Abstract: A computer implemented malware protection method to mitigate malware spread within a set of communicating computer systems from an infected computer system is disclosed.

Abstract: A computer implemented malware protection method to protect a target computer system in a set of computer systems from a malware, the method comprising: accessing a model of the set of computer systems, the model identifying interacting pairs of the computer systems in the set based on interactions corresponding to previous communication occurring between the computer systems in the pairs, and the model identifying the target computer system; simulating, over a plurality of time periods, a propagation of the malware originating from a predetermined source computer system in the model, the simulation being based on a number of interactions per time period between each interacting pair of computer systems in the set, and a rate of transmission of the malware per interaction; evaluating, for each of at least a subset of the time periods, a probability of infection of the target computer system in the time period; responsive to the simulating step, identifying an earliest time period during which the probability

Abstract: A computer implemented security method for a set of internet-of-things (IoT) devices, the set of devices comprising network-connected sensors and actuators, wherein a data repository stores data about the devices, actions performable by each of the devices and one or more network attacks to which at least a subset of the devices are susceptible, the method comprising: defining, for each network attack, one or more responsive actions for the attack, each responsive action identifying one or more performable actions for performance by one or more devices to mitigate the attack; detecting a device in a compromised state, the compromised state being determined based on a threshold number of occurrences of an attack perpetrated against the device; selecting responsive actions for the perpetrated attack; and triggering the responsive actions to mitigate the perpetrated attack.

Abstract: A malware protection method to protect at least a subset of a set of computer systems from a malware includes accessing a model of the set of computer systems, the model identifying interacting pairs of the computer systems in the set based on interactions corresponding to previous communication occurring between the computer systems in the pair; simulating, over a plurality of time periods, a propagation of the malware originating from a predetermined source computer system in the model, the simulation being based on a number of interactions per time period between each interacting pair of computer systems in the set, and a rate of transmission of the malware per interaction; and, responsive to the simulating step, identifying one or more computer systems or interacting pairs of computer systems to deploy a malware protection measure thereto so as to inhibit a propagation of the malware through the set of computer systems.

Abstract: A malware protection method to protect at least a subset of a set of computer systems from a malware propagating through the set of computer systems, including accessing a model of the set of computer systems, wherein each computer system is identified by the model as having an indication of a state of malware infection; simulating, over a plurality of time periods, a propagation of the malware from infected computer systems to susceptible computer systems, the simulation being based on a number of interactions per time period between each interacting pair of computer systems in the set, and a rate of transmission of the malware per interaction; responsive to the simulating, identifying one or more computer systems to deploy a malware protection measure thereto so as to inhibit a propagation of the malware through the set of computer systems.

Abstract: A computer implemented method of protecting a target subnet, including a set of network connected devices in a hierarchy of subnets of a computer network, from malware attack. The method includes generating a dynamical system for each subnet in the network, each dynamical system modelling a rate of change of a number of network connected devices in the subnet that are: susceptible to infection by the malware; infected by the malware; protected against infection by the malware; and remediated of infection by the malware. The dynamical systems are based on rates of transmission of the malware between pairs of subnets; evaluating a measure of risk of infection of the target subnet at a predetermined point in time based on the dynamical system for the target subnet; and responsive to the measure of risk meeting a predetermined threshold, deploying malware protection measures to devices in the target subnet.

Abstract: A computer implemented method of protecting a portion of a computer network from malware attack, the computer network including a network connected devices organized into hierarchical subnets modelled by a tree data structure in which each subnet is represented as a node in the tree, each node having a connection to parent node save for a root node, the method including performing protective actions on devices in subnets associated with a first subset of nodes to provide protection against the malware, prioritizing devices in the subnets associated with a second subset of nodes so as to provide a barrier of subnets protected against the malware to impede the propagation of the malware to devices in subnets associated with each of the first subset of nodes.

Abstract: A computer implemented method to block malware propagation in a network of computer systems, each computer system in the network having associated location information indicating a physical location, by receiving, for each of a plurality of time periods, a model of the network of computer systems identifying communications therebetween and a malware infection state of each computer system; identifying a physical location at which one or more computer systems are involved in propagation of the malware, the identification being based on changes to malware infection states of computer systems; colocation of computer systems and the communications therebetween identified in the models; and implementing protective measures in respect to the physical location so as to block propagation of the malware through the network.

Abstract: A computer implemented method to block malware propagation in a network of computer systems by receiving, for each of a plurality of time periods, a model of the network of computer systems identifying communications therebetween and a malware infection state of each computer system; identifying a common resource in the network involved in propagation of the malware, the identification being based on changes to malware infection states of computer systems and the communications therebetween identified in the models; and implementing protective measures in respect to the common resource so as to block propagation of the malware through the network.

Abstract: A computer implemented method to block malware propagation in a network of computer systems by receiving, for each of a plurality of time periods, a historical model of the network of computer systems identifying communications therebetween and a malware infection state of each computer system; generating, for each of a plurality of subsequent time periods, a forecast model of the network of computer systems in which each forecast model identifies communications between computer systems and malware infection state of computer systems being determined based on an extrapolation of the set of historical models; identifying a common resource in the network involved in propagation of the malware, the identification being based on changes to malware infection states of computer systems and the communications therebetween identified in the forecast models; and implementing protective measures in respect to the common resource so as to block propagation of the malware through the network.

Abstract: There is provided a computer implemented method, computer system and computer program for protecting a network. The method comprises: gathering traffic data for the network; identifying a set of loT devices in the network based on the output from a machine learning model for classifying loT devices using features extracted from the traffic data that are indicative of an loT device; and causing one or more predetermined actions to be taken in respect of the set of loT devices to protect the network.

Abstract: A computer implemented method of protecting a network of computer systems, the method comprising: receiving security data for the network, the security data comprising threat event data for threat events detected within the network over a period of time; extracting, from the received security data, one or more features indicative of a computer system being compromised by a particular threat; generating a forecast of a number of computer systems in the network compromised by the particular threat at a future point in time based on the one or more features; determining whether action should be taken to mitigate the particular threat based on the forecast; and in response to determining that action should be taken, causing one or more predetermined actions to be taken to mitigate the particular threat.

Abstract: A computer implemented method of protecting a portion of a computer network from malware attack, the computer network including a network connected devices organized into hierarchical subnets modelled by a tree data structure in which each subnet is represented as a node in the tree, each node having a connection to parent node save for a root node, the method including performing protective actions on devices in subnets associated with a first subset of nodes to provide protection against the malware, prioritizing devices in the subnets associated with a second subset of nodes so as to provide a barrier of subnets protected against the malware to impede the propagation of the malware to devices in subnets associated with each of the first subset of nodes.

Abstract: A computer implemented method of protecting a target subnet in a hierarchy of subnets of a computer network from malware attack, the subnet including a set of network connected devices, the method including generating a dynamical system for each subnet in the network, each dynamical system modelling a rate of change of a number of network connected devices in the subnet that are: susceptible to infection by the malware; infected by the malware; protected against infection by the malware; and remediated of infection by the malware, the dynamical systems being based on rates of transmission of the malware between pairs of subnets; evaluating a measure of risk of infection of the target subnet at a predetermined point in time based on the dynamical system for the target subnet; and responsive to the measure of risk meeting a predetermined threshold, deploying malware protection measures to devices in the target subnet.

Abstract: A method for assessing perceived quality of adaptive media streaming includes receiving, by a device including a processor, a stream of adaptive media content. This stream includes both audio signals and video signals. A number of quality change events in the received stream for a predetermined period of time is determined. Also, a difference value between a highest quality level value detected in the received stream for the predetermined period of time and a lowest quality level value detected in the received stream for the predetermined period of time is determined. A quality impact score value is generated for the received stream based on the determined number of quality change events and based on the determined quality level difference value.

Abstract: A method for assessing perceived quality of adaptive media streaming includes receiving, by a device including a processor, a stream of adaptive media content. This stream includes both audio signals and video signals. A number of quality change events in the received stream for a predetermined period of time is determined. Also, a difference value between a highest quality level value detected in the received stream for the predetermined period of time and a lowest quality level value detected in the received stream for the predetermined period of time is determined. A quality impact score value is generated for the received stream based on the determined number of quality change events and based on the determined quality level difference value.