat, a recommendation is output from the system. The rules-based security system is then adjusted according to the recommendation for subsequent handling of the new threat.

Abstract: A computer implemented method compiles a source code. A computer system loads the source code into a first memory. The computer system loads a rendered source code into a second memory, wherein the rendered source code is a rendered version of the source code. The computer system determines whether a difference is present between the source code in the first memory and the rendered source code in the second memory. The computer system performs a set of actions in compiling the source code in response to determining that the difference between the source code and the rendered source code is present.

Abstract: A computer-implemented method and a computer system for detecting and preventing distributed data exfiltration attacks. The computer system calculates historical usage statistics for a service, instances of the service, and clients requesting the instances, generates a baseline of normal usage activities for the clients and the instances based on the historical usage statistics, monitors current activities of the clients to build signatures of queries by the clients and signatures of the instances, and correlates the signatures to determine whether a data exfiltration attack is in progress. In response to determining that the data exfiltration attack is in progress, the computer system increases one or more risk scores corresponding to the data exfiltration attack. In response to determining that the one or more risk scores and an overall risk score of the service exceed a predetermined threshold, the computer system generates an alert of the data exfiltration attack.

Abstract: A computer implemented method, apparatus, system, and computer program product detects a problematic source code. A computer system loads a source code into a first memory. The computer system loads a rendered source code into a second memory. The rendered source code is a rendered version of the source code. The computer system determines a difference between the source code in the first memory and the rendered source code in the second memory. The computer system determines whether a problematic source code is present within the source code using the difference. The computer system performs a set of actions with respect to the problematic source code in response to determining that the problematic source code is present in the source code. According to other illustrative embodiments, a computer system and a computer program product for detecting a problematic source code are provided.

Abstract: A method, a computer program product, and a system of dynamically managing permissions of storage blocks. The method includes predicting at least one storage block that will be accessed by a user on a storage device and predicting a time window when the storage block will be accessed the user. The predictions can be performed by a machine learning model trained using the historical accesses and access times of the user. The method also includes granting the user an access to the storage block during the time window and monitoring whether the storage block is accessed by the user. The method also includes determining, based on the monitoring, that the user accessed the storage block, and revoking the access to the storage block granted to the user after a predetermined access time.

Abstract: In an approach to auditing of multi-factor authentication, one or more computer processors receive a request for a multi-factor authentication for a service from at least one device associated with a user. One or more computer processors retrieve information associated with the at least one device. One or more computer processors log the request and the information associated with the at least one device. One or more computer processors calculate a strength of the multi-factor authentication based on the request and the information associated with the at least one device. One or more computer processors log a multi-factor authentication audit trail.

Abstract: In an approach to auditing of multi-factor authentication, one or more computer processors receive a request for a multi-factor authentication for a service from at least one device associated with a user. One or more computer processors retrieve information associated with the at least one device. One or more computer processors log the request and the information associated with the at least one device. One or more computer processors calculate a strength of the multi-factor authentication based on the request and the information associated with the at least one device. One or more computer processors log a multi-factor authentication audit trail.

Abstract: A computer-implemented method and a computer system for detecting and preventing distributed data exfiltration attacks. The computer system calculates historical usage statistics for a service, instances of the service, and clients requesting the instances, generates a baseline of normal usage activities for the clients and the instances based on the historical usage statistics, monitors current activities of the clients to build signatures of queries by the clients and signatures of the instances, and correlates the signatures to determine whether a data exfiltration attack is in progress. In response to determining that the data exfiltration attack is in progress, the computer system increases one or more risk scores corresponding to the data exfiltration attack. In response to determining that the one or more risk scores and an overall risk score of the service exceed a predetermined threshold, the computer system generates an alert of the data exfiltration attack.

Abstract: A method, a computer program product, and a system of dynamically managing permissions of storage blocks. The method includes predicting at least one storage block that will be accessed by a user on a storage device and predicting a time window when the storage block will be accessed the user. The predictions can be performed by a machine learning model trained using the historical accesses and access times of the user. The method also includes granting the user an access to the storage block during the time window and monitoring whether the storage block is accessed by the user. The method also includes determining, based on the monitoring, that the user accessed the storage block, and revoking the access to the storage block granted to the user after a predetermined access time.

Abstract: Various embodiments select advertisements for delivery to at least one mass media streaming device at a given location and time slot. Content and corresponding time and physical location information being posted in an online portal from at least one electronic device are obtained. The content is filtered based on time slot and physical location. A set of typical topics for a location and time slot are determined. A subset of advertisements is selected from a set of available advertisements based on the set of typical topics. The subset of advertisements is delivered to the at least one mass media streaming device. The mass media streaming device may be a television. A set of current topics for the location and time slot may be determined and aggregated with the set of typical topics. The subset of advertisements may be selected from the set of available advertisements based on the aggregated set.

Abstract: An example operation may include one or more of receiving a storage request which comprises respective data sets generated by a plurality of endorser peers via simulation of a blockchain request, detecting that a key value of a data set generated by a first endorser peer is different than a respective key value of a data set generated by a second endorser peer, and committing the storage request to a data block of a blockchain in response to verifying that the detected different key values generated by the first and second endorser peers correspond to a multi-value key of the blockchain request.

Abstract: An example operation may include one or more of receiving a storage request which comprises respective data sets generated by a plurality of endorser peers via simulation of a blockchain request, detecting that a key value of a data set generated by a first endorser peer is different than a respective key value of a data set generated by a second endorser peer, and committing the storage request to a data block of a blockchain in response to verifying that the detected different key values generated by the first and second endorser peers correspond to a multi-value key of the blockchain request.

Abstract: A computer implemented method, a computer program product and a computer system are disclosed that verify the location specified by a mobile device, for example when trying to gain access to a location-restricted service hosted by a computer system. This may be achieved by identifying at least one reference mobile device in the vicinity of the identified location of the first mobile device of which an identified location is to be verified, requesting from the at least one reference mobile device a reference location report including further pairing information identifying mobile devices with which the reference mobile device is paired; receiving the reference location report from the at least one reference mobile device; and verifying the location identification in a first location report received from the first mobile device by identifying the first mobile device in the further pairing information in the received at least one reference location report.

Abstract: An authentication control method, system, and computer program product, includes performing an initial calibration to login to a registered device by detecting a plurality of biological signals, biometric signals, and idiosyncratic signals of a user and selecting a combination of the plurality of biological signals, biometric signals, and idiosyncratic signals to use in an initial calibration-authentication score, computing a login-authentication score at a time of the login based on a user input of signals corresponding to the signals of the initial calibration-authentication score, and allowing the login to the registered device if the login-authentication score is within a predetermined threshold of the initial calibration-authentication score.

Abstract: A split and merge advertisement method, system, and non-transitory computer readable medium, include splitting a first advertisement to be played on a second device when a moving user of a first group of users moves from a proximity of a first device to a proximity of the second device.

Abstract: A processor-implemented method enables a device based on authentication of a particular user. One or more processors data mine past activities of a particular user. The past activities are detected by physical monitoring devices that monitor the particular user. The processor(s) create an authentication question and answer for the particular user based on the past activities of the particular user that the one or more processors have data mined. The processor(s) receive a request to use an electronic device used by the particular user, and then 1) transmit the authentication question to the electronic device used by the particular user and 2) receive an authentication answer to the authentication question from the electronic device used by the particular user. In response to the authentication answer from the electronic device matching the answer for the authentication question, the processor(s) remotely enable the electronic device for the particular user.

Abstract: A computer-implemented information verification method, system, and computer program product, include verifying a user device is within a proximity of a second device to grant access for the user device to a service available at a second location with the second device, where a trusted user operating the second device attests to a user device location of the user device so that the user of the user device accesses the service available only to users in the second device location of the trusted user independently of activities on the second device.

Abstract: A computer-implemented method (and structure) includes receiving information. The received information is converted into a strictly hierarchical data format. A precision for a releasing the strictly hierarchical data is calculated based on privacy protection levels and a reward for different precision levels. The strictly hierarchical data is sequentially released at the calculated precision.

Abstract: A computer implemented method, a computer program product and a computer system are disclosed that verify the location specified by a mobile device, for example when trying to gain access to a location-restricted service hosted by a computer system. This may be achieved by identifying at least one reference mobile device in the vicinity of the identified location of the first mobile device of which an identified location is to be verified, requesting from the at least one reference mobile device a reference location report including further pairing information identifying mobile devices with which the reference mobile device is paired; receiving the reference location report from the at least one reference mobile device; and verifying the location identification in a first location report received from the first mobile device by identifying the first mobile device in the further pairing information in the received at least one reference location report.

Abstract: A computer-implemented information verification method, system, and computer program product, include verifying a user device is within a proximity of a second device to grant access for the user device to a service available at a second location with the second device, where a trusted user operating the second device attests to a user device location of the user device so that the user of the user device accesses the service available only to users in the second device location of the trusted user independently of activities on the second device.