Abstract: Systems and methods enable automated and scalable obfuscation detection in programming scripts, including processing devices that receive software programming scripts and a symbol set. The processing devices determine a frequency of each symbol and an average frequency of the symbols in the script text. The processing devices determine a normal score of each symbol based on the frequency of each symbol and the average frequency to create a symbol feature for each symbol including the normal score. The processing devices utilize an obfuscation machine learning model including a classifier for binary obfuscation classification to detect obfuscation in the script based on the symbol features. The processing devices cause to display an alert indicting an obfuscated software programming script on a screen of a computing device associated with an administrative user to recommend security analysis of the software programming script based on the binary obfuscation classification.

Abstract: In some implementations, a system may receive a shell script associated with a computing device. The system may generate a character frequency feature vector based on the shell script. The system may input text of the shell script to a convolutional neural network (CNN) branch of a trained deep learning model. The system may input the character frequency feature vector to a feedforward neural network (FNN) branch of the trained deep learning model. The system may determine using the trained deep learning model, respective probability scores for each of a plurality of obfuscation types for the shell script based on a combined output of the CNN branch and the FNN branch. The system may detect whether the shell script is obfuscated based on respective probability scores for each of the plurality of obfuscation types determined for the shell script.

Abstract: Systems and methods enable automated and scalable obfuscation detection in programming scripts, including processing devices that receive software programming scripts and a symbol set. The processing devices determine a frequency of each symbol and an average frequency of the symbols in the script text. The processing devices determine a normal score of each symbol based on the frequency of each symbol and the average frequency to create a symbol feature for each symbol including the normal score. The processing devices utilize an obfuscation machine learning model including a classifier for binary obfuscation classification to detect obfuscation in the script based on the symbol features. The processing devices cause to display an alert indicting an obfuscated software programming script on a screen of a computing device associated with an administrative user to recommend security analysis of the software programming script based on the binary obfuscation classification.

Abstract: In some implementations, a system may receive a shell script associated with a computing device. The system may generate a character frequency feature vector based on the shell script. The system may input text of the shell script to a convolutional neural network (CNN) branch of a trained deep learning model. The system may input the character frequency feature vector to a feedforward neural network (FNN) branch of the trained deep learning model. The system may determine using the trained deep learning model, a respective probability score for each of a plurality of obfuscation types for the shell script based on a combined output of the CNN branch and the FNN branch. The system may detect whether the shell script is obfuscated based on the respective probability score for each of the plurality of obfuscation types determined for the shell script.

Abstract: A system including at least one processor; and at least one memory having stored thereon computer program code that, when executed by the at least one processor, controls the at least one processor to: receive an email addressed to a user; separate the email into a plurality of email components; analyze, using respective machine-learning techniques, each of the plurality of email components; feed the analysis of each of the plurality of email components into a stacked ensemble analyzer; and based on an output of the stacked ensemble analyzer, determine whether the email is malicious.

Abstract: Methods and systems are described herein for detecting anomalous access to system resources. An anomaly detection system may access system events from one or more computing devices and may generate entries from the system events. Each entry may include a corresponding timestamp indicating a time when a corresponding system event occurred, a corresponding user identifier indicating a user account within a computing environment associated with the corresponding system event, a corresponding location identifier indicating a location within the computing environment, and a corresponding action identifier indicating an action that the user account performed with respect to the location or an object within the computing environment. The generated entries may be aggregated and input into an anomaly detection model to obtain anomalous activity identified by the model.

Abstract: Methods and systems are described herein for detecting anomalous access to system resources. An anomaly detection system may access system events from one or more computing devices and may generate entries from the system events. Each entry may include a corresponding timestamp indicating a time when a corresponding system event occurred, a corresponding user identifier indicating a user account within a computing environment associated with the corresponding system event, a corresponding location identifier indicating a location within the computing environment, and a corresponding action identifier indicating an action that the user account performed with respect to the location or an object within the computing environment. The generated entries may be aggregated and input into an anomaly detection model to obtain anomalous activity identified by the model.

Abstract: Systems and methods enable automated and scalable obfuscation detection in programming scripts, including processing devices that receive software programming scripts and a symbol set. The processing devices determine a frequency of each symbol and an average frequency of the symbols in the script text. The processing devices determine a normal score of each symbol based on the frequency of each symbol and the average frequency to create a symbol feature for each symbol including the normal score. The processing devices utilize an obfuscation machine learning model including a classifier for binary obfuscation classification to detect obfuscation in the script based on the symbol features. The processing devices cause to display an alert indicting an obfuscated software programming script on a screen of a computing device associated with an administrative user to recommend security analysis of the software programming script based on the binary obfuscation classification.

Abstract: Systems and methods enable automated and scalable obfuscation detection in programming scripts, including processing devices that receive software programming scripts and a symbol set. The processing devices determine a frequency of each symbol and an average frequency of the symbols in the script text. The processing devices determine a normal score of each symbol based on the frequency of each symbol and the average frequency to create a symbol feature for each symbol including the normal score. The processing devices utilize an obfuscation machine learning model including a classifier for binary obfuscation classification to detect obfuscation in the script based on the symbol features. The processing devices cause to display an alert indicting an obfuscated software programming script on a screen of a computing device associated with an administrative user to recommend security analysis of the software programming script based on the binary obfuscation classification.

Abstract: Systems and methods enable automated and scalable obfuscation detection in programming scripts, including processing devices that receive software programming scripts and a symbol set. The processing devices determine a frequency of each symbol and an average frequency of the symbols in the script text. The processing devices determine a normal score of each symbol based on the frequency of each symbol and the average frequency to create a symbol feature for each symbol including the normal score. The processing devices utilize an obfuscation machine learning model including a classifier for binary obfuscation classification to detect obfuscation in the script based on the symbol features. The processing devices cause to display an alert indicting an obfuscated software programming script on a screen of a computing device associated with an administrative user to recommend security analysis of the software programming script based on the binary obfuscation classification.

Abstract: In some implementations, a system may receive a shell script associated with a computing device. The system may generate a character frequency feature vector based on the shell script. The system may input text of the shell script to a convolutional neural network (CNN) branch of a trained deep learning model. The system may input the character frequency feature vector to a feedforward neural network (FNN) branch of the trained deep learning model. The system may determine using the trained deep learning model, a respective probability score for each of a plurality of obfuscation types for the shell script based on a combined output of the CNN branch and the FNN branch. The system may detect whether the shell script is obfuscated based on the respective probability score for each of the plurality of obfuscation types determined for the shell script.

Abstract: Methods and systems are described herein for detecting anomalous access to system resources. An anomaly detection system may access system events from one or more computing devices and may generate entries from the system events. Each entry may include a corresponding timestamp indicating a time when a corresponding system event occurred, a corresponding user identifier indicating a user account within a computing environment associated with the corresponding system event, a corresponding location identifier indicating a location within the computing environment, and a corresponding action identifier indicating an action that the user account performed with respect to the location or an object within the computing environment. The generated entries may be aggregated and input into an anomaly detection model to obtain anomalous activity identified by the model.

Abstract: Systems and methods enable automated and scalable obfuscation detection in programming scripts, including processing devices that receive software programming scripts and a symbol set. The processing devices determine a frequency of each symbol and an average frequency of the symbols in the script text. The processing devices determine a normal score of each symbol based on the frequency of each symbol and the average frequency to create a symbol feature for each symbol including the normal score. The processing devices utilize an obfuscation machine learning model including a classifier for binary obfuscation classification to detect obfuscation in the script based on the symbol features. The processing devices cause to display an alert indicting an obfuscated software programming script on a screen of a computing device associated with an administrative user to recommend security analysis of the software programming script based on the binary obfuscation classification.

Abstract: A method of determining a definition for a term associated with a specific domain may include: receiving, via a processor, an electronic document that is associated with a specific domain, the electronic document including at least one term; determining a definition of the at least one term via a machine learning model that is trained, based on (i) a plurality of terms associated with the specific domain as training data and (ii) definitions associated with the specific domain and corresponding to the plurality of terms as ground truth, to generate an output definition associated with the specific domain in response to an input term; and transmitting a response to receiving the electronic document that includes the determined definition of the at least one term.

Abstract: Systems and methods enable automated and scalable obfuscation detection in programming scripts, including processing devices that receive software programming scripts and a symbol set. The processing devices determine a frequency of each symbol and an average frequency of the symbols in the script text. The processing devices determine a normal score of each symbol based on the frequency of each symbol and the average frequency to create a symbol feature for each symbol including the normal score. The processing devices utilize an obfuscation machine learning model including a classifier for binary obfuscation classification to detect obfuscation in the script based on the symbol features. The processing devices cause to display an alert indicting an obfuscated software programming script on a screen of a computing device associated with an administrative user to recommend security analysis of the software programming script based on the binary obfuscation classification.

Abstract: A system including at least one processor; and at least one memory having stored thereon computer program code that, when executed by the at least one processor, controls the at least one processor to: receive an email addressed to a user; separate the email into a plurality of email components; analyze, using respective machine-learning techniques, each of the plurality of email components; feed the analysis of each of the plurality of email components into a stacked ensemble analyzer; and based on an output of the stacked ensemble analyzer, determine whether the email is malicious.

Abstract: A charged particle device includes an electron emitting part for emitting electrons, an electron irradiated part configured to be irradiated with the electrons emitted from the electron emitting part, a container part configured to evacuate an interior thereof and contain the electron irradiated part in the interior thereof, an electric wire containing part configured to be inserted from an outside of the container part via an insertion part provided in the container part to contain an electric wire through which electricity is conducted to the electron irradiated part contained in the container part, and an insertion-part-side protrusion part configured to surround the electric wire containing part and protrude from a vicinity of the insertion part on an inner wall of the container part to an interior of the container part.

Abstract: A system including at least one processor; and at least one memory having stored thereon computer program code that, when executed by the at least one processor, controls the at least one processor to: receive an email addressed to a user; separate the email into a plurality of email components; analyze, using respective machine-learning techniques, each of the plurality of email components; feed the analysis of each of the plurality of email components into a stacked ensemble analyzer; and based on an output of the stacked ensemble analyzer, determine whether the email is malicious.

Abstract: A system including at least one processor; and at least one memory having stored thereon computer program code that, when executed by the at least one processor, controls the at least one processor to: receive an email addressed to a user; separate the email into a plurality of email components; analyze, using respective machine-learning techniques, each of the plurality of email components; feed the analysis of each of the plurality of email components into a stacked ensemble analyzer; and based on an output of the stacked ensemble analyzer, determine whether the email is malicious.

Abstract: A system including at least one processor; and at least one memory having stored thereon computer program code that, when executed by the at least one processor, controls the at least one processor to: receive an email addressed to a user; separate the email into a plurality of email components; analyze, using respective machine-learning techniques, each of the plurality of email components; feed the analysis of each of the plurality of email components into a stacked ensemble analyzer; and based on an output of the stacked ensemble analyzer, determine whether the email is malicious.