Abstract: Systems and methods for network access control, including sending a service request from an on-premise system to one or more offloaded front-end services on one or more offloading servers. The requests by the offloaded services to access back-end services in one or more on-premise systems are monitored, and access requests by the offloaded services for unauthorized back-end services are denied. The service request is redirected and locally executed to generate logs of the back-end services used to perform the service request if the access requests are denied. A permission mapping in a firewall between the offloaded services and the logged back-end services is updated to permit future access requests by the offloaded services.

Abstract: Systems and methods for network access control, including sending a service request from an on-premise system to one or more offloaded front-end services on one or more offloading servers. The requests by the offloaded services to access back-end services in one or more on-premise systems are monitored, and access requests by the offloaded services for unauthorized back-end services are denied. The service request is redirected and locally executed to generate logs of the back-end services used to perform the service request if the access requests are denied. A permission mapping in a firewall between the offloaded services and the logged back-end services is updated to permit future access requests by the offloaded services.

Abstract: A method is provided for preventing divulgation of sensitive data in two snapshots, taken at different times, of one or more same systems in a cloud environment. The method includes identifying a set of files from among a plurality of file pairs. Each file pair is formed from a respective file that includes at least one difference with respect to each snapshot. The method includes performing a pattern reducing process that removes, from the set of files, any of the files having, as the difference, a predetermined non-sensitive difference between respective executions of a pre-determined system operation. The method includes performing a commonality reducing process that removes, from the set of files, any files having, as the difference, a common difference between different users. The method includes annotating data in remaining files in the set of files as potentially being the sensitive data, subsequent to the reducing processes.

Abstract: A method is provided for preventing divulgation of sensitive data in two snapshots, taken at different times, of one or more same systems in a cloud environment. The method includes identifying a set of files from among a plurality of file pairs. Each file pair is formed from a respective file that includes at least one difference with respect to each snapshot. The method includes performing a pattern reducing process that removes, from the set of files, any of the files having, as the difference, a predetermined non-sensitive difference between respective executions of a pre-determined system operation. The method includes performing a commonality reducing process that removes, from the set of files, any files having, as the difference, a common difference between different users. The method includes annotating data in remaining files in the set of files as potentially being the sensitive data, subsequent to the reducing processes.

Abstract: A computer-implemented method for transformation of security information and event management (SIEM) rules and deploying the SIEM rules in a network of event processors. A computer system or server converts the SIEM rules to formal representations. The computer system or server generates rule abstraction of the formal representations, by using an abstraction function. The computer system or server constructs a finite automaton based on the rule abstraction. The computer system or server eliminates irrelevant transitions in the finite automaton to generate an optimized finite automaton. The computer system or server generates optimized formal rules, based on the optimized finite automaton. The computer system or server converts the optimized formal rules to optimized SIEM rules. The computer or server deploys the optimized SIEM rules in the network of the event processors.

Abstract: A method is for handling an anomaly in an industrial control system (ICS) connected to a network with a plurality of other ICSs and an anomaly analyzer. An ICS receives status data from its own industrial process, and stores this status data as normal pattern data. The ICS transmits its own status data to one or more other ICSs. The ICS receives an indication from the anomaly analyzer that the ICS is suspected of having an anomaly. The ICS transmits alternate status data based on the normal pattern data stored during non-suspect operation, and stores the status data received from its own industrial process as real status data. In response to receiving from the anomaly analyzer an indication that the ICS is not operating anomalously, the ICS transmits the stored real data, and switches back to transmitting its own status data to one or more other ICSs.

Abstract: Systems and methods for network access control, including sending a service request from an on-premise system to one or more offloaded front-end services on one or more offloading servers. The requests by the offloaded services to access back-end services in one or more on-premise systems are monitored, and access requests by the offloaded services for unauthorized back-end services are denied. The service request is redirected and locally executed to generate logs of the back-end services used to perform the service request if the access requests are denied. A permission mapping in a firewall between the offloaded services and the logged back-end services is updated to permit future access requests by the offloaded services.

Abstract: An anomaly detection system for detecting an anomaly within a network as a first embodiment in order to provide an anomaly detection system, anomaly detection method, and program for the same. An anomaly detection system which has a plurality of industrial control systems (hereinafter “ICS”s) which are connected to the network, an integrated analyzer which receives the operational status of each ICS as monitoring data in order to identify an ICS for which an anomaly is suspected so as to perform an anomaly assessment, a receiving unit provided for each ICS which receives data from other ICSs, a transmission unit which transmits data to other ICSs and transmits the monitoring data to the integrated analyzer, a security policy which includes recording of data and generation rules, and a wrapper which refers to the security policy in order to control the data so as to transmit the same to other ICSs.

Abstract: Systems and methods for predicting execution paths of at least one target program of a plurality of programs that are run in parallel are described. In one method, execution flows of programs are generated. In addition, the programs are executed to obtain debug logs from the programs. Further, communication messages transmitted between the execution flows are identified from the debug logs. A deduction that at least one conditional branch was taken in at least one given execution flow of the first execution flows by the target program is made based on the communication messages. Based on the deduction, at least one conditional branch that was not taken is removed from the given execution flow. In addition, modified execution flows that were modified in accordance with the removal are output to indicate predicted execution paths of the target program.

Abstract: Systems and methods for predicting execution paths of at least one target program of a plurality of programs that are run in parallel are described. In one method, execution flows of programs are generated. In addition, the programs are executed to obtain debug logs from the programs. Further, communication messages transmitted between the execution flows are identified from the debug logs. A deduction that at least one conditional branch was taken in at least one given execution flow of the first execution flows by the target program is made based on the communication messages. Based on the deduction, at least one conditional branch that was not taken is removed from the given execution flow. In addition, modified execution flows that were modified in accordance with the removal are output to indicate predicted execution paths of the target program.

Abstract: Systems and methods for predicting execution paths of at least one target program of a plurality of programs that are run in parallel are described. In one method, execution flows of programs are generated by conducting a static analysis. In addition, the programs are executed to obtain debug logs from the programs. Further, communication messages transmitted between the execution flows are identified from the debug logs. A deduction that at least one conditional branch was taken in at least one given execution flow of the first execution flows by the target program is made based on the communication messages that are identified in the debug logs. Based on the deduction, at least one conditional branch that was not taken is removed from the given execution flow. In addition, modified execution flows that were modified in accordance with the removal are output to indicate predicted execution paths of the target program.

Abstract: Systems and methods for predicting execution paths of at least one target program of a plurality of programs that are run in parallel are described. In one method, execution flows of programs are generated by conducting a static analysis. In addition, the programs are executed to obtain debug logs from the programs. Further, communication messages transmitted between the execution flows are identified from the debug logs. A deduction that at least one conditional branch was taken in at least one given execution flow of the first execution flows by the target program is made based on the communication messages that are identified in the debug logs. Based on the deduction, at least one conditional branch that was not taken is removed from the given execution flow. In addition, modified execution flows that were modified in accordance with the removal are output to indicate predicted execution paths of the target program.

Abstract: A method is for handling an anomaly in an industrial control system (ICS) connected to a network with a plurality of other ICSs and an anomaly analyzer. An ICS receives status data from its own industrial process, and stores this status data as normal pattern data. The ICS transmits its own status data to one or more other ICSs. The ICS receives an indication from the anomaly analyzer that the ICS is suspected of having an anomaly. The ICS transmits alternate status data based on the normal pattern data stored during non-suspect operation, and stores the status data received from its own industrial process as real status data. In response to receiving from the anomaly analyzer an indication that the ICS is not operating anomalously, the ICS transmits the stored real data, and switches back to transmitting its own status data to one or more other ICSs.

Abstract: Techniques are disclosed for generating rules for classifying structured documents, and for classifying, retrieving, or checking structured documents, using generated rules. In one example, a method for generating rules for classifying a plurality of electronic structured documents to which a same schema is applied comprises a computer performing the following steps: determining one or more variable portions defined by the schema by scanning the schema; acquiring respective feature values of the determined variable portions from each of the plurality of structured documents and associating the structured document, from which the feature values are acquired, with the acquired feature values; and generating the rules on the basis of the feature values associated with the structured document.

Abstract: Determining confidentiality of an office document shared by multiple organizations. Each block of a document data set is stored in association with confidentiality information indicating whether the block is confidential. The document data set is dividable into blocks each being a unit including properties evaluated as having a certain characteristic. A document data set targeted for the confidentiality determination is acquired, and it is determined whether a document data set, including a block similar to each block of the acquired document data set, is stored. If the document data set including the similar block is stored, it is determined whether the confidentiality information indicating that the block is confidential is assigned to the block of the acquired document data corresponding to the similar block. If the confidentiality information indicating that the block is confidential is assigned, the acquired document data set is determined as confidential.

Abstract: An anomaly detection system for detecting an anomaly within a network as a first embodiment in order to provide an anomaly detection system, anomaly detection method, and program for the same. An anomaly detection system which has a plurality of industrial control systems (hereinafter “ICS”s) which are connected to the network, an integrated analyzer which receives the operational status of each ICS as monitoring data in order to identify an ICS for which an anomaly is suspected so as to perform an anomaly assessment, a receiving unit provided for each ICS which receives data from other ICSs, a transmission unit which transmits data to other ICSs and transmits the monitoring data to the integrated analyzer, a security policy which includes recording of data and generation rules, and a wrapper which refers to the security policy in order to control the data so as to transmit the same to other ICSs.

Abstract: A method for suspension of processes in an industrial control system includes detecting at least one anomaly in an industrial control system; notifying a controller of the at least one anomaly; accessing a database comprising emergency suspend procedures; sending a stream comprising at least one emergency suspend command through at least one firewall/gateway to at least one downstream zone; and terminating or suspending a process in the at least one zone.

Abstract: A method for suspension of processes in an industrial control system includes detecting at least one anomaly in an industrial control system; notifying a controller of the at least one anomaly; accessing a database comprising emergency suspend procedures; sending a stream comprising at least one emergency suspend command through at least one firewall/gateway to at least one downstream zone; and terminating or suspending a process in the at least one zone.

Abstract: Granular policy management is provided based upon an active status of a process and the display status of an associated visual display. A policy is constructed and applied to a process by a combination of individual control policy parameters associated with the status of a process or a graphical user interface. Each active policy is dynamically adjusted in response to a change in at least one policy condition.

Abstract: Determining confidentiality of an office document shared by multiple organizations. Each block of a document data set is stored in association with confidentiality information indicating whether the block is confidential. The document data set is dividable into blocks each being a unit including properties evaluated as having a certain characteristic. A document data set targeted for the confidentiality determination is acquired, and it is determined whether a document data set, including a block similar to each block of the acquired document data set, is stored. If the document data set including the similar block is stored, it is determined whether the confidentiality information indicating that the block is confidential is assigned to the block of the acquired document data corresponding to the similar block. If the confidentiality information indicating that the block is confidential is assigned, the acquired document data set is determined as confidential.