Abstract: A method may be provided to operate a first network node of a wireless communication network. The method may include receiving a request from a second network node to activate packet flow descriptor PFD extraction with respect to a session for a wireless device, and receiving application traffic for the wireless device, wherein an address is provided to route the application traffic. The method may also include determining an application identifier for the address responsive to the address for the application traffic being unknown to the first network node, and transmitting a PFD notification to the second network node, wherein the PFD notification includes the application identifier.

Abstract: It is made possible to realize bidirectional communication safely on the cloud side, and on-premises side in a job execution system. It is checked whether or not there is an agent with the same logical name at time of agent registration. In a case that there is the same logical name, transfer performance required of each agent is checked, and communication is performed by rewriting a logical name during transfer by using an existing logical name for an agent required of the highest transfer performance, and using a logical name which is a new unique alias for the other agent.

Abstract: Disclosed herein is a security training apparatus configured to operate an interactive cybersecurity training application, which provides customized and tailored cybersecurity training to each employee of an organization. The security training apparatus uses augmented reality to facilitate customized cybersecurity training for each user. The augmented reality is a computer application, which deals with the combination of real world images of personal workspace environment of each user where the cyber-crime may occur and computer generated data associated with cybersecurity risk objects that may aid the cyber-crime. The interactive cybersecurity training comprises the use of live video imagery of the personal workspace environment of each user, which is digitally processed and augmented by the addition of computer generated graphics associated with the cybersecurity risk objects. The cybersecurity risk objects are selected based on the items within the personal workspace environment for each user.

Abstract: The present disclosure provides an exception stack handling method, system, electronic device and storage medium and relates to the field of mobile Internet. The method may include: at the level of any executor in a distributed stream-type processing system including at least two executors, performing the following processing of: obtaining at least one exception stack from a message middleware when the executor in an idle state each time, collected exception stacks generated by users being stored in the message middleware; as for any exception stack, obtaining an anti-obfuscation map file corresponding to the exception stack, and performing anti-obfuscation processing for the exception stack by using the anti-obfuscation map file. The solution of the present disclosure may be applied to improve the processing speed.

Abstract: The disclosure herein describes enabling authentication of a user's identity based on a user identification (ID) token. An enrollment request is received by an identity platform from a computing device of the user. The enrollment request includes face data and payment account data associated with a payment account of the user. A face identification template of the user is generated based on the face data. Based on verifying the user's identity using data in the enrollment request, an ID token is generated including the face identification template and the payment account data. The ID token is then provided to the computing device of the user, wherein the computing device is enabled to verify the user's identity based on comparison of the captured image data of the face of the user to the face identification template of the ID token during transactions associated with the computing device.

Abstract: A method, system and computer-usable medium for constructing a distribution of interrelated event features. The constructing a distribution of interrelated event features includes receiving a stream of events, the stream of events comprising a plurality of events; extracting features from the plurality of events; constructing a distribution of the features from the plurality of events; and, analyzing the distribution of the features from the plurality of events.

Abstract: A method, system and computer-usable medium for constructing a distribution of interrelated event features. The constructing a distribution of interrelated event features includes receiving a stream of events, the stream of events comprising a plurality of events; extracting features from the plurality of events; constructing a distribution of the features from the plurality of events; and, analyzing the distribution of the features from the plurality of events.

Abstract: A segmentation firewall executing on a host enforces a segmentation policy. In a co-existence mode, the segmentation firewall operates in co-existence with a system firewall that enforces a security policy. The segmentation firewall is configured to either drop packets that do not match any permissive rule or pass packets that match a permissive rule to the system firewall to enable the system firewall to determine whether to drop or accept the passed packets. To enable efficient operation of the segmentation firewall when operating in co-existence with the system firewall, the segmentation firewall may include a plurality of rule chains and may be configured to exit a chain and bypass remaining rule chains upon an input packet matching a permissive rule of the segmentation policy.

Abstract: The technology disclosed relates to a method, system, and non-transitory computer-readable media that detects malicious communication between a command and control (C2) cloud resource on a cloud application and malware on an infected host, using a network security system. The network security system reroutes the cloud traffic to the network security system. The incoming requests of the cloud traffic are directed to a cloud application in the plurality of cloud applications, and wherein the cloud application has a plurality of resources. The network security system analyzes the incoming requests, determines that the incoming requests are targeted at one or more malicious resources in the plurality of resources.

Abstract: Aspects of the disclosed technology comprise generating firewall rules based on traffic, outputting the generated firewall rules to an output file, and using the output file to set firewall rules in a network. The firewall rules may be generated without a priori knowledge of the network; alternatively no firewall rules are required. Generated rules may be tuned for user preferences to adjust for the number of generated firewall rules, and their over or under inclusiveness to non-historic traffic data.

Abstract: The technology disclosed herein enables micro-segmentation of virtual computing elements. In a particular embodiment, a method provides identifying one or more multi-tier applications comprising a plurality of virtual machines. Each application tier of the one or more multi-tier applications comprises at least one of the plurality of virtual machines. The method further provides maintaining information about the one or more multi-tier applications. The information at least indicates a security group for each virtual machine of the plurality of virtual machines. Additionally, the method provides identifying communication traffic flows between virtual machines of the plurality of virtual machines and identifying one or more removable traffic flows of the communication traffic flows based, at least in part, on the information. The method then provides blocking the one or more removable traffic flows.

Abstract: Example security systems for use between at least one upstream router and at least one downstream router, are described. A group or pool of security devices can be used to provide stateful security to bidirectional packet flows between upstream and downstream routers. The packets of the bidirectional flows are forwarded to particular security devices based on a consistent hash ring process. For a given flow, bidirectional state information is synchronized among some, but not all, of the security devices. The security devices among which such bidirectional flow state information is shared are determined using the same consistent hash ring process.

Abstract: A method for configuring, via a website, a device to provide printing services to a local network is described. The method includes creating, via a website, a service host object that comprises a network address of a device on a local network and a service host name. The method also includes configuring, via the website, one or more printing settings for one or more printing services. The method further includes sending an indication to the device on the local network to run a service manager. The method additionally includes sending an indication to the service manager to run the one or more printing services on the local network based on the one or more printing service settings.

Abstract: Systems, methods, and apparatuses for providing dynamic, prioritized spectrum utilization management. The system includes at least one monitoring sensor, at least one data analysis engine, at least one application, a semantic engine, a programmable rules and policy editor, a tip and cue server, and/or a control panel. The tip and cue server is operable utilize the environmental awareness from the data processed by the at least one data analysis engine in combination with additional information to create actionable data.

Abstract: A security configuration file is received from a first application, the security configuration file including information of an authority. The first application assigns the authority to a second application to enable the second application to trigger jobs at the first application, and the second application provides shared services to a plurality of applications including the first application. A query is received from the second application and in response the authority is sent to the second application. A request for a token is received from the second application, the request including the authority. A token including the authority is sent to the second application. The second application sends the token to the first application when the second application triggers jobs at the first application.

Abstract: Methods and systems for providing a user interface and workflow for interacting with time series data, and applying portions of time series data sets for refining regression models. A system can present a user interface for receiving a first user input selecting a first model from a list of models for modeling the apparatus, generate and display a first chart depicting a first time series data set depicting data from a first sensor, generate and display a second chart depicting a second time series data set depicting a target output of the apparatus, receive a second user input of a portion of the first time series data set, and generate and display a third chart depicting a third time series data set depicting an output of the selected model and aligned with the second chart of the target output and updated in real-time in response to the second user input.

Abstract: A system and method for cloud native discovery and protection. The method includes discovering instances of a plurality of cloud assets in a cloud native environment based on a plurality of application programming interface (API) endpoints in the cloud native environment, wherein the plurality of API endpoints is identified based on cloud credentials for each of the plurality of cloud assets; determining at least one cloud asset instance that lacks active security protection based on a configuration of at least one entity deployed in the cloud native environment; and reconfiguring at least a portion of the cloud native environment with respect to the at least one cloud asset instance that lacks active security protection.

Abstract: A system, method, and computer-readable medium are disclosed for management of a distributed web application firewall (WAF) cluster that supports one or more protected applications. A WAF cluster infrastructure is configured for the protected applications. The WAF cluster includes one or more WAFs that are used to route traffic directed to the protected applications. The WAF cluster infrastructure is validated as to be current and updated. The validated WAF cluster infrastructure is then used as routing service.

Abstract: Disclosed are systems and methods for firewall configuration. A request can be transmitted to a DNS server. A response to the DNS request can include an Internet Protocol (IP) address. A firewall rule can be generated permitting access to the IP address. The firewall rule can be configured to be valid until expiration of a time-to-live value in the response to the DNS request. Thus, firewall rules can be automatically created as needed by executed processes, eliminating the need for manual firewall rule creation. As the firewall rule is invalid after the expiration of the time-to-live value, risks associated with maintaining out-of-date firewall rules are eliminated, as is the requirement to manually remove or modify out-of-date firewall rules.

Abstract: A method is suggested for providing a response, wherein the method comprises: obtaining a challenge from a host, determining the response based on the challenge, determining an auxiliary value based on the response or the challenge, providing the auxiliary value to the host, obtaining a random value from the host, checking the validity of the challenge based on the random value, and providing the response to the host only if the challenge is valid. Also, according methods running on the host and system are provided. Further, corresponding devices, hosts and systems are suggested.

Abstract: Some embodiments provide a method for performing services on a host computer that executes several machines in a datacenter. The method configures a first set of one or more service containers for a first machine executing on the host computer, and a second set of one or more service containers for a second machine executing on the host computer. Each configured service container performs a service operation on data messages associated with a particular machine. For each particular machine, the method also configures a module along the particular machine's datapath to identify a subset of service operations to perform on a set of data messages associated with the particular machine, and to direct the set of data messages to a set of service containers configured for the particular machine to perform the identified set of service operations on the set of data messages.

Abstract: Techniques for applying context-based security over interfaces in O-RAN environments in mobile networks are disclosed. In some embodiments, a system/process/computer program product for applying context-based security over interfaces in O-RAN environments in mobile networks includes monitoring network traffic on a mobile network at a security platform to identify a GTP-U tunnel session setup message associated with a new session; extracting a plurality of parameters from the GTP-U tunnel session setup message and from F1AP traffic to extract contextual information at the security platform; and enforcing a security policy at the security platform on the new session based on one or more of the plurality of parameters to apply context-based security to the network traffic transported between O-RAN Distributed Unit (O-DU) and O-RAN Centralized Unit Control Plane (O-CU-CP) nodes in an O-RAN environment in the mobile network.

Abstract: An indexable authentication system is provided for authenticating users and/or groups across multiple sessions. The indexable authentication system may include an authentication server, security component, communication component, credential database, authentication credential, credential index medium, origin terminal, access provisioning component, content filtering component, payment processing component, and provider aspects. Authorized sessions may be stored on a user device for future authentication actions. A method for authenticating users across multiple sessions using the indexable authentication system is also provided.

Abstract: In an example aspect, a method includes receiving, using a hardware processing device, a first classification of a network address associated with a login attempt as an account validator actor. The method also includes based on the first classification, updating, using the hardware processing device, a system deny list to include the network address for a first length of time. The method also includes after expiration of the first length of time removing the network address from the system deny list, receiving a second of classification of the network address as an account validator actor, and updating the system deny list to include the network address for a second length of time.

Abstract: Methods for authenticating a genuine presence of a human involve directing one or more modulated probes towards a body part of the human, receiving a response to the probes from the body part, and analyzing the response to determine whether it contains spectral characteristics that match a class of responses to such probes for the human body part in a human population. Replay attacks are countered by varying the modulation of the probe temporally, spatially, and spectrally each time authentication is performed. The probes may include electromagnetic radiation, acoustic beams, or particle beams that generate a detected reflection, absorption pattern, scintillation, or fluorescence response of the body part. The analysis of the response may be directed to one or more of temporal, spatial, and spectral variations in accordance with the nature of the probes and the modulation.

Abstract: Aspects of the subject disclosure include, for example, selecting a first edge device of a first network to provide a part of a service to a communication device, establishing a first session between the first edge device and a device of a second network for a duration of the service, wherein the first session is associated with a first portion of an address, establishing a second session between the first edge device and the communication device in accordance with an access technology to facilitate a transfer of first data associated with the first part of the service to the communication device, wherein the second session is associated with a second portion of the address, and wherein the second portion of the address identifies the access technology, and transferring the first data to the communication device in accordance with the address, wherein the address comprises a third portion that identifies the communication device. Other embodiments are disclosed.

Abstract: An apparatus for managing a security policy of a firewall according to an embodiment includes a rule request module that receives one or more requested rules to be applied to a firewall, a rule merge module that merges a pre-applied rule of the firewall and the one or more requested rules when the number of rules applied to the firewall exceeds a maximum number of rule registrations of the firewall due to the requested rule, and a firewall interface module that receives the pre-applied rule from the firewall and provides the pre-applied rule to the rule merge module, and re-registers a merged rule merged through the rule merge module in the firewall, and the rule merge module is configured to merge the pre-applied rule and the one or more requested rules so that a security vulnerable space occurring due to the merging is minimized.

Abstract: Disclosed here is a method to determine a user intent when a user device initiates an interactive voice response (IVR) call with a wireless telecommunication network. A processor can detect the IVR call initiated with the network and determine whether the user device is a member of the network. Upon determining that the user device is a member of the network, the processor can obtain user history including interaction history between the user and the network. Based on the user history, the processor can predict the user intent when the user initiates the IVR call. The processor can detect whether user device is a 5G capable device. Upon the determining that the device is 5G capable and based on the predicted user intent, the processor can suggest to the user an application configured to execute on the user device and configured to address the predicted user intent.

Abstract: Methods, apparatus, systems and articles of manufacture to prevent illicit proxy communications from affecting a monitoring result are disclosed. An example method includes accessing a log of communications of a proxy server, the log of communications including a plurality of records, each of the plurality of records corresponding to a requesting device that transmitted a communication to the proxy server, identifying a first internet protocol (IP) address subnet in the log of communications, the first IP address subnet associated with a block of IP addresses, filtering the plurality of records for a first set of records associated with communications originating from the first IP address subnet, and in response to determining the first set of records does not include a record associated with a heartbeat communication, adding the first IP address subnet to a blacklist of the proxy server.

Abstract: The present disclosure is directed to monitoring internal process memory of a computer at a time with program code executes. Methods and apparatus consistent with the present disclosure monitor the operation of program code with the intent of detecting whether received program inputs may exploit vulnerabilities that may exist in the program code at runtime. By detecting suspicious activity or malicious code that may affect internal process memory at run-time, methods and apparatus described herein identify suspected malware based on suspicious actions performed as program code executes. Runtime exploit detection may detect certain anomalous activities or chain of events in a potentially vulnerable application during execution. These events may be detected using instrumentation code when a regular code execution path of an application is deviated from.

Abstract: An information processing apparatus includes a first port, a second port, a storage device, and a determining unit. The first port is to be connected to a first network having a first security level. The second port is to be connected to a second network having a second security level. The second security level is lower than the first security level. The storage device holds first setting information for connection to the first network and second setting information for connection to the second network. The determining unit makes network connection to at least the first port in accordance with the second setting information and determines, on the basis of a result from the network connection to at least the first port in accordance with the second setting information, whether the network connection to the first port is made properly.

Abstract: A firewall service for a cloud computing environment is described that uses an application identifier-based ruleset to process data packets. An application identifier-based rule may provide an action to be taken on a received packet based on the source application identifier, the destination application identifier, and/or an identification token associated with the source application. A firewall controller may verify applications of the computing environment, provide unique application identifiers, and manage the application identifier rules for one or more firewalls of the computing environments.

Abstract: Some embodiments provide a method for a gateway datapath that executes on a gateway device to implement logical routers for a set of logical networks and process traffic between the logical networks and an external network. The method receives a data message at the gateway device. To process the data message, the method executes a set of processing stages that includes a processing stage for a particular logical router. As part of the processing stage for the particular logical router, the method (i) uses an access control list (ACL) table to determine whether the data message is subject to rate limiting controls defined for the particular logical router and (ii) only when the data message is subject to rate limiting controls, determines whether to allow the data message according to a rate limiting mechanism for the particular logical router.

Abstract: Systems and methods for detecting and mitigating cyber-attacks directed to connected vehicles. A method includes classifying a behavior of a connected vehicle into at least one classification with respect to a location of data transmission relative to the connected vehicle, wherein the at least one classification includes any of local and remote; determining a plurality of vehicle-related cyber-attack indicators related to the behavior of the connected vehicle; performing risk analysis based on a first combination of vehicle-related cyber-attack indicators and the classification, wherein performing the risk analysis further comprises matching the first combination to a plurality of second combinations of cyber-attack indicators of a plurality of known attack patterns, wherein each of the plurality of known attack patterns has at least one classification matching the at least one classification of the connected vehicle; and performing at least one mitigation action based on the risk analysis.

Abstract: A method for processing security events by applying a rule-based alarm scheme may be provided. The method includes generating a rule index of rules and an indicator of compromise index for each of the rules. The method includes also processing the incoming security event by applying the rules, increasing a current rule counter relating to a triggered rule, and increasing a current indicator of compromise counter pertaining to the triggered rule. Furthermore, the method includes generating a pseudo security event from received data about known attacks and related indicators of compromise, processing the pseudo security events by sequentially applying the rules, increasing a current rule counter of pseudo security events, and increasing a current indicator of compromise counter for pseudo security events, and sorting the rules and sorting within each rule the indicator of compromise values in the indicator of compromise index.

Abstract: A relay device includes a first communication unit that communicates with an information management apparatus connected to the Internet via a firewall, a second communication unit that performs near field communication with a terminal apparatus, a storage unit that acquires from the information management apparatus, using the first communication unit, information for identifying the terminal apparatus and mode instruction information that is instruction information indicating that an operation is to be performed in a second mode for acquiring data having a larger data amount than in a first mode, and stores the acquired information, and a control unit that in a case where the terminal apparatus connected using the second communication unit is a terminal apparatus that needs to operate in the second mode, performs control so as to transmit mode instruction information for instructing the operation in the second mode, to the terminal apparatus, and transmit data acquired from the terminal apparatus by using the

Abstract: The present disclosure relates to traffic monitoring through one or more access control servers configured configured for (i) routing server resource request messages to resource server(s), (ii) extracting information identifying a target server resource from data packets corresponding to one or more received server resource request messages, and (iii) selectively transmitting the received server resource request message to a resource server. The security server(s) is configured to receive a server resource request message data extracted from a server resource request message and initiate a first security response, wherein the initiated first security response is dependent on analysis of the server resource request message data.

Abstract: Methods and systems for managing data transmissions. The methods disclosed herein may involve receiving requests for a first and a second service, and routing communications with the second service through the first service without requiring the firewall to be reconfigured to allow communications with the second service.

Abstract: Provided is a method of controlling transmission of a packet, the method including generating first group generation information used to generate a plurality of first virtual machine groups by grouping at least one of a plurality of virtual machines in a first host server, based on a network service descriptor related to at least one service provided by a plurality of host servers, transmitting the first group generation information to the first host server, generating a packet transmission rule related to packets transmitted among the plurality of first virtual machine groups, based on the network service descriptor, transmitting the generated packet transmission rule to the first host server, receiving, from the first host server, a notification message notifying about receipt of a packet transmission request that violates the transmitted packet transmission rule, when receiving the violating packet transmission request in the first host server, and outputting the notification message received from the firs

Abstract: Briefly, embodiments, such as methods and/or systems for managing and/or monitoring secure network connections between endpoints without intervening between the endpoints, for example, are described.

Abstract: Unauthorized use of user credentials in a network is detected. Data indicative of text strings being used to access resources in the network is accessed. Regex models are determined for the text strings. Groupings of the regex models are determined based on an optimization of a cumulative weighted function. A regex model having a cumulative weighted function that exceeds a predetermined threshold is identified. An alert is generated when the cumulative weighted function for the identified regex model exceeds the predetermined threshold.

Abstract: Systems, methods, and computer-readable media analyzing memory usage in a network node. A network assurance appliance may be configured to obtain reference concrete level rules for a node in the network, obtain implemented concrete level rules for the node from the node in the network, compare the reference concrete level rules with the implemented concrete level rules, and determining that the implemented concrete level rules are not appropriately configured based on the comparison.

Abstract: A small piece of hardware connects to a mobile device and filters out attacks and malicious code. Using the piece of hardware, a mobile device can be protected by greater security and possibly by the same level of security offered by its associated corporation/enterprise. In one embodiment, a mobile security system includes a connection mechanism for connecting to a data port of a mobile device and for communicating with the mobile device; a network connection module for acting as a gateway to a network; a security policy for determining whether to forward content intended for the mobile device to the mobile device; and a security engine for executing the security policy.

Abstract: Disclosed herein are systems and methods of executing scanning software, such an executable software program or script (e.g., PowerShell script), by a computing device of an enterprise, such as a security server, may instruct the computing device to search all or a subset of computing devices in an enterprise network. The scanning software my identify PowerShell scripts containing particular malware attributes, according to a malicious-code dataset. The computing system executing the scanning software may scan through the identified PowerShell scripts to identify particular strings, values, or code-portions, and take a remedial action according to the scanning software programming.

Abstract: Introduced here are computer programs and computer-implemented techniques for producing records of digital activities that are performed with accounts associated with employees of enterprises. Such an approach ensures that records are created for digital activities that are deemed unsafe and for digital activities that are deemed safe by a threat detection platform. At a high level, more comprehensively recording digital activities not only provides insight into the behavior of individual accounts, but also provides insight into the holistic behavior of employees across multiple accounts. These records may be stored in a searchable datastore to enable expedient and efficient review.

Abstract: A distributed data storage system can connect a customization module to at least one host and a second data storage device via a network controller. The customization module may disconnect the first data storage device from the host and second data storage device prior to assessing a security operation of the first data storage device with the customization module, generating an optimization strategy with the customization module based on the assessed security operation, implementing the optimization strategy in the first data storage device to alter at least one security parameter of the first data storage device, and then connecting the first data storage device to the host and second data storage device to allow at least one data access to be executed to the first data storage device with the altered at least one security parameter.

Abstract: When a transformation job of flow logs generated for a cloud environment is triggered, a security service determines a parameterized template for batch data processing operations offered by the cloud service provider (CSP) to use based on the type of transformation job. The security service communicates an indication of the template and the corresponding parameter values to a data processing service/pipeline offered by the CSP. The provisioned processing resources retrieve the flow logs from a designated location in cloud storage, complete the transformation, and store the transformed flow logs in a new storage location. If the CSP does not provide a data processing service/pipeline which can perform bulk data transformation, the security service uses a generic parameterized template specifying a transformation job to be run on a cluster. Upon completion, the security service retrieves and analyzes the transformed flow logs as part of threat detection performed for securing the cloud environment.

Abstract: A novel method for managing firewall configuration of a software defined data center is provided. Such a firewall configuration is divided into multiple sections that each contains a set of firewall rules. Each tenant of the software defined data center has a corresponding set of sections in the firewall configuration. The method allows each tenant to independently access and update/manage its own corresponding set of sections. Multiple tenants or users are allowed to make changes to the firewall configuration simultaneously.

Abstract: The present disclosure is directed to systems and methods for dynamic firewall discovery on a service plane. The method includes the steps of identifying a source data packet for transmission from a source machine at a source site to a destination machine at a destination site, wherein the source data packet corresponds to a request for connection between the source machine and the destination machine over a WAN, inspecting the source data packet at a first firewall associated with the source site, marking the source data packet with a marker to indicate inspection by the first firewall, transmitting the marked source data packet to the destination site, determining at the destination site that the source data packet has been inspected based on the marker, and forwarding the source data packet to the destination machine at the destination site, without inspection of the source data packet by a second firewall associated with the destination site.

Abstract: A type identification is firstly performed on a to-be-processed access request, and when the to-be-processed access request is identified as a first-type access request, anomaly identification is then performed on the to-be-processed access request by using a machine learning model. The techniques of the present disclosure not only accurately identify an abnormal access request, but also effectively reduce the number of access requests that need to be identified by the machine learning model, thus saving computing resources of the device and improving the operating performance of the device.