Abstract: Automatically generating audit logs is provided. Audit log statement insertion points are identified in components of an application based on a static code analysis identifying start and end operations on sensitive data in the components of the application. The application is instrumented with audit log statements at the audit log statement insertion points in the components of the application. Audit logs of monitored sensitive data activity events in the application are generated using the audit log statements at the audit log statement insertion points in the components of the application.

Abstract: A method of forming an anomaly detection monitor includes obtaining data samples of operations performed on an application by a plurality of users and detecting, by a processor, anomalous behavior associated with a target user of the plurality of users with respect to the application based on a portion of the data samples associated with the target user and a portion of the data samples associated with a second user of the plurality of users, different from the target user.

Abstract: A method for anomaly detection on a system or application used by a plurality of users includes providing an access to a memory device storing user data samples of a usage of the system or application for all users of the plurality of users. A target user is selected from among the plurality of users, using a processor on a computer, with data samples of the target user forming a cluster of data points in a data space. The data samples for the target user are used to generate a normal sample data set as training data set for training a model for an anomaly detection monitor for the target user. A local outlier factor (LOF) function is used to generate an abnormal sample data set for training the anomaly detection monitor for the target user.

Abstract: An example operation may include one or more of receiving, by a blockchain node or peer of a blockchain network, attribute data for a user profile, creating blockchain transactions to store attribute hashes and metadata to a shared ledger, receiving a user profile query from an identity consumer, creating blockchain transactions to retrieve attribute hashes and metadata corresponding to the query, reconstructing the user profile from the metadata, responding to the query by providing attribute data to the identity consumer, and creating and storing hashes of the attribute data and metadata to the shared ledger.

Abstract: Automatically estimating a sensitivity level of an information technology (IT) asset in one aspect may obtain information about an asset. Characteristics of the asset assigned based on the information may be compared with stored characteristics of known sensitive assets. A sensitivity level of the asset may be determined based on the comparing.

Abstract: Automatically estimating a sensitivity level of an information technology (IT) asset in one aspect may obtain information about an asset. Characteristics of the asset assigned based on the information may be compared with stored characteristics of known sensitive assets. A sensitivity level of the asset may be determined based on the comparing.

Abstract: A method contains malware within a network resource. A blockchain system establishes a smart contract, on the blockchain system, for a network resource in a computer environment. The smart contract is for an action to be performed on the network resource if a malware is detected on the network resource. In response to malware being detected in the network resource, the blockchain system determines whether a consensus is reached by a plurality of computers on the blockchain system to implement the action to contain the malware based on the smart contract. In response to the consensus being reached by the plurality of computers, the blockchain system transmits, to the network resource, directions to implement the action on the network resource as specified by the smart contract.

Abstract: A processor-implemented method facilitates identity exchange in a decentralized setting. A first system performs a pseudonymous handshake with a second system that has created an identity asset that identifies an entity. The second system has transmitted the identity asset to a third system, which is a set of peer computers that support a blockchain that securely maintains a ledger of the identity asset. The first system transmits a set of pseudonyms to the third system, where the set of pseudonyms comprises a first pseudonym that identifies the first system, a second pseudonym that identifies a user of the second system, and a third pseudonym that identifies the third system. The first system receives the identity asset from the third system, which securely ensures a validity of the identity asset as identified by the first pseudonym, the second pseudonym, and the third pseudonym.

Abstract: Detecting malicious user activity is provided. A profile for a user that accesses a set of protected assets is generated based on static information representing an organizational view and associated attributes corresponding to the user and based on dynamic information representing observable actions made by the user. A plurality of analytics is applied on the profile corresponding to the user to generate an aggregate risk score for the user accessing the set of protected assets based on applying the plurality of analytics on the profile of the user. A malicious user activity alert is generated in response to the aggregate risk score for the user accessing the set of protected assets being greater than an alert threshold value. The malicious user activity alert is sent to an analyst for feedback.

Abstract: A processor-implemented method provides a calculated identity confidence score for an identity. The processor(s) in each of a plurality of decentralized identity providers calculate an identity confidence score of an entity. The processor(s) store the calculated identity confidence score in a blockchain. The processor(s) retrieve the calculated identity confidence score from the blockchain. The processor(s) provide the calculated identity confidence score to a requestor, which is a computer-based system that performs an action based on the provided calculated identity score.

Abstract: Automatically generating audit logs is provided. Audit log statement insertion points are identified in components of an application based on a static code analysis identifying start and end operations on sensitive data in the components of the application. The application is instrumented with audit log statements at the audit log statement insertion points in the components of the application. Audit logs of monitored sensitive data activity events in the application are generated using the audit log statements at the audit log statement insertion points in the components of the application.

Abstract: An example operation may include one or more of receiving, by a blockchain node or peer of a blockchain network, attribute data for a user profile, creating blockchain transactions to store attribute hashes and metadata to a shared ledger, receiving a user profile query from an identity consumer, creating blockchain transactions to retrieve attribute hashes and metadata corresponding to the query, reconstructing the user profile from the metadata, responding to the query by providing attribute data to the identity consumer, and creating and storing hashes of the attribute data and metadata to the shared ledger.

Abstract: An example operation may include one or more of connect to a blockchain network of an ecosystem comprised of a plurality of consumer nodes, generate a universal unique identifier (UUID) associated with a user data attribute, execute a query request for the user data attribute associated with the UUID, derive a disclosure level from the query request, execute a smart contract to commit to a blockchain ledger, a monetary value associated with the user data attribute, negotiate a transaction with the consumer node to access the user data attribute and recording an agreement result onto the a blockchain ledger.

Abstract: Automatically generating audit logs is provided. Audit log statement insertion points are identified in software components of an application based on a static code analysis identifying start and end operations on sensitive data in the software components of the application. The application is instrumented with audit log statements at the audit log statement insertion points in the software components of the application. Audit logs of monitored sensitive data activity events in the application are generated using the audit log statements at the audit log statement insertion points in the software components of the application. A dynamic code analysis is performed on the application during execution of the application to prevent executing source code of the application from recording in the audit logs the sensitive data processed by the application.

Abstract: One or more processors mark a set of data fields associated with a first trigger in a first trigger-action pair with a taint, where a trigger event triggers an action event in a trigger-action pair. One or more processors mark a first action associated with the first trigger-action pair with the taint, and detect a second trigger associated with a second trigger-action pair. One or more processors then propagate the taint from the first trigger-action pair to the second trigger, and prevent a second action associated with the second trigger-action pair in response to detecting the taint in the second trigger.

Abstract: A method contains malware within a network resource. A blockchain system establishes a smart contract, on the blockchain system, for a network resource in a computer environment. The smart contract is for an action to be performed on the network resource if a malware is detected on the network resource. In response to malware being detected in the network resource, the blockchain system determines whether a consensus is reached by a plurality of computers on the blockchain system to implement the action to contain the malware based on the smart contract. In response to the consensus being reached by the plurality of computers, the blockchain system transmits, to the network resource, directions to implement the action on the network resource as specified by the smart contract.

Abstract: Detecting malicious user activity is provided. A profile for a user that accesses a set of protected assets is generated based on static information representing an organizational view and associated attributes corresponding to the user and based on dynamic information representing observable actions made by the user. A plurality of analytics is applied on the profile corresponding to the user to generate an aggregate risk score for the user accessing the set of protected assets based on applying the plurality of analytics on the profile of the user. A malicious user activity alert is generated in response to the aggregate risk score for the user accessing the set of protected assets being greater than an alert threshold value. The malicious user activity alert is sent to an analyst for feedback.

Abstract: A processor-implemented method facilitates identity exchange in a decentralized setting. A first system performs a pseudonymous handshake with a second system that has created an identity asset that identifies an entity. The second system has transmitted the identity asset to a third system, which is a set of peer computers that support a blockchain that securely maintains a ledger of the identity asset. The first system transmits a set of pseudonyms to the third system, where the set of pseudonyms comprises a first pseudonym that identifies the first system, a second pseudonym that identifies a user of the second system, and a third pseudonym that identifies the third system. The first system receives the identity asset from the third system, which securely ensures a validity of the identity asset as identified by the first pseudonym, the second pseudonym, and the third pseudonym.

Abstract: Detecting malicious user activity is provided. A profile for a user that accesses a set of protected assets is generated based on static information representing an organizational view and associated attributes corresponding to the user and based on dynamic information representing observable actions made by the user. A plurality of analytics is applied on the profile corresponding to the user to generate an aggregate risk score for the user accessing the set of protected assets based on applying the plurality of analytics on the profile of the user. A malicious user activity alert is generated in response to the aggregate risk score for the user accessing the set of protected assets being greater than an alert threshold value. The malicious user activity alert is sent to an analyst for feedback.

Abstract: A processor-implemented method provides a calculated identity confidence score for an identity. The processor(s) in each of a plurality of decentralized identity providers calculate an identity confidence score of an entity. The processor(s) store the calculated identity confidence score in a blockchain. The processor(s) retrieve the calculated identity confidence score from the blockchain. The processor(s) provide the calculated identity confidence score to a requestor, which is a computer-based system that performs an action based on the provided calculated identity score.