Abstract: The disclosed computer-implemented method for protecting user privacy may include (i) receiving an indication to protect a photo with privacy-protecting blurring, (ii) generating a blurred version of the photo, (iii) generating, based on the blurred version of the photo, a video that progressively de-blurs the photo, (iv) linking through metadata the blurred version of the photo and the video that progressively de-blurs the photo as a combined motion-photo-object, and (v) storing the combined motion-photo-object in a configured location such that a photo display program uses the blurred version of the photo as a preview of the motion-photo-object when browsing but plays the video that progressively de-blurs the photo in response to additional user input selecting the preview. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Using physiological cues to measure data sensitivity and implement security on a user device. The method may include obtaining data associated with a first physiological state of a user engaged in a first activity on a user device, obtaining data associated with a second physiological state of the user engaged in a second activity on the user device, where the second activity is determined to be more sensitive to the user than the first activity, and where the second physiological state indicates the user's emotional response to the second activity, and implementing a security action on the user device based on the second physiological state of the user engaged in the second activity.

Abstract: Machine learning adversarial campaign mitigation on a computing device. The method may include deploying an original machine learning model in a model environment associated with a client device; deploying a classification monitor in the model environment to monitor classification decision outputs in the machine learning model; detecting, by the classification monitor, a campaign of adversarial classification decision outputs in the machine learning model; applying a transformation function to the machine learning model in the model environment to transform the adversarial classification decision outputs to thwart the campaign of adversarial classification decision outputs; determining a malicious attack on the client device based in part on detecting the campaign of adversarial classification decision outputs; and implementing a security action to protect the computing device against the malicious attack.

Abstract: Virtual ad blocking on a computing device. In some embodiments, a method may include receiving, at the virtual machine, an indication that the computing device is requesting delivery of a web page, downloading, at the virtual machine, the web page, rendering, at the virtual machine, a first version of the web page, identifying, at the virtual machine, a presence of at least one advertisement element on the rendered first version of the web page, removing, at the virtual machine, the presence of the at least one advertisement element on the rendered first version of the web page, rendering, at the virtual machine, a second version of the web page that does not include the presence of the at least one advertisement element, and sending the second version of the web page that does not include the presence of the at least one advertisement element to the computing device.

Abstract: The disclosed computer-implemented method for training malware classifiers may include (1) perturbing, at a computing device, a binary file in a manner that maintains functionality of the binary file, (2) classifying the perturbed binary file with a first machine learning classifier to produce a classification result, (3) producing a transformed file by repeating the perturbing and classifying steps until the transformed file becomes misclassified, and (4) performing a security action comprising training a second machine learning classifier with the transformed file and an associated correct classification result. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Privacy preserving secure task automation. A method may include generating, by a first section of a platform, a pair of encryption keys (private and shared secret keys); receiving, by a second section of the platform, platform user data, trigger service user data; and action service user data, wherein the user of the services and platform are the same; sending the shared secret key to the services; storing the private key in the first section; receiving from the trigger service, by the second section, a first communication encrypted with the shared secret key, regarding occurrence of a trigger; determining, by the first section, that the trigger corresponds to the user of the platform; encrypting a second message with the shared secret key, requesting invocation of the action based on the trigger; and transmitting the second encrypted message to the action service without the data related to the user of the platform.

Abstract: The disclosed computer-implemented method for verifying connection integrity may include (i) receiving a request from a client to initiate a connection to a server via a middlebox, (ii) receiving, from the client, via a side protocol executing in parallel with a transport layer security protocol, a request for a certificate for the middlebox, (iii) sending, to the client, via the side protocol, the certificate, (iv) receiving, from the client, via the side protocol, a request for an additional certificate from a device upstream of the middlebox, (v) requesting, from the device upstream of the middlebox, via the side protocol, the additional certificate, (vi) receiving, from the device upstream of the middlebox, via the side protocol, the additional certificate, (vii) sending, to the client, via the side protocol, the additional certificate, and (viii) relaying data via the connection. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method for implementing security of Internet of Things (IoT) home voice assistants is described. In one embodiment, a computer-implemented method for implementing a security policy with a voice assistant includes obtaining, by one or more computing devices, encrypted traffic from a voice assistant; identifying, by the one or more computing devices, a user voice command in the encrypted traffic based at least in part on one or more identifiable attributes of the encrypted traffic; determining, by the one or more computing devices, the user voice command triggers at least one security policy; and upon determining the user voice command triggers the at least one security policy, performing, by the one or more computing devices, a security action that implements the at least one security policy. In some cases, the method may include obtaining an audio recording of the user voice command with a microphone built into the router.

Abstract: A method for insider threat detection under user-resource bi-partite graphs is described. A computing device evaluates a bi-partite mapping of a set of users and a set of files, and performs a random-walk procedure initiating from a selected user of the set of users. The computing device computes a probability distribution associated with the access frequency of each alternate user and file of the random-walk procedure, and compares the probability distribution to one or more distributions associated with temporal periods prior to the initiated procedure. Based on the comparison, the computing device identifies points of maximum variance of the distribution. The computing device identifies the files of the set of files and users of the set of users associated with the points of maximum variance and access raw data to identify activity associated with the selected user and the identified resources.

Abstract: A method for applying perturbations to electronic media is described. A computing device may receive an electronic request to upload an electronic media to an internet-based service and perform a pre-processing operation on the electronic media based on the electronic request and a feature of the electronic media. In some examples, the computing device may perform a security action on the electronic media. For example, the computing device may apply perturbations to elements of the electronic media based on a gradient of a model. The computing device may transmit the electronic media to the internet-based service.

Abstract: Encrypting and decrypting sensitive files on a network device. In one embodiment, a method may include determining that a file stored on a network device is a sensitive file, encrypting the sensitive file, sending, to an authentication server, an encryption key, initializing, at the network device, a Software Guard Extension (SGX) enclave, loading, into the SGX enclave, a retrieval application, receiving, at the retrieval application, an attestation from the authentication server that the retrieval application is authentic, receiving, at the retrieval application, the encryption key from the authentication server, receiving, at the retrieval application, a user request to decrypt the encrypted sensitive file, authenticating, at the retrieval application, the user request, decrypting, at the network device, the particular encrypted sensitive file, and providing the sensitive file to the user.

Abstract: A method for implementing security of Internet of Things (IoT) home voice assistants is described. In one embodiment, a computer-implemented method for implementing a security policy with a voice assistant includes obtaining, by one or more computing devices, encrypted traffic from a voice assistant; identifying, by the one or more computing devices, a user voice command in the encrypted traffic based at least in part on one or more identifiable attributes of the encrypted traffic; determining, by the one or more computing devices, the user voice command triggers at least one security policy; and upon determining the user voice command triggers the at least one security policy, performing, by the one or more computing devices, a security action that implements the at least one security policy. In some cases, the method may include obtaining an audio recording of the user voice command with a microphone built into the router.

Abstract: Decrypting network traffic on a middlebox device using a trusted execution environment (TEE).

Abstract: The disclosed computer-implemented method for detecting anomalous behavior in shared data repositories may include (i) identifying a shared data repository that comprises files, (ii) monitoring access to the files for a predetermined time period in order to determine which files are accessed by each user, (iii) creating a graph of the access to the files, wherein each vertex represents a user and each edge that connects two vertices represents that one or more files were accessed by both users represented by the two vertices, (iv) deriving, from the graph, a set of communities, wherein each community represents a set of users that collaborated on one or more files during the predetermined time period, and (v) determining that a collaboration pattern of a user does not match a collaboration pattern for the user's community observed during the predetermined time period. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Verifying that influence of a user data point has been removed from a machine learning classifier. In some embodiments, a method may include training a machine learning classifier using a training set of data points that includes a user data point, calculating a first loss of the machine learning classifier, updating the machine learning classifier by updating parameters of the machine learning classifier to remove influence of the user data point, calculating a second loss of the machine learning classifier, calculating an expected difference in loss of the machine learning classifier, and verifying that the influence of the user data point has been removed from the machine learning classifier by determining that the difference between the first loss and the second loss is within a threshold of the expected difference in loss.

Abstract: Decrypting network traffic on a middlebox device using a trusted execution environment (TEE).

Abstract: Automatically detecting insider threats using user collaboration patterns. In one embodiment, a method may include identifying collaborative access of one or more network resources in a network between a target user using a target network device and other users using other network devices in the network during multiple prior time periods and during a current time period, generating prior collaboration graphs for the prior time periods, generating an average collaboration graph by combining the prior collaboration graphs, generating a current collaboration graph for the current time period, generating an anomaly score by comparing the current collaboration graph to the average collaboration graph, determining that the collaborative access of the one or more network resources during the current time period is anomalous by determining that the anomaly score exceeds a threshold, and, in response to the anomaly score exceeding the threshold, performing a security action on the target network device.

Abstract: Verifying that influence of a user data point has been removed from a machine learning classifier. In some embodiments, a method may include training a machine learning classifier using a training set of data points that includes a user data point, calculating a first loss of the machine learning classifier, updating the machine learning classifier by updating parameters of the machine learning classifier to remove influence of the user data point, calculating a second loss of the machine learning classifier, calculating an expected difference in loss of the machine learning classifier, and verifying that the influence of the user data point has been removed from the machine learning classifier by determining that the difference between the first loss and the second loss is within a threshold of the expected difference in loss.

Abstract: Automatically detecting insider threats using user collaboration patterns. In one embodiment, a method may include identifying collaborative access of one or more network resources in a network between a target user using a target network device and other users using other network devices in the network during multiple prior time periods and during a current time period, generating prior collaboration graphs for the prior time periods, generating an average collaboration graph by combining the prior collaboration graphs, generating a current collaboration graph for the current time period, generating an anomaly score by comparing the current collaboration graph to the average collaboration graph, determining that the collaborative access of the one or more network resources during the current time period is anomalous by determining that the anomaly score exceeds a threshold, and, in response to the anomaly score exceeding the threshold, performing a security action on the target network device.

Abstract: Decrypting network traffic on a middlebox device using a trusted execution environment (TEE).