Abstract: A real-time, information-security, border-endpoint system and process to block a zero-day threat is disclosed. Data, traffic, patterns, and payloads for incoming and outgoing border control devices (or edge devices) delineating protected from unprotected areas of a network, or close to the border of such, can be monitored, analyzed, compared, and processed by artificial intelligence (AI), which can be used to identify suspect traffic based on differences between the two and historical information compiled from prior Advanced Persistent Threats. Mitigation, countermeasures, reporting, quarantining, blocking, patching, and other features are disclosed as well.

Abstract: Aspects of the disclosure relate to preventing data loss using enhanced analysis of the URLs and URIs in webpage requests. A computing platform may receive a user request to access a webpage, and may determine whether the webpage is regularly accessed by the user and whether the user is permitted to access the webpage. Based on determining the user might not regularly access the website, but that the user is permitted to access the webpage, the computing platform may engage an artificial intelligence (AI) engine to parse the URL and URI from the webpage request. The AI engine may compare the URL to source code associated with the webpage to determine whether the URI was re-written. The computing platform may grant the webpage request based on determining the source code corresponds to the URL and based on determining the URI might not have been re-written.

Abstract: An information security method to detect, validate, source, and/or remediate propagated, maliciously generated, AI content is disclosed. Search-engine spider(s) to crawl the Internet to identify posted content, which is analyzed with signature-based detection, anomaly detection, and machine learning to identify suspect content, which is compared against validated content. A malicious-AI probability score is generated based on the results of the foregoing AI analysis and the content differences. Metadata corresponding to the suspect content is extracted. A malicious activity mapping is compiled from available data. Suspect content is attempted to be recreated by publicly available online AI bots to identify the AI engine that generated the malicious content. Metadata pertaining to the origination source that accessed the source AI bot. Metadata is used to trace the malicious content back to the originator. Proofs regarding the foregoing are generated. Notifications/demands may be generated.

Abstract: A network system of pattern analysis includes a centralized AI-based pattern analysis engine and each computing device comprises a local AI-based pattern analysis engine. The pattern analysis engine(s) each analyze computing operations on a local machine basis or a on a network basis depending on where installed. The AI-based pattern analysis engines identify common activity patterns for each machine and exclude the common activity patterns from further analysis of the computing operations, leading to more efficient identification of activity patterns indicative of nefarious activity. Once detected, the AI-based pattern analysis engines trigger an incident response to counter the nefarious activities. The AI-based pattern analysis engines include AI models that are continually or periodically trained to update the baseline common activity patterns.

Abstract: A network system of pattern analysis includes a centralized AI-based pattern analysis engine and each computing device comprises a local AI-based pattern analysis engine. The pattern analysis engine(s) each analyze computing operations on a local machine basis or a on a network basis depending on where installed. The AI-based pattern analysis engines identify common activity patterns for each machine and exclude the common activity patterns from further analysis of the computing operations, leading to more efficient identification of activity patterns indicative of nefarious activity. Once detected, the AI-based pattern analysis engines trigger an incident response to counter the nefarious activities. The AI-based pattern analysis engines include AI models that are continually or periodically trained to update the baseline common activity patterns.

Abstract: Aspects of the disclosure relate to email verification. A computing platform may receive an electronic message and identify one or more portions of content in the message. Then, the computing platform may generate and embed one or more message-specific identifiers into the electronic message and store electronic message information associating the one or more portions of content with the one or more embedded message-specific identifiers. Thereafter, the computing platform may receive an electronic message verification request to verify authenticity of an identified electronic message received by a computing device. The computing platform may prompt a user of the computing device to provide authentication information associated with one or more portions of content of the identified electronic message.

Abstract: Various aspects of the disclosure relate to automated monitoring and detection of computing threats. A threat detection computing system is configured to monitor for security threats on a networked system. The threat detection system monitors process calls to detect otherwise benign activity that exceeds an expected threshold and identifies threat actor actions that would otherwise go un-noticed and be associated with normal computer activity.

Abstract: Artificial-intelligence (“AI”) based anti-phishing information-security processes and machines are disclosed. An AI engine analyzes emails to extract domain, embedded images, and company names. The domain is accessed from different IP addresses, the content is captured from each and compared, and extracted images are compared to email images. Reverse DNS searches check whether the company owns the domain. Reverse image lookups determine whether the email image or version(s) thereof are detected previously on the domain. Natural language processing (“NLP”) can compare the idiosyncrasies between the website content and the email text. Phishing-target characteristics that are common amongst recipients of the email can be determined. A phishing-risk score is computed based one or more of the image and content similarities, the reverse DNS, the reverse image lookup, the NLP similarity results, and/or common phishing-target characteristics.

Abstract: Arrangements for a distributed artificial intelligence workload optimizer are provided. In some aspects, a workload that identifies a number of computer processing cycles required to complete a task may be received. Processing constraints may be received from a user computing device. Contextual parameters associated with the workload may be received. Availability data for a plurality of resources in a distributed computing environment, each capable of performing at least part of the workload, may be acquired. Using an artificial intelligence algorithm, an optimization model for distributing the workload may be built based on the processing constraints, the contextual parameters, and the availability data. The optimization model may optimize the distribution of available resources allocated to executing the workload.

Abstract: An information-security method for securely accessing a web site through non-password user authentication to an intermediary portal is disclosed. A hardware/biometric login authenticates a user to a portal, which provides 1-click user access to web sites. The portal generates a strong password for each web site. Private keys with the passwords embedded therein are generated by the portal and stored along with public keys for the web sites. Communications between the portal and web sites are asymmetrically encrypted using the keys. Passwords for the web sites are updated or autorotated by the portal on-demand, at periodic intervals, and/or in response to data breaches or threat vectors to provide enhanced security. Updated login credentials are communicated to the web sites when the passwords are changed by the portal. Passwords are managed transparently to the user such that users need not be aware or keep track of their passwords.

Abstract: A network security computing system includes a steganographic communications analysis engine monitoring incoming and outgoing messages on a secure computing network. The steganographic communications analysis engine identifies a pattern of file transfers between a first computing device on the secure computing network and an internal or external message recipient. When a pattern is identified, the steganographic communications analysis engine quarantines an associated computing device from the secure network. The steganographic communications analysis engine analyzes files transferred between the computing device and the recipient for indications of steganographic information and causes display, based on an identified indication of steganography, an indication that the computing device had been compromised by command and control malware.

Abstract: Aspects of the disclosure relate to email verification. A computing platform may receive an electronic message and identify one or more portions of content in the message. Then, the computing platform may generate and embed one or more message-specific identifiers into the electronic message and store electronic message information associating the one or more portions of content with the one or more embedded message-specific identifiers. Thereafter, the computing platform may receive an electronic message verification request to verify authenticity of an identified electronic message received by a computing device. The computing platform may prompt a user of the computing device to provide authentication information associated with one or more portions of content of the identified electronic message.

Abstract: Aspects of the disclosure relate to preventing data loss using enhanced analysis of the URLs and URIs in webpage requests. A computing platform may receive a user request to access a webpage, and may determine whether the webpage is regularly accessed by the user and whether the user is permitted to access the webpage. Based on determining the user might not regularly access the website, but that the user is permitted to access the webpage, the computing platform may engage an artificial intelligence (AI) engine to parse the URL and URI from the webpage request. The AI engine may compare the URL to source code associated with the webpage to determine whether the URI was re-written. The computing platform may grant the webpage request based on determining the source code corresponds to the URL and based on determining the URI might not have been re-written.

Abstract: A network security computing system includes a steganographic communications analysis engine monitoring incoming and outgoing messages on a secure computing network. The steganographic communications analysis engine identifies a pattern of file transfers between a first computing device on the secure computing network and an internal or external message recipient. When a pattern is identified, the steganographic communications analysis engine quarantines an associated computing device from the secure network. The steganographic communications analysis engine analyzes files transferred between the computing device and the recipient for indications of steganographic information and causes display, based on an identified indication of steganography, an indication that the computing device had been compromised by command and control malware.