Abstract: A system and method for predicting, forecasting and suggesting voyage plans for a vessel by considering design parameters, weather in sailing routes and a user's preference for best weather or best economy or fastest way to reach the destination. Voyage plans are optimized using the above parameters, and directions are continuously provided in the form of heading and speeds to be maintained by the vessel during the course of the voyage.

Abstract: A system and method for monitoring one or more objects that have been restrainedly secured to a vehicle by one or more restraint members. The system includes a plurality of sensors each configured for monitoring one or more of a compressive or tensile stress or strain in one of the one or more restraint members, and a controller for periodically interrogating each of the plurality of sensors to ascertain a value of stress or strain detected by the respective sensor. When a change in the value of stress or strain is indicative of loosened or overtightened restraint members, a mitigation event is triggered.

Abstract: A computerized technique for program simplification and specialization combines a partial interpretation of the program based on a subset of program functions to obtain variable states with concrete values at a program “neck.” These concrete values are then propagated as part of an optimization transformation that simplifies the program based on these constant values, for example, by eliminating branches that are never taken based on the constant values.

Abstract: Disclosed herein are enhancements for operating a communication network to detect malware in scripts of web applications. In one implementation, a method for modeling the structure of embedded unclassified scripts to compare the abstract dynamism of similar scripts. The method may determine structure of unclassified end user browser script by building abstract structure using code from unclassified end user browser script; compare determined structure of unclassified end user browser script with a plurality of generalized abstract structures; if the determined structure of unclassified end user browser script matches within a predetermined threshold of any of the plurality of generalized abstract structures, then the unclassified end user browser script is classified as benign, otherwise the determined structure is classified as malicious. This, in turn, provides a scalable and efficient way of identifying benign, malicious, known and unknown scripts from a script available in full or in part.

Abstract: A method and system for extracting information from a drawing. The method includes classifying nodes in the drawing, extracting attributes from the nodes, determining whether there are errors in the node attributes, and removing the nodes from the drawing. The method also includes identifying edges in the drawing, extracting attributes from the edges, and determining whether there are errors in the edge attributes. The system includes at least one processing component, at least one memory component, an identification component, an extraction component, and a correction component. The identification component is configured to classify nodes in the drawing, remove the nodes from the drawing, and identify edges in the drawing. The extraction component is configured to extract attributes from the nodes and edges. The correction component is configured to determine whether there are errors in the extracted attributes.

Abstract: A method and system for extracting information from a drawing. The method includes classifying nodes in the drawing, extracting attributes from the nodes, determining whether there are errors in the node attributes, and removing the nodes from the drawing. The method also includes identifying edges in the drawing, extracting attributes from the edges, and determining whether there are errors in the edge attributes. The system includes at least one processing component, at least one memory component, an identification component, an extraction component, and a correction component. The identification component is configured to classify nodes in the drawing, remove the nodes from the drawing, and identify edges in the drawing. The extraction component is configured to extract attributes from the nodes and edges. The correction component is configured to determine whether there are errors in the extracted attributes.

Abstract: A system and method for monitoring one or more objects that have been restrainedly secured to a vehicle by one or more restraint members. The system includes a plurality of sensors each configured for monitoring one or more of a compressive or tensile stress or strain in one of the one or more restraint members, and a controller for periodically interrogating each of the plurality of sensors to ascertain a value of stress or strain detected by the respective sensor. When a change in the value of stress or strain is indicative of loosened or overtightened restraint members, a mitigation event is triggered.

Abstract: A system and method for predicting, forecasting and suggesting voyage plans for a vessel by considering design parameters, weather in sailing routes and a user's preference for best weather or best economy or fastest way to reach the destination. Voyage plans are optimized using the above parameters, and directions are continuously provided in the form of heading and speeds to be maintained by the vessel during the course of the voyage.

Abstract: Techniques to facilitate security for a software application are disclosed herein. In at least one implementation, static analysis is performed on code resources associated with the software application to generate static analysis results. Dynamic analysis is performed on a running instance of the software application to generate dynamic analysis results. An application information model of the software application is generated based on the static analysis results and the dynamic analysis results. Security policies for the software application are determined based on the application information model.

Abstract: Disclosed herein are enhancements for operating a communication network to detect malware in scripts of web applications. In one implementation, a method for modeling the structure of embedded unclassified scripts to compare the abstract dynamism of similar scripts. The method may determine structure of unclassified end user browser script by building abstract structure using code from unclassified end user browser script; compare determined structure of unclassified end user browser script with a plurality of generalized abstract structures; if the determined structure of unclassified end user browser script matches within a predetermined threshold of any of the plurality of generalized abstract structures, then the unclassified end user browser script is classified as benign, otherwise the determined structure is classified as malicious. This, in turn, provides a scalable and efficient way of identifying benign, malicious, known and unknown scripts from a script available in full or in part.

Abstract: The disclosed computer-implemented method for reverse-engineering malware protocols may include (1) decrypting encrypted network traffic generated by a malware program, (2) identifying at least one message type field in the decrypted network traffic, (3) identifying at least one message in the decrypted network traffic with the identified message type, and (4) inferring at least a portion of a protocol used by the malware program by analyzing the identified message to identify a field type for at least one data field of the identified message of the identified message type. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques to facilitate security for a software application are disclosed herein. In at least one implementation, static analysis is performed on code resources associated with the software application to generate static analysis results. Dynamic analysis is performed on a running instance of the software application to generate dynamic analysis results. An application information model of the software application is generated based on the static analysis results and the dynamic analysis results. Security policies for the software application are determined based on the application information model.

Abstract: A network intrusion detection system combines the normally sequential steps of protocol analysis, normalization, and signature matching through the use of a regular expression to speed the monitoring of network data. The regular expression also allows the creation of a superset matcher, permitting multiple stages of matching of increased accuracy to produce additional throughput gains.

Abstract: A malware prevention system monitors kernel level events of the operating system and applies user programmable or preprepared policies to those events to detect and block malware.

Abstract: An automatic technique for generating signatures for malicious network traffic performs a cluster analysis of known malicious traffic to create a signature in the form of a state machine. The cluster analysis may operate on semantically tagged data collected by connection or session and normalized to eliminate protocol specific features. The signature extractor may generalize the finite-state machine signatures to match network traffic not previously observed.

Abstract: Deterministic finite automata (DFAs) are popular solutions to deep packet inspection because they are fast and DFAs corresponding to multiple signatures are combinable into a single DFA. Combining such DFAs causes an explosive increase in memory usage. Extended finite automata (XFAs) are an alternative to DFAs that avoids state-space explosion problems. XFAs extend DFAs with a few bytes of “scratch memory” used to store bits and other data structures that record progress. Simple programs associated with automaton states and/or transitions manipulate this scratch memory. XFAs are deterministic in their operation, are equivalent to DFAs in expressiveness, and require no custom hardware support. Fully functional prototype XFA implementations show that, for most signature sets, XFAs are at least 10,000 times smaller than the DFA matching all signatures. XFAs are 10 times smaller and 5 times faster or 5 times smaller and 20 times faster than systems using multiple DFAs.

Abstract: Systems, methods and devices according to this invention include a plurality of defined modification rules for modifying a sequence of packets that form an attack on an intrusion detection system. These modification rules include both rules that expand the number of packets and rules that reduce the number of packets. The reducing rules can be applied to a given attack instance to identify one or more root attack instances. The expanding rules can then be applied to each root attack instance to generate a corpus of modified attack instances. The modification rules can preserve the semantics of the attack, so that any modified attack instance generated from the given attack instance remains a true attack. To test an intrusion detection system, the corpus of modified attack instances can be used to determine whether an intrusion detection system detects every modified attack instance.

Abstract: A technique for finding malicious code such as viruses in an executable binary file converts the executable binary to a function unique form to which function unique forms of virus code may be compared. By avoiding direct comparison of the expression of the viral code but looking instead at its function, obfuscation techniques intended to hide the virus code are substantially reduced in effectiveness.

Abstract: An automatic system for spyware detection and signature generation compares packets of output from a computer in response to standard user inputs, to packets of a standard output set derived from a known clean machine. Differences between these two packet sets are analyzed with respect to whether they relate to unknown web servers and whether they incorporate user-derived information. This analysis is used to provide an automatic detection of and signature generation for spyware infecting the machine.

Abstract: Computer programs are preprocessed to produce normalized or standard versions to remove obfuscation that might prevent the detection of embedded malware through comparison with standard malware signatures. The normalization process can provide an unpacking of compressed or encrypted malware, a reordering of the malware into a standard form, and the detection and removal of semantically identified nonfunctional code added to disguise the malware.