Abstract: A method, computer program product, and computer system for receiving, by a computing device, a plurality of file segments of a file, the plurality of file segments being received individually by the computing device. A first file segment of the file may be scanned to identify the presence of malware within the file segment. The first file segment of the file may be encrypted to create an encrypted file segment in response to identification by the scan of the first file segment that malware is absent from the first file segment. The encrypted file segment of the file may be sent to another computing device before a second file segment of the file is received by the computing device.

Abstract: A system for detecting security threats in a computing device receives a first set of signals from components of the computing device. The first set of signals includes intercommunication electrical signals between the components of the computing device and electromagnetic radiation signals propagated from the components of the computing device. The system extracts baseline features from the first set of signals. The baseline features represent a unique electrical signature of the computing device. The system extracts test features from a second set of signals received from the component of the system. The system determines whether there is a deviation between the test features and baseline features. If the system detects the deviation, the system determines that the computing device is associated with a particular anomaly that makes the computing device vulnerable to unauthorized access.

Abstract: A computer implemented method of identifying anomalous behavior of a computer system in a set of intercommunicating computer systems, each computer system in the set being uniquely identifiable, the method including monitoring communication between computer systems in the set for a predetermined baseline time period to generate a baseline vector representation of each of the systems; monitoring communication between computer systems in the set for a subsequent predetermined time period to generate a subsequent vector representation of each of the systems; comparing baseline and subsequent vector representations corresponding to a target computer system using a vector similarity function to identify anomalous behavior of the target system in the subsequent time period compared to the baseline time period, wherein a vector representation of the target system for a time period is generated based on a deterministic walk of a graph representation of communications between the computer systems in which nodes of the

Abstract: Systems and methods for performing graph-based analysis of computing system threats and incidents, and determining response and/or mitigation actions for the threats and incidents, are described. In some embodiments, the systems and methods generate node graphs of computing system threat artifacts, and perform actions to identify recommended resolutions to the threats, based on information derived from the generated node graphs.

Abstract: A method of collecting training data related to a branded phishing URL may comprise retrieving a phishing URL impersonating a brand; fetching a final webpage referenced thereby; determining the main language of the textual content thereof; rendering graphical representation(s) of the final webpage; extracting, from the source of URLs, information including the retrieved phishing URL, a brand, a type and a date associated therewith and storing the extracted information together with the final webpage and the rendered graphical representation(s). A message that contains a URL matching the phishing URL may then be retrieved. The main language of the textual content of the message may be determined and graphical representations thereof rendered. A record may be updated with the message, the main language and the rendered graphical representations, which may be made accessible as training data to train users to recognize phishing websites and messages.

Abstract: Machine learning adversarial campaign mitigation on a computing device. The method may include deploying an original machine learning model in a model environment associated with a client device; deploying a classification monitor in the model environment to monitor classification decision outputs in the machine learning model; detecting, by the classification monitor, a campaign of adversarial classification decision outputs in the machine learning model; applying a transformation function to the machine learning model in the model environment to transform the adversarial classification decision outputs to thwart the campaign of adversarial classification decision outputs; determining a malicious attack on the client device based in part on detecting the campaign of adversarial classification decision outputs; and implementing a security action to protect the computing device against the malicious attack.

Abstract: Systems and methods are provided for determining whether or not users of a communication network are implementing Multi-Factor Authentication (MFA) when authenticating with an entity's business tools, applications, and cloud services. This information can be used as component in the calculation of a risk score that can help quantify and assess the risk posture of the entity. In some embodiments, network traffic flow metadata may be used to anonymously identify user data to assess the entity's use of MFA in determining enterprise risk that may not rely on questionnaires, surveys, manual data entry, and/or interviews. Embodiments of the application can produce a real-time analysis of the security risk of the system.

Abstract: Systems and methods for improving the catch rate of attacks/malware by a cooperating group of network security devices are provided. According to one embodiment, a security management device configured in a protected network, maintains multiple dynamic IP address lists including an NGFW deep detection list, a DDoS deep detection list, a NGFW block list and a DDoS block list. The security management device, continuously updates the lists based on updates provided by a cooperating group of network security devices based on network traffic observed by the network security devices. In response to receipt of a request from a NGFW device or a DDoS mitigation device associated with the protected network, the security management device provides the requestor with the requested dynamic IP address lists for use in connection with processing network traffic by the requestor.

Abstract: Cryptocurrency based malware and ransomware detection systems and methods are disclosed herein. An example method includes analyzing a plurality of malware or ransomware attacks to determine cryptocurrency payment address of malware or ransomware attacks, building a malware or ransomware attack database with the cryptocurrency payment addresses of the plurality of malware or ransomware attacks, identifying a proposed cryptocurrency transaction that includes an address that is included in the malware or ransomware attack database, and denying the proposed cryptocurrency transaction.

Abstract: A device is authenticated for communication over a network based on a sensor data signature and a traffic pattern signature. The sensor data signature and the traffic pattern signature identify the device. A determination is made whether the sensor data signature corresponds to one of a plurality of recognized sensor data signatures. A determination is also made whether the traffic pattern signature of the device corresponds to one of a plurality of recognized traffic pattern signatures. The device is authenticated for communication over the network responsive to determining that the sensor data signature corresponds to one of the plurality of recognized sensor data signatures and the traffic pattern signature corresponds to one of the plurality of recognized traffic pattern signatures.

Abstract: A mechanism for probabilistically determining the contents of an encrypted file is provided, such that a transfer of the encrypted file can be restricted according to rules associated with an unencrypted version of the file. Embodiments generate a file size table of a subset of files, where each entry of the file size table includes a size information regarding the unencrypted file. Embodiments compare the size of the encrypted file against the file sizes and compressed file size ranges to determine whether the encrypted file has a match. If the size of the encrypted file has a single match in the table, then there is a high probability that the file associated with the matching entry is the unencrypted version of the encrypted file. Rules associated with restricting access of the file related to the matching entry can be used to control transfer of the encrypted file.

Abstract: The present invention relates to a method for access control of a multimedia system to a secure operating system and a mobile terminal for implementing the method. The method includes the steps of: initiating an application access request for selecting a trusted application from a client application of a multimedia system to a secure operating system; making a decision as to whether the client application is a malicious application, and if not, proceeding to a next step, if yes, returning Selection Failure to the client application and performing an interrupt handling; sending the application access request from the multimedia system to the secure system; and acquiring, at the secure operating system, the trusted application based on the application access request and returning the trusted application to the multimedia system.

Abstract: The present invention discloses a technique for extending threat information and/or generating new threat information by analyzing packet headers flowing through a network using threat information obtained by analyzing malware behavior or the like.

Abstract: The present disclosure is directed to systems and methods for mitigating or eliminating the effectiveness of a side-channel based attack, such as one or more classes of an attack commonly known as Spectre. Novel instruction prefixes, and in certain embodiments one or more corresponding instruction prefix parameters, may be provided to enforce a serialized order of execution for particular instructions without serializing an entire instruction flow, thereby improving performance and mitigation reliability over existing solutions. In addition, improved mitigation of such attacks is provided by randomizing both the execution branch history as well as the source address of each vulnerable indirect branch, thereby eliminating the conditions required for such attacks.

Abstract: A method performed by a system includes instantiating a vulnerability-risk-threat (VRT) service for a security edge protection proxy (SEPP) element of a 5G telecommunications network. The system intercepts and parameterizes network traffic of the SEPP element to identify network functions (NFs) or associated services that requires cybersecurity protection and selects security resources for protecting the identified NFs or associated services. The system prioritizes an NF or associated service that is most frequently used (MFU) or most recently used (MRU) and then allocates the security resources in accordance with the prioritization.

Abstract: Disclosed are systems and methods for countering a cyber-attack on computing devices by means of which users are interacting with services, which store personal data on the users. Data is collected about the services with which the users are interacting by means of the devices, as well as data about the devices themselves. The collected data is analyzed to detect when a cyber-attack on the devices is occurring as a result of a data breach of personal data on users from the online service. A cluster of the computing devices of different users of the online service experiencing the same cyber attack is identified. Attack vectors are identified based on the characteristics of the cyber attack experienced by the computing devices in the cluster. Actions are selected for countering the cyber-attack based on the identified attack vector and are sent to the devices of all users of the corresponding cluster.

Abstract: In one embodiment, a service receives traffic telemetry data regarding encrypted traffic sent by an endpoint device in a network. The service analyzes the traffic telemetry data to infer characteristics of an application on the endpoint device that generated the encrypted traffic. The service receives, from a monitoring agent on the endpoint device, application telemetry data regarding the application. The service determines that the application is evasive malware based on the characteristics of the application inferred from the traffic telemetry data and on the application telemetry data received from the monitoring agent on the endpoint device. The service initiates performance of a mitigation action in the network, after determining that the application on the endpoint device is evasive malware.

Abstract: A system and method for protecting cloud-hosted applications against hypertext transfer protocol (HTTP) flood distributed denial-of-service (DDoS) attacks are provided. The method includes collecting telemetries from a plurality of sources deployed in at least one cloud computing platform hosting a protected cloud-hosted application; providing at least one rate-based feature and at least one rate-invariant feature based on the collected telemetries, wherein the rate-based feature and the rate-invariant feature demonstrate behavior of at least HTTP traffic directed to the protected cloud-hosted application; evaluating the at least one rate-based feature and the at least one rate-invariant feature to determine whether the behavior of the at least HTTP traffic indicates a potential HTTP flood DDoS attack; and causing execution of a mitigation action when an indication of a potential HTTP flood DDoS attack is determined.

Abstract: A computer architecture may comprise a processor, a memory, and a differential memory subsystem (DMS). A learning engine is stored on the memory and configured to present data to an expert user, to receive user sensory input measuring reactions related to the presented data, and to create an attention map based thereon. The attention map is indicative of portions of the presented data on which the expert user focused. The learning engine is configured to annotate the attention map with the natural language input labels and to train a neural network based on the user sensory input. The learning engine is configured to create a model based on the trained neural network, to provide an application program for an output target; and to instruct the output target via the application program to detect and remedy anomalous activity. The DMS is physically separate and configured for experimental data processing functions.

Abstract: Example methods and systems for a computer system to perform security threat detection are described. In one example, a computer system may intercept an egress packet from a virtualized computing instance to pause forwarding of the egress packet towards a destination and obtain process information associated a process from which the egress packet originates. The computer system may initiate security analysis based on the process information. In response to determination that the process is a potential security threat based on the security analysis, the egress packet may be dropped, and a remediation action performed. Otherwise, the egress packet may be forwarded towards the destination.

Abstract: A device receives first transaction information associated with a first transaction, and a first transaction account utilized for the first transaction and associated with a first financial institution. The device determines, based on a fraud model, that the first transaction is to be denied due to potential fraud associated with the first transaction account and receives second transaction information associated with a second transaction, and a second transaction account utilized for the second transaction and associated with a second financial institution. The device processes the first transaction information and the second transaction information, with a matching model, to determine whether the first transaction information matches the second transaction information and determines that the first transaction was incorrectly denied when the first transaction information matches the second transaction information within a predetermined threshold.

Abstract: A computer-implemented method for checking the integrity of a target computer program to be executed in a computer system.

Abstract: Techniques for preventing ransomware from encrypting files on a target machine are disclosed. In some embodiments, a system/process/computer program product for preventing ransomware from encrypting files on a target machine includes monitoring file system activities on a computing device; detecting an unauthorized activity associated with a honeypot file or honeypot folder; and performing an action based on a policy in response to the unauthorized activity associated with the honeypot file or honeypot folder.

Abstract: Embodiments of the present invention provide an improvement to convention machine model training techniques by providing an innovative system, method and computer program product for the generation of synthetic data using an iterative process that incorporates multiple machine learning models and neural network approaches. A collaborative system for receiving data and continuously analyzing the data to determine emerging patterns is provided. Common characteristics of data from the identified emerging patterns are broadened in scope and used to generate a synthetic data set using a generative neural network approach. The resulting synthetic data set is narrowed based on analysis of the synthetic data as compared to the detected emerging patterns, and can then be used to further train one or more machine learning models for further pattern detection.

Abstract: Domains and IPs are scored using domain resolution data to identify malicious domains and IPs. A domain and IP resolution graph for a set of domains and IPs in a system. A seed set of known malicious domains and known malicious IPs is selected from a malicious domain and malicious IP database. A graphical probabilistic propagation inference from the domain and IP resolution graph and the seed set of known malicious domains and known malicious IPs is generated. A malicious score is calculated for each domain in the set of domains and each IP in the set of IPs, and the malicious domain and malicious IP database is updated.

Abstract: A device and a method for analyzing service-oriented communication in a communications network. A data packet includes a first header of an application layer for service-oriented communication, and a second header of a presentation layer, a session layer, a transport layer, a network layer, a data link layer, or a physical layer. The data packet is analyzed based on information concerning a sender and/or receiver of the data packet from the first header and as a function of information concerning a sender and/or receiver from the second header, for whether or not the data packet meets a criterion, the criterion defining a setpoint value for the sender and/or receiver in the first header as a function of the content of the second header, and/or the criterion defining a setpoint value for the sender and/or receiver in the second header as a function of the content of the first header.

Abstract: According to an embodiment, an information processing apparatus includes: a memory on which first/second processing applications are stored, the first processing application being a secure application; and a processor that is coupled to the memory and executes the first and second processing applications. The first processing application includes an issuance module, a first communication module, and a log verification module. The issuance module issues a command to call a function of the second processing application and links the command to a verification rule. The first communication module transmits, to the second processing application, a command execution request including command identification information that identifies the command, and receives, from the second processing application, an execution log including an execution result of the command identified by the command identification information.

Abstract: Provide is a visualization system that enables generation of a “dashboard” of individual visualizations. In further embodiments, the system enables users to quickly and easily generate these visualizations and integrate complex filters, queries, aggregations, etc., with simple UI input. The visualizations can be provided as a service that requests information from an underlying database. The database itself may also be hosted as a service, permitting granular and native database functions layered with the visualization architecture. The system can support additional functionality and access management to generate visualizations that can be shared with other users and/or integrated into websites, blogs, etc. The system can handle the complex logic, data interactions, dynamic data transformation, dynamic authorization, etc., needed to manage data rules (e.g., access rules layered over database permission based control, summarization/aggregation requirements, etc.

Abstract: Methods and systems for determining an affiliation of a given software with target software are provided. The method comprises: receiving a software source code of the given software; executing the software source code in an isolated program environment to identify at least one outgoing request of the given software, the at least one outgoing request being indicative of at least one respective function of the software source code; generating, based on the at least one outgoing request, a respective function identifier associated with the at least one respective function; applying at least one classifier to the respective function identifier to determine a likelihood parameter indicative of the given software being affiliated to a respective target software; in response to the likelihood parameter being equal to or greater than a predetermined likelihood parameter threshold: identifying the given software as being affiliated to the respective target software.

Abstract: A wireless network monitoring system is disclosed. In one general aspect, it includes a wireless network interface operative to access traffic on a wireless network that is connected to other devices and to a WAN access point, and capture logic responsive to the wireless network interface and operative to capture datagrams communicated between one or more of the other devices on the wireless network and the WAN access point. Inspection logic is responsive to the capture logic and operative to inspect the captured datagrams to detect conditions of concern related to the other devices on the wireless network, and conditional response logic is responsive to the inspection logic and operative to initiate actions in response to the detection of conditions of concern by the inspection logic.

Abstract: A method for preventing denial of service attacks which are distributed attacks is applied in a target service provider server, a platform server, and a botnet service provider server. The target service provider server determines a first SDN controller according to an attack protection request, and issues a first flow rule. The target service provider server directs data flow of a network equipment to a first cleaning center and controls the first cleaning center to identify the attacking or malicious element in the data flow according to the first flow rule. The platform server receives the attacking element in the data flow sent by the target service provider server, and regards the same as malicious traffic. The platform server generates an attack report, and sends the attack report to the botnet service provider server to notify the botnet service provider server to clean or filter out the malicious traffic.

Abstract: Apparatus and methods for mitigating network attacks, such as by dynamically re-routing traffic. Various disclosed embodiments manipulate path-based routing of the backbone network to insert a scrubbing appliance within the backbone network topology, rather than using traditional network addressed tunnels in the edge network. In one implementation, traffic entering the backbone network ingress peer routers (from either another backbone network, or an edge network) is normally destination-address routed via the backbone to its appropriate egress router based on a path label; however, when a Distributed Denial of Service (DDoS) attack is detected, the ingress peer router inserts an additional hop into the path label that redirects dirty traffic to a substantially centralized scrubbing appliance. The benefits of the disclosed solutions include, among other things, significantly reduced attack response/recovery times without significant capital outlays.

Abstract: A cyber-threat coordinator-component identifies devices and/or users that are in a breach state of a benchmark of parameters, utilized by AI models, that correspond to the normal pattern of life for the network. The cyber-threat coordinator-component sends an external communication to selected network devices in order to initiate actions with that network device in order to change a behavior of a detected threat of at least one a user and/or a device acting abnormal to the normal pattern of life on the network. The initiated actions are also targeted to minimize an impact on other network devices and users that are i) currently active in the network and ii) that are not in breach of being outside the normal behavior benchmark.

Abstract: Systems, methods, and computer-readable media for cybersecurity are disclosed. The systems and methods may involve receiving, by an application capable of JavaScript execution, code for execution; executing, before execution of the received code, an intercepting code, wherein the intercepting code is configured to intercept at least one application programming interface (API) invocation by the received code; intercepting, by the intercepting code, an API invocation by the received code; determining that the intercepted API invocation results in a manipulation of a backing store object; and modifying an execution of the intercepted API invocation, wherein the modified execution results in a nonpredictable environment state.

Abstract: The disclosed embodiments relate to implementation of an electronic framework, also referred to as a protocol or architecture, for electronically achieving, recording and implementing, via an electronic communications network, consensus among participants for the definition, implementation and operation of an electronic transaction processing system as a precursor to the operation of that transaction processing system in processing transactions according to the consensus among the participants. The disclosed consensus framework provides a system and protocol by which new electronic transaction processing systems may be developed and implemented among participants via an electronic negotiation and implementation of the operational rules therefore. The disclosed embodiments eliminate the need for out of band consensus negotiations and provide flexibility for participants to negotiate acceptable operational rules which can support complex transactional processes in an electronic environment.

Abstract: Aspects of the disclosure relate to the field of detecting a behavioral anomaly in an application. In one exemplary aspect, a method may comprise retrieving and identifying at least one key metric from historical usage information for an application on a computing device. The method may comprise generating a regression model configured to predict usage behavior associated with the application and generating a statistical model configured to identify outliers in the data associated with the at least one key metric. The method may comprise receiving usage information in real-time for the application. The method may comprise predicting, using the regression model, a usage pattern for the application indicating expected values of the at least one key metric. In response to determining that the usage information does not correspond to the predicted usage pattern and does not comprise a known outlier, the method may comprise detecting the behavioral anomaly.

Abstract: The disclosure includes embodiments for an ego vehicle to detect misbehavior. According to some embodiments, a method includes receiving a V2X message from an attacker. The V2X message includes V2X data describing a location of an object at a target time. The method includes receiving a set of CPMs from a set of remote devices. The set of CPMs include remote sensor data describing a free space region within the roadway environment. The method includes determining a relevant subset of the CPMs include remote sensor data that is relevant to detecting misbehavior. The method includes determining, based at least in part on the remote sensor data of the relevant subset, that the object is not located at the location at the target time. The method includes detecting the misbehavior by the attacker based on the determination that the object is not located at the location at the target time.

Abstract: Methods and systems for visualization of data associated with events detected on a monitored server host, and control of the host, are provided. A system may detect an incident on a remote server host. The system may present scores and activity graphs on a user interface for a human operator to review. The user interface may include animated activity graphs to show the progress of a past malicious event. The user interface may emphasize, de-emphasize, and/or hide subgraphs. The user interface may include quick-action buttons and wizards to permit users to immediately kill processes or isolate a computer from the network. The user interface may include controls to bulk-tag detected events associated with a subgraph. The user interface may present notifications/dashboards of significant malicious events in progress and update same when a new event rises in incident score into the top 10.

Abstract: There is provided a method for generating a representation for behavior similarity comparison by generating a program-level stateful model of one or more entities in a computer operating system operating on a computer system, the program-level stateful model having a data structure representing a state of a program; generating an updated representation of the program based on the program-level stateful model; searching for at least one other representation of another program-level stateful model similar to the updated representation of the program; and comparing the updated representation of the program to the at least one other representation of another program-level stateful model.

Abstract: Implementations include processing a set of documents using an auto-encoder to provide a first sub-set of documents, the first sub-set of documents including electronic documents with a relatively high likelihood of providing true positives in an auditing process, processing a sub-set of documents using a set of auto-generated rules to provide a second sub-set of documents, the second sub-set of documents including electronic documents with a relatively high likelihood of providing false positives in an auditing process, and defining a master set of documents for the auditing process based on the sub-set of documents, the first sub-set of documents, and the second sub-set of documents, the master set of documents including at least a portion of the sub-set of documents, and at least a portion of the first sub-set of documents, and being absent the second sub-set of documents.

Abstract: A method of monitoring network traffic of a connected vehicle. The method includes receiving network traffic information from a vehicle gateway, the network traffic information including malicious and/or benign information. The method also includes storing the network traffic information on a data server and periodically updating the network traffic information stored on the data server.

Abstract: Techniques and systems for determining a malicious derivative entity within a network are provided herein. A method for determining a malicious derivative entity may include receiving, by a network-based authentication system, a plurality of network transactions. A first attribute of a network transaction within the plurality of network transactions may be identified. The method may also include identifying a plurality of entities for the first attribute. The network-based authentication system may generate a first visual representation of a relationship between the first attribute and the plurality of derivative entities. Each of the derivative entities and the first attribute may be represented as nodes within the first visual representation. A first score for each of the nodes may be determined based on a degree of centrality of the nodes within the first visual representation. One network transaction may be blocked based on at least one node exceeding a first threshold.

Abstract: Methods and systems for parsing log records. A method involves receiving a log record including data regarding a network device's operation and providing the log record to a natural language processing model. The natural language processing model may analyze the log record to identify items in the log record and relationships between items in the log record.

Abstract: A method of anomaly detection for network traffic communicated by devices via a computer network, the method including receiving a set of training time series each including a plurality of time windows of data corresponding to network communication characteristics for a first device; training an autoencoder for a first cluster based on a time series in the first cluster, wherein a state of the autoencoder is periodically recorded after a predetermined fixed number of training examples to define a set of trained autoencoders for the first cluster; receiving a new time series including a plurality of time windows of data corresponding to network communication characteristics for the first device; for each time window of the new time series, generating a vector of reconstruction errors for the first device for each autoencoder based on testing the autoencoder with data from the time window; and evaluating a derivative of each vector; training a machine learning model based on the derivatives so as to define a fi

Abstract: A system and computer-implemented method of monitoring a network is provided. The method includes receiving a packet of network traffic, wherein the packet has an associated source and destination address pair, where this pair constitutes a connection pair. The method further includes comparing the packet to a plurality of patterns and/or compare a source or destination address of the packet to known malicious addresses, and upon determining that the packet matches a pattern of the plurality of patterns or the source or destination address of the packet matches a known malicious address. The method further includes deploying a honeypot in a container for the pattern matching the packet, if not yet deployed, and forwarding all network traffic for the connection pair to the honeypot.

Abstract: There are provided systems and methods for protecting from directory enumeration using honeypot pages within a network directory. A service provider, such as an electronic transaction processor for digital transactions, may have an internal network that is utilized by employees, developers, and other end users within the organization of the service provider. When internal devices become compromised or internal users act maliciously, they may attempt to enumerate a directory to find hidden pages that have secret or sensitive data. The service provider may therefore detect a scan of an internal directory having files paths to files and pages and may deploy honeypot pages that change an error status. Further, the service provider may add a process or operation to log additional data on these honeypot pages and/or change a byte size of the corresponding pages to confuse the enumeration attempt and obtain true source information.

Abstract: A service processor is provided that includes a processor, a memory coupled to the processor and having instructions for executing an operating system kernel having an integrity management subsystem, secure boot firmware, and a tamper-resistant secure trusted dedicated microprocessor. The secure boot firmware performs a secure boot operation to boot the operating system kernel of the service processor. The secure boot firmware records first measurements of code executed by the secure boot firmware when performing the boot operation, in one or more registers of the tamper-resistant secure trusted dedicated microprocessor. The operating system kernel enables the integrity management subsystem. The integrity management subsystem records second measurements of software executed by the operating system kernel, in the one or more registers of the tamper-resistant secure trusted dedicated microprocessor.

Abstract: A method and apparatus for determining one or more first devices that are Internet devices meeting all of the following conditions: residing at a given location; equipped with one or more ambience sensing capable sensors; and operation mode being such that their ambience sensing capable sensors should not cause transmission of data. One or more second devices are determined that are Internet devices at the given location and equipped with one or more elements capable of causing an ambient stimulation detectable by the sensors of one or more first devices. Data transmissions of the first devices are monitored. Issuing of the ambient stimulation is caused by a subset of the one or more second devices. It is determined whether the issuing of the ambient stimulation caused a significant change in the monitored data transmissions of the first devices.

Abstract: An anomaly detection method includes receiving, at a processor, a request including a query that references a database. A plurality of attributes is identified based on the request. The processor concurrently processes the query to identify a result, and analyzes the plurality of attributes to identify an anomaly score. When the anomaly score exceeds a first predefined threshold, a signal representing a quarantine request is sent, and a signal representing the result is not sent. When the anomaly score is between the first predefined threshold and a second predefined threshold, a signal representing a notification and a signal representing the result are sent. When the anomaly score is below the second predefined threshold, a signal representing a quarantine request is sent, and a signal representing the result is not sent.

Abstract: A network-compatible device with a security function for destroying user data includes the a signal input configured to receive a control signal and a configuration signal; a memory configured to store first user data; and a controller configured, upon receipt of the control signal, to carry out a safety function which destroys the first user data in the memory. The network-capable device is inoperable when the first user data is destroyed, and the controller is further configured, upon receipt of the configuration signal, which includes second user data, to store the second user data in the memory to enable the network-compatible device to operate based on the second user data.