Abstract: Systems, methods, and interfaces for the management of virtual machine networks and other programmatically controlled networks are provided. Hosted virtual networks are configured in a manner such that a virtual machine manager of the virtual network may monitor activity such as user requests, network traffic, and the status and execution of various virtual machine instances to determine possible security assessments. A security assessment may be performed before, after, or simultaneous to the execution of the activity associated with the security assessment event. The execution of an activity may further be synchronous with the results of the security assessment. The timing of the assessment may correspond to the type of assessment or type of activity that is requested or detected.

Abstract: There is disclosed in one example, a computing apparatus, including: a hardware platform including a processor and a memory; a network interface; a data exchange layer (DXL) application programming interface (API), the DXL API including instructions to communicatively couple the apparatus to a DXL bus and provide a DXL abstraction layer on top of a TCP/IP-based communication network; and a reputation engine including instructions encoded within memory to instruct the processor to: receive a plurality of DXL messages from a first DXL endpoint; compute a composite reputation for the first DXL endpoint; receive from a second DXL endpoint a DXL message requesting a reputation for the first DXL endpoint; establish a private topic on the DXL bus between the computing apparatus and the second DXL endpoint; and publish the composite reputation to the private topic.

Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

Abstract: In one embodiment, a device analyzes network traffic data using a clustering process, to identify a cluster of addresses associated with the network traffic data for which the associated network traffic has similar behavioral characteristics. The device calculates a set of rankings for the cluster by comparing the cluster to different sets of malicious addresses. The device aggregates the set of rankings into a final ranking by setting the rankings in the set as current rankings and iteratively calculating an average of any subset of the current rankings that comprises correlated rankings. The calculated average replaces the rankings in the subset as a current ranking. When none of the current rankings are correlated, the device performs an aggregation across all of the current rankings to form the final ranking. The device provides data indicative of the cluster for review by a supervisor, based on the final ranking.

Abstract: Methods, computer-readable media, software, and apparatuses may assist in proactively warning a consumer they are a victim or possible target of a cyber-attack or cyber-threat. To discover whether a consumer may be a victim, the methods, computer-readable media, software, and apparatuses will monitor the Surface Web, Deep Web, and Dark Web for potential cyber-threats and cyber-attacks. If one is discovered, the methods, computer-readable media, software, and apparatuses will compare the criteria of victims of targeted in the cyber-attack and compare that criteria with consumer profiles. If a consumer profile matches the criteria, the methods, computer-readable media, software, and apparatuses will notify the consumer of the threat.

Abstract: In various embodiments, a name server transmits a canonical name as resolution to another canonical name. In operation, when a resource name is requested for resolution, a determination is made that the resource name corresponds to a trap resource name. A first canonical name is transmitted as resolution to the trap resource name. The first canonical name is requested for resolution, and a second canonical name is transmitted as resolution. By providing trap canonical names as resolutions to trap canonical names, unauthorized software making the resolution requests is kept occupied with requesting resolution of canonical name after canonical name, impeding the ability of the unauthorized software from traversing a network.

Abstract: Systems and methods for testing Signature Pattern Matching (SPM) for a new signature associated with a cloud-based security system with a plurality of nodes and a testing node include operating the testing node with a same management software and SPM library as the plurality of nodes; obtaining a new signature derived to detect malicious content; compiling the new signature in the SPM library for the testing node; implementing one or more test cases related to the malicious content to analyze behavior of the testing node with the SPM library containing the new signature; and, responsive to success in the one or more test cases, providing the SPM library to the plurality of nodes for detection of the malicious content.

Abstract: In one embodiment, a device in a network receives traffic data regarding a plurality of observed traffic flows. The device maps one or more characteristics of the observed traffic flows from the traffic data to traffic characteristics associated with a targeted deployment environment. The device generates synthetic traffic data based on the mapped traffic characteristics associated with the targeted deployment environment. The device trains a machine learning-based traffic classifier using the synthetic traffic data.

Abstract: The present disclosure describes systems and methods that provide a hybrid framework for augmenting statistical anomaly detection with contextual features, machine learning and human Subject Matter Expert (SME) input to learn significant characteristics of true anomalies for which alerts should be generated. The framework presented herein is domain agnostic and independent of the underlying statistical anomaly detection technique or the machine learning algorithm. The framework described herein is therefore applicable and adaptable to a number of real world service provider systems and applications, such as, for example, detecting network performance degradation in a service provider network or detecting anomalous conditions from data received from a sensor while filtering out false positives.

Abstract: Systems for providing a threat intelligence system differentiate between network activity that is a mass scan, or is an accidental or otherwise benign abnormality, or is a directed attack. All of the network activity of a computing resource service provider is logged, and the logs are parsed to include the activity of a particular activity source. The activity is stored in an activity profile, and is updated on a rolling window basis. The systems then use the activity profiles of activity sources that have communicated with a user's computing resources to determine whether the activity and/or activity source is a potential threat against the user's virtual computing environment(s) and/or the computing resources executing therein. The system computes a threat level score based on parameters identified in the activity profiles.

Abstract: Techniques are disclosed relating to detection of network security threats. In some embodiments, a computer system receives network event information from network devices in a network. The computer system stores a set of received network event information in a first data store and performs analysis to identify a subset of the network event information. The computer system uses the subset of network event information to create, in a second data store, a model of a state of the network, and runs stored threat detection routines to query the second data store to detect threats to the network. The computer system provides an indication of threats detected in response to running the plurality of stored threat detection routines and, in response to receiving an indication of a user query regarding the network, provides query results determined based on accessing information in the first data store, but not the second data store.

Abstract: A method can include detection of policy anomalies in packets on a 1553B bus of an airborne system. A computer network defense (CND) capability message is decoded and indicates an interface to monitor. The interface is a 1553B bus of the airborne system. A CND command message, associated with the CND capability message, is decoded and includes a policy set. Packets are received from the 1553B bus. The 1553B packets are analyzed based on the policy set to determine anomalies. Non-anomalous 1553B packets are allowed to reach destinations of the non-anomalous 1553B packets. Anomalous 1553B packets are discarded such that the anomalous 1553B packets do not reach respective destinations of the anomalous 1533B packets.

Abstract: Methods and systems for detecting malicious network activity. The method may include analyzing payload data relating to activity on one or more virtual security appliances, grouping related payloads, and analyzing a time series dataset describing the groupings to identify anomalous payloads.

Abstract: Systems, methods, and other embodiments associated with cloud-based multi-layered security testing of a target application with multiple cloud-based security scanners using a single cloud-based graphical user interface are described. In one embodiment, a method includes receiving a request via a security testing interface to perform the cloud-based multi-layered security test on the target application. A single set of security test instructions to perform the cloud-based multi-layered security test on the target application using the selected cloud-based security scanners is generated and executed to initiate multiple security tests on the target application. A single set of scan results for the target application is generated based upon the execution of the multiple security tests, and is displayed by the single cloud-based graphical user interface.

Abstract: Systems and methods for assessing cybersecurity risk of a computer network include the use of a risk model application that is configured to determine an initial cyber risk score value based upon an underwriting process. A cyber risk data stream is sent from the client's computer network to the system processor to periodically calculate an updated cyber risk score based upon actual data. The system processor is adapted to use the data stream to generate client information that is accessible by the client via a web-based client portal. In embodiments, the cyber risk data stream can be actively monitored to identify a threat of a cybersecurity breach.

Abstract: Systems and methods for countering a cyber attack on computing devices used by users gather data about services with which users are interacting, as well as data about devices used by users for such interactions. The collected data is analyzed to detect when a cyber-attack on the devices is occurring as a result of a data breach of personal data on users from at least one service. Actions are selected for countering the cyber-attack and are sent to the devices of all users of the corresponding cluster in the event that a match is found in the characteristics of the attack vector for at least one device of another user whose devices belong to the corresponding cluster.

Abstract: Distributing and executing software upon devices by providing a computer program; dividing the computer program into a set of shreds; improving the communications fault tolerance of the shreds; encrypting the shreds; and distributing individual shreds to a shadow processor of a device for assembly and execution.

Abstract: In one embodiment, a method for electronic document sanitization may include receiving a first request from a client device to send a first electronic document, the first request including a requested usability level of the first electronic document, removing at least one document object from the first electronic document, the document object having potentially malicious content, the removing based at least in part on receiving the first request, and transmitting the first electronic document to the client device after removing the at least one document object therefrom.

Abstract: A computerized system and method to detect phishing cyber-attacks is described. The approach entails analyzing at least one displayable image of a webpage referenced by a URL associated with an email to ascertain whether the image, and thus the webpage and the email are part of a phishing cyber-attack.

Abstract: A method, system and computer program product are disclosed for protecting against notification based phishing attacks on a computing device. In an embodiment, the method comprises when the computing device receives a notification, identifying a pattern for the notification and identifying an application that triggered the notification; determining if the identified pattern matches any of a defined group of pre-specified patterns, each of the pre-specified patterns being associated with a specified application; when the identified pattern matches one of the pre-specified patterns, determining if the specified application associated with the matched pattern is the same as the application that triggered the notification; and when the specified application associated with the matched pattern is not the same as the application that triggered the notification, generating a message to alert a user of the computing device that the received notification may be a phishing attack.

Abstract: A computer-implemented method, computer program product and computer system include a processor(s) receiving request from a first client for an attribute of a first service node to utilize to access the service provided. The processor(s) provides the attribute of the first service node to the first client. The processor(s) accepts an access to the service by the first client, based on the first client utilizing the attribute to connect to the first service node. The processor(s) identifies attributes of one or more clients accessing the service via the first service node, including the first client. The processor(s) experiences an event indicating a need to change security protecting access to the service. The processor(s) redistributes the one or more clients to at least two additional service nodes.

Abstract: The disclosed embodiments include a method performed by a computer system. The method includes receiving user input defining attributes of a threat rule, the attributes including a type of computer network entity and an anomaly pattern associated with the type of computer network entity. The method further includes generating the threat rule based on the user input, wherein the threat rule identifies a security threat to the computer network that satisfies the attributes of the threat rule based on one or more detected anomalies on the computer network.

Abstract: A method for determining incorrect behavior of components in a distributed information technology (IT) system includes receiving a pattern useable to indicate an incorrect behavior of a component. An automaton and a complement automaton are constructed based on the pattern, the automaton and complement automaton comprising one or more states. One or more logged events are received, each event in the one or more logged events including a timestamp. Gaps are determined in the one or more logged events. Event matrices are precomputed for the gaps and for each event in the one or more logged events based on the states of the automaton and the complement automaton. The pattern is matched to the one or more logged events by iteratively processing the one or more logged events and the gaps and maintaining a combination matrix. The incorrect behavior is determined based on an output of the pattern matching.

Abstract: Described is a system for enforcing software policies. The system transforms an original software by inserting additional instructions into the original software. The additional instructions have the effect of determining, at run-time, whether proceeding with execution of the original software is in accordance with a predefined policy. Transforming the original software relies on software analysis to determine whether any run-time checks normally inserted into the original software can be safely omitted. The transformed software prevents unauthorized information from passing to the network.

Abstract: Disclosed are various embodiments for determining security policy compliance and data integrity verification during a data transfer operation between devices. In one embodiment, among others, a computing device is configured to receive a data transfer request for a file from a first client device, access the file associated with the first client device, determine that the file fails to comply with a security policy, and perform a remedial action for the file in response to the determination that the file fails to comply with the security policy. The remedial action causes the file to be inaccessible to a second client device.

Abstract: A computer performs dynamic address isolation. The computer comprises an application associated with an application address, a network interface coupled to receive incoming data packets from and transmit outgoing data packets to an external network, a network address translation engine configured to translate between the application address and a public address, and a driver for automatically forwarding the outgoing data packets to the network address translation engine to translate the application address to the public address, and for automatically forwarding the incoming data packets to the network address translation engine to translate the public address to the application address. The computer may communicate with a firewall configured to handle both network-level security and application-level security.

Abstract: This disclosure facilitates managing lost devices. In some embodiments, a system receives a first device type from a first agent on a first device, and a different second device type from a second agent on a second device. The system receives a first group associated with the first device and a different second group associated with the second device. The system determines that the first device and the second device are lost and accesses a database storing first and second configuration classes associated with the first and second devices, respectively. The system creates first and second device-dependent classes based on the first and second device types and the first and second configuration classes, respectively. The system melds the first device-dependent class into a first melded profile and the second device-dependent class into a second melded profile, using the respective groups, and applies the melded profiles to the corresponding device.

Abstract: Systems, methods, and software described herein provide for identifying recommended feature sets for new security applications. In one example, a method of providing recommended feature sets for a new security application includes identifying a request for the new security application, and determining a classification for the new security application. The method further provides identifying related applications to the new security application based on the classification, and identifying a feature set for the new security application based on features provided in the related applications.

Abstract: Information associated with a controlled-environment facility resident communications and/or data device, such as device location within the controlled-environment facility, may be used to determine whether the resident device is approved for two-way video visitation or restricted to on-way video visitation. Video visitation may be initiated and voice and video captured and streamed by a non-resident communications and/or data device, as well as voice and/or video captured and streamed by the resident device, is received by a controlled-environment facility electronic communications management system. Voice and video captured at the non-resident device is transmitted to the resident device and, if the resident device is permitted two-way video visitation, voice and video captured by the resident device is transmitted to the non-resident device, if the resident device is restricted to one-way video visitation, only voice is transmitted to the non-resident device.

Abstract: Investigative systems and methods linking controlled-environment facility residents and associated non-resident telephone numbers to e-commerce application program (app) purchases capture (a) non-resident telephone number(s) associated with (an) electronic communication(s) with a controlled-environment facility resident and/or (a) telephone number(s) associated with a non-resident communicating with a controlled-environment facility resident. E-commerce app accounts associated with the captured telephone number(s) are determined, e-commerce app account(s) associated with the captured telephone number(s) is (are) accessed and information about purchases made by a non-resident associated with the accessed e-commerce app account(s), through the accessed app account(s) is gathered.

Abstract: Techniques are disclosed for using machine-learning processing for generating resource-allocation specifications. A first data set may be received from a first data source. The first data set can include a first resource request and a first timestamp associated with entities. A second data set can be received from a second data source that includes communication data and allocation data associated with the entities. Target characteristics may be defined for training instances. The training instances can be used to train a machine-learning model using the first data set and the second data set. A third data set may be accessed and used to generate a user session within which, the trained machine-learning model may execute to generate a resource-allocation specification. The resource-allocation specification including a communication schedule. One or more communications compliant with the communication schedule may be output to an entity.

Abstract: To deal with ANAT/IP version incompatibility, a communication endpoint registers with a communication system using a SIP REGISTER message. For example, the communication endpoint registers when it boots up. The SIP REGISTER message indicates that the communication endpoint: does not support the Alternative Network Address Type (ANAT) protocol or is one of IPV4 intolerant or IPV6 intolerant. When a SIP INVITE message is received with a Session Description Protocol (SDP) offer that comprises the ANAT protocol or an IP address that is opposite of the IP version intolerance of the communication endpoint, a 4XX SIP response message is sent to the sender of the SIP INVITE to indicate the incompatibility. In response, to receiving the 4XX SIP response message, the SIP INVITE is modified to be compatible with the capabilities of the communication endpoint.

Abstract: Embodiments of the present disclosure relate to a method for managing user information in a SIP network and a device thereof. The method comprises: initiating a restart timer after a SIP access gateway restarts; within an expiration period of the restart timer, sending a heartbeat reply message to the network element in response to a heartbeat message from a network element, the reply message including the time when the SIP access gateway restarts. If a difference between the time when the SIP access gateway restarts and a current time is less than a time interval between heartbeat messages, the network element sends a registration request to the SIP access gateway, where the registration request includes user information of all users represented by the network element. It is further disclosed a device implementing the method discussed above.

Abstract: A conference system and a method for handling a conference connection in the conference system are provided. The method for handling a conference connection according to one embodiment of the present disclosure includes: providing, at a web conference server, a terminal with an access link to a web conference; acquiring, at the web conference server, identification information of the terminal from the terminal connected to the web conference through the access link; processing, at an audio conference server, a connection of the terminal to an audio conference; receiving, at the web conference server, identification information of the terminal connected to the audio conference from the audio conference server; and mapping, at the web conference server, participant information of the web conference and participant information of the audio conference by comparing the identification information received from the terminal with the identification information received from the audio conference server.

Abstract: A method, apparatus and non-transitory computer readable storage medium, in one embodiment, associating at least one autonomous transport and at least one user, determining at least one characteristic of said at least one user based on at least one of at least one user search history and at least one user preference selection, determining at least one user location of said at least one autonomous transport and querying at least one adjacent entity based at least on said determined at least one characteristic within a predetermined range of said at least one user location.

Abstract: A cloud computing service is used to deploy a virtual computer cluster. The virtual computer cluster is initialized with a set of one or more streaming nodes for processing first messages of one or more streaming jobs. It is determined whether the virtual computer cluster is to process second messages of a non-streaming job. In response to determining that the virtual computer cluster is to process the second messages of the non-streaming job, for example using control messages, the cloud computing service is caused to start a non-streaming node in the virtual computer cluster. The non-streaming node is tasked to process the second messages of the non-streaming job.

Abstract: The present invention relates to a cloud streaming service system, a data compressing method for preventing memory bottlenecking, and a device for same and, particularly, to a technology that: can prevent memory bottlenecking by compressing data when the transmitted amount of original buffer data exceeds a reference value, based on a system memory bandwidth; can provide a cloud streaming service by applying an order of priority by service type according to whether the processing limit, for the number of simultaneous connecting entities that can be processed by one server, is reached during a cloud streaming service; and can test whether a sever that provides a cloud streaming service is operating normally and whether a connection error occurs.

Abstract: A method includes receiving an input media stream at a hardware encoder. The method also includes executing, at a processor of the hardware encoder, a headless browser to retrieve an instance of a dynamic web page that includes additional content. The method also includes storing the additional content at a memory that is accessible to the processor and encoding circuitry of the hardware encoder. The method further includes retrieving, at the encoding circuitry, the additional content from the memory and encoding the input media stream to generate an output media stream. At least one frame of the output media stream includes at least a portion of the additional content in conjunction with at least a portion of a corresponding frame of the input media stream.

Abstract: A system is provided for streaming media content in a vehicle. The system includes a personal media streaming appliance system configured to connect to a media delivery system and receive media content from the media delivery system at least via a cellular network. The personal media streaming appliance system operates to transmit a media signal representative to the received media content to a vehicle media playback system so that the vehicle media playback system operates to play the media content in the vehicle.

Abstract: The solution distributes the management of stream segments from a central storage cluster to different edge servers that upload stream segments to and receive stream segments from the central storage cluster. Each edge server tracks the stream segments it has uploaded to the central storage cluster as well as the expiration times for those segments. The tracking is performed without a database using a log file and file system arrangement. First-tier directories are created in the file system for different expiration intervals. Entries under the first-tier directories track individual segments that expire within the expiration interval of the first-tier directory with the file system entries being files or a combination of subdirectories and files. Upon identifying expired stream segments, the edge servers instruct the central storage cluster to delete those stream segments. This removes the management overhead from the central storage cluster and implements the distributed management without a database.

Abstract: Systems and methods for efficiently absorbing, archiving, and distributing any size data sets are provided. Some embodiments provide flexible, policy-based distribution of high volume data through real time streaming as well as past data replay. In addition, some embodiments provide for a foundation of solid and unambiguous consistency across any vendor system through advanced version features. This consistency is particularly valuable to the financial industry, but also extremely useful to any company that manages multiple data distribution points for improved and reliable data availability.

Abstract: A content streaming system and methodology for facilitating the management of content streaming. A video packaging and origination service receives streaming content that is organized according to content segments. Individual content segments will be encoded according to a plurality of encoding bitrates including a reference bitrate and one or more additional renditions. The one or more additional renditions include pointers to the baseline rendition.

Abstract: A method and apparatus for communicating streaming data in a Bluetooth-based wireless communication system is provided. An electronic device according to the present disclosure includes a communication interface configured to perform wireless Bluetooth communication with an external electronic device and a controller configured to control the communication interface, in which the controller is further configured to detect a communication state using a first packet data configuration and communicate with the external electronic device by using a second packet data configuration that is different from the first packet data configuration, based on the communication state.

Abstract: Methods and systems for managing media quality of a collaboration are provided. In one aspect, a method includes determining whether first and at least second clients are associated with a first and second identified location, respectively, that are associated with a first set of discovered constraints calculated from monitoring first parameters of at least one previous collaboration session associated with the first identified location and with a second set of discovered constraints calculated from monitoring second parameters of at least one previous collaboration session associated with the second identified location, respectively.

Abstract: A method of delivering a media stream in a network having first and second media servers each capable of delivering segmented media content to a requesting media client. The network provides for HTTP-based delivery of segmented media, and the media client is supported on a client-side device. The method begins by associating the media client with the first media server. As the first server receives from the media client request for media content segments, request times for a given number of the most-recent segments requested are used to generate a prediction, by the first server, of when the media client has transitioned from a start-up or buffering state, to a steady state. In response to a new segment request being received, and upon the first server predicting that the media client has completed a transition to steady state, the new segment request is redirected to the second media server.

Abstract: A method performed by a client for upstreaming to a server a live media feed is provided. The method includes the client establishing a transport layer connection with the server; transmitting to the server a first message having a header and a body; and storing in a transmit buffer media data corresponding to the live media feed as the media data is generated. The header does not indicate the size of the body. A quality setting is used to generate the media data. Transmitting the body includes: 1) transmitting to the server at least a portion of the media data; 2) removing from the transmit buffer said at least a portion of the media data; 3) determining whether the client should modify the quality setting that is used to generate the media data, and 4) repeating steps (1), (2) and (3) until a cease transmission trigger is detected.

Abstract: Systems, devices, and techniques are disclosed for endpoint URL generation and management. An entity identifier may be received. The entity identifier may be hashed with a hashing algorithm to generate an alphanumeric string. A custom endpoint URL may be generated by combining the alphanumeric string with a URL that identifies an endpoint located on a server of a cloud computing system. A CNAME record in a DNS database may be updated to associate the URL that identifies the endpoint located in a stack of cloud computing system with the custom endpoint URL.

Abstract: A transmission management system includes a destination name data managing unit which manages a plurality of destination name data items which indicate a plurality of names of a destination in communications between transmission terminals, a destination name data reading unit which reads a destination name data item from the plurality of destination name data items managed by the destination name data managing unit, and a destination name data transmitting unit which transmits the destination name data item read by the destination name data reading unit to a transmission terminal capable of communicating with the destination.

Abstract: Data processing method and apparatus in a Service-Oriented architecture (SOA) system are disclosed. The method replaces a target parameter having a larger data length included in an original HTTP request with an intermediate parameter having a smaller data length. A data length of a HTTP request that is converted from an original HTTP request is reduced as compared to a data length of the original HTTP request, thus reducing an amount of data that is transmitted, i.e., sent or received, by a target component, which accordingly reduces an amount of data transmitted in the SOA system and decreases a network overhead of the SOA system.

Abstract: A method for identifying non-IP cameras is disclosed. The method includes receiving name of an organization by one or more processors, performing an internet search via a script for the name associated with the organization by the one or more processors, thereby generating a plurality of website Hypertext Markup Language (HTML) listings, and parsing each of the generated HTMLs to identify uniform resource locator (URL) for a plurality of cameras by the one or more processors; analyzing each of the HTMLs to determine how metadata of each of the plurality of cameras is presented in the HTML by the one or more processors; determining physical location of each of the plurality of cameras by analyzing the associated metadata; and adding the camera of the plurality to a database of cameras.