Abstract: This disclosure relates to method and system for generating cognitive security intelligence for detecting and preventing malwares. In one embodiment, the method includes monitoring instructions being executed by a processor of a computing system, determining events triggered and activities performed by the execution of the instructions, correlating the events and the activities to determine a sequence of events and activities, and mapping the sequence of events and activities with a topographical threat map to detect a pattern match corresponding to a malware. The topographical threat map is event and activity behavior map of a number of categories of malwares, and is built based on a cognitive analysis using deep learning which may also be enriched with external knowledge or historic knowledge. The method further includes effecting a remedial measure, upon detecting the pattern match, to prevent the malware by constructing remedial instructions to be executed by the processor.

Abstract: A method and device for classifying uniform resource locators based on content in corresponding websites includes extracting, by a network device, a plurality of website contents from a website associated with a URL based on Optical Character Recognition (OCR). Each of the plurality of website contents are classified into a plurality of webpage categories based on machine learning. User actions for the plurality of website contents are simulated based on a webpage category associated with each of the plurality of website contents. An access classification is determined for the URL based on results of simulating the user actions and machine learning.

Abstract: A method and device for classifying uniform resource locators based on content in corresponding websites is disclosed. The method includes extracting, by a network device, a plurality of website contents from a website associated with a URL based on Optical Character Recognition (OCR). The method further includes classifying, by the network device, each of the plurality of website contents into a plurality of webpage categories based on machine learning. The method includes simulating, by the network device, user actions for the plurality of website contents, based on a webpage category associated with each of the plurality of website contents. The method further includes determining, by the network device, an access classification for the URL based on results of simulating the user actions and machine learning.

Abstract: This disclosure relates to method and system for generating cognitive security intelligence for detecting and preventing malwares. In one embodiment, the method includes monitoring instructions being executed by a processor of a computing system, determining events triggered and activities performed by the execution of the instructions, correlating the events and the activities to determine a sequence of events and activities, and mapping the sequence of events and activities with a topographical threat map to detect a pattern match corresponding to a malware. The topographical threat map is event and activity behavior map of a number of categories of malwares, and is built based on a cognitive analysis using deep learning which may also be enriched with external knowledge or historic knowledge. The method further includes effecting a remedial measure, upon detecting the pattern match, to prevent the malware by constructing remedial instructions to be executed by the processor.

Abstract: The method and system of present disclosure relate to facilitating network security. The method includes configuring a network comprising plurality of devices which are provided with sensors for detecting security threats. Further, security grid of the network is generated, in which, the sensors of one device may interact with sensors of other devices. The system may continuously monitor the activities of the devices and learn from them. Based on the monitoring and learning, behavior pattern is generated. Further, system captures current activity of the device and compare it with the behavior pattern to determine the deviation. The system may consider the other factors like context of the operating environment and occurrences of the same activity in other devices in the security grid to determine the genuineness of the deviation. If the device is determined to be anomalous, the system generates curative actions for addressing the abnormality of the device.