Abstract: A method for predicting at least one property of a crystal of a material, with the crystal exhibiting at least one point defect. At least one module samples structures of materials and point defects of the crystal. The method comprises: providing a neural network. The neural network comprises: receiving as input a structure of the material and an ideal crystal unit cell structure. The neural network also comprises: outputting at least one target quantity and using a generated set of data and representing the point defect. The point defect represents a set of coordinates and a type of the point defect and a crystal unit cell structure. The neural network further comprises: receiving as input at least one of a cloud of defect points and a global state vector. The neural network additionally comprises outputting a vector.

Abstract: The present disclosure relates to a system and method implemented for lowering the number of fingerprints of fragments of a file added to the digital fingerprint library using a winnowing window method. The digital fingerprint library stores fingerprints of fragments of files matching certain criteria, e.g., containing protected information. When an unknown file is examined, that library is used to compare fingerprints of fragments of size N from the unknown file to the fingerprints stored in the library. The method automatically determines criteria for adding fingerprints to the digital fingerprint library or skipping them.

Abstract: A system and method for detecting malware using hierarchical clustering analysis. Unknown files classified by clustering and in view of known malicious and known safe files. A search is made for similar files using the probabilistic MinHash LSH algorithm applying a Jaccard measure. Machine learning models and detection rules are used to enhance classification accuracy.

Abstract: Systems and methods for verifying a production system automatically by testing a backup copy of the production system. The system comprises a backup transporter configured to copy or move a set of backup files from the backup generated of the production system and replicate the set of files on a testing computer, a mounting module configured to instantiate a copy of the production system on the testing computer, and a testing module configured to apply a set of automatic pre-defined tests to the application on the testing computer to analyze the application for vulnerabilities and defects, and generate a list of results of execution of each of the pre-defined tests on the testing computer, the list of results indicative of the vulnerabilities and defects.

Abstract: Systems and methods for embedding into a storage stack of a UNIX based computing device. A method includes building a file storage map for a file stored in computing device data storage, intercepting a system call associated with the file, intercepting a storage stack operation, and analyzing the system call and the storage stack operation using the file storage map to determine a change to a data block of the file. The method further includes building a shadow copy of the file on backup storage. The method further includes detecting a malicious operation based on the change to the data block.

Abstract: Systems and methods for threat detection and analysis. A method includes monitoring at least one thread associated with at least one user process on a computing device. The method further includes detecting specific-system calls associated with at least one user process at user level. The specific-system calls are analyzed by applying a filter to system calls sequence feature sets associated with the specific-system calls for detecting one or more events of interest. A capture of a full stack trace of at least one user process is requested if the system calls sequence feature set is filtered and at least one event of interest is detected. A first level monitoring is provided to the computing device, which includes processing and analyzing the captured full stack trace by a machine learning (ML) stack trace analyzer to generate a first verdict for threat detection and analysis.

Abstract: Systems and methods for verifying a production system automatically by testing a mirror copy of the production system on a testing computer. The system includes a mirror update transporter to deliver a mirror update from the production system to the mirror system, a mounting module to apply the mirror update to the mirror system, a testing computer on which the mirror system is running, a testing module to automatically execute a set of tests on the mirror system, and a communication module to communicate the results of the tests.

Abstract: Systems and methods to predict an enumeration-based attack. A System includes a security sensor configured to track one or more system events and determine a sequence of operations of processes executed in response to the one or more system events. In addition, the system includes a security agent having a prediction unit configured to analyze the tracked storage operations of each process to generate a first security verdict and determine if a first probabilistic value identifying probability of finding the enumeration attack exceeds a first threshold value for a particular process. The security agent also includes an analysis module configured to obtain a full stack corresponding to the particular process from the security sensor, conduct the full stack analyses of the particular process, to generate a second verdict, and characterize the process as malicious, if the probabilistic value of the second verdict exceeds a second threshold value.

Abstract: A system for identifying of presence of protected data in an unknown file includes a processor coupled to a memory storing instructions, the processor being configured to implement the instructions to apply a sliding window process to generate one or more fragments of length, for each generated fragment, check whether information about the generated fragment exists in a library of known fragments of protected data, and if the information about the generated fragment from the unknown file exists in the library of known fragments of protected data, perform steps to reflect an existence of the information about the generated fragment.

Abstract: Disclosed herein are systems and methods for detecting anomalous behavior (e.g., attacks) in devices within a network. In an exemplary aspect, a method includes intercepting a first plurality of packets being transmitted in a network with a plurality of devices; identifying, from the first plurality of packets, a subset of packets corresponding to a device of the network; extracting a plurality of deterministic features from the subset of packets; calculating, based on the subset of packets, a risk score associated with the device based on a deviation of the features from a deterministic profile of the device, a first probability of the subset of packets exhibiting anomalous behavior based on a per-device model, and a second probability of the plurality of packets exhibiting anomalous behavior based on a network model; classifying anomalies into attack categories, and executing a remediation action to resolve anomalous behavior in the device.

Abstract: The present disclosure relates to pre-processing of files to better prepare them for the process of comparing fingerprints of fragments of fixed size N from these files to other files that contain similar information but may be structured differently. The pre-processing method and system are applied to files with known protected data before fingerprints of some of the N-fragments from these files are added to the digital fingerprint library and to the unknown files before the fingerprints of some of their N-fragments are compared to the fingerprints of other N-fragments of data stored in the digital fingerprint library.

Abstract: A method and system for automatically assigning a behavioral category to a subject's study progress corresponding to a particular test with an option to submit multiple versions of a solution. The method is based on abstracting subject solution versions into abstractions that are mapped to previously identified solution abstraction clusters based on some solution abstraction clustering criteria; calculating subject's path through these solution abstraction clusters and identifying a previously identified behavioral cluster to which subject's path is mapped using certain path clustering criteria. As the progress of a subject's solutions through a period of time reflects the evolution of the subject's understanding of the subject, attribution of the subject's path to a behavioral cluster allows for automatic classification of such understanding including identification of abuse or misuse of the educational process.

Abstract: A method and a system for automatic classification of study progress for multiple subjects corresponding to a particular test with an option for a subject to submit multiple solutions to the test over a period of time based on two-level clustering of abstraction of subject's solutions and subject's paths across different clusters of solution abstractions. Similarity of paths of subjects through solution abstraction clusters reflect the similarity of subjects' progress in learning a subject; subjects with paths grouped in the same cluster are considered to have a similar progress in learning a subject that is assessed with the given test.

Abstract: A system and a method for performing brand detection and brand analysis in a video are disclosed herein. The method comprises receiving the video for performing the brand detection thereon; splitting the video for obtaining input video frames; performing an open set detection on the input video frames to compute instances of detecting brand media; determining an exact square region in which the brand media is occupied within the input video frame; resolving a scene understanding task in the input video frame; detecting crucial moments in the video; identifying an area on the input frame where a user's attention is focused to provide user focus index; generating heat maps using the detection of crucial moments and user focus index; and combining above inputs from the brand detection and the scene understanding into the heat maps for all the input video frames of the video for computing a brand advertising rate.

Abstract: A system and method for performing brand detection in a video is disclosed herein. The method comprises receiving the video for performing the brand detection thereon; splitting the video for obtaining a plurality of video frames; performing an open set detection on each input video frame from the plurality of video frames, which comprises proposing one or more bounding boxes on the input video frames on regions of the video frame that potentially include brand media; cropping the one or more bounding boxes; providing the cropped bounding boxes to a classification module for obtaining embedding vectors corresponding to each of the cropped bounding boxes; and comparing the embedding vectors of the cropped bounding boxes with embedding vectors of one or more brand reference images provided by a user for computing instances of brand detection in each video frame of the plurality of video frames.

Abstract: Disclosed herein are systems and method for restoring files from a backup, the method including: retrieving a time indicator from a time server associated with a backup server; synchronizing time between the backup server and a computing device performing a backup, based on the time indicator; performing the backup of files from the computing device to the backup server, wherein a malicious process modifies at least one file being backed up at an incident time during the backup and performs an attempt to change a time of the computing device such that a modification timestamp of the at least one file precedes the incident time; blocking the attempt to change the time of the computing device; subsequent to completing the backup, detecting the malicious process infecting the computing device; and performing a restoration of the backup on the computing device.

Abstract: Disclosed herein are systems and methods for selecting files for malware analysis. In one aspect, a method may include identifying, in a cloud network, a backup of a client machine; extracting, from the backup, at least one file of a given file type; determining whether to include the at least one file in a sandbox of the cloud network by performing a static analysis of the at least one file; selecting the at least one file for inclusion in the sandbox based on the static analysis; monitoring, for a period of time, a behavior of the at least one file in the sandbox by performing a dynamic analysis of the at least one file; and in response to determining that the at least one file is malicious based on the dynamic analysis, performing a remediation action on the at least one file.

Abstract: A method and system for threat detection and analysis is disclosed herein. The method includes monitoring at least one thread associated with at least one process on a computing system. The method further includes detecting specific system calls associated with at least one process at kernel level. The specific system calls are analyzed by applying a filter to the system calls sequence feature set associated with the specific system calls for detecting one or more events of interest. A full stack trace capture of at least one process is requested if the system calls sequence feature set is filtered and the one or more events of interest are detected. A first level monitoring is provided to the computing system, which includes processing and analyzing the captured full stack trace by a machine learning (ML) stack trace analyzer to generate a first verdict for threat detection and analysis.

Abstract: An automatic incident dispatcher calculates an incident signature of a new incident, calculates a degree of variance (DoV) of the new incident from an incident signature of the previously classified incident, compares the calculated DoV to a predetermined threshold, and determines that the new incident belongs to a same class as a class of the previously classified the new incident if the calculated DoV is less than or equal to the threshold.

Abstract: The present disclosure relates to a system and method of automatically updating the set of security controls in the production environment using AI based on historical data generated in the test management system TMS during the system's testing in the testing environment including information about its elements, their properties, testing environment, its characteristics, and security controls with their settings. Once the AI has sufficient historical data from a testing environment, every time a change is detected to the system in the production environment, its elements, their properties, or at least one characteristic of the production environment, the AI system makes a recommendation to update the set of security controls in the production environment.