Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed to implement trusted transfer learning on transformer-based phishing detection. In some examples, an apparatus includes processor circuitry to perform instructions to instantiate circuitry. The instantiated circuitry provides a uniform resource locator (URL) matrix corresponding to at least a portion of a URL address to a first transformer model and provide a web content data matrix corresponding to web content data on a web page at the URL address to a second transformer model. The instantiated circuitry performs data fusion on a first output from the first transformer model and a second output from the second transformer model to create a combined result. The instantiated circuitry determines at least whether phishing is detected at the URL address based at least in part on the combined result.

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed to translate hash-based signature signals for machine learning applications. In one example, the apparatus includes a processor to execute instructions to determine an element count for a plurality of hash elements of a locality sensitivity hash, preserve ones of hash elements of the plurality of hash elements that satisfy an element count threshold, and produce a cluster of encoded feature vectors of the preserved ones of the hash elements. The processor further to execute instructions to determine an occurrence frequency of hash elements in the cluster and create a synthetic hash of the cluster based on a subset of the hash elements in the cluster that satisfy an occurrence frequency threshold.

Abstract: In one example embodiment, an electronic device is provided and configured to: acquire authentication data for an authorized user; store the authentication data in an enclave; acquire identification data for a potential user, and compare, in the enclave, the identification data to the authentication data for recognizing if the potential user is the authorized user. In another embodiment, a server is provided and includes at least one processor; at least one memory; at least one driver, where the server is configured to: receive assertion data from an electronic device, where the assertion includes an authentication signing key and results from a comparison of acquired data and reference data; and determine it the assertion data is valid by: comparing the results to a threshold; and comparing the authentication signing key to an authentication signing key assigned to the electronic device.

Abstract: Methods, apparatus, systems, and articles of manufacture are disclosed. In one example, an apparatus includes at least one memory, instructions, and processor circuitry. The processor circuitry at least executes or instantiates the instructions to receive a group of indicators from a campaign attack, then query an indicator database with an indicator from the group of indicators, and then predict an identification of the campaign attack in response to the indicator having a current deterministic indicator and confidence scoring (DISC) score in the indicator database, wherein the DISC score represents at least one of a lethality component, a determinism component, or a confidence component of the indicator.

Abstract: Methods, apparatus, systems and articles of manufacture to improve deepfake detection with explainability are disclosed. An example apparatus includes a deepfake classification model trainer to train a classification model based on a first portion of a dataset of media with known classification information, the classification model to output a classification for input media from a second portion of the dataset of media with known classification information; an explainability map generator to generate an explainability map based on the output of the classification model; a classification analyzer to compare the classification of the input media from the classification model with a known classification of the input media to determine if a misclassification occurred; and a model modifier to, when the misclassification occurred, modify the classification model based on the explainability map.

Abstract: In one example embodiment, an electronic device is provided and configured to: acquire authentication data for an authorized user; store the authentication data in an enclave; acquire identification data for a potential user, and compare, in the enclave, the identification data to the authentication data for recognizing if the potential user is the authorized user. In another embodiment, a server is provided and includes at least one processor; at least one memory; at least one driver, where the server is configured to: receive assertion data from an electronic device, where the assertion includes an authentication signing key and results from a comparison of acquired data and reference data; and determine it the assertion data is valid by: comparing the results to a threshold; and comparing the authentication signing key to an authentication signing key assigned to the electronic device.

Abstract: In one example embodiment, an electronic device is provided and configured to: acquire authentication data for an authorized user; store the authentication data in an enclave; acquire identification data for a potential user; and compare, in the enclave, the identification data to the authentication data for recognizing if the potential user is the authorized user. In another embodiment, a server is provided and includes at least one processor; at least one memory; at least one driver, where the server is configured to: receive assertion data from an electronic device, where the assertion includes an authentication signing key and results from a comparison of acquired data and reference data; and determine if the assertion data is valid by: comparing the results to a threshold; and comparing the authentication signing key to an authentication signing key assigned to the electronic device.

Abstract: A method is provided in one example embodiment and includes receiving a traffic flow at a tamper resistant environment from an application, where the tamper resistant environment is separated from a host operating system. The method also includes applying a security token to the traffic flow and sending the traffic flow to a server. In specific embodiments, a security module may add information about the application to traffic flow. A trapping module may monitor for a memory condition and identify the memory condition. The trapping module may also, responsive to identifying the memory condition, initiate a virtual environment for the application, and check the integrity of the traffic flow.

Abstract: A method is provided in one example embodiment and includes receiving a traffic flow at a tamper resistant environment from an application, where the tamper resistant environment is separated from a host operating system. The method also includes applying a security token to the traffic flow and sending the traffic flow to a server. In specific embodiments, a security module may add information about the application to traffic flow. A trapping module may monitor for a memory condition and identify the memory condition. The trapping module may also, responsive to identifying the memory condition, initiate a virtual environment for the application, and check the integrity of the traffic flow.

Abstract: In one example embodiment, an electronic device is provided and configured to: acquire authentication data for an authorized user; store the authentication data in an enclave; acquire identification data for a potential user; and compare, in the enclave, the identification data to the authentication data for recognizing if the potential user is the authorized user. In another embodiment, a server is provided and includes at least one processor; at least one memory; at least one driver, where the server is configured to: receive assertion data from an electronic device, where the assertion includes an authentication signing key and results from a comparison of acquired data and reference data; and determine if the assertion data is valid by: comparing the results to a threshold; and comparing the authentication signing key to an authentication signing key assigned to the electronic device.

Abstract: A method is provided in one example embodiment and includes receiving a traffic flow at a tamper resistant environment from an application, where the tamper resistant environment is separated from a host operating system. The method also includes applying a security token to the traffic flow and sending the traffic flow to a server. In specific embodiments, a security module may add information about the application to traffic flow. A trapping module may monitor for a memory condition and identify the memory condition. The trapping module may also, responsive to identifying the memory condition, initiate a virtual environment for the application, and check the integrity of the traffic flow.

Abstract: A method is provided in one example embodiment and includes receiving a traffic flow at a tamper resistant environment from an application, where the tamper resistant environment is separated from a host operating system. The method also includes applying a security token to the traffic flow and sending the traffic flow to a server. In specific embodiments, a security module may add information about the application to traffic flow. A trapping module may monitor for a memory condition and identify the memory condition. The trapping module may also, responsive to identifying the memory condition, initiate a virtual environment for the application, and check the integrity of the traffic flow.

Abstract: A system and method are disclosed. In one embodiment the system includes a physical resource that is capable of generating I/O data. The system also includes multiple virtual machines to utilize the physical resource. Among the virtual machines are a resource source virtual machine that is capable of owning the physical resource. The resource source virtual machine is also capable of sending a stream of one or more I/O packets generated from the I/O data that targets a resource sink virtual machine. The resource sink virtual machine is designated as a termination endpoint of the I/O data from the physical device. Also among the virtual machines are one or more resource filter virtual machines. Each of the resource filter virtual machines is capable of filtering I/O packets of a particular type from the stream prior to the stream reaching the resource sink virtual machine.

Abstract: In one embodiment of the invention, a server may send encrypted material to a client. The client processor may decrypt and process the material, encrypt the results, and send the results back to the server. This sequence of events may occur while the execution or processing of the material is restricted to the client processor. Any material outside the client processor, such as material located in system memory, will be encrypted.

Abstract: Methods and systems to bind a computer device to one or more computer systems, such that only an authorized computer system may access a protected portion of the device. A processor within the computer system may provide a proxy environment to interface between the device and a trusted environment of the computer system, such as a management environment that is secure from the proxy environment. The device may be configured to authenticate the trusted environment through the proxy environment, and to verify integrity of messages exchanged with the trusted environment through the proxy environment. Authentication may include a SSL and/or TSL handshake protocol. The device may be configured to authenticate a certificate, such as an X.509 certificate, a certificate chain, and/or a hash thereof. The device may include computer memory, a printer, display, circuit board, keyboard, mouse, pointing device, and/or other physical device.

Abstract: In one embodiment of the invention, a server may send encrypted material to a client. The client processor may decrypt and process the material, encrypt the results, and send the results back to the server. This sequence of events may occur while the execution or processing of the material is restricted to the client processor. Any material outside the client processor, such as material located in system memory, will be encrypted.

Abstract: Methods and apparatus are disclosed to protect an operating system booted by a client computing device and provided by a server computing device. One such method includes requesting a trusted platform module of the client computing device to unseal a sealed encryption key, and receiving an encrypted operating system via a network in response to initiating a boot process of the client computing device. The illustrative method also includes decrypting the encrypted operating system received via the network using an unsealed encryption key obtained in response to requesting the trusted platform module to unseal the sealed encryption key, and executing the decrypted operating system.

Abstract: A method, apparatus, and articles of manufacture to perform speech to text conversion are disclosed. One example method of performing speech to text conversion at a first location includes determining an identity of a speaker, accessing a directory to determine a location at which speaker dependent training data associated with the speaker is stored, loading speaker dependent training data associated with the speaker, and performing speech to text conversion using the speaker dependent training data associated with the speaker.

Abstract: According to one embodiment, an apparatus is presented. The apparatus includes a storage device, a hypervisor, a plurality of partitions mapped by the hypervisor, and a key created by the hypervisor to prevent one of the plurality of partitions from accessing a protected block range of the storage device. In one embodiment, a disk controller is coupled to the plurality of partitions to interface with the storage device, and the disk controller is programmed with the key in order to restrict access to the protected block range.