Abstract: A service obtains traffic logs for traffic of a network that has been sent according to a Layer 7 protocol (e.g., SNMP or DNS). The service identifies from the traffic logs device names that appear to correspond to different devices/NICs as names of candidate multi-NIC devices. The service extracts features from names of the candidate multi-NIC devices and generates respective feature vectors. The service can generate “documents” representing each device name from which it extracts features by determining n-grams of each device name, where a set of n-grams of a device name is treated as a document, and each n-gram is treated as a term in the document. Exemplary features that can be extracted based on a device name document include within-document and cross-document uniqueness scores. The service clusters the feature vectors with unsupervised learning and identifies clusters of a size that satisfies a criterion as corresponding to multi-NIC devices.

Abstract: Techniques for IoT policy recommendation LLM embeddings based on global behavior learning are disclosed. In some embodiments, a system, process, and/or computer program product for IoT policy recommendation LLM embeddings based on global behavior learning includes receiving information associated with network communications of a plurality of Internet of Things (IoT) devices; automatically learning a global common behavior for the plurality of IoT devices using a Large Language Model (LLM) classifier to generate a plurality of recommended rules; and applying a policy to at least one of the plurality of IoT devices based on one or more of the plurality of recommended rules.

Abstract: Techniques for IoT policy recommendation LLM embeddings based on global behavior learning are disclosed. In some embodiments, a system, process, and/or computer program product for IoT policy recommendation LLM embeddings based on global behavior learning includes receiving information associated with network communications of a plurality of Internet of Things (IoT) devices; automatically learning a global common behavior for the plurality of IoT devices using a Large Language Model (LLM) classifier to generate a plurality of recommended rules; and applying a policy to at least one of the plurality of IoT devices based on one or more of the plurality of recommended rules.

Abstract: Described herein include a system and method for a device for drug delivery and ophthalmic diagnostics designed to assist in the diagnosis of the physical state of a cornea through the projection of droplets onto the eye. In some embodiments, the apparatus includes a liquid sampling unit, an electric droplet generator, and a steering unit. In some embodiments, the liquid sampling unit is configured to project a quantity of liquid, while the electric droplet generator receives the quantity of liquid and outputs one or more electrically charged droplets. The steering unit uses electrostatic forces to steer the electrically charged droplets along a trajectory onto the cornea of the patient's eye.

Abstract: Certain aspects of the present disclosure provide systems and methods for measuring biomechanics in real-time at multiple eye-tissue locations. In certain embodiments, a method may be performed by a computer in communication with an optical coherence tomography (OCT) device. The method includes receiving an indication of a stimulus applied to eye tissue of a patient. The method also includes instructing the OCT device to emit a plurality of beams, at approximately the same time, to a plurality of measurement locations on the eye tissue in response to the received indication. The method also includes receiving, from the OCT device, OCT data for each of the plurality of measurement locations. The method also includes measuring tissue responses to the stimulus at the plurality of measurement locations based on the OCT data.

Abstract: A stateful chatbot system leverages generative AI to provide an interface by which users can retrieve information from backend IoT databases of a security provider via natural language queries. Upon receiving a natural language query that corresponds to a request for information from the database, the chatbot generates a corresponding database query having a format compatible with the database. The chatbot comprises a generative model adapted to generate database queries based on natural language queries via prompt engineering using natural language and database query pairs. The chatbot queries the database with the generated database query, retrieves results comprising data/metadata that satisfy the query, and generates a summary of the results, both of which it presents as a response to the user's query. The chatbot also has access to a vulnerability database from which it can obtain information about known vulnerabilities documented therein to respond to user queries.

Abstract: An anomalous behavior detector has been designed to detect novel behavioral changes of devices based on network traffic data that likely correlate to anomalous behaviors. The anomalous behavior detector uses the local outlier factor (LOF) algorithm with novelty detection. After initial semi-supervised training with a single class training dataset representing stable device behaviors, the obtained model continues learning frontiers that delimit subspaces of inlier observations with live network traffic data. Instead of traffic variables being used as features, the features that form feature vectors are similarities of network traffic variable values across time intervals. A feature vector for the anomalous behavior detector represents stability or similarity of network traffic variables that have been chosen as device identifiers and behavioral indicators.

Abstract: A service obtains traffic logs for traffic of a network that has been sent according to a Layer 7 protocol (e.g., SNMP or DNS). The service identifies from the traffic logs device names that appear to correspond to different devices/NICs as names of candidate multi-NIC devices. The service extracts features from names of the candidate multi-NIC devices and generates respective feature vectors. The service can generate “documents” representing each device name from which it extracts features by determining n-grams of each device name, where a set of n-grams of a device name is treated as a document, and each n-gram is treated as a term in the document. Exemplary features that can be extracted based on a device name document include within-document and cross-document uniqueness scores. The service clusters the feature vectors with unsupervised learning and identifies clusters of a size that satisfies a criterion as corresponding to multi-NIC devices.

Abstract: A service obtains traffic logs for traffic of a network that has been sent according to a Layer 7 protocol (e.g., SNMP or DNS). The service identifies from the traffic logs device names that appear to correspond to different devices/NICs as names of candidate multi-NIC devices. The service extracts features from names of the candidate multi-NIC devices and generates respective feature vectors. The service can generate “documents” representing each device name from which it extracts features by determining n-grams of each device name, where a set of n-grams of a device name is treated as a document, and each n-gram is treated as a term in the document. Exemplary features that can be extracted based on a device name document include within-document and cross-document uniqueness scores. The service clusters the feature vectors with unsupervised learning and identifies clusters of a size that satisfies a criterion as corresponding to multi-NIC devices.

Abstract: Device type discovery for a private network can be performed based on network address translated (NAT?d) network traffic generated from the network. A security solution analyzes data of network traffic from network devices using a binary classifier to determine whether the network traffic is from a NAT device. A network traffic dataset for a first time interval is preprocessed to generate a feature vector for the binary classifier, the output of which indicates whether the traffic is NAT?d. For NAT?d traffic, the security solution analyzes subsets of the network traffic dataset of smaller intervals within the first time interval. The security solution determines feature values from each network traffic data subset and generates feature vectors which are input to a multiclass classifier to obtain a device classification for each network traffic data subset.

Abstract: Techniques for grouping and labeling Internet of Things (IoT) devices are disclosed. A first set of raw events associated with a first IoT device is identified, including a transmission made by the first IoT device. A communication manner of the first IoT device is determined, based at least in part on a communication manner of the first IoT device. The first set of raw events over the first time period is examined to generate one or more formatted events of the first IoT device. The formatted events are used to extract a set of features. Similar processing is performed with respect to a second IoT device. A context-based IoT device grouping model is generated based on at least one of: (1) the features extracted for the first IoT device or (2) the features extracted for the second IoT device. The model is applied to determine that a third IoT device belongs to a particular group. A deviation by the third IoT device from group behavior is detected and an alert is generated in response.

Abstract: An anomalous behavior detector has been designed to detect novel behavioral changes of devices based on network traffic data that likely correlate to anomalous behaviors. The anomalous behavior detector uses the local outlier factor (LOF) algorithm with novelty detection. After initial semi-supervised training with a single class training dataset representing stable device behaviors, the obtained model continues learning frontiers that delimit subspaces of inlier observations with live network traffic data. Instead of traffic variables being used as features, the features that form feature vectors are similarities of network traffic variable values across time intervals. A feature vector for the anomalous behavior detector represents stability or similarity of network traffic variables that have been chosen as device identifiers and behavioral indicators.

Abstract: An anomalous behavior detector has been designed to detect novel behavioral changes of devices based on network traffic data that likely correlate to anomalous behaviors. The anomalous behavior detector uses the local outlier factor (LOF) algorithm with novelty detection. After initial semi-supervised training with a single class training dataset representing stable device behaviors, the obtained model continues learning frontiers that delimit subspaces of inlier observations with live network traffic data. Instead of traffic variables being used as features, the features that form feature vectors are similarities of network traffic variable values across time intervals. A feature vector for the anomalous behavior detector represents stability or similarity of network traffic variables that have been chosen as device identifiers and behavioral indicators.

Abstract: Techniques for performing Internet of Things (IoT) device identification are disclosed. Information associated with a network communication of an IoT device is received. A determination of one or more confidence scores that represent how well the received information matches respective one or more network behavior pattern identifiers is made. A determination is made that each one of the one or more determined confidence scores is below a threshold. In response to determining that each of the one or more determined confidence scores is below the threshold, a two-part classification process is performed, where a first portion includes an inline classification, and a second portion includes a subsequent verification of the inline classification. A result of the classification process is provided to a security appliance configured to apply a policy to the IoT device.

Abstract: An anomalous behavior detector has been designed to detect novel behavioral changes of devices based on network traffic data that likely correlate to anomalous behaviors. The anomalous behavior detector uses the local outlier factor (LOF) algorithm with novelty detection. After initial semi-supervised training with a single class training dataset representing stable device behaviors, the obtained model continues learning frontiers that delimit subspaces of inlier observations with live network traffic data. Instead of traffic variables being used as features, the features that form feature vectors are similarities of network traffic variable values across time intervals. A feature vector for the anomalous behavior detector represents stability or similarity of network traffic variables that have been chosen as device identifiers and behavioral indicators.

Abstract: Identifying Internet of Things (IoT) devices with packet flow behavior including by using machine learning models is disclosed. Information associated with a network communication of an IoT device is received. A determination of whether the IoT device has previously been classified is made. In response to determining that the IoT device has not previously been classified, a determination is made that a probability match for the IoT device against a behavior signature exceeds a threshold. The behavior signature includes at least one time series feature for an application used by the IoT device. Based at least in part on the probability match, a classification of the IoT device is provided to a security appliance configured to apply a policy to the IoT device.

Abstract: Techniques for grouping and labeling Internet of Things (IoT) devices are disclosed. A first set of raw events associated with a first IoT device is identified, including a transmission made by the first IoT device. A communication manner of the first IoT device is determined, based at least in part on a communication manner of the first IoT device. The first set of raw events over the first time period is examined to generate one or more formatted events of the first IoT device. The formatted events are used to extract a set of features. Similar processing is performed with respect to a second IoT device. A context-based IoT device grouping model is generated based on at least one of: (1) the features extracted for the first IoT device or (2) the features extracted for the second IoT device. The model is applied to determine that a third IoT device belongs to a particular group. A deviation by the third IoT device from group behavior is detected and an alert is generated in response.

Abstract: Techniques for grouping and labeling Internet of Things (IoT) devices are disclosed. A set of raw events associated with a first IoT device is identified. A context of the first IoT device is identified, and used to enrich at least some of the raw events. At least some of the raw events are aggregated. A context-based IoT device grouping model is generated based at least in part on the aggregated events and events associated with a second IoT device in operation. The model is applied to determine that a third IoT device belongs to a particular group. A deviation by the third IoT device from group behavior is detected and an alert is generated in response.

Abstract: Techniques for grouping and labeling Internet of Things (IoT) devices are disclosed. A set of raw events associated with a first IoT device is identified. A context of the first IoT device is identified, and used to enrich at least some of the raw events. At least some of the raw events are aggregated. A context-based IoT device grouping model is generated based at least in part on the aggregated events and events associated with a second IoT device in operation. The model is applied to determine that a third IoT device belongs to a particular group. A deviation by the third IoT device from group behavior is detected and an alert is generated in response.