Abstract: Techniques are described for implementing a system that deploys and monitors training simulations and exercises across a network, and that enables the development and execution of virtual training. An example system outputs, for display in a web browser of a trainee computing system, a graphical user interface that includes one or more training exercises, and initiates execution of software agent(s) associated with skill(s) to be demonstrated by a trainee. The example system outputs, at the trainee computing system, content corresponding to scene(s) of an at least partially virtual environment for a training exercise, where the content is rendered for display at least in the web browser of the trainee computing system. After receiving interaction data collected by the software agent(s) during the training exercise, the example system determines, based on the interaction data, that the skill(s) associated with the training exercise have been demonstrated.

Abstract: Disclosed herein are embodiments for managing a task including one or more skills. A server stores a virtual environment, software agents configured to collect data generated when a user interacts with the virtual environment to perform the task, and a predictive machine learning model. The server generates virtual entities during the performance of the task, and executes the predictive machine learning model to configure the virtual entities based upon data generated when the user interacts with the virtual environment. The server generates the virtual environment and the virtual entities configured for interaction with the user during display by the client device, and receives the data collected by the software agents. The system displays a user interface at the client device to indicate a measurement of each of the skills during performance of the task. The server trains the predictive machine learning model using this measurement of skills during task performance.

Abstract: Disclosed herein are embodiments of systems and methods that dynamically reconfigure a multi-tiered system of network devices and software applications in response to an ongoing and/or anticipated cyber-attack. The dynamic reconfiguration of the network devices may consist of a wide range of processes, which may include generating new network addresses for individual network devices; reconfiguring the network devices by creating firewalls, changing protocols between the network devices in a multi-tier reconfiguration solution, changing the cloud infrastructure provider of the network devices, even when the underlying network infrastructure ecosystem differs across cloud service providers (CSPs); and maintaining a secure and updated data model of a record of reconfigured network devices and their dependencies to allow legitimate users of the network devices to understand reconfiguration actions that are hidden from malicious users such as hackers and cyber-attackers.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise an analytic server, which improves the cybersecurity of a unified system comprising a plurality of sub-systems. The analytic server may instantiate a sub attack tree for each network sub-system within the unified system of distributed network infrastructure. The analytic server may access the sub attack trees of the network sub-systems based on the corresponding identifiers. The analytic server may build a high-level attack tree of the unified system by aggregating the sub attack tree of each sub-system. The analytic server may determine how the interconnection of the plurality of network sub-systems may affect the unified system security. The analytic server may update one or more nodes of the attack tree to reflect the changes produced from the interconnection. The analytic server may build the attack tree based on a set of aggregation rules.

Abstract: Disclosed herein are embodiments for managing a task including one or more skills. A server stores a virtual environment, software agents configured to collect data generated when a user interacts with the virtual environment to perform the task, and a predictive machine learning model. The server generates virtual entities during the performance of the task, and executes the predictive machine learning model to configure the virtual entities based upon data generated when the user interacts with the virtual environment. The server generates the virtual environment and the virtual entities configured for interaction with the user during display by the client device, and receives the data collected by the software agents. The system displays a user interface at the client device to indicate a measurement of each of the skills during performance of the task. The server trains the predictive machine learning model using this measurement of skills during task performance.

Abstract: Disclosed herein are embodiments of systems, methods, and apparatus that execute classification techniques to enable high-quality analysis of ingest data by interpreting and categorizing disparate data points of the ingest data. The execution of the classification techniques leads to isolation of intrinsic properties of each data point to represent the essence of what the overall ingest data indicates. The classification techniques further enables classification of the ingest data, which is unencumbered by any ingest data format changes, such as ordering of data components, encoding, or properties associated with the ingest data that are likely to change without altering meaning conveyed by the ingest data.

Abstract: An example network security and threat assessment system is configured to determine, based on one or more events that have occurred during execution of one or more applications, a potential security vulnerability of a target computing system, where the one or more events correspond to a node represented in the hierarchical risk model. The system is further configured to identify, based on a mapping of the node represented in the hierarchical risk model to a node represented in a hierarchical game tree model, one or more actions that are associated with the potential security vulnerability and that correspond to the node represented in the hierarchical game tree model, and to output, for display in a graphical user interface, a graphical representation of the potential security vulnerability and the one or more actions associated with the potential security vulnerability.

Abstract: An attack tree model for an aviation system comprises a plurality of tree nodes organized as a tree. For each tree node of the attack tree model model, the tree node corresponds to a respective event that may befall aviation system. An analysis computing system generates one or more attack tree models for the aviation system, wherein the aviation system includes one or more systems, sub-systems, or components. The analysis computing system further performs an assessment of one or more of the system, sub-systems, or components of the aviation system using the one or more attack tree models, and outputs metrics indicative of the assessment.

Abstract: A sensor platform includes a memory, a sensor interface communicatively coupled to the memory and one or more processors communicatively coupled to the memory. The memory stores instructions for generating event detection models used to detect events in captured sensor data. The sensor interface is configured to capture data received from sensors connected to the sensor interface and to store the captured sensor data in the memory. The one or more processors are configured to generate an event detection model from the instructions, the event detection model trained to detect an event from within the captured sensor data, to transmit notice of the detected event to a remote observer and to transmit the captured sensor data associated with the detected event in response to a request from the remote observer for sensor data corresponding to the detected event.

Abstract: Disclosed herein are embodiments for managing a virtual reality (VR) training exercise via a management server. The management server outputs a graphical dashboard including one or more skill nodes, and selects one or more software agents associated with the skill nodes. The management server provides the software agents to at least one host computing system communicatively coupled to a near-to-eye display device. The near-to-eye display device is configured to display a virtual three dimensional (3D) training environment including a plurality of interactive 3D virtual objects. The software agents are configured to collect VR observables data while the trainee performs actions within the virtual 3D training environment. Based on the VR observables data collected, the management server determines that one or more skills have been demonstrated during the training exercise, and updates the one or more skill nodes to graphically indicate the one or more skills demonstrated by the trainee.

Abstract: Disclosed herein are embodiments of systems and methods that dynamically reconfigure a multi-tiered system of network devices and software applications in response to an ongoing and/or anticipated cyber-attack. The dynamic reconfiguration of the network devices may consist of a wide range of processes, which may include generating new network addresses for individual network devices; reconfiguring the network devices by creating firewalls, changing protocols between the network devices in a multi-tier reconfiguration solution, changing the cloud infrastructure provider of the network devices, even when the underlying network infrastructure ecosystem differs across cloud service providers (CSPs); and maintaining a secure and updated data model of a record of reconfigured network devices and their dependencies to allow legitimate users of the network devices to understand reconfiguration actions that are hidden from malicious users such as hackers and cyber-attackers.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise an analytic server, which provides a SilverlineRT system that prioritizes and analyzes security alerts and events. The server builds an attack tree based on attack detection rules. The server monitors large-scale distributed systems and receives alerts from various devices. The server determines attacks using the attack tree while excluding false alarms. The server determines impact and risk metrics for attacks in real-time, and calculates an impact score for each attack. The server ranks and prioritizes the attacks based on the impact scores. The server also generates real-time reports. By consider the mission and system specific context in the analysis alert information, the server gives insight into the overall context of problems and potential solutions, improving decision-making. By showing the impacts of alters, the server allows security personnel to prioritize responses and focus on highest value defense activities.

Abstract: Disclosed herein are embodiments for managing a task including one or more skills. A server stores a virtual environment, software agents configured to collect data generated when a user interacts with the virtual environment to perform the task, and a predictive machine learning model. The server generates virtual entities during the performance of the task, and executes the predictive machine learning model to configure the virtual entities based upon data generated when the user interacts with the virtual environment. The server generates the virtual environment and the virtual entities configured for interaction with the user during display by the client device, and receives the data collected by the software agents. The system displays a user interface at the client device to indicate a measurement of each of the skills during performance of the task. The server trains the predictive machine learning model using this measurement of skills during task performance.

Abstract: An example method includes initializing, by an obfuscation computing system, communications with nodes in a distributed computing platform, the nodes including one or more compute nodes and a controller node, and performing at least one of: (a) code-level obfuscation for the distributed computing platform to obfuscate interactions between an external user computing system and the nodes, wherein performing the code-level obfuscation comprises obfuscating data associated with one or more commands provided by the user computing system and sending one or more obfuscated commands to at least one of the nodes in the distributed computing platform; or (b) system-level obfuscation for the distributed computing platform, wherein performing the system-level obfuscation comprises at least one of obfuscating system management tasks that are performed to manage the nodes or obfuscating network traffic data that is exchanged between the nodes.

Abstract: Embodiments disclosed herein describe systems and methods for assessing vulnerabilities of embedded non-IP devices. In an illustrative embodiment, a system of assessing the vulnerabilities of embedded non-IP devices may be within a portable device. The portable device may include a plurality of wired connectors for various wired communication/data transfer protocols. The portable device may include tools for analyzing the firmware binaries of the embedded non-IP devices, such as disassemblers and modules for concrete and symbolic (concolic) execution. Based upon the disassembly and the concolic execution, the portable device may identify vulnerabilities such as buffer overflows and programming flaws in the firmware binaries.

Abstract: In general, this disclosure describes media stream transmission techniques for a computing device. The computing device captures a first media item and identifies a primary portion of the first media item and a secondary portion of the first media item different than the primary portion. The computing device applies a first compression algorithm to the primary portion of the first media item to generate a compressed primary portion. The computing device applies a second compression algorithm to the secondary portion of the first media item to generate a compressed secondary portion, where a data compression ratio of the second compression algorithm is greater than a data compression ratio of the first compression algorithm. The computing device transmits, to a central computing device, the compressed primary portion of the first media item and the compressed secondary portion of the first media item.

Abstract: In general, this disclosure describes media stream transmission techniques for a computing device. The computing device may capture an image of a local background environment. The computing device may record a first media stream that includes at least a portion of the image of the background environment and at least one movement of at least one object through the background environment. The computing device may remove the image of the background environment from the first media stream to create a second media stream that includes the movement of the object without the image of the background environment. The computing device may determine a bandwidth of a network over which the second media stream will be transmitted and perform further alterations to the second media stream if the current bandwidth is less than a bandwidth threshold level in order to reduce the bandwidth needed to transmit the second media stream.

Abstract: Disclosed herein are embodiments of systems, methods, and products comprise an analytic server, which improves the cybersecurity of a unified system comprising a plurality of sub-systems. The analytic server may instantiate a sub attack tree for each network sub-system within the unified system of distributed network infrastructure. The analytic server may access the sub attack trees of the network sub-systems based on the corresponding identifiers. The analytic server may build a high-level attack tree of the unified system by aggregating the sub attack tree of each sub-system. The analytic server may determine how the interconnection of the plurality of network sub-systems may affect the unified system security. The analytic server may update one or more nodes of the attack tree to reflect the changes produced from the interconnection. The analytic server may build the attack tree based on a set of aggregation rules.

Abstract: An example technique includes initializing, by an obfuscation computing system, communications with nodes in a distributed computing platform. The nodes include compute nodes that provide resources in the distributed computing platform and a controller node that performs resource management of the resources. The obfuscation computing system serves as an intermediary between the controller node and the compute nodes. The technique further includes outputting an interactive user interface (UI) providing a selection between a first privilege level and a second privilege level, and performing one of: based on the selection being for the first privilege level, a first obfuscation mechanism for the distributed computing platform to obfuscate digital traffic between a user computing system and the nodes, or based on the selection being for the second privilege level, a second obfuscation mechanism for the distributed computing platform to obfuscate digital traffic between the user computing system and the nodes.

Abstract: Disclosed herein are embodiments of systems, methods, and apparatus that execute classification techniques to enable high-quality analysis of ingest data by interpreting and categorizing disparate data points of the ingest data. The execution of the classification techniques leads to isolation of intrinsic properties of each data point to represent the essence of what the overall ingest data indicates. The classification techniques further enables classification of the ingest data, which is unencumbered by any ingest data format changes, such as ordering of data components, encoding, or properties associated with the ingest data that are likely to change without altering meaning conveyed by the ingest data.