Abstract: A method and system of authenticating a user logon builds a user logon profile with a plurality of user logon features gathered during at least one successful attempted user logon, determines a logon feature novelty score for each feature, receives a user logon request for authentication and extracts current user logon features, retrieves corresponding logon feature novelty scores, determines a first distance function score for the corresponding logon feature novelty scores of the current user logon features, builds a failed logon attempt database, determines a failed logon feature novelty score, extracts the failed logon feature novelty scores corresponding to current user logon features, determines a second distance function score for the corresponding failed logon feature novelty scores of the current user logon features, and determining to one of allow or deny the user logon request based on at least one of the first distance function score and the second distance function score.

Abstract: Systems, devices, and techniques are disclosed for security configuration evaluation. A binary representation of a reference security configuration for an application may be generated. The binary representation of the reference security configuration for the application may be hashed to generate a reference hash for the application. Data for an instance security configuration for an instance of the application may be received. A binary representation of the instance security configuration may be generated from the received data for the instance security configuration. The binary representation of the instance security configuration may be hashed to generate an instance hash. The computing device may determine the distance between the reference hash and the instance hash. The instance security configuration may be determined to be secure if the distance is not greater than a threshold.

Abstract: A method and system of authenticating a user logon builds a user logon profile with a plurality of user logon features gathered during at least one successful attempted user logon, determines a logon feature novelty score for each feature, receives a user logon request for authentication and extracts current user logon features, retrieves corresponding logon feature novelty scores, determines a first distance function score for the corresponding logon feature novelty scores of the current user logon features, builds a failed logon attempt database, determines a failed logon feature novelty score, extracts the failed logon feature novelty scores corresponding to current user logon features, determines a second distance function score for the corresponding failed logon feature novelty scores of the current user logon features, and determining to one of allow or deny the user logon request based on at least one of the first distance function score and the second distance function score.

Abstract: Methods, computer readable media, and devices to automatically construct kill-chain from security alerts are disclosed. One method may include collecting a plurality of security alerts, receiving a selection of a high severity security alert associated with a node and a user from among the plurality of security alerts, creating a security narrative for the high severity security alert by providing a set of historical security alerts to a deep learning architecture, the set including security alerts selected based on a relation to the node and the user, and identifying a subset of the set of historical security alerts, including security alerts relevant to the high severity security alert, in a reverse time order by the deep learning architecture, and providing the security narrative as part of a response to the high severity security alert.

Abstract: Methods, apparatuses, and computer readable media are disclosed. An application server may receive a dataset that includes records associated with user device interactions with a computer system. The application server may modify one or more records according to a data modification metric. The modifying may result in a modified dataset that satisfies a similarity metric defining a permissible deviation between the received dataset and the modified dataset according to a deviation threshold. The data modification metric may satisfy the similarity metric and may define a deviation in the modified dataset that results in an expected classification by the machine learning predictive model to classify the deviation in the modified dataset as an outlier event. The application server may process the modified dataset with the machine learning predictive model to produce a result. The application server may compare the expected classification to the classification to validate the model.

Abstract: Method for optimizing traffic volume caps in mobile cellular networks comprising: defining three traffic volume caps (x, y, z), wherein x indicates number of messages from mobile messaging services, y indicates bandwidth for mobile data and z indicates duration time of voice calls; computing initial user balance by subtracting total traffic cost generated by user for the mobile cellular network operator from total revenue paid by user to the mobile cellular network operator; obtaining total user balance for a range of caps (x, y, z) using the initial balance and at least a, net-oblivious or net-aware balance model which determines whether user is affected by the caps (x, y, z); selecting optimal traffic volume caps which maximize the total user balance. The method also computes social attraction parameters pk as a fraction of customers of the mobile cellular network operator having k contacts in the mobile cellular network operator.

Abstract: Method, system and computer program to provide transparent scalability to Online Social Networks and better performance of its back-end databases, by an efficient partitioning of the underlying community structure and replicating of user profiles, ensuring that every user has a master or slave replica of all his neighbors on the same partition where he is located.

Abstract: A method for distributing long-tail content, including the steps of: a) loading, a first user, into a local PoP to which said first user is remotely connected an amount of long-tail content to be distributed and shared; and b) geo replicating, at selected times, the amount of long-tail content to a at least one remote PoP, to which at least a second user is remotely connected, by pushing said amount of content to be distributed and shared to the at least one remote PoP. The method including selecting, before performing steps a) and b), the at least second user, based on the probability that the amount of long-tail content generated by the first user will be requested by the at least second user, the probability being estimated by historical preference information generated between the first user and the at least second user.

Abstract: The method comprises modelling a delay-tolerant dynamic network comprising time-varying links transforming it into a static time-expanded network graph, and managing bulk data transfer on the basis of said static time-expanded network graph. The device comprises a scheduler unit with processing capabilities implementing an algorithm which processes arc costs (cijt) and storage costs (pit) as per the method of the first aspect of the invention.

Abstract: A user is prevented from being identified at each of a plurality of sites. An indication to sell access to the user at one of the plurality of sites is received. A personal information marketplace is provided to run an auction to sell the access to the user at the one of the plurality of sites. In response to a sale of the access to the user at the one of the plurality of sites to an aggregator, access to track the user at the one of the plurality of sites while maintaining anonymity of the user is provided to the aggregator.

Abstract: Method, system and computer program to provide transparent scalability to Online Social Networks and better performance of its back-end databases, by an efficient partitioning of the underlying community structure and replicating of user profiles, ensuring that every user has a master or slave replica of all his neighbours on the same partition where he is located.