Abstract: Systems, computer program products, and methods are described herein for identification and verification of brute force attacks using hash signature segmentation and behavior clustering analysis. The present invention is configured to receive a plurality of access attempts and an associated plurality of hash values; determine a failure request load based on the plurality of access attempts; determine whether the failure request load meets a failure threshold, wherein, in an instance where the failure request load meets the failure threshold, separating the plurality of access attempts associated with the failure request load into a plurality of hash clusters; generate a behavior cluster for each hash cluster based on shared behavior data of the plurality of access attempts; and determine, based on the behavior cluster for each hash cluster, a likelihood of misappropriation for each access attempt of the plurality of access attempts.

Abstract: Systems, computer program products, and methods are described herein for generating a digital twin or a resource using partial sensor data and artificial intelligence. The present invention is configured to receive resource sensor data from a plurality of sensors, wherein the plurality of sensors is associated with a resource; apply a sensor data analyzer engine to the resource sensor data; determine, by the sensor data analyzer engine, whether at least one sensor anomaly of the resource sensor data is present; apply an on-demand synthetic data generator to the at least one sensor anomaly; generate synthetic sensor data associated with the resource, wherein the synthetic sensor data is based on a real-time pattern of the resource sensor data from the plurality of sensors; and generate, based on the resource sensor data from the plurality of sensors and the synthetic sensor data, a digital twin of the resource.

Abstract: Systems, computer program products, and methods are described herein for identification and verification of brute force attacks using hash signature segmentation and behavior clustering analysis. The present invention is configured to receive a plurality of access attempts and an associated plurality of hash values; determine a failure request load based on the plurality of access attempts; determine whether the failure request load meets a failure threshold, wherein, in an instance where the failure request load meets the failure threshold, separating the plurality of access attempts associated with the failure request load into a plurality of hash clusters; generate a behavior cluster for each hash cluster based on shared behavior data of the plurality of access attempts; and determine, based on the behavior cluster for each hash cluster, a likelihood of misappropriation for each access attempt of the plurality of access attempts.

Abstract: Computer-implemented cyber-security processes and machines provide proactive anti-forensics activity detection and prevention to safeguard the integrity of transactions and their associated log details or other data using artificial intelligence and/or machine learning, thereby ensuring that all transactions and logs within the system are complaint for cyber forensics, and helping to make reactive forensic tasks more robust by adding proactive monitoring and compliance activity.

Abstract: A data poisoning and model drift prevention computing system may feed trusted historical data to one or more generative adversarial networks (GAN) and cause the GANs to generate simulated data. Curated simulated data is clustered and the data characteristics are captured, such as number of clusters, data density, and the like. The data poisoning and model drift prevention computing system sanitizes the model data and merges the sanitized data with trusted data. The data poisoning and model drift prevention computing system may then cluster the resultant data again and compare the similarities with trusted data clusters. No change in cluster characteristics indicate the data is not tampered and in expected condition. The data poisoning and model drift prevention computing system identifies a deviation in cluster characteristics corresponding to poisoned data and trigger remedial actions.

Abstract: Systems, computer program products, and methods are described herein for dynamic visual graph structure providing multi-stream data integrity and analysis. The present disclosure is configured to provide a reactive system aimed to trace the root cause of incidents and uncover potential gaps in security of an enterprise system. Maintaining accurate and meaningful information related to incidents is the key for success of data security protocols. The integrity of message data is kept intact for improved forensic investigation, as each database may keep varying information related to a single global session.

Abstract: A simplified IoT network validation process includes improvements to enrollment of IoT devices onto the IoT network and authentication of active IoT devices during IoT network operation. A random cipher text is created upon device enrollment and shared to each device in the network. Additionally, a random peer-to-peer cross reference communication pattern is established among the devices. Using a device pairing sequence an iterated (e.g., chained) hash value is generated and stored at the server. During the device authentication, upon basic authentication of the request, a server shares a random point to the network (e.g., a randomly selected IoT device) to trigger the hash token generation process. The network devices perform hash token iteration as a ring. Each IoT device uses the previous hash when generating the next hash. The final hash is sent to the server for validation and comparison against stored keys.

Abstract: Systems, computer program products, and methods are described herein for predictive generation of data puddles. The present disclosure is configured to capture data ingestion information associated with an end-point device over a period of time; determine, using a machine learning (ML) subsystem, data ingestion pattern for the end-point device based on at least the data ingestion information; generate a query sequence for predictive extraction of data from a data lake based on at least the data ingestion pattern; trigger the predictive extraction of the data from the data lake based on at least the query sequence; and store the data in a data puddle associated with the end-point device in response to the predictive extraction.

Abstract: Aspects of the disclosure relate to a network traffic monitoring platform. The platform may train an attack pattern analysis model to output a behavior profile and a cumulative attack score. The platform may identify a password failure rate spike. The platform may extract a password hash from the network traffic. The platform may generate the behavior profile based on the password hash. The platform may generate the cumulative attack score based on the behavior profile. The platform may compare the cumulative attack score to a threshold. Based on identifying that the cumulative attack score is below the threshold, the platform may identify the password hash as a secure hash. Based on identifying that the cumulative attack score meets or exceeds the threshold, the platform may and generate password complexity rules. The platform may refine the attack pattern analysis model based on the attacked hash and the cumulative attack score.

Abstract: A method of securing a data set using encryption and scaling. The data set comprises a modeling and validation section with each section having text and numeric data. For each section, the method encrypts text data using a public key and scales numeric data using a scaling factor. The method builds a model by applying the encrypted modeling section to the algorithm to generate modeling text data, numeric data, and patterns derived therefrom. The method generates validation text data, numeric data, and patterns derived therefrom by applying the encrypted validation section to the model. The method compares the patterns from each section and validates the model based on the comparison. The method decrypts the generated modeling text data and validation text data using a private key and descales the modeling numeric data and validation numeric data using the scaling factor. The method verifies the model by comparing the decrypted text data and descaled numeric data to the same in the data set.

Abstract: Aspects of the disclosure relate to authentication. A computing platform may send, to a wearable device, an internet of things (IOT) vector key. The computing platform may receive an application access request from the wearable device, which may include authentication credentials. The computing platform may send, to the wearable device, a reference key comprising a sequence of row-column combinations corresponding to the IoT vector key, and the wearable device may be configured to identify a hash salt value using the reference key and the IoT. The computing platform may receive, from the wearable device, the hash salt value. The computing platform may generate, based on the hash salt value and the authentication credentials, a password. The computing platform may hash the password to produce a password hash, and may send the password hash to an application server for validation.

Abstract: A system is provided for user-initiated authentication of an electronic communication channel using a secure computing application token. In particular, the system may comprise a token generation application installed on an endpoint device of a user, where the application may be configured to perform authentication of communication channels based on receiving user input. Upon receiving a request to establish a secure communication channel from a remote device, the endpoint device may receive a voice sample from the user. Based on the attributes of the voice sample and of the application session, the endpoint device may generate an alphanumeric character string that may serve as a secure token to be verified against a second character string received from the remote device. If a match is detected, the endpoint device may authenticate and generate the communication channel.

Abstract: Aspects of the disclosure relate to cognitive auditing of client bound data. A computing platform may intercept a request from a user device to an application server. The computing platform may identify content requested by the user device and generate predicted response data based on the requested content. The computing platform may transmit the request to the application server. The computing platform may receive, from the application server, actual response data. The computing platform may validate the actual response data by comparing the actual response data with the predicted response data. Based on comparing the actual response data with the predicted response data, the computing platform may identify whether the actual response data matches the predicted response data. Based on identifying that the actual response data matches the predicted response data, the computing platform may send the actual response data to the user device.

Abstract: Cognitive analysis, including artificial intelligence, is implemented to dynamically determine service discovery and service binding. Specifically, cognitive analysis is used to determine a client's capabilities and based on the capabilities, a service version is selected and coupled/bound to the client. As a result of such loose coupling/binding with service signatures, service version upgrade at the client is not mandatory in the event of a server-side service version upgrade.

Abstract: Computer-implemented cyber-security, behavior-generated, event-type signed processes and machines provide for authentication and immutable transactions to overcome security risks. Clients submit requests for an immutable transactions and interactions responsive to the request are sent by the server to the client. The server generates behavioral expectations for the interactions, stores them for future comparison purposes, and transmits those to the client. The client executes user events for the interactions. The client behaviorally analyzes the user events and generates behavioral vectors corresponding to the user events. Intermediate client hashes that culminate in a final client hash are generated. User events are sent to the server. The server generates a server hash based on the behavioral expectations and the user events. The server compares the final client hash to the server hash to determine if the transaction is authentic and should be stored as immutable.

Abstract: Systems, computer program products, and methods are described herein for identification and verification of brute force attacks using hash signature segmentation and behavior clustering analysis. The present invention is configured to receive a plurality of access attempts and an associated plurality of hash values; determine a failure request load based on the plurality of access attempts; determine whether the failure request load meets a failure threshold, wherein, in an instance where the failure request load meets the failure threshold, separating the plurality of access attempts associated with the failure request load into a plurality of hash clusters; generate a behavior cluster for each hash cluster based on shared behavior data of the plurality of access attempts; and determine, based on the behavior cluster for each hash cluster, a likelihood of misappropriation for each access attempt of the plurality of access attempts.

Abstract: Aspects of the disclosure relate to detecting and preventing malware attacks using simulated analytics and continuous authentication. An application server may receive device information and processing capabilities information of a client device. Based on the device information and the processing capabilities information, the application server may generate analytical output data indicating, for each transaction executed on the client device, a transaction processing time. The application server may receive transaction information associated with a transaction being executed at the client device. Based on the received transaction information and the analytical output data, the application server may simulate the transaction being executed at the client device and determine expected payload data. The application server may receive an authorization request including actual payload data associated with the transaction being executed at the client device.

Abstract: Aspects of the disclosure relate to preserving text and speech semantics using real-time virtual corpora in live interactive chatbot sessions. A computing platform may receive user input and may determine whether characteristics of the input are identifiable. Based on determining the characteristics are identifiable, the computing platform may populate the characteristics using a global corpora and may use the populated characteristics to generate a response to the input. Alternatively, based on determining the characteristics are unidentifiable, the computing platform may determine whether the same or a similar input is stored in a virtual corpora. If the same or a similar input is stored in the virtual corpora, the computing platform may generate a response to the input using the virtual corpora. Alternatively, if the same or a similar input was not previously received, the computing platform may gather information from the user to generate a response to the input.

Abstract: A database manager segments data stored in a database into a plurality of data segments and randomly combines the data segments into a plurality of data chromosomes that form an initial generation of a genetic algorithm. The database manager then runs multiple iterations of the genetic algorithm on the initial generation, wherein each iteration forms a new generation of data chromosomes based on data segments having the highest optimization metrics from a previous generation, wherein the optimization metric of a data segment represents a degree of importance of the data segment. When the genetic algorithm converges a fitness score is calculated for each data segment, wherein the fitness score of a data segment equals a number of iterations of the genetic algorithm the data segment survived before the genetic algorithm was terminated. Data is deleted from the database based on the fitness scores of the data segments.

Abstract: Embodiments of the present invention comprise systems, methods, and computer program products providing an artificial intelligence (AI) powered solution to self-heal script failures and to maintain UI code as up-to-date according to application changes. The invention introduces the use of convolutional neural networks (CNNs) in test automation for visual identification of UI objects and classification of corresponding code language requirements for the UI objects. The invention may include building dynamic UI objects in the event of detected failures within a test environment.