Abstract: A system for training an artificial intelligence system based on entity rules, regulation rules, and core values comprises a processor associated with a server. The processor analyzes a first set of data objects associated with a first set of data groups to derive a set of logic relationships between the first set of the data objects. The processor trains a machine learning model with the first set of the data objects and the logic relationships based on a set of training rules to meet one or more entity rules with a desired accuracy. The processor tests the machine learning model with the first set of the data objects and the set of the logic relationships. The processor retrains the tested machine learning model with a second set of data objects to meet the one or more regulation rules and the one or more core values.

Abstract: A system for implementing secure interaction sessions through dynamic routing paths comprises a processor associated with a server. The processor communicates a traversal key to a communication equipment in response to verifying an authentication token from a communication equipment to implement an interaction session. The traversal key is associated with a routing path that comprises a particular set of entry points for a set of resources. The processor allows the communication equipment to traverse the routing path and generates a traversal path associated with the interaction session. The traversal path identifies the entry points of the set of the resources that are accessed by the communication equipment during the interaction session. The processor generates a second hash value based on a set of ciphers associated with the entry points. The processor completes the interaction session with the communication equipment if the second hash value matches the first hash value.

Abstract: Systems, computer program products, and methods are described herein for determining cumulative optimal global minima error for a system using composite artificial intelligence modeling. The present disclosure comprises a composite artificial intelligence model, wherein the composite artificial intelligence model comprises one or more component artificial intelligence models. The present disclosure is configured to receive one or more component level optimal error points, wherein the one or more component level optimal error points are associated with the one or more component artificial intelligence models. The present disclosure aggregates the one or more component level optimal error points and determines an optimal error point, wherein the optimal error point is associated with the composite artificial intelligence model.

Abstract: Aspects of the disclosure relate to detecting and preventing botnet attacks using client-specific event payloads. A computing platform may receive a request to access data within an enterprise organization. The computing platform may monitor the movement of peripheral devices that are used to populate the data access request and may detect an event associated with each movement. The computing platform may generate an alpha-numeric event code and an alpha-numeric user interface code for each event, determine the location of each event, and categorize each event. The computing platform may generate a client-specific event payload using the unique alpha-numeric codes and the location and categorization of the event. The computing platform may generate a simulated client event payload using the unique alpha-numeric codes. The computing platform may determine whether to approve or deny the data access request based on whether the client-specific event payload matches the simulated client event payload.

Abstract: Computer-implemented cyber-security processes and machines provide proactive anti-forensics activity detection and prevention to safeguard the integrity of transactions and their associated log details or other data using artificial intelligence and/or machine learning, thereby ensuring that all transactions and logs within the system are complaint for cyber forensics, and helping to make reactive forensic tasks more robust by adding proactive monitoring and compliance activity.

Abstract: Computer-implemented cyber-security processes and machines provide proactive anti-forensics activity detection and prevention to safeguard the integrity of transactions and their associated log details or other data using artificial intelligence and/or machine learning, thereby ensuring that all transactions and logs within the system are complaint for cyber forensics, and helping to make reactive forensic tasks more robust by adding proactive monitoring and compliance activity.

Abstract: A computing platform may train, using historical telemetry state images, an image comparison model to identify matches between telemetry state images. The computing platform may generate a plurality of system alerts corresponding to a period of time. The computing platform may access telemetry data corresponding to the period of time. The computing platform may generate, based on the telemetry data and for a time corresponding to each of the plurality of system alerts, a telemetry state image. The computing platform may input, into the image comparison model, the telemetry state images to identify whether or not any of the plurality of telemetry state images match. Based on detecting a match, the computing platform may consolidate system alerts corresponding to the matching telemetry state images, which may produce a single system alert and may send, to a user device, the single system alert.

Abstract: A computing platform may configure a rules-based state machine to predict system failure for a system based on telemetry state images and transitions between the telemetry state images. The computing platform may receive initial telemetry data. The computing platform may generate, based on the initial telemetry data, an initial telemetry state image. The computing platform may receive additional telemetry data, and may generate, based on the additional telemetry data, an additional telemetry state image. The computing platform may compare a pattern, corresponding to the initial telemetry state image, the additional telemetry state image, and a corresponding transition, to historical patterns to identify a match. The computing platform may identify, using the identified matching pattern, a likelihood of failure for the system, and may send, based on the likelihood of failure for the system, preemptive resolution commands causing modification of operations at the system to prevent a predicted failure.

Abstract: A computing platform may train a hybrid deep learning model, including a CNN and RNN, to predict system failure for a system based on telemetry state images and transitions between the telemetry state images. The computing platform may receive initial telemetry data, and may generate an initial telemetry state image. The computing platform may receive additional telemetry data, and may generate an additional telemetry state image. The computing platform may classify, using the CNN and based on historical telemetry state images, the initial telemetry state image and the additional telemetry state image. The computing platform may identify, using the RNN and based on the classified telemetry state images and transitions between the classified telemetry state images, a matching pattern. The computing platform may identify, using the identified matching pattern, a likelihood of failure for the system, and may cause modification of operations at the system to prevent a predicted failure.

Abstract: Systems, computer program products, and methods are described herein for identification and verification of brute force attacks using hash signature segmentation and behavior clustering analysis. The present invention is configured to receive a plurality of access attempts and an associated plurality of hash values; determine a failure request load based on the plurality of access attempts; determine whether the failure request load meets a failure threshold, wherein, in an instance where the failure request load meets the failure threshold, separating the plurality of access attempts associated with the failure request load into a plurality of hash clusters; generate a behavior cluster for each hash cluster based on shared behavior data of the plurality of access attempts; and determine, based on the behavior cluster for each hash cluster, a likelihood of misappropriation for each access attempt of the plurality of access attempts.

Abstract: Systems, computer program products, and methods are described herein for generating a digital twin or a resource using partial sensor data and artificial intelligence. The present invention is configured to receive resource sensor data from a plurality of sensors, wherein the plurality of sensors is associated with a resource; apply a sensor data analyzer engine to the resource sensor data; determine, by the sensor data analyzer engine, whether at least one sensor anomaly of the resource sensor data is present; apply an on-demand synthetic data generator to the at least one sensor anomaly; generate synthetic sensor data associated with the resource, wherein the synthetic sensor data is based on a real-time pattern of the resource sensor data from the plurality of sensors; and generate, based on the resource sensor data from the plurality of sensors and the synthetic sensor data, a digital twin of the resource.

Abstract: Systems, computer program products, and methods are described herein for identification and verification of brute force attacks using hash signature segmentation and behavior clustering analysis. The present invention is configured to receive a plurality of access attempts and an associated plurality of hash values; determine a failure request load based on the plurality of access attempts; determine whether the failure request load meets a failure threshold, wherein, in an instance where the failure request load meets the failure threshold, separating the plurality of access attempts associated with the failure request load into a plurality of hash clusters; generate a behavior cluster for each hash cluster based on shared behavior data of the plurality of access attempts; and determine, based on the behavior cluster for each hash cluster, a likelihood of misappropriation for each access attempt of the plurality of access attempts.

Abstract: Computer-implemented cyber-security processes and machines provide proactive anti-forensics activity detection and prevention to safeguard the integrity of transactions and their associated log details or other data using artificial intelligence and/or machine learning, thereby ensuring that all transactions and logs within the system are complaint for cyber forensics, and helping to make reactive forensic tasks more robust by adding proactive monitoring and compliance activity.

Abstract: A data poisoning and model drift prevention computing system may feed trusted historical data to one or more generative adversarial networks (GAN) and cause the GANs to generate simulated data. Curated simulated data is clustered and the data characteristics are captured, such as number of clusters, data density, and the like. The data poisoning and model drift prevention computing system sanitizes the model data and merges the sanitized data with trusted data. The data poisoning and model drift prevention computing system may then cluster the resultant data again and compare the similarities with trusted data clusters. No change in cluster characteristics indicate the data is not tampered and in expected condition. The data poisoning and model drift prevention computing system identifies a deviation in cluster characteristics corresponding to poisoned data and trigger remedial actions.

Abstract: A simplified IoT network validation process includes improvements to enrollment of IoT devices onto the IoT network and authentication of active IoT devices during IoT network operation. A random cipher text is created upon device enrollment and shared to each device in the network. Additionally, a random peer-to-peer cross reference communication pattern is established among the devices. Using a device pairing sequence an iterated (e.g., chained) hash value is generated and stored at the server. During the device authentication, upon basic authentication of the request, a server shares a random point to the network (e.g., a randomly selected IoT device) to trigger the hash token generation process. The network devices perform hash token iteration as a ring. Each IoT device uses the previous hash when generating the next hash. The final hash is sent to the server for validation and comparison against stored keys.

Abstract: Systems, computer program products, and methods are described herein for dynamic visual graph structure providing multi-stream data integrity and analysis. The present disclosure is configured to provide a reactive system aimed to trace the root cause of incidents and uncover potential gaps in security of an enterprise system. Maintaining accurate and meaningful information related to incidents is the key for success of data security protocols. The integrity of message data is kept intact for improved forensic investigation, as each database may keep varying information related to a single global session.

Abstract: Aspects of the disclosure relate to a network traffic monitoring platform. The platform may train an attack pattern analysis model to output a behavior profile and a cumulative attack score. The platform may identify a password failure rate spike. The platform may extract a password hash from the network traffic. The platform may generate the behavior profile based on the password hash. The platform may generate the cumulative attack score based on the behavior profile. The platform may compare the cumulative attack score to a threshold. Based on identifying that the cumulative attack score is below the threshold, the platform may identify the password hash as a secure hash. Based on identifying that the cumulative attack score meets or exceeds the threshold, the platform may and generate password complexity rules. The platform may refine the attack pattern analysis model based on the attacked hash and the cumulative attack score.

Abstract: Systems, computer program products, and methods are described herein for predictive generation of data puddles. The present disclosure is configured to capture data ingestion information associated with an end-point device over a period of time; determine, using a machine learning (ML) subsystem, data ingestion pattern for the end-point device based on at least the data ingestion information; generate a query sequence for predictive extraction of data from a data lake based on at least the data ingestion pattern; trigger the predictive extraction of the data from the data lake based on at least the query sequence; and store the data in a data puddle associated with the end-point device in response to the predictive extraction.

Abstract: A method of securing a data set using encryption and scaling. The data set comprises a modeling and validation section with each section having text and numeric data. For each section, the method encrypts text data using a public key and scales numeric data using a scaling factor. The method builds a model by applying the encrypted modeling section to the algorithm to generate modeling text data, numeric data, and patterns derived therefrom. The method generates validation text data, numeric data, and patterns derived therefrom by applying the encrypted validation section to the model. The method compares the patterns from each section and validates the model based on the comparison. The method decrypts the generated modeling text data and validation text data using a private key and descales the modeling numeric data and validation numeric data using the scaling factor. The method verifies the model by comparing the decrypted text data and descaled numeric data to the same in the data set.

Abstract: Aspects of the disclosure relate to authentication. A computing platform may send, to a wearable device, an internet of things (IOT) vector key. The computing platform may receive an application access request from the wearable device, which may include authentication credentials. The computing platform may send, to the wearable device, a reference key comprising a sequence of row-column combinations corresponding to the IoT vector key, and the wearable device may be configured to identify a hash salt value using the reference key and the IoT. The computing platform may receive, from the wearable device, the hash salt value. The computing platform may generate, based on the hash salt value and the authentication credentials, a password. The computing platform may hash the password to produce a password hash, and may send the password hash to an application server for validation.