Abstract: Systems and methods are disclosed for protecting a computer program from unauthorized analysis and modification. Obfuscation transformations can be applied to the computer program's local structure, control graph, and/or data structure to render the program more difficult to understand and/or modify. Tamper-resistance mechanisms can be incorporated into the computer program to detect attempts to tamper with the program's operation. Once an attempt to tamper with the computer program is detected, the computer program reports it to an external agent, ceases normal operation, and/or reverses any modifications made by the attempted tampering. The computer program can also be watermarked to facilitate identification of its owner. The obfuscation, tamper-resistance, and watermarking transformations can be applied to the computer program's source code, object code, or executable image.

Abstract: Systems, computer-readable media storing instructions, and methods can infer a state of behavior. Such a method can include constructing a graph including nodes representing hosts and domains based on an event dataset. The graph can be seeded with information external to the event dataset. A belief whether each of the nodes is in a particular state of behavior can be calculated based on marginal probability estimation.

Abstract: Software self-checking mechanisms are described for improving software tamper resistance and/or reliability. Redundant tests are performed to detect modifications to a program while it is running. Modifications are recorded or reported. Embodiments of the software self-checking mechanisms can be implemented such that they are relatively stealthy and robust, and so that it they are compatible with copy-specific static watermarking and other tamper-resistance techniques.

Abstract: A method for submatch extraction may include receiving an input string, receiving a regular expression, and converting the regular expression with capturing groups into a plurality of finite automata to extract submatches. The method further includes using a first automaton to determine whether the input string is in a language described by the regular expression, and to process the input string, and using states of the first automaton in a second automaton to extract the submatches.

Abstract: Systems and methods are disclosed for embedding information in software and/or other electronic content such that the information is difficult for an unauthorized party to detect, remove, insert, forge, and/or corrupt. The embedded information can be used to protect electronic content by identifying the content's source, thus enabling unauthorized copies or derivatives to be reliably traced, and thus facilitating effective legal recourse by the content owner. Systems and methods are also disclosed for protecting, detecting, removing, and decoding information embedded in electronic content, and for using the embedded information to protect software or other media from unauthorized analysis, attack, and/or modification.

Abstract: A method for one pass submatch extraction may include receiving an input string, receiving a regular expression with capturing groups, and converting the regular expression with capturing groups into a finite automaton M to extract submatches. The finite automaton M may be evaluated to determine whether the regular expression belongs to a set of regular expressions for which submatch extraction is implemented by using one pass by determining whether an automaton M?=rev(close(M)) is deterministic. The input string may be matched to the regular expression if the regular expression belongs to the set of regular expressions for which submatch extraction is implemented by using one pass.

Abstract: Identifying participants for collaboration in a threat exchange community can include receiving security data from a plurality of participants at a threat exchange server within the threat exchange community; and in response to receiving from a first participant from the plurality of participants security data associated with a security occurrence, identifying at the threat exchange server the first participant and a second participant from the plurality of participants for collaboration based on characteristics of the first participant and the second participant.

Abstract: Threat exchange information protection can include receiving security information from a number of participants of a threat exchange community, wherein a portion of the received security information is encoded with pseudonyms by each of the number of participants, analyzing the security information collectively from the number of participants, wherein the portion of the received security information remains encoded, and sending analysis results to each of the number of participants, wherein the analysis results include information relating to the portion.

Abstract: A method for submatch extraction may include receiving an input string, receiving a regular expression, and converting the regular expression with capturing groups into a plurality of finite automata to extract submatches. The method further includes using a first automaton to determine whether the input string is in a language described by the regular expression, and to process the input string, and using states of the first automaton in a second automaton to extract the submatches. In addition, input partitioning and automaton minimization techniques may be employed to reduce the storage area consumed by the plurality of finite automata.

Abstract: According to an example, a method for matching regular expressions including word boundary symbols includes receiving an input string and receiving a regular expression including a word boundary symbol. The method further includes transforming, by a processor, the regular expression into an automaton such that a set of strings accepted by the automaton is the same as a set of strings described by the regular expression. The method also includes processing the input string by the automaton to determine if the input string matches the regular expression.

Abstract: Software self-checking mechanisms are described for improving software tamper resistance and/or reliability. Redundant tests are performed to detect modifications to a program while it is running. Modifications are recorded or reported. Embodiments of the software self-checking mechanisms can be implemented such that they are relatively stealthy and robust, and so that it they are compatible with copy-specific static watermarking and other tamper-resistance techniques.

Abstract: Systems and methods are provided for performing transactions and managing communications using a trusted third party. In one embodiment, a sender transfers an encrypted version of a file (such as a digitally encoded audio track, movie, document, or the like) to someone who wishes to receive it. The receiver computes a first hash of at least a portion of the encrypted data content, and sends the first hash to a third party configured to compare at least a portion of the first hash to at least a portion of a second hash. The receiver receives a file decryption key from the third party, and decrypts at least the portion of the received encrypted data content with the decryption key. In some cases, multiple hashes of the encrypted data content may be computed, each using a different portion of the encrypted data content.

Abstract: A method for submatch extraction may include receiving an input string, receiving a regular expression, and converting the regular expression with capturing groups into a plurality of finite automata to extract submatches. The method further includes using a first automaton to determine whether the input string is in a language described by the regular expression, and to process the input string, and using states of the first automaton in a second automaton to extract the submatches. In addition, input partitioning and automaton minimization techniques may be employed to reduce the storage area consumed by the plurality of finite automata.

Abstract: According to an example, a method for matching regular expressions including word boundary symbols includes receiving an input string and receiving a regular expression including a word boundary symbol. The method further includes transforming, by a processor, the regular expression into an automaton such that a set of strings accepted by the automaton is the same as a set of strings described by the regular expression. The method also includes processing the input string by the automaton to determine if the input string matches the regular expression.

Abstract: Systems and methods are provided for performing transactions and managing communications using a trusted third party. In one embodiment, a sender transfers an encrypted version of a file (such as a digitally encoded audio track, movie, document, or the like) to someone who wishes to receive it. The receiver computes a first hash of at least a portion of the encrypted data content, and sends the first hash to a third party configured to compare at least a portion of the first hash to at least a portion of a second hash. The receiver receives a file decryption key from the third party, and decrypts at least the portion of the received encrypted data content with the decryption key. In some cases, multiple hashes of the encrypted data content may be computed, each using a different portion of the encrypted data content.

Abstract: A method for submatch extraction may include receiving an input string, receiving a regular expression. The method may further include converting the regular expression with capturing groups into ordered binary decision diagrams (OBDDs) to extract submatches.

Abstract: Methods, systems, and computer-readable and executable instructions are provided for assigning an advertisement. Assigning an advertisement can include constructing a graph of events between a number of visitors and a number of domains, iteratively calculating a set of domain scores for the advertisement using a spreading function on the graph, and assigning the advertisement to a domain based on a domain score of the domain, wherein the domain score is among the set of domain scores.

Abstract: Systems and methods are disclosed for protecting a computer program from unauthorized analysis and modification. Obfuscation transformations can be applied to the computer program's local structure, control graph, and/or data structure to render the program more difficult to understand and/or modify. Tamper-resistance mechanisms can be incorporated into the computer program to detect attempts to tamper with the program's operation. Once an attempt to tamper with the computer program is detected, the computer program reports it to an external agent, ceases normal operation, and/or reverses any modifications made by the attempted tampering. The computer program can also be watermarked to facilitate identification of its owner. The obfuscation, tamper-resistance, and watermarking transformations can be applied to the computer program's source code, object code, or executable image.

Abstract: Systems, computer-readable media storing instructions, and methods can infer a state of behavior. Such a method can include constructing a graph including nodes representing hosts and domains based on an event dataset. The graph can be seeded with information external to the event dataset. A belief whether each of the nodes is in a particular state of behavior can be calculated based on marginal probability estimation.

Abstract: A customized security model template is created that is customized for a specific organization's security related procedures. The customized security model template is instantiated with parameters associated with the organization to create an instantiated security model, and a report is produced based on simulations of the instantiated security model that specifies metrics of the organization's security implementation.