Abstract: A computer-implemented method and a computer system for detecting and preventing distributed data exfiltration attacks. The computer system calculates historical usage statistics for a service, instances of the service, and clients requesting the instances, generates a baseline of normal usage activities for the clients and the instances based on the historical usage statistics, monitors current activities of the clients to build signatures of queries by the clients and signatures of the instances, and correlates the signatures to determine whether a data exfiltration attack is in progress. In response to determining that the data exfiltration attack is in progress, the computer system increases one or more risk scores corresponding to the data exfiltration attack. In response to determining that the one or more risk scores and an overall risk score of the service exceed a predetermined threshold, the computer system generates an alert of the data exfiltration attack.

Abstract: A computer implemented method, apparatus, system, and computer program product detects a problematic source code. A computer system loads a source code into a first memory. The computer system loads a rendered source code into a second memory. The rendered source code is a rendered version of the source code. The computer system determines a difference between the source code in the first memory and the rendered source code in the second memory. The computer system determines whether a problematic source code is present within the source code using the difference. The computer system performs a set of actions with respect to the problematic source code in response to determining that the problematic source code is present in the source code. According to other illustrative embodiments, a computer system and a computer program product for detecting a problematic source code are provided.

Abstract: A method, a computer program product, and a system of dynamically managing permissions of storage blocks. The method includes predicting at least one storage block that will be accessed by a user on a storage device and predicting a time window when the storage block will be accessed the user. The predictions can be performed by a machine learning model trained using the historical accesses and access times of the user. The method also includes granting the user an access to the storage block during the time window and monitoring whether the storage block is accessed by the user. The method also includes determining, based on the monitoring, that the user accessed the storage block, and revoking the access to the storage block granted to the user after a predetermined access time.

Abstract: In an approach to auditing of multi-factor authentication, one or more computer processors receive a request for a multi-factor authentication for a service from at least one device associated with a user. One or more computer processors retrieve information associated with the at least one device. One or more computer processors log the request and the information associated with the at least one device. One or more computer processors calculate a strength of the multi-factor authentication based on the request and the information associated with the at least one device. One or more computer processors log a multi-factor authentication audit trail.

Abstract: A computer-implemented method and a computer system for detecting and preventing distributed data exfiltration attacks. The computer system calculates historical usage statistics for a service, instances of the service, and clients requesting the instances, generates a baseline of normal usage activities for the clients and the instances based on the historical usage statistics, monitors current activities of the clients to build signatures of queries by the clients and signatures of the instances, and correlates the signatures to determine whether a data exfiltration attack is in progress. In response to determining that the data exfiltration attack is in progress, the computer system increases one or more risk scores corresponding to the data exfiltration attack. In response to determining that the one or more risk scores and an overall risk score of the service exceed a predetermined threshold, the computer system generates an alert of the data exfiltration attack.

Abstract: In an approach to auditing of multi-factor authentication, one or more computer processors receive a request for a multi-factor authentication for a service from at least one device associated with a user. One or more computer processors retrieve information associated with the at least one device. One or more computer processors log the request and the information associated with the at least one device. One or more computer processors calculate a strength of the multi-factor authentication based on the request and the information associated with the at least one device. One or more computer processors log a multi-factor authentication audit trail.

Abstract: A method, a computer program product, and a system of dynamically managing permissions of storage blocks. The method includes predicting at least one storage block that will be accessed by a user on a storage device and predicting a time window when the storage block will be accessed the user. The predictions can be performed by a machine learning model trained using the historical accesses and access times of the user. The method also includes granting the user an access to the storage block during the time window and monitoring whether the storage block is accessed by the user. The method also includes determining, based on the monitoring, that the user accessed the storage block, and revoking the access to the storage block granted to the user after a predetermined access time.

Abstract: Various embodiments select advertisements for delivery to at least one mass media streaming device at a given location and time slot. Content and corresponding time and physical location information being posted in an online portal from at least one electronic device are obtained. The content is filtered based on time slot and physical location. A set of typical topics for a location and time slot are determined. A subset of advertisements is selected from a set of available advertisements based on the set of typical topics. The subset of advertisements is delivered to the at least one mass media streaming device. The mass media streaming device may be a television. A set of current topics for the location and time slot may be determined and aggregated with the set of typical topics. The subset of advertisements may be selected from the set of available advertisements based on the aggregated set.

Abstract: An example operation may include one or more of receiving a storage request which comprises respective data sets generated by a plurality of endorser peers via simulation of a blockchain request, detecting that a key value of a data set generated by a first endorser peer is different than a respective key value of a data set generated by a second endorser peer, and committing the storage request to a data block of a blockchain in response to verifying that the detected different key values generated by the first and second endorser peers correspond to a multi-value key of the blockchain request.

Abstract: An example operation may include one or more of receiving a storage request which comprises respective data sets generated by a plurality of endorser peers via simulation of a blockchain request, detecting that a key value of a data set generated by a first endorser peer is different than a respective key value of a data set generated by a second endorser peer, and committing the storage request to a data block of a blockchain in response to verifying that the detected different key values generated by the first and second endorser peers correspond to a multi-value key of the blockchain request.

Abstract: A computer implemented method, a computer program product and a computer system are disclosed that verify the location specified by a mobile device, for example when trying to gain access to a location-restricted service hosted by a computer system. This may be achieved by identifying at least one reference mobile device in the vicinity of the identified location of the first mobile device of which an identified location is to be verified, requesting from the at least one reference mobile device a reference location report including further pairing information identifying mobile devices with which the reference mobile device is paired; receiving the reference location report from the at least one reference mobile device; and verifying the location identification in a first location report received from the first mobile device by identifying the first mobile device in the further pairing information in the received at least one reference location report.

Abstract: An authentication control method, system, and computer program product, includes performing an initial calibration to login to a registered device by detecting a plurality of biological signals, biometric signals, and idiosyncratic signals of a user and selecting a combination of the plurality of biological signals, biometric signals, and idiosyncratic signals to use in an initial calibration-authentication score, computing a login-authentication score at a time of the login based on a user input of signals corresponding to the signals of the initial calibration-authentication score, and allowing the login to the registered device if the login-authentication score is within a predetermined threshold of the initial calibration-authentication score.

Abstract: A split and merge advertisement method, system, and non-transitory computer readable medium, include splitting a first advertisement to be played on a second device when a moving user of a first group of users moves from a proximity of a first device to a proximity of the second device.

Abstract: A processor-implemented method enables a device based on authentication of a particular user. One or more processors data mine past activities of a particular user. The past activities are detected by physical monitoring devices that monitor the particular user. The processor(s) create an authentication question and answer for the particular user based on the past activities of the particular user that the one or more processors have data mined. The processor(s) receive a request to use an electronic device used by the particular user, and then 1) transmit the authentication question to the electronic device used by the particular user and 2) receive an authentication answer to the authentication question from the electronic device used by the particular user. In response to the authentication answer from the electronic device matching the answer for the authentication question, the processor(s) remotely enable the electronic device for the particular user.

Abstract: A computer-implemented information verification method, system, and computer program product, include verifying a user device is within a proximity of a second device to grant access for the user device to a service available at a second location with the second device, where a trusted user operating the second device attests to a user device location of the user device so that the user of the user device accesses the service available only to users in the second device location of the trusted user independently of activities on the second device.

Abstract: A computer-implemented method (and structure) includes receiving information. The received information is converted into a strictly hierarchical data format. A precision for a releasing the strictly hierarchical data is calculated based on privacy protection levels and a reward for different precision levels. The strictly hierarchical data is sequentially released at the calculated precision.

Abstract: A computer implemented method, a computer program product and a computer system are disclosed that verify the location specified by a mobile device, for example when trying to gain access to a location-restricted service hosted by a computer system. This may be achieved by identifying at least one reference mobile device in the vicinity of the identified location of the first mobile device of which an identified location is to be verified, requesting from the at least one reference mobile device a reference location report including further pairing information identifying mobile devices with which the reference mobile device is paired; receiving the reference location report from the at least one reference mobile device; and verifying the location identification in a first location report received from the first mobile device by identifying the first mobile device in the further pairing information in the received at least one reference location report.

Abstract: A computer-implemented information verification method, system, and computer program product, include verifying a user device is within a proximity of a second device to grant access for the user device to a service available at a second location with the second device, where a trusted user operating the second device attests to a user device location of the user device so that the user of the user device accesses the service available only to users in the second device location of the trusted user independently of activities on the second device.

Abstract: A computer-implemented information verification method, system, and non-transitory computer readable medium, include acquiring a first measurement from a user device specific to a user device location, acquiring a second measurement from a second device specific to a second device location, comparing the first measurement with the second measurement, and verifying the user device is within a proximity of the second device to grant access for the user device to the second device, based on a result of the comparing.

Abstract: A computer implemented method, a computer program product and a computer system are disclosed that verify the location specified by a mobile device, for example when trying to gain access to a location-restricted service hosted by a computer system. This may be achieved by identifying at least one reference mobile device in the vicinity of the identified location of the first mobile device of which an identified location is to be verified, requesting from the at least one reference mobile device a reference location report including further pairing information identifying mobile devices with which the reference mobile device is paired; receiving the reference location report from the at least one reference mobile device; and verifying the location identification in a first location report received from the first mobile device by identifying the first mobile device in the further pairing information in the received at least one reference location report.