Abstract: Disclosed herein are systems and method for preventing malware reoccurrence when restoring a computing device using a backup image. In one exemplary aspect, a method may identify, from a plurality of backup images for a computing device, a backup image that was created most recently before the computing device was compromised. The method may mount the backup image as a disk and scanning the disk for malicious software. The method may disable all ports and services on the computing device to prevent unauthorized network connections and service launches. The method may restore data to the computing device from the mounted disk. The method may update software on the computing device and applying latest patches, and reopen the ports and restart the services on the computing device subsequent to updating the software and applying the latest patches.

Abstract: Methods for file archiving using machine learning are disclosed herein. An exemplary method comprises archiving a first file of a plurality of files from a storage server to a tiered storage system, training a machine learning module based on file access operations for the plurality of files, determining one or more rules for predicting access to the archived files using the machine learning module, determining a prediction of access of the archived file based on the one or more rules and retrieving the archived file from the tiered storage system into a file cache in the storage server based on the prediction of access.

Abstract: The present disclosure includes methods and systems for protecting network resources. A method may start, by a processor, copy-on-write snapshotting for modifications to a plurality of files stored on electronic storage. A method may monitor, by the processor, access to objects within a file system associated with the electronic storage for a set of operations. A method may intercept, by the processor, one or more operation of the set of operations for modifying a region of a file in the file system. A method may capture, by the processor, one or more of original contents, modified contents and written contents of the region. A method may end, by the processor, copy-on-write snapshotting. A method may perform malware and/or ransomware analysis on a process performing the modification to the region of the file in the file system.

Abstract: A system and method for implementing management of a system context database is disclosed herein. The system context from a target computing system is collected. The system context is set in accordance with the configuration status of a context consumer. The context consumer includes one or more data security components. A system context database is initialized in response to the configuration status. The collected system context is restored in a cache. The attributes from the cache are provided to the context consumer where the attributes are compared with predefined attributes of the known malware threats. Each data security component of the context consumer is configured to access the cache in a synchronized manner to avoid duplication of the scanning process. The comparison result indicates the presence of a malware threat.

Abstract: Disclosed herein are systems and method for inspecting archived slices for malware using empty spare files. In one exemplary aspect, the method comprises generating a backup slice and a virtual volume comprising a list of files in the backup slice and associated file information. The method comprises mounting the virtual volume to a disk. The method comprises creating, in the virtual volume, empty sparse files that are placeholders of the files reference in the list of files. The method comprises detecting a change between a respective empty sparse file and a corresponding file in a previous backup slice and accordingly storing the actual content of the file in the virtual volume in place of the respective empty sparse file. The method comprises scanning the virtual volume for malicious software and generating a cured slice that replaces the backup slice in the backup archive upon detection.

Abstract: Disclosed herein are methods and systems for providing data recovery recommendations. In an exemplary aspect, a method may comprise identifying a plurality of storage devices. For each respective device of the plurality of storage devices, the method may comprise extracting a respective input parameter indicative of a technical attribute of the respective device, inputting the respective input parameter into a machine learning algorithm configured to output both a first likelihood of the respective device needing a data recovery and a second likelihood that the data recovery will fail, and determining a respective priority level of the respective device based on the first likelihood and the second likelihood. The method may comprise normalizing each respective priority level, and recommending a device of the plurality of storage devices for a test data recovery procedure based on each normalized priority level.

Abstract: Aspects of the disclosure describe methods and systems for performing an antivirus scan using file level deduplication. In an exemplary aspect, prior to performing an antivirus scan on files stored on at least two storage devices, a deduplication module calculates a respective hash for each respective file stored on the storage devices. The deduplication module identifies a first file stored the storage devices and determines whether at least one other copy of the first file exists on the storage devices. In response to determining that another copy exists, the deduplication module stores the first file in a shared database, replaces all copies of the first file on the storage devices with a link to the first file in the shared database, and performs the antivirus scan on (1) the first file in the shared database and (2) the files stored on the storage devices.

Abstract: Disclosed herein are systems and methods for synchronizing anonymized linked data across multiple queues for SMPC. The systems and methods guarantee that data is kept private from a plurality of nodes, yet can still be synced within a local queue, across the plurality of local queues. In conventional SMPC frameworks, specialised data known as offline data is required to perform key operations, such as multiplication or comparisons. The generation of this offline data is computationally intensive, and thus adds significant overhead to any secure function. The disclosed system and methods aid in the operation of generating and storing offline data before it is required. Furthermore, the disclosed system and methods can help start functions across multi-parties, preventing concurrency issues, and align secure input data to prevent corruption.

Abstract: Disclosed herein are systems and method for performing secure computing while maintaining data confidentiality. In one exemplary aspect, a method receives, via an application, both data and a request to perform a secure operation on the data, wherein the secure operation is to be performed using a secure compute engine on a cloud platform such that the data is not viewable to a provider of the cloud platform. The method applies transformations to the data so that the data is not viewable to the provider. The method transmits the transformed data to the secure compute engine on the cloud platform to perform the secure operation on the transformed data, receives a result of the secure operation from the secure compute engine, and transmits the result to the application.

Abstract: Disclosed herein are systems and method for determining data storage insurance policies. In an exemplary implementation, a method comprises receiving a request to add a data storage insurance policy to a plurality of data files. The method comprises extracting data file attributes and determining a data recovery score for each respective data file based on a uniqueness, criticality, and/or importance of the respective data file. The method comprises determining a hardware score for each of a plurality of performance tiers comprising at least one storage server, based on an available capacity, a performance cost, and/or data recovery scores of data files currently stored at each of the plurality of performance tiers. The method comprises selecting and executing a data storage insurance policy for the respective data file based on a plurality of data recovery rules and/or the comparison of the data recovery score and the hardware score.

Abstract: A data storage system uses erasure coding in combination with hashgraph to organize stored data and recover that data in a computing environment.

Abstract: A system and method of anti-malware analysis including iterative techniques. These techniques are used to create a file attribute tree used by a machine learning analyzer to identify malicious files.

Abstract: A system and method are disclosed for performing non-invasive scan of a target device. The system is configured for: i) loading an endpoint protection agent to a target device; ii) providing a remote direct memory access of the target device to the remote security server for reading a memory of the target device; iii) scanning, by a second memory scan engine of the remote security server, the memory of the target device upon the violation of the security policy; iv) identifying, by the second memory scan engine of the remote security server, a threat on the target device; and v) sending, by the remote security server, a security response action to the endpoint protection agent on the target device in accordance with the security policy.

Abstract: A system and method of anti-malware analysis including iterative techniques that combine static and dynamic analysis of untrusted programs or files. These techniques are used to identify malicious files by iteratively collecting new data for static analysis through dynamic run-time analysis.

Abstract: A method of continuous development of an internal threat scan engine based on an iterative quality assessment includes iteratively performing a dynamic assessment of a quality of a threat detection with a frequency defined for each of objects in an object collection, wherein a result of the dynamic assessment includes internal and external scan results of the objects and a consistency verdict of the internal and external scan results of the objects, changing a frequency of scanning iteration of the objects based on the consistency verdict of the external and internal scan results of the objects, classifying the objects based on the result of the dynamic assessment, and creating a development task including the internal and external scan results of the objects, meta-data of the objects, and automated test results to provide details for developing a software to fix inconsistency of the internal and external scan results.

Abstract: The IOC Infrastructure management system (100) and method is disclosed for building an IOC infrastructure and its management thereof. The system mainly includes a IOC processing unit and an endpoint engine. The IOC processing unit is configured to i) source raw IOCs from a plurality of external sources, ii) convert format of the raw IOCs into a predetermined format of an IOC database using a parser unit, where each parser of the parser unit corresponds to at least one IOC format, iii) build and apply syntax tree to the parsed IOCs, where the syntax tree supports complex expression-based toolsets, such as YARA, and sort the IOCs lexicographically to avoid duplication of IOC entry and render the malware detection scanning process faster and efficient.

Abstract: In part, the disclosure relates to a backup and restoration system for a transactional log based journaling application. The system includes a transactional log backup process executing on one or more computing devices; an archive stored in non-transitory computer readable memory; and a binary difference file generator in electronic communication with the archive and responsive to instructions from the transactional log backup process. In one embodiment, the binary difference file generator includes a backup driver in electrical communication with and responsive to communication signals from the transactional backup process.

Abstract: Disclosed herein are systems and method for classifying objects in an image using a color-based neural network. A method may include: training a neural network to classify an object in a given image into a color class from a set of color classes; determining, from the set of color classes, a subset of color classes that are anticipated to be in a received input image based on image metadata; generating a matched mask input indicating the subset; inputting both the input image and the matched mask input into the neural network, wherein the neural network is configured to: determine a first semantic embedding of the input image and the matched mask input; outputting a color class associated with a second semantic embedding with a least amount of distance to the first semantic embedding from a plurality of semantic embeddings.

Abstract: Disclosed herein are systems and method for classifying objects in an image using a color-based machine learning classifier. A method may include: training, with a dataset including a plurality of images, a machine learning classifier to classify an object in a given image into a color class from a set of color classes of a first size; receiving an input image depicting at least one object belonging to the set of color classes; determining a subset of color classes that are anticipated to be in the input image based on metadata of the input image; generating a matched mask input indicating the subset set of color classes in the input image, wherein the subset of color classes is of a second size that is smaller than the first size; and inputting both the input image and the matched mask input into the machine learning classifier.

Abstract: Disclosed herein are systems and method for determining environment dimensions based on environment pose. In one aspect, the method may include training, with a dataset including a plurality of images featuring an environment and labelled landmarks in the environment, a neural network to identify a pose of an environment. The method may comprise receiving an input image depicting the environment, generating an input tensor based on the input image, and inputting the input tensor into the neural network, which may be configured to generate an output tensor including a position of each identified landmark, a confidence level associated with each position, and a pose confidence score. The method may include calculating a homography matrix between each position in the output tensor along a camera plane and a corresponding position in an environment plane in order to output an image that visually connects each landmark along the environment plane.