Automated source code similarity greatly improves computer functioning. Any source code file is evaluated with respect to publicly-available open source code. If the source code file is similar to the publicly-available open source code, then a computer system may be approved or authorized to perform any hardware/software operations associated with the source code file. Should, however, the source code file be dissimilar to the publicly-available open source code, then the hardware/software operations are blocked to prevent disclosure of the source code file. For example, read/write/input/output operations are blocked and/or network interfaces are disabled. Source code similarity thus thwarts suspicious activities that indicate misappropriation or exfiltration of the source code file.
Nodal redundancy storage decisions efficiently distribute redundant copies of electronic data. A cloud computing network establishes a policy that governs how and where the redundant copies are stored within the cloud computing network (such as by region, zone, and cluster targets). Each cloud computing node is then delegated, with autonomy, to manage a redundant copy to achieve the policy established by the cloud computing network. Each cloud computing node may independently and individually decide to store, to not store, or to evict the redundant copy without consensus of other nodes and without consultation or instruction from the cloud computing network. The nodal redundancy storage decisions are thus decentralized from region, zone, and cluster management.
G06F 16/27 - Réplication, distribution ou synchronisation de données entre bases de données ou dans un système de bases de données distribuéesArchitectures de systèmes de bases de données distribuées à cet effet
G06F 16/215 - Amélioration de la qualité des donnéesNettoyage des données, p. ex. déduplication, suppression des entrées non valides ou correction des erreurs typographiques
Embedding entity matching greatly improves computer functioning. Different datasets are matched to a common entity using entity embeddings generated by a machine learning entity embedding model. The entity embeddings are converted to entity similarities, thus revealing the datasets associated with the common entity. Efficient matrix operations further improve computer functioning. Embedding entity matching thus quickly identifies common employee records and user accounts using less hardware resources, less electricity, and less time.
G06F 18/22 - Critères d'appariement, p. ex. mesures de proximité
G06F 7/08 - Tri, c.-à-d. rangement des supports d'enregistrement dans un ordre de succession numérique ou autre, selon la classification d'au moins certaines informations portées sur les supports
4.
STATIC ANALYZER INSTRUCTION GENERATION BASED ON ACTION OF EXTERNAL INITIALIZATION CODE DURING INITIALIZATION
The present disclosure provides an approach that receives an application code including an external initialization code component. The approach emulates the external initialization code component in a simulated local computing environment. The approach records, by a processing circuitry, an action by the external initialization code component to the application code during code initialization. In turn, the approach generates, based on the action, a set of instructions for a static analyzer to perform static analysis on the application code.
G06F 8/75 - Analyse structurelle pour la compréhension des programmes
G06F 9/455 - ÉmulationInterprétationSimulation de logiciel, p. ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
G06F 11/34 - Enregistrement ou évaluation statistique de l'activité du calculateur, p. ex. des interruptions ou des opérations d'entrée–sortie
Nodal work assignments efficiently distribute server work items, such as storing redundant copies of electronic data. A cloud computing network establishes a policy that governs how and where the redundant copies are stored cloud computing nodes (such as by region, zone, and cluster targets). The cloud computing network repeatedly or continuously re-evaluates the work assignments based on replication assignment skews and/or leadership penalties. The nodal work assignments thus minimize hardware and software operations, network traffic, and electrical energy consumption.
H04L 67/1031 - Commande du fonctionnement des serveurs par un répartiteur de charge, p. ex. en ajoutant ou en supprimant de serveurs qui servent des requêtes
G06F 9/50 - Allocation de ressources, p. ex. de l'unité centrale de traitement [UCT]
Methods and systems for injected byte buffer data classification are disclosed. According to an implementation, a security agent can detect process injection events, gather byte buffer data associated with the process injection events, and send the byte buffer data to a security service comprising a byte buffer classification function. The byte buffer classification function can be implemented as a trained transformer type neural network machine learning model, which can analyze the byte buffer data and generate a classification output comprising a probability that the byte buffer data is associated with a malicious process injection.
G06F 21/54 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p. ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
A cybersecurity service protects endpoint devices from cybersecurity attacks. The cybersecurity service deploys cybersecurity attack feature vectors to agents in the field. The cybersecurity attack feature vectors are created in the cloud to efficiently describe observed groups of cybersecurity attacks. One method to assemble these is to generate clustering centroids for the observed groups. Each agent monitors its host according to the cybersecurity attack feature vectors. Each agent monitors its host's event behaviors and locally extracts an event behavior feature vector. The agent compares the cybersecurity attack feature vectors to the event behavior feature vector and, if similarity is determined, then the agent determines that the host's event behaviors are evidence of a cybersecurity attack. The agent may implement threat procedures, such as suspending/terminating the event behaviors and generating alerts. The agent remains a small, lightweight cybersecurity detector that does not need constant Internet access.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
8.
Assessing Computer System Vulnerabilities and Exposures
Assessing computer system vulnerabilities and exposures by periodically querying data sources to gather information pertaining to computing system vulnerabilities and exposures (CVEs), such as, for each CVE, an identification of the CVE, a number of corresponding references to the CVE, and a number of code repositories that can be used to exploit the CVE. Compiling a datastore of the information. Periodically querying the datastore about the information and generating one or more views of a lifecycle of each CVE in response thereto.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
A sample file that is associated with malware and a first modification model of a plurality of modification models to alter the sample file are selected. The first modification model generates a modification configuration based on the sample file. The modification configuration identifies a modification to be performed on the sample file. The sample file and the modification configuration are provided to a modification engine to generate a modified sample file. The modification configuration is adjusted based on the first modification model in response to receiving a classification from a classification model that identifies the modified sample file as being free of malware.
A method for detecting a private set intersection includes receiving a first plurality of transformed data elements from a first computing device, the first plurality of transformed data elements representing a transform by a pseudorandom function of a first plurality of data elements; receiving a second plurality of transformed data elements from a second computing device, the second plurality of transformed data elements representing a transform by the pseudorandom function of a second plurality of data elements; and transmitting, by a processing device to the first computing device and the second computing device, an indication of a subset of transformed data elements that are present in both the first plurality of transformed data elements and the second plurality of transformed data elements.
A system and method of using generative AI to maintain conversations with attacking devices to discover their adversary techniques and tactics. The method includes receiving an initial message originating from an attacking device and directed to a target device. The method includes generating, using one or more classification models, a maliciousness score for the initial message indicating that the initial message is associated with one or more types of malicious activity. The method includes providing, by a processing device, the initial message to a predictive model trained to maintain conversations with attacking devices by predicting responses to malicious messages. The method includes generating, using the predictive model, two or more responses based on the initial message and at least one subsequent message, wherein each response of the two or more responses causes the attacking device to send a respective subsequent message to the predictive model.
A system and method of using generative AI to convert NL queries to database commands for accessing one or more databases. The method includes receiving a natural language (NL) request for information associated with a private network. The method includes providing the NL request to an artificial intelligence (AI) model trained to identify, from a plurality of access objects associated with a plurality of databases and a plurality of event types, a particular access object that provides access to one or more event datasets associated with the NL request. The method includes generating, by a processing device and using the AI model, a database request associated with the particular access object based on the NL request.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 16/22 - IndexationStructures de données à cet effetStructures de stockage
Techniques for identify data usable for generating security recommendations are discussed herein. A system can determine unique identifiers for events associated with a data stream, and determine a frequency of different events occurring in the data stream. The system can generate recommendation data usable for defending the data stream from future malicious events based on a number of similar events occurring over a time period.
Techniques for identifying data usable for generating security recommendations are discussed herein. A system can determine unique identifiers for events associated with a data stream and determine a frequency of different events occurring in the data stream. The system can generate recommendation data usable for defending the data stream from future malicious events based on a number of similar events occurring over a time period.
The present disclosure provides an approach of providing, to an artificial intelligence (AI) model, a malicious script that includes a malicious behavior. The AI model is configured to modify software code of the malicious script to produce modified software code that obfuscates the malicious behavior. The approach produces, by a processing device using the AI model, an adversarial script that includes the modified software code that obfuscates the malicious behavior. In turn, the approach initiates a malware detector to test the adversarial script.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
A system and method of using generative AI to recommend and validate asset and/or cloud configurations. The method includes acquiring a set of parameters associated with one or more network entities of a computing network. The method includes providing the set of parameters to a configuration model trained to generate, based on semantic matching, recommended configurations for network entities and validated configurations for the network entities. The method includes generating, by a processing device using the configuration model, one or more recommended configurations for the one or more network entities based on the set of parameters.
Systems and methods for providing cybersecurity notifications based on structured and unstructured data. The systems and methods receive a natural language query from a client device and processes, by an artificial intelligence model, the natural language query to identify elements of cybersecurity intelligence to monitor. The systems and methods further monitor cybersecurity intelligence for a match to the identified elements from the natural language query and provide a notification to the client device in response to the matching of the identified elements to one or more items of cybersecurity intelligence.
A system and method of using generative AI to identify exposures of computing devices on computing networks to actual and/or potential threats. The method includes collecting a plurality of responses from a plurality of devices to a target device on a private network. The method includes providing the plurality of responses to a classification model trained to assign device descriptions for device responses based on semantic matching of the device responses to database data. The method includes assigning, by the processing device using the classification model, a plurality of device descriptions for the plurality of responses to the target device, each response is respectively associated with one or more device descriptions of the plurality of device descriptions. The method includes generating, based on the plurality of device descriptions, a status report comprising a list of network addresses associated with a group of devices having access to the target device.
H04L 41/16 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p. ex. des réseaux de commutation de paquets en utilisant l'apprentissage automatique ou l'intelligence artificielle
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Computer security consulting; consulting in the field of
information technology; computer security and network
security consulting, namely, consultation in the fields of
protecting data and information from unauthorized access,
identifying malware on computer systems, identifying the
source and genealogy of malware, and identifying the
objectives of computer system attackers; computer security
consultancy in the field of scanning and penetration testing
of computers and networks to assess information security
vulnerability; maintenance and updating of computer software
relating to computer and network security and prevention of
computer risks; computer security consultancy for protecting
data and information from unauthorized access, namely,
developing plans for improving computer and network security
and preventing criminal activity; cloud computing featuring
software for detecting breaches for use in computer and
network security; cloud computing services featuring
software for authorizing access to databases in the field of
computer and network security; computer services, namely,
online scanning, detecting, quarantining, and eliminating
viruses, worms, trojans, spyware, adware, malware and
unauthorized data and programs on computers, networks, and
electronic devices; computer systems analysis; monitoring of
computer systems for protecting data and information from
unauthorized access; computer security consultancy for
protecting data and information from unauthorized access;
computer technology consulting in the field of systems for
the surveillance and monitoring of vulnerability and
security problems in computer hardware, networks, and
software; computer security consultancy for protecting data
and information from unauthorized access in the field of
endpoint protection software or curated cyberthreat data for
computer security assurance and identification of malicious
intrusions into computers, computer networks or computer
endpoints; software as a service (SAAS) services featuring
software for ensuring the security of computers and computer
networks; software as a service (SAAS) services, namely,
hosting software for use by others for detecting, blocking,
and removing computer viruses and threats; application
service provider (ASP) featuring non-downloadable computer
software for ensuring the security of computers and computer
networks; computer services, namely, acting as an
application service provider in the field of knowledge
management to host computer application software for
creating databases of information and data related to
malware and computer and network security; computer security
consultancy in the field of administration of digital keys
and digital certificates.
Nodal work assignments efficiently distribute server work items, such as storing redundant copies of electronic data. A cloud computing network establishes a policy that governs how and where the redundant copies are stored cloud computing nodes (such as by region, zone, and cluster targets). The cloud computing network repeatedly or continuously re-evaluates the work assignments based on replication assignment skews and/or leadership penalties. The nodal work assignments thus minimize hardware and software operations, network traffic, and electrical energy consumption.
H04L 67/1031 - Commande du fonctionnement des serveurs par un répartiteur de charge, p. ex. en ajoutant ou en supprimant de serveurs qui servent des requêtes
G06F 9/50 - Allocation de ressources, p. ex. de l'unité centrale de traitement [UCT]
21.
FUNNEL TECHNIQUES FOR NATURAL LANGUAGE TO API CALLS
The present disclosure produces a first output in response to inputting a first prompt into a large language model (LLM). The first prompt comprises a first document group that corresponds to a second document group, and the LLM is limited by a maximum token limit that is less than a token count of the second document group. The present disclosure generates a second prompt that comprises a subset of the second document group corresponding to the first output. The present disclosure then produces a second output based on the subset of the second document group in response to inputting the second prompt into the LLM.
Systems and methods for incremental solves using LLMs for API calls is presented. The systems and methods produce, by a first large learning model (LLM), a processing plan based on a first prompt, wherein the processing plan includes a plurality of tasks corresponding to a plurality of services. The systems and methods send a plurality of messages corresponding to the plurality of tasks to a plurality of service agents, wherein the plurality of service agents correspond to the plurality of services and comprise a plurality of second LLMs that produce a plurality of agent responses. The systems and methods then generate a query response based on the plurality of agent responses.
A rules-based malware detection and assessment service pre-screens malware events reported by endpoint client devices. The endpoint client devices report the malware events to a cloud-computing environment providing the malware detection and assessment service. The malware events are compared to logical rules specifying malware and safe activities. Moreover, the malware detection and assessment service maintains a comprehensive, historical database that stores logs and tracks each malware event. Any new malware events are compared to the historical database. Any matching historical entry indicates a duplicate or repetitive malware detection, so the historical detection and assessment may be retrieved and suggested. The rules-based malware detection and assessment service thus provides a much faster and simpler resolution that easily scales to the ever-increasing volume of malware reports.
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Computer security consulting; consulting in the field of
information technology; computer security consultancy
services for protecting data and information from
unauthorized access in the field of computer and network
security, identifying malware on computer systems,
identifying the source and genealogy of malware, and
identifying the objectives of computer system attacker;
computer security consultancy in the field of scanning and
penetration testing of computers and networks to assess
information security vulnerability; computer security
consultancy for protecting data and information from
unauthorized access, namely, developing plans for improving
computer and network security and preventing criminal
activity; cloud computing featuring software for use in
computer and network security; cloud computing services in
the field of computer and network security; computer
security services by online scanning, detecting,
quarantining, and eliminating of viruses, worms, Trojans,
spyware, adware, malware and unauthorized data and programs
on computers, networks, and electronic devices; computer
systems analysis; monitoring of computer systems for
protecting data and information from unauthorized access;
computer security consultancy for protecting data and
information from unauthorized access and computer technology
consulting of systems for the surveillance and monitoring of
vulnerability and security problems in computer hardware,
networks, and software; computer security consultancy for
protecting data and information from unauthorized access in
the field of endpoint protection software or curated
cyberthreat data for computer security assurance and
identification of malicious intrusions into computers,
computer networks or computer endpoints; software as a
service (SaaS) services featuring software for computer and
network security; software as a service (SaaS) services,
namely, hosting software for use by others for detecting,
blocking, and removing computer viruses and threats;
application service provider (ASP) featuring
non-downloadable computer software for use in computer and
network security; electronic monitoring services for
advanced computer threat detection using real-time
monitoring and machine learning to detect computer threats
and viruses, and for providing detailed analysis and
contextual intelligence to inform responses to sophisticated
computer threats; monitoring and investigation of bad actors
and adversaries across computer networks to neutralize
emerging computer threats and improve cybersecurity and
computer network security.
25.
IDENTIFYING PATTERNS IN LARGE QUANTITIES OF COLLECTED EMAILS
A system and method of detecting malicious activity in emails using pattern recognition. The method includes maintaining a plurality of associations between a plurality of emails and a plurality of multi-dimensional (MD) vectors of the plurality of emails. Each association is between a respective email of the plurality of emails and a respective MD vector of the plurality of MD vectors that corresponds to the respective email. The method includes identifying, based on one or more keywords, a set of MD vectors of the plurality of MD vectors. The method includes selecting, based on the plurality of associations, a set of emails associated with the set of MD vectors. The method includes generating, by a processing device, based on the set of emails or the set of MD vectors, a set of clusters to represent patterns in the set of emails.
Systems and methods for implementing prevention of prompt injection attacks on large language models by tokenization of structured data elements is presented. The systems and methods replace one or more data elements in a database response with one or more tokens to produce a tokenized database response. The systems and methods provide the tokenized database response to a large language model (LLM). The systems and methods receive a tokenized LLM output that includes at least one of the one or more tokens. The systems and methods produce a detokenized LLM output by replacing the one or more tokens in the tokenized LLM output with the one or more data elements.
G06F 40/284 - Analyse lexicale, p. ex. segmentation en unités ou cooccurrence
G06F 16/908 - Recherche caractérisée par l’utilisation de métadonnées, p. ex. de métadonnées ne provenant pas du contenu ou de métadonnées générées manuellement utilisant des métadonnées provenant automatiquement du contenu
Techniques for aggregating data usable for generating security recommendations are discussed herein. A system can aggregate detection data from host devices associated with different organizations based on profile information describing each organization. The system can analyze the aggregated data to identify potential security threats in a data stream, and generate recommendation data usable for defending the data stream from future malicious events.
H04L 41/16 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p. ex. des réseaux de commutation de paquets en utilisant l'apprentissage automatique ou l'intelligence artificielle
Boot status markers record historical boot processes performed by a computer system. Each time the computer system boots, an operating system performs a boot process and interfaces with an antimalware driver. The antimalware driver determines the boot status markers that were set during previous boot processes. The antimalware driver may then classify other drivers based on the boot status markers set during the previous boot processes. The antimalware driver may then report driver classifications to the operating system. The operating system may then block, or allow, the drivers based on the driver classifications.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
A security service can determine a synthetic context based at least in part on context data associated with a first malware sample, and detonate the first malware sample in the synthetic context to provide one or more first event records representing events performed by the first malware sample and detected during detonation. Additionally or alternatively, the security service can detonate the first malware sample and locate a second malware sample in a corpus based at least in part on the one or more first event records. Additionally or alternatively, the security service can receive event records representing events detected during a detonation of a first malware sample, the detonation based at least in part on context data, and locate a second malware sample in the corpus based at least in part on the one or more reference event records.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
Techniques to determining a program installed on a computing device may be indicative of performing a targeted intrusion of the computing device is described. A log file associated with the computing device may be generated. Various indicators from the log file may be determined. A security program may determine that the program may be indicative of performing the targeted intrusion based on at least one of the indicators. The security program may determine an action to take based on the indication of performing the targeted intrusion.
A computer-implemented method of detecting similarity between a first file and a plurality of second files, the method includes generating a first vector corresponding to the first file and a plurality of second vectors each corresponding to one of the plurality of second files; determining that the first file is similar to at least one of the plurality of second files based on a comparison of the first vector to the plurality of second vectors; and responsive to determining that the first file is similar to the at least one of the plurality of second files, performing a remediation operation on the first file.
A method for selecting a region of a similarity space in which to locate a file. Numerous files are received, and feature vectors for each of the received files is created, each feature vector comprising values representing corresponding features for the file. A respective similarity space is created for each of the respective number of feature vectors, each respective similarity space comprising several regions. One of the regions of the respective similarity space is selected in which a respective representation of each file is located based on the respective feature vector for the file. A map of relationships between one or more regions of the similarity spaces is then constructed.
A feature vector is created that comprises a plurality of values, each representing a corresponding portion of a filename extension for a digital file. During an inference workflow of a neural network model, an embedding vector is created that represents, in a meaningful way, the feature vector for the filename extension. A class label prediction value is then computed, based on an evaluation of the embedding vector, a first plurality of embedding vectors representing a plurality of feature vectors for a plurality of benign filename extensions, and a second plurality of embedding vectors representing a plurality of feature vectors for a plurality of malicious filename extensions. A prediction as to whether the digital file has been renamed by a malicious computer program is made, based on the class label prediction value.
G06F 18/2415 - Techniques de classification relatives au modèle de classification, p. ex. approches paramétriques ou non paramétriques basées sur des modèles paramétriques ou probabilistes, p. ex. basées sur un rapport de vraisemblance ou un taux de faux positifs par rapport à un taux de faux négatifs
34.
TECHNIQUES FOR PERFORMING STATIC ANALYSIS ON DEPLOYED APPLICATION CODE
The present disclosure provides an approach of executing application code on a simulator and receiving a result from a hook in response to executing the application code. The hook corresponds to a call to a code object which is inaccessible to the simulator. The result is from an emulation of a connection response corresponding to the code object. The approach generates instructions based on the result and, in turn, performs static analysis on the application code based on the instructions.
Interpolant pattern matching reflects a runtime environment. Any interpolant finite automata (such as a DFA) using a regular expression may be modified with an interpolant string to create an interpolant finite automata (such as an IDFA). The interpolant string incorporates a placeholder that is then modified according to the runtime environment. An environmental variable or a directory path, for example, may be inserted into the placeholder at runtime. An input string may be pattern matched to the IDFA that reflects the runtime environment.
G06F 17/17 - Évaluation de fonctions par des procédés d'approximation, p. ex. par interpolation ou extrapolation, par lissage ou par le procédé des moindres carrés
G06F 9/455 - ÉmulationInterprétationSimulation de logiciel, p. ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
Cloud-delivered hooks are injected as binary instrumentation into a software application. The cloud-delivered hooks are specified by a cloud computing environment. The cloud-delivered hooks may be set up, and torn down, by software updates from the cloud computing environment. The cloud-delivered hooks monitor and intercept functions, APIs, and system calls in both user space and kernel space. Moreover, the cloud-delivered hooks may utilize a polymorphic universal hooking mechanism that eliminates strict signature requirements between target functions and detour functions. Because the cloud-delivered hooks are commanded by, and received from, the cloud computing environment, the cloud-delivered hooks may be easily and nearly instantaneously distributed to clients in the field for near real time software instrumentation and reporting. The cloud-delivered hooks can thus greatly simplify and quicken software development, software debugging, malware detection, and software monitoring.
Methods and systems for applying a diffusion model to adversarial purification and generating adversarial samples in malware detection are disclosed. According to an example, a malware file is inputted to a diffusion model to obtain an adversarial sample by altering content of the malware file. The adversarial sample is further tested by a malware detector. In some examples, the content of an input file may be encoded prior to be processed by the diffusion model. If the malware detector can identify the adversarial sample as a malware file, the diffusion model is updated to further alter the content until the adversarial sample successfully deceives the malware detector. According to another example, an executable file is purified using a diffusion model prior to be inputted to a malware detector. The diffusion model may remove potential malware content from the executable file, thus improving the performance of the malware detector.
An interwoven approximate membership query (AMQ) data structure interweaves multiple AMQ data sets. The interwoven AMQ data structure collapses the AMQ data sets into a composite membership representation. The interwoven AMQ data structure still represents a computer database, but the interwoven AMQ data structure yields far faster membership results. The interwoven AMQ data structure requires orders of magnitude less data reads. Memory allocation is reduced, processor cycles are reduced, input/output operations are reduced, and translations from kernel space to user space are reduced. The interwoven AMQ data structure greatly improves computer functioning.
A computer-implemented method for deobfuscating an executable image including a plurality of computer instructions organized in a first control flow is provided. The computer-implemented method includes analyzing the executable image to identify a plurality of discrete blocks of the computer instructions, the computer instructions of each of the discrete blocks comprising a control flow transfer instruction and a dispatcher variable, categorizing a type of each of the discrete blocks into one of a plurality of block types, wherein the plurality of block types comprise a conditional functional block type, an unconditional functional block type, and a dispatcher block type, based on the type of each of the discrete blocks, reorganizing the computer instructions of the executable image into a second control flow, different from the first control flow.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/52 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p. ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données
A system and method of adjusting a classifier to improve a performance of the classifier to detect a malicious file. The method includes receiving a request to process a target file. The method includes generating, based on a configuration file and the target file, one or more modified files and metadata associated with the one or more modified files. The method includes providing the one or more modified files to a classifier trained to generate an output indicating whether each of the one or more modified files is malicious or non-malicious. The method includes generating, based on the output and the metadata, performance data indicative of a performance of the classifier. The method includes adjusting, based on the performance data, parameters of the classifier to improve the performance of the classifier to detect a group of attacks on a computing environment.
A method for constructing a similarity space in which to compare files. The method receives, and creates a respective pair of feature vectors for, each of the files. A low-level feature vector is created for a file, via a first parser, which includes a number of values, each representing corresponding low-level features identified in the file. A high-level feature vector is created, which includes a number of values, each representing corresponding high-level features identified in the file. The method then creates, during a training workflow of a neural network model, a similarity space comprising embedding vectors each corresponding to the respective pair of feature vectors for each of the files. The proximity of any two of the embedding vectors in the similarity space is based on a proximity of respective high-level feature vectors for a corresponding two files.
G06F 18/2415 - Techniques de classification relatives au modèle de classification, p. ex. approches paramétriques ou non paramétriques basées sur des modèles paramétriques ou probabilistes, p. ex. basées sur un rapport de vraisemblance ou un taux de faux positifs par rapport à un taux de faux négatifs
G06F 16/16 - Opérations sur les fichiers ou les dossiers, p. ex. détails des interfaces utilisateur spécialement adaptées aux systèmes de fichiers
42.
ACCESSIBILITY SERVICES BASED PHISHING DETECTION AND PREVENTION
Systems and methods disclosed that receive, from an accessibility service executing on a computing device, screen content that is displayed on a screen of the computing device to a user. The accessibility service is configured to interact with a graphical user interface executing on the computing device to determine the screen content and determine that the screen content includes malicious content. The systems and methods perform an operation, by the computing device, that impedes the user from selecting the malicious content.
A distributed security system can include instances of a compute engine that can execute either locally in security agents on client devices or as cloud instances in a security network. Event data can be processed by elements of the distributed security system according to centrally-defined ontological definitions and/or configurations. Bounding managers of local security agents can control how much event data is sent to the security network. A storage engine in the security network can store event data received from client devices, can route event data to other elements of the security network, including cloud instances of the compute engine. An experimentation engine of the security network can also at least temporarily adjust other elements of the distributed security system during experiments or tests.
Methods and systems implement computing systems configured to trigger a volatile memory scan based on execution of computer-executable instructions, and to downselect scope of a volatile memory scan. Such techniques for triggering scans are sufficiently selective to avoid volatile memory scans for each and every running process, or vast majority of running processes. Moreover, volatile memory scans are triggered responsively after the computer-executable instructions are run, so that target processes to be scanned have not yet terminated at the time of the volatile memory scan. Additionally, a variety of techniques are implemented to minimize the volatile memory scans adversely impacting computational performance of the computing system.
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Software as a service (SaaS) services featuring software for
automating customer interactions and data collection for
computer security consulting, namely, using artificial
intelligence for customer interaction for identifying
malware on computer systems, identifying the source and
genealogy of malware, and identifying the objectives of
computer system attackers; software as a service (SaaS)
services featuring software using artificial intelligence
for automating customer interactions and data collection for
scanning and penetration testing of computers and networks
to assess information security vulnerability for maintaining
and updating of computer software relating to computer and
network security and prevention of computer risks, and for
protecting data and information from unauthorized access
using artificial intelligence to develop plans for improving
computer and network security and preventing criminal
activity; cloud computing featuring software for use in
computer and network security; cloud computing services
using artificial intelligence for automating customer
interactions and data collection in the field of computer
and network security; software as a service (SaaS) services
featuring software using artificial intelligence for
automating customer interactions and data collection for
conducting online scanning, detecting, quarantining, and
eliminating viruses, worms, Trojans, spyware, adware,
malware and unauthorized data and programs on computers,
networks, and electronic devices; computer systems analysis;
software as a service (SaaS) services featuring software
using artificial intelligence for automating customer
interactions and data collection for monitoring of computer
systems for protecting data and information from
unauthorized access; computer security consultancy for
protecting data and information from unauthorized access and
computer technology consulting of systems using software as
a service (SaaS) services using artificial intelligence for
automating customer interactions for the surveillance and
monitoring of vulnerability and security problems in
computer hardware, networks, and software; computer security
consultancy for protecting data and information from
unauthorized access in the field of endpoint protection
software or curated cyberthreat data for computer security
assurance and identification of malicious intrusions into
computers, computer networks or computer endpoints; software
as a service (SAAS) services featuring software for computer
and network security; software as a service (SAAS) services,
namely, hosting software for use by others for detecting,
blocking, and removing computer viruses and threats;
application service provider (ASP) featuring
non-downloadable computer software for use in computer and
network security using artificial intelligence for
automating customer interactions and collection of data;
application service provider [ASP], namely, hosting computer
software applications in the field of knowledge management
for creating databases of information and data related to
malware and computer and network security; computer security
consultancy in the field of administration of digital keys
and digital certificates; providing online non-downloadable
software for the artificial production of human speech and
text based on deep learning algorithms to recognize and
respond to customer interactions relating to computer
security consulting, namely, for identifying malware on
computer systems, identifying the source and genealogy of
malware, identifying the objectives of computer system
attackers, scanning and penetration testing of computers and
networks to assess information security vulnerability,
maintaining and updating of computer software relating to
computer and network security and prevention of computer
risks, and for protecting data and information from
unauthorized access using artificial intelligence to develop
plans for improving computer and network security and
preventing criminal activity.
Techniques to manage queries for managing queries that detect activity associated with a data stream of a computing device. A system can receive a request to implement a query from a device, test the query in a test environment, and determine whether or not to deploy the query to a production environment that includes one or more host devices. The system can generate an instruction and/or a query identifier to control a start time and/or an end time for a query.
A method of generating a file hash using fingerprinting data includes acquiring, using one or more programs executing in a kernel space of an operating system, fingerprinting data associated with a target application process in a user space of the operating system responsive to detecting an execution of the target application process, sharing, by a processing device using the one or more programs, the fingerprinting data with a user space monitoring application executing in the user space of the operating system, generating a hash value of a target application file associated with the target application process, and determining, using the user space monitoring application, a validity of the hash value based on the fingerprinting data.
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p. ex. par clés ou règles de contrôle de l’accès
G06F 21/54 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p. ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par ajout de routines ou d’objets de sécurité aux programmes
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
A method of generating a file hash using mount namespace data includes identifying, by a user space monitoring application executing in a user space of an operating system, a target application file associated with a target application process executing in the user space of the operating system, wherein the target application process is associated with a first mount namespace, accessing, by the user space monitoring application, a mapping between the first mount namespace and one or more processes executing in the user space of the operating system, switching, by a processing device, the user space monitoring application to the first mount namespace based on the mapping, and accessing, by the user space monitoring application, the target application file in the first mount namespace.
An artificial intelligence (AI) monitoring service detects, in real time or in near real time, misbehaving AI. The AI monitoring service monitors any of inputs to the AI, incoming/outgoing communications, API calls, inter-service/inter-container activities associated with the AI, and/or an output generated by the AI. Any activity conducted by, or associated with, the AI may be compared to an AI behavior profile defining permissible/impermissible activities. If any activity fails to conform to the AI behavior profile, alerts are sent and threat procedures are implemented. Very early stages of abnormal AI behavior are detected, thus quickly exposing abnormal AI behavior before the artificial intelligence can implement undesirable, or even harmful, actions.
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
(1) Computer security consulting; consulting in the field of information technology; computer security consultancy services for protecting data and information from unauthorized access in the field of computer and network security, identifying malware on computer systems, identifying the source and genealogy of malware, and identifying the objectives of computer system attacker; computer security consultancy in the field of scanning and penetration testing of computers and networks to assess information security vulnerability; computer security consultancy for protecting data and information from unauthorized access, namely, developing plans for improving computer and network security and preventing criminal activity; cloud computing featuring software for use in computer and network security; cloud computing services in the field of computer and network security; computer security services by online scanning, detecting, quarantining, and eliminating of viruses, worms, Trojans, spyware, adware, malware and unauthorized data and programs on computers, networks, and electronic devices; computer systems analysis; monitoring of computer systems for protecting data and information from unauthorized access; computer security consultancy for protecting data and information from unauthorized access and computer technology consulting of systems for the surveillance and monitoring of vulnerability and security problems in computer hardware, networks, and software; computer security consultancy for protecting data and information from unauthorized access in the field of endpoint protection software or curated cyberthreat data for computer security assurance and identification of malicious intrusions into computers, computer networks or computer endpoints; software as a service (SaaS) services featuring software for computer and network security; software as a service (SaaS) services, namely, hosting software for use by others for detecting, blocking, and removing computer viruses and threats; application service provider (ASP) featuring non-downloadable computer software for use in computer and network security; electronic monitoring services for advanced computer threat detection using real-time monitoring and machine learning to detect computer threats and viruses, and for providing detailed analysis and contextual intelligence to inform responses to sophisticated computer threats; monitoring and investigation of bad actors and adversaries across computer networks to neutralize emerging computer threats and improve cybersecurity and computer network security.
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Computer security consulting; consulting in the field of information technology; consultation in the field of computer and network security for protecting data and information from unauthorized access, identifying malware on computer systems, identifying the source and genealogy of malware, and identifying the objectives of computer system attackers; computer security consultancy in the field of scanning and penetration testing of computers and networks to assess information security vulnerability; computer security consultancy for protecting data and information from unauthorized access, namely, developing plans for improving computer and network security and preventing criminal activity; cloud computing featuring software for use in computer and network security; computer services, namely, cloud computing services in the field of computer and network security; computer services, namely, online scanning, detecting, quarantining, and eliminating viruses, worms, trojans, spyware, adware, malware and unauthorized data and programs on computers, networks, and electronic devices; computer systems analysis; monitoring of computer systems for protecting data and information from unauthorized access; computer security consultancy for protecting data and information from unauthorized access and computer technology consulting of systems for the surveillance and monitoring of vulnerability and security problems in computer hardware, networks, and software; computer security consultancy in the field of endpoint protection software and curated cyberthreat data for protecting data and information from unauthorized access computer security assurance and identification of malicious intrusions into computers, computer networks or computer endpoints; software as a service (SAAS) services featuring software for computer and network security; software as a service (SAAS) services, namely, hosting software for use by others for detecting, blocking, and removing computer viruses and threats; application service provider (ASP) featuring non-downloadable computer software for use in computer and network security; computer services, namely, acting as an application service provider in the field of knowledge management to host computer application software for creating databases of information and data related to malware and computer and network security; computer security consultancy in the field of administration of digital keys and digital certificates; computer security threat analysis services, namely, advanced computer threat detection services, using real-time monitoring and machine learning to detect computer threats and viruses, and providing detailed analysis and contextual intelligence to inform responses to sophisticated computer threats; computer security services, namely, monitoring and investigation of bad actors and adversaries across computer networks to neutralize emerging computer threats and improve cybersecurity and computer network security
52.
Aggressive Embedding Dropout in Embedding-Based Malware Detection
Malware is detected using an embedding-based machine learning model. The model generates embeddings using byte n-grams. A feature importance operation reveals that only a subset of the embeddings is required to detect malware. In some cases, even a single embedding is adequate and retains 99% detection capabilities. An aggressive embedding dropout operation is implemented that ignores lesser-important embeddings. Because perhaps only one, or a few, embeddings need be determined, malware detection is greatly simplified. Malware detection is greatly simplified and need not calculate full-sized embeddings. A malware detection service runs quicker, and just as capably, while consuming less resources.
A security agent configured to initiate multifactor authentication (MFA) in response to security triggers occurring on a computing device. Upon occurrence of a security trigger, the security agent delays action associated with a process on the computing device and provides, to a display of a user of the computing device, a prompt asking if the security trigger resulted from an action of the user. The security agent then initiates MFA with an MFA provider to authenticate the user and, based at least on a result of the MFA and the user answer to the prompt, takes further action. The user answer may be provided separately from the MFA or through successful completion of the MFA.
A process subset of an executing process is obtained from a memory of a computing device. The process subset includes less than all of an in-memory executable program generated by the executing process. A feature vector is extracted from the process subset based on data within the process subset. A malware classification is generated based on the process subset. A remediation operation is initiated on the executing process based on the malware classification.
A security agent configured to utilize a decision validation model for a prediction model of a security agent of the computing device is described herein. The decision validation model includes non-executable data and is utilized by a function of the security agent along with the input vector and decision value of the prediction model as inputs to the decision validation model. The decision validation model then outputs a different decision value from the decision value of the prediction model. The security agent receives the decision validation model from a security service that trains the decision validation model when the prediction model is generating false predictions.
A video player includes the user interface comprising: a video display; a texture strip visually representing a series of frames of a video, the texture strip comprising a sequence of textured frame representations, each textured frame representation in sequence of textured frame representations representing a corresponding frame from a series of frames; a control to allow a user to use the texture strip to seek frames in the series of frames in a random manner. An input is received via the control, the input including an indication of a selection of a location in the texture strip, the location in the texture strip having a corresponding temporal location in the series of frames. Based on the input, a frame selected from the series of frames is displayed in the video display, the selected frame located at the corresponding temporal location in the series of frames.
H04N 5/262 - Circuits de studio, p. ex. pour mélanger, commuter, changer le caractère de l'image, pour d'autres effets spéciaux
H04N 5/272 - Moyens pour insérer une image de premier plan dans une image d'arrière plan, c.-à-d. incrustation, effet inverse
H04N 5/76 - Enregistrement du signal de télévision
H04N 5/765 - Circuits d'interface entre un appareil d'enregistrement et un autre appareil
H04N 5/77 - Circuits d'interface entre un appareil d'enregistrement et un autre appareil entre un appareil d'enregistrement et une caméra de télévision
H04N 5/775 - Circuits d'interface entre un appareil d'enregistrement et un autre appareil entre un appareil d'enregistrement et un récepteur de télévision
H04N 5/93 - Régénération du signal de télévision ou de parties sélectionnées de celui-ci
H04N 7/173 - Systèmes à secret analogiquesSystèmes à abonnement analogiques à deux voies, p. ex. l'abonné envoyant un signal de sélection du programme
H04N 21/234 - Traitement de flux vidéo élémentaires, p. ex. raccordement de flux vidéo ou transformation de graphes de scènes du flux vidéo codé
H04N 21/2343 - Traitement de flux vidéo élémentaires, p. ex. raccordement de flux vidéo ou transformation de graphes de scènes du flux vidéo codé impliquant des opérations de reformatage de signaux vidéo pour la distribution ou la mise en conformité avec les requêtes des utilisateurs finaux ou les exigences des dispositifs des utilisateurs finaux
H04N 21/4402 - Traitement de flux élémentaires vidéo, p. ex. raccordement d'un clip vidéo récupéré d'un stockage local avec un flux vidéo en entrée ou rendu de scènes selon des graphes de scène du flux vidéo codé impliquant des opérations de reformatage de signaux vidéo pour la redistribution domestique, le stockage ou l'affichage en temps réel
H04N 21/472 - Interface pour utilisateurs finaux pour la requête de contenu, de données additionnelles ou de servicesInterface pour utilisateurs finaux pour l'interaction avec le contenu, p. ex. pour la réservation de contenu ou la mise en place de rappels, pour la requête de notification d'événement ou pour la transformation de contenus affichés
H04N 21/61 - Structure physique de réseauTraitement de signal
A digital security system can store data associated with entities in resolver trees. If the digital security system determines that two resolver trees are likely representing the same entity, the digital security system can use a merge operation to merge the resolver trees into a single resolver tree that represents the entity. The single resolver tree can include a merge node indicating a merge identifier of the merge operation. Nodes containing information merged into the resolver tree from another resolver tree during the merge operation can be tagged with the corresponding merge identifier. Accordingly, if the merge operation is to be undone, for instance if subsequent information indicates that the entries are likely separate entities, the resolver tree can be unmerged and the nodes tagged with the merge identifier can be restored to a separate resolver tree.
G06F 7/14 - Interclassement, c.-à-d. association d'au moins deux séries de supports d'enregistrement, chacun étant rangé dans le même ordre de succession, en vue de former une série unique rangée dans le même ordre de succession
G06F 16/22 - IndexationStructures de données à cet effetStructures de stockage
G06F 16/28 - Bases de données caractérisées par leurs modèles, p. ex. des modèles relationnels ou objet
58.
SYSTEMS AND METHODS FOR CACHING OF MANAGED CONTENT IN A DISTRIBUTED ENVIRONMENT USING A MULTI-TIERED ARCHITECTURE INCLUDING OFF-LINE ACCESS TO CACHED CONTENT
Embodiments as disclosed provide a distributed caching solution that improve the performance and functionality of a content management platform for sites that are physically or logically remote from the primary site of the content management platform. In particular, according to embodiments, a remote cache server may be associated with a remote site to store local copies of documents that are managed by the primary content management platform. Periodically, a portion of the remote site's cache may be synchronized with the content management platform's primary site using an extensible architecture to ensure that content at the remote cache server is current.
G06F 16/2458 - Types spéciaux de requêtes, p. ex. requêtes statistiques, requêtes floues ou requêtes distribuées
H04L 67/1097 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau pour le stockage distribué de données dans des réseaux, p. ex. dispositions de transport pour le système de fichiers réseau [NFS], réseaux de stockage [SAN] ou stockage en réseau [NAS]
59.
TECHNIQUES FOR ORDERING PROCESS ACTIVITY IN A CONCURRENT ENVIRONMENT
Trackable activity performed by a process executing in an operating system of a computing device is detected, the process associated with an initial sequence number and an initial message queue of a plurality of message queues, and each of the plurality of message queues comprising a first counter. Based on a comparison of the first counter to the initial sequence number, an assigned message queue of the process is set to the initial message queue or a second message queue of the plurality of message queues. A message is transmitted on the assigned message queue, the message comprising a process identifier of the process.
A method includes retrieving, in a kernel space of an operating system executing on a computing device, a first value from a first clock source, retrieving, in a user space of the operating system executing on the computing device, a second value from a second clock source, generating a unique process identifier (UPID) associated with a process identifier (PID) of a process executing in the operating system, wherein the UPID is based on the first value of the first clock source and the second value of the second clock source, and tracking process activity of the process executing in the operating system by utilizing the UPID.
A unique process identifier (UPID) associated with a process identifier (PID) of a process executing in an operating system is generated in a kernel space of the operating system executing on a computing device. The UPID is inserted into a first mapping store that maps the PID to the UPID. A message is transmitted including the PID to a message buffer structure. A second mapping store that maps the UPID to the PID is updated in a user space of the operating system based on the message.
A creation of a first process is detected in a kernel space of the operating system executing on a computing device. An exec parent of the first process is determined. The exec parent identifies a second process within an ancestry of the first process that last performed an exec operation prior to the creation of the first process. A unique process identifier (UPID) associated with a process identifier (PID) of the first process is generated. The UPID is associated with the exec parent in a first mapping store that maps the PID to the UPID. Process activity of the first process executing in the operating system is tracked to generate process activity data that comprises the exec parent.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/52 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p. ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données
Augmented reality presentations are provided at respective electronic devices. A first electronic device receives information relating to modification made to an augmented reality presentation at a second electronic device, and the first electronic device modifies the first augmented reality presentation in response to the information.
G06T 19/00 - Transformation de modèles ou d'images tridimensionnels [3D] pour infographie
A63F 13/50 - Commande des signaux de sortie en fonction de la progression du jeu
A63F 13/65 - Création ou modification du contenu du jeu avant ou pendant l’exécution du programme de jeu, p. ex. au moyen d’outils spécialement adaptés au développement du jeu ou d’un éditeur de niveau intégré au jeu automatiquement par des dispositifs ou des serveurs de jeu, à partir de données provenant du monde réel, p. ex. les mesures en direct dans les compétitions de course réelles
A63F 13/655 - Création ou modification du contenu du jeu avant ou pendant l’exécution du programme de jeu, p. ex. au moyen d’outils spécialement adaptés au développement du jeu ou d’un éditeur de niveau intégré au jeu automatiquement par des dispositifs ou des serveurs de jeu, à partir de données provenant du monde réel, p. ex. les mesures en direct dans les compétitions de course réelles par importation de photos, p. ex. du joueur
G06F 3/14 - Sortie numérique vers un dispositif de visualisation
G06V 10/75 - Organisation de procédés de l’appariement, p. ex. comparaisons simultanées ou séquentielles des caractéristiques d’images ou de vidéosApproches-approximative-fine, p. ex. approches multi-échellesAppariement de motifs d’image ou de vidéoMesures de proximité dans les espaces de caractéristiques utilisant l’analyse de contexteSélection des dictionnaires
G06V 20/80 - Reconnaissance des objets d’image caractérisés par des motifs aléatoires uniques
64.
Adaptive Profiling of Cloud Services Using Machine Learning for Malware Detection
A cloud-service malware detection application detects, in real time or in near real time, malware infecting cloud services. The cloud-service malware detection application monitors incoming communications, outgoing communications, API calls, and other inter-service activities conducted between different cloud services in a cloud-computing environment. Because the cloud-computing environment may have many different cloud services, the cloud-service malware detection application detects a malware attack that spans multiple hosts and cloud services. The cloud-service malware detection application adaptively profiles each individual cloud service using machine learning, thus providing quicker, more accurate, and more scalable malware detection.
Systems and methods of authentication utilizing a large language model (LLM) are provided. The method includes accessing a knowledge base comprising user-specific data of a user device associated with a domain. In response to a request from the user device for access to a resource of the domain, the method includes generating one or more authentication challenges based on the user-specific data. The one or more authentication challenges are generated by an LLM trained on the user-specific data and contextual interactions associated with the user device. In response to determining that a response to the one or more authentication challenges matches the user-specific data of the knowledge base and the contextual interactions, the method includes providing the user device access to the resource of the domain.
A system and method of securing a Function as a Service (FaaS) cloud computing system without using access rights to operating system (OS) kernels of the cloud service system. The method includes receiving a request to invoke a user-function associated with a computing language. The method includes executing the user-function within an operating system that executes on a processing device of the cloud service system. The method includes monitoring, by the processing device, a real-time behavior of the user-function using a security sensor that executes within the operating system, wherein the security sensor is without access rights to a kernel of the operating system. The method includes acquiring behavioral data indicative of the real-time behavior of the user-function.
Methods and systems for multi-cloud breach detection using ensemble classification and deep anomaly detection are disclosed. According to an implementation, a security appliance may receive logged event data. The security appliance may determine using a supervised machine learning (ML) model, a first anomaly score representing a first context. The security appliance may further determine using a semi-supervised machine learning (ML) model, a second anomaly score representing the second context, and using an unsupervised ML model, one or more third anomaly scores representing one or more third contexts. The security appliance may aggregate the first anomaly score, the second anomaly score and the one or more third anomaly scores using a classification module to produce a final anomaly score and a final context. The security appliance may determine that an anomaly exists and a type of attack based on the final anomaly score and the final context.
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
(1) Software as a service (SaaS) services featuring software for automating customer interactions and data collection for computer security consulting, namely, using artificial intelligence for customer interaction for identifying malware on computer systems, identifying the source and genealogy of malware, and identifying the objectives of computer system attackers; software as a service (SaaS) services featuring software using artificial intelligence for automating customer interactions and data collection for scanning and penetration testing of computers and networks to assess information security vulnerability for maintaining and updating of computer software relating to computer and network security and prevention of computer risks, and for protecting data and information from unauthorized access using artificial intelligence to develop plans for improving computer and network security and preventing criminal activity; cloud computing featuring software for use in computer and network security; cloud computing services using artificial intelligence for automating customer interactions and data collection in the field of computer and network security; software as a service (SaaS) services featuring software using artificial intelligence for automating customer interactions and data collection for conducting online scanning, detecting, quarantining, and eliminating viruses, worms, Trojans, spyware, adware, malware and unauthorized data and programs on computers, networks, and electronic devices; computer systems analysis; software as a service (SaaS) services featuring software using artificial intelligence for automating customer interactions and data collection for monitoring of computer systems for protecting data and information from unauthorized access; computer security consultancy for protecting data and information from unauthorized access and computer technology consulting of systems using software as a service (SaaS) services using artificial intelligence for automating customer interactions for the surveillance and monitoring of vulnerability and security problems in computer hardware, networks, and software; computer security consultancy for protecting data and information from unauthorized access in the field of endpoint protection software or curated cyberthreat data for computer security assurance and identification of malicious intrusions into computers, computer networks or computer endpoints; software as a service (SAAS) services featuring software for computer and network security; software as a service (SAAS) services, namely, hosting software for use by others for detecting, blocking, and removing computer viruses and threats; application service provider (ASP) featuring non-downloadable computer software for use in computer and network security using artificial intelligence for automating customer interactions and collection of data; application service provider [ASP], namely, hosting computer software applications in the field of knowledge management for creating databases of information and data related to malware and computer and network security; computer security consultancy in the field of administration of digital keys and digital certificates; providing online non-downloadable software for the artificial production of human speech and text based on deep learning algorithms to recognize and respond to customer interactions relating to computer security consulting, namely, for identifying malware on computer systems, identifying the source and genealogy of malware, identifying the objectives of computer system attackers, scanning and penetration testing of computers and networks to assess information security vulnerability, maintaining and updating of computer software relating to computer and network security and prevention of computer risks, and for protecting data and information from unauthorized access using artificial intelligence to develop plans for improving computer and network security and preventing criminal activity.
69.
Techniques for variable memory allocation using constant-sized structures
A first message structure is selected from a first subset of a plurality of message structures based on a size of a message payload and a message type of the message payload. Each of the first subset of the plurality of message structures has a different size. A size of the first message structure is greater than or equal to the size of the message payload. A first request is transmitted to an application programming interface (API) utilizing the size of the first message structure. In response to transmitting the first request to the API, a reference is received to a buffer structure. The message payload is copied into the buffer structure using the reference to the buffer structure.
A command line anomaly detection system can generate anomaly scores associated with command line entries, such that command line entries associated with the highest anomaly scores can be identified. The command line anomaly detection system can include a transformer model trained, via unsupervised machine learning, to determine meanings of components of individual command line entries. The command line anomaly detection system can also include an anomaly detection model trained, via unsupervised machine learning, to determine anomaly scores based on the meanings of components of individual command line entries determined by the transformer model.
A method to predict that a text file contains source code written in one or more of a plurality of source code programming languages involves creating a feature vector comprising a plurality of values, wherein each value represents a corresponding piece of text found in the text file. Then, during an inference workflow with a neural network model, embedding representation values identified for each value in the feature vector. An overall embedding representation value is calculated for the feature vector based on the obtained embedding representation values. A plurality of class label prediction values is then created, based on the overall embedding representation value and a plurality of class labels corresponding to the plurality of source code programming languages. Finally, a prediction is made as to the source code programming language in which the source code is written in the text file based on the plurality of class label prediction values.
A value is assigned to a rate threshold for adding child nodes to a distinct parent node in a tree data structure. A first datum comprising a first variable assigned a first value and a second variable assigned a first value is added to the tree at a first timestamp, by adding to the first level in the tree a first parent node representing the first variable assigned the first value and adding to the second level in the tree a first child node representing the second variable assigned the first value and connected by a first directed edge from the first parent node. A second datum comprising the first variable assigned the first value and the second variable assigned a second value is received at a second timestamp. The method blocks adding to the second level in the tree a second child node representing the second variable assigned the second value and connected by a second directed edge from the first parent node when a rate based on the first timestamp and the second timestamp exceeds the rate threshold.
Methods and systems for generating and using a dynamic asset inventory are disclosed. According to an implementation, a dynamic inventory can be generated by a function included in a security agent that provides security for a network environment. First computing asset information can be collected from first data sources, and the first computing asset information can be supplemented with second computing asset information. The supplemented computing asset information can be used to generate log files for computing assets. The log files can be used to generate an asset search index that supports rapid search of the dynamic asset inventory.
G06F 16/00 - Recherche d’informationsStructures de bases de données à cet effetStructures de systèmes de fichiers à cet effet
G06F 9/455 - ÉmulationInterprétationSimulation de logiciel, p. ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
G06F 16/22 - IndexationStructures de données à cet effetStructures de stockage
74.
Mutation-Responsive Documentation Regeneration Based on Knowledge Base
A data store associated with one or more entities of a graph database hosted at a knowledge base hosting network maintains a respective one or more records of a plurality of mutation operations performed on the one or more entities. One or more of the plurality of mutation operations performed on the one or more entities is obtained from the data store. One or more documents of a document storage are then generated or updated based on the one or more of the plurality of mutation operations performed on the one or more entities obtained from the data store.
An auto-rotation module having a single-layer neural network on a user device can convert a document image to a monochrome image having black and white pixels and segment the monochrome image into bounding boxes, each bounding box defining a connected segment of black pixels in the monochrome image. The auto-rotation module can determine textual snippets from the bounding boxes and prepare them into input images for the single-layer neural network. The single-layer neural network is trained to process each input image, recognize a correct orientation, and output a set of results for each input image. Each result indicates a probability associated with a particular orientation. The auto-rotation module can examine the results, determine what degree of rotation is needed to achieve a correct orientation of the document image, and automatically rotate the document image by the degree of rotation needed to achieve the correct orientation of the document image.
G06V 10/24 - Alignement, centrage, détection de l’orientation ou correction de l’image
G06V 10/82 - Dispositions pour la reconnaissance ou la compréhension d’images ou de vidéos utilisant la reconnaissance de formes ou l’apprentissage automatique utilisant les réseaux neuronaux
G06V 30/19 - Reconnaissance utilisant des moyens électroniques
G06V 30/414 - Extraction de la structure géométrique, p. ex. arborescenceDécoupage en blocs, p. ex. boîtes englobantes pour les éléments graphiques ou textuels
H04N 1/387 - Composition, repositionnement ou autre modification des originaux
An executable program compiled for a first execution environment is obtained. The executable program is processed by an emulation function of a second execution environment to create an execution profile for the executable program. The emulation function of the second execution environment is configured to emulate an execution of the executable program and to replace an application programming interface (API) function call within the executable program with a call to an emulated API function call within the second execution environment. A malware classification is determined for the executable program based on the execution profile.
An event query host can include an event processor configured to process an event stream indicating events that occurred on a computing device. The event processor can add representations of events to an event graph. If an event added to the event graph is a trigger event associated with a query, the event processor can also add an instance of the query to a query queue. The query queue can be sorted based on scheduled execution times of query instances. At a scheduled execution time of a query instance in the query queue, a query manager of the event query host can execute the query instance and attempt to find a corresponding pattern of one or more events in the event graph.
Techniques and systems are described for enabling an identity provider to identify a computing device during authentication of a user that uses the computing device, and to do so in a manner that is independent of a browser and/or a client application and/or an operating system on the computing device. For example, upon receiving, from a first identity provider, redirection data to redirect an authentication request to a second identity provider, a security agent executing on the computing device may intercept the authentication request, retrieve data about the computing device, and send the authentication request with the device data to the second identity provider. Upon receiving, from the second identity provider, a signed response to the authentication request, the computing device may send the signed response to the first identity provider to receive a result of the authentication request from the first identity provider.
G06F 21/46 - Structures ou outils d’administration de l’authentification par la création de mots de passe ou la vérification de la solidité des mots de passe
79.
DETECTION OF CONTENT GENERATED FROM PHISHING ATTACKS
Mechanisms are provided to detect content generated from phishing attacks. The mechanisms process an electronic communication, received from a data network, to produce a structure token. The structure token represents a content structure of the electronic communication. The structure token is processed by a machine learning model, which is trained to identify content that is generated in response to one or more phishing attacks. The machine learning model produces a classification output that indicates whether the electronic communication includes content that was generated in response to the one or more phishing attacks.
A system and method of predicting the probability of exploitation of vulnerabilities of a computing environment. The method includes acquiring one or more environment variables associated with a computing environment. The method includes identifying a vulnerability in the computing environment based on a vulnerability database (VDB) and the one or more environment variables associated with the computing environment. The method includes generating an input dataset based on behavioral-based endpoint detection and response (EDR) data associated with the vulnerability. The method includes providing the input dataset to one or more predictive models respectively trained to predict probabilities of exploitation of vulnerabilities of computing environments based on the input dataset. The method includes generating, by a processing device, a vulnerability risk score for the vulnerability of the computing environment based on the input dataset and the one or more predictive models.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
Deception-based techniques for responding to security attacks are described herein. The techniques include transitioning a security attack to a monitored computing device posing as a computing device impacted by the security attack and enabling the adversary to obtain deceptive information from the monitored computing device. Also, the adversary may obtain a document configured to report identifying information of an entity opening the document, thereby identifying the adversary associated with the attack. Further, the techniques include determining that a domain specified in a domain name request is associated with malicious activity and responding to the request with a network address of a monitored computing device to cause the requesting process to communicate with the monitored computing device in place of an adversary server. Additionally, a service may monitor dormant domains names associated with malicious activity and, in response to a change, respond with an alert or a configuration update.
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p. ex. par clés ou règles de contrôle de l’accès
H04L 61/4511 - Répertoires de réseauCorrespondance nom-adresse en utilisant des répertoires normalisésRépertoires de réseauCorrespondance nom-adresse en utilisant des protocoles normalisés d'accès aux répertoires en utilisant le système de noms de domaine [DNS]
82.
Logical blocks analysis in an electronic file system volume
One or more identifiers respectively corresponding to a one or more logical blocks in an electronic file system volume is selected. One or more logical blocks respectively corresponding to the selected one or more identifiers is analyzed according to one or more criteria. A value is assigned to one or more indicators associated with each of the one or more logical blocks and corresponding to the one or more criteria, in response to the analyses of the corresponding one or more logical blocks. A representation of the one or more indicators, and their respective assigned values, associated with each of the one or more logical blocks that was analyzed according to the one or more criteria, is generated. In some embodiments, an action to be performed on or with an electronic file mapped to the logical blocks is controlled based on one or more of the values assigned to the one or more indicators associated with the one or more logical blocks.
A system and method for detecting code initialization actions is utilized for performing static analysis of an application code including an external initialization component. The method includes receiving an application code including an external initialization code component, the application code deployed in a cloud computing environment; detecting in the application code an anchor point, the anchor point including a call to another code object; inserting a hook into the application code based on a location of the anchor point in the application code; and receiving a result from the hook in response to executing the application code.
Methods and systems for detecting malicious attacks in a network and preventing lateral movement in the network by identity control are disclosed. According to an implementation, a security appliance may receive telemetry data from an endpoint device collected during a period of time. The security appliance may determine a threat behavior based on the telemetry data. The threat behavior may be associated with a user identity or user account. The security appliance further determines one or more additional user identities based on the user identity connected to the threat behavior. The security appliance may enforce one or more security actions on the user identity and the one or more additional user identities to prevent attacks to a plurality of computing domains from the endpoint device using the one or more additional user identities. The security appliance may be implemented on any network participants including servers, cloud device, cloud-based services/platforms, etc.
A distributed security system includes instances of a compute engine that can receive an event stream comprising event data associated with an occurrence of one or more events on one or more client computing devices and generate new event data based on the event data in the event stream. A predictions engine coupled in communication with the compute engine(s) receives the new event data and applies at least a portion of the received new event data to one or more machine learning models of the distributed security system based to the received new event data. The one or more machine learning models generate a prediction result that indicates whether the occurrence of the one or more events from which the new event data was generated represents one or more target behaviors, based on the applying of at least the portion of the received new event data to the one or more machine learning models according to the received new event data.
A system and method for identifying distinct software applications. A method includes collecting, from a plurality of resources, data utilized to at least execute a plurality of software applications of an organization; analyzing the collected data to identify the plurality of software applications to determine how each of the plurality of software applications interact with its respective identified software applications to detect at least two applications that communicate with each other, wherein the detected at least two applications that communicate with each other are distinct software applications; determining, by using a static analysis process, dependencies between the distinct software applications; and compiling visibility data based on the at least identified distinct software applications and their determined dependencies.
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Business analysis, research and information services;
business consulting services in the field of information
technology (IT) and cloud computing; compilation and
systemization of information into computer databases;
database management services; business data analysis; data
processing services; conducting and arranging trade show
exhibitions for commercial and advertising purposes in the
fields of technology, cloud computing, web services,
software, software as a service (SaaS), artificial
intelligence, software development, game development,
databases, data processing and analytics, data storage, data
warehousing, data archiving, data and information security,
networking, mobile computing, and the Internet of Things
(IoT). Design and development of computer hardware and software;
cloud computing services, namely, consulting services in the
field of cloud computing; computer services, namely, cloud
hosting provider services; hosting of digital content on the
Internet; computer services, namely, cloud hosting of
electronic databases and virtual computing environments;
database development services, namely, administering and
maintaining databases and virtual computing environments for
others in the nature of providing virtual computer systems
and virtual computer environment through cloud computing and
maintenance of online databases therein; electronic data
storage; rental of web servers and co-location servers for
containerized data centers of others; Application service
provider (ASP), namely, hosting computer software
applications and databases of others; computer services,
namely, application service provider in the nature of
hosting, managing, administering, maintaining, monitoring to
improve scalability and performance, data encrypting, data
decrypting, data replicating and backing up databases and
cloud computing environments for others; data and
application migration services; data mining services;
electronic data backup and data restoration services in the
nature of recovery of computer data; remote online backup of
computer data; data encryption and decryption services; data
warehousing; technical support services, namely,
troubleshooting of computer software problems; software as a
service (SaaS) services featuring software for collecting,
editing, modifying, organizing, synchronizing, integrating,
monitoring, transmitting, storage and sharing of data and
information.
88.
SYSTEM AND METHOD FOR UPDATING A NON-PERSISTENT COLLECTOR DEPLOYED IN A COMPUTE ENVIRONMENT
A system and method for updating a non-persistent collector deployed in a compute environment includes scheduling a collector to collect data from a workload, performing a check to determine if a version of an executable collector application present thereon is a current version, upon determining the application version is not the current version, updating the collector version to the current version, executing the current version to collect data from the workload, and removing the collector from the workload upon completion of the operation by the collector.
Disclosed is a new document processing solution that combines the powers of machine learning and deep learning and leverages the knowledge of a knowledge base. Textual information in an input image of a document can be converted to semantic information utilizing the knowledge base. A semantic image can then be generated utilizing the semantic information and geometries of the textual information. The semantic information can be coded by semantic type determined utilizing the knowledge base and positioned in the semantic image utilizing the geometries of the textual information. A region-based convolutional neural network (R-CNN) can be trained to extract regions from the semantic image utilizing the coded semantic information and the geometries. The regions can be mapped to the textual information for classification/data extraction. With semantic images, the number of samples and time needed to train the R-CNN for document processing can be significantly reduced.
G06V 10/82 - Dispositions pour la reconnaissance ou la compréhension d’images ou de vidéos utilisant la reconnaissance de formes ou l’apprentissage automatique utilisant les réseaux neuronaux
G06N 5/046 - Inférence en avantSystèmes de production
G06V 30/414 - Extraction de la structure géométrique, p. ex. arborescenceDécoupage en blocs, p. ex. boîtes englobantes pour les éléments graphiques ou textuels
G06V 30/40 - Reconnaissance des formes à partir d’images axée sur les documents
G06V 30/413 - Classification de contenu, p. ex. de textes, de photographies ou de tableaux
G06V 30/416 - Extraction de la structure logique, p. ex. chapitres, sections ou numéros de pageIdentification des éléments de document, p. ex. des auteurs
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Software as a service (SaaS) services featuring software for automating customer interactions and data collection for computer security consulting, namely, using artificial intelligence for customer interaction for identifying malware on computer systems, identifying the source and genealogy of malware, and identifying the objectives of computer system attackers; software as a service (SaaS) services featuring software using artificial intelligence for automating customer interactions and data collection for scanning and penetration testing of computers and networks to assess information security vulnerability for maintaining and updating of computer software relating to computer and network security and prevention of computer risks, and for protecting data and information from unauthorized access using artificial intelligence to develop plans for improving computer and network security and preventing criminal activity; cloud computing featuring software for detecting breaches associated with authorizing access to databases in the field of computer and network security; cloud computing services using artificial intelligence for automating customer interactions and data collection in the field of computer and network security; software as a service (SaaS) services featuring software using artificial intelligence for automating customer interactions and data collection for conducting online scanning, detecting, quarantining, and eliminating viruses, worms, Trojans, spyware, adware, malware and unauthorized data and programs on computers, networks, and electronic devices; computer systems analysis; software as a service (SaaS) services featuring software using artificial intelligence for automating customer interactions and data collection for monitoring of computer systems for protecting data and information from unauthorized access; computer security consultancy for protecting data and information from unauthorized access and computer technology consulting of systems using software as a service (SaaS) services using artificial intelligence for automating customer interactions for the surveillance and monitoring of vulnerability and security problems in computer hardware, networks, and software; computer security consultancy for protecting data and information from unauthorized access in the field of endpoint protection software or curated cyberthreat data for computer security assurance and identification of malicious intrusions into computers, computer networks or computer endpoints; software as a service (SAAS) services featuring software for detecting breaches associated with authorizing access to databases in the field of computer and network security; software as a service (SAAS) services, namely, hosting software for use by others for detecting, blocking, and removing computer viruses and threats; application service provider (ASP) featuring non-downloadable computer software for use in computer and network security using artificial intelligence for automating customer interactions and collection of data; computer services, namely, acting as an application service provider in the field of knowledge management to host computer application software for creating databases of information and data related to malware and computer and network security; computer security consultancy in the field of administration of digital keys and digital certificates; providing online non-downloadable software for the artificial production of human speech and text based on deep learning algorithms to recognize and respond to customer interactions relating to computer security consulting, namely, for identifying malware on computer systems, identifying the source and genealogy of malware, identifying the objectives of computer system attackers, scanning and penetration testing of computers and networks to assess information security vulnerability, maintaining and updating of computer software relating to computer and network security and prevention of computer risks, and for protecting data and information from unauthorized access using artificial intelligence to develop plans for improving computer and network security and preventing criminal activity.
91.
Machine learning-based malware detection in process memory
A plurality of memory image data is obtained. Respective ones of the memory image data may include captured memory contents from an executing process. Training data including feature vectors and classification values are provided to a machine learning (ML) training model executing on a processing device. The feature vectors may include indications of patterns within the memory image data. The ML training model is trained based on the training data to generate an ML production model. The training may include computing a plurality of model parameters that relate the feature vectors of the training data to the classification values of the training data.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/53 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p. ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par exécution dans un environnement restreint, p. ex. "boîte à sable" ou machine virtuelle sécurisée
A system and method for generating a set of instructions for static analysis, for application code utilizing an external initialization engine. The method includes receiving a result from a code hook, the code hook inserted into an application code at an anchor point, the application code deployed in a cloud computing environment, wherein the application code requires an external initialization framework; and generating a set of instructions based on the received result and the anchor point of the application code, in response to emulating execution of the application code.
A system and method for emulating application code in a simulated environment. The method includes receiving an application code including an external initialization code component, the application code deployed in a cloud computing environment; detecting a connection request in the external initialization code component; emulating a response to the connection request; and storing the emulated response for generating a set of instructions for a static analyzer to perform static analysis on the application and the generated set of instructions.
G06F 9/455 - ÉmulationInterprétationSimulation de logiciel, p. ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
G06F 8/75 - Analyse structurelle pour la compréhension des programmes
94.
Techniques for code isolation in static analysis of applications using application framework
A system and method for performing static analysis on an application having an external initialization includes receiving an application code having an external initialization code component, the application code deployed in a cloud computing environment; simulating a local computing environment in which to execute the received application code; emulating at least the external initialization code component in the simulated local computing environment; recording an action performed by the external initialization code component; and generating a set of instructions for a static analyzer to perform static analysis on the application and the generated set of instructions.
G06F 8/75 - Analyse structurelle pour la compréhension des programmes
G06F 11/34 - Enregistrement ou évaluation statistique de l'activité du calculateur, p. ex. des interruptions ou des opérations d'entrée–sortie
G06F 9/455 - ÉmulationInterprétationSimulation de logiciel, p. ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
A file format identification system can predict file formats associated with binary data. The file format identification system can extract n-grams, such as byte 4-grams, from the binary data. A trained neural network with at least one embedding layer can generate embedding arrays that correspond to the extracted n-grams. A trained file format classifier can compare values in the embedding arrays with patterns of values associated with known file formats. The trained file format classifier can accordingly determine which of the known file formats are most likely to be associated with the binary data.
Methods and systems are provided for entropy exclusion of labeled training data by extracting windows therefrom, for training an embedding learning model to output a feature space for a feature space based learning model. Based on feature embedding by machine learning, a machine learning model is trained to embed feature vectors in a feature space which magnifies distances between features of a labeled dataset. Before training, however, sub-sequences of bytes are extracted from each sample of the labeled subset, based on a window size hyperparameter and a window distance hyperparameter. Information entropy is computed for each among a set of extracted windows, and extracted windows having highest information entropy, as well as extracted windows having lowest information entropy, are excluded therefrom. Extracted windows of the subset are stored in a data stream and accessed sequentially to derive feature vectors.
Techniques for searching an inverted index associating byte sequences of a fixed length and files that contain those byte sequences are described herein. Byte sequences comprising a search query are determined and searched in the inverted index. In some examples, training data for training machine learning (ML) model(s) may be created using pre-featured data from the inverted index. In various examples, training data may be used to retrain the ML model until the ML model meets a criterion. In some examples, the trained ML model may be used to perform searches on the inverted index and classify files.
42 - Services scientifiques, technologiques et industriels, recherche et conception
Produits et services
Computer security consulting; Consulting in the field of information technology relating to installation, maintenance and repair of computer software; Computer security and network security consulting, namely, consultation in the fields of protecting data and information from unauthorized access, identifying malware on computer systems, identifying the source and genealogy of malware, and identifying the objectives of computer system attackers; computer security consultancy in the field of scanning and penetration testing of computers and networks to assess information security vulnerability; maintenance and updating of computer software relating to computer and network security and prevention of computer risks; computer security consultancy for protecting data and information from unauthorized access, namely, developing plans for improving computer and network security and preventing criminal activity; cloud computing featuring software for detecting breaches for use in computer and network security; cloud computing services featuring software for authorizing access to databases in the field of computer and network security; computer services, namely, online scanning, detecting, quarantining, and eliminating viruses, worms, trojans, spyware, adware, malware and unauthorized data and programs on computers, networks, and electronic devices; computer systems analysis; monitoring of computer systems for protecting data and information from unauthorized access; computer security consultancy for protecting data and information from unauthorized access; computer technology consulting in the field of systems for the surveillance and monitoring of vulnerability and security problems in computer hardware, networks, and software; computer security consultancy for protecting data and information from unauthorized access in the field of endpoint protection software or curated cyberthreat data for computer security assurance and identification of malicious intrusions into computers, computer networks or computer endpoints; software as a service (SAAS) services featuring software for ensuring the security of computers and computer networks; software as a service (SAAS) services, namely, hosting software for use by others for detecting, blocking, and removing computer viruses and threats; application service provider (ASP) featuring non-downloadable computer software for ensuring the security of computers and computer networks; computer services, namely, acting as an application service provider in the field of knowledge management to host computer application software for creating databases of information and data related to malware and computer and network security; computer security consultancy in the field of administration of digital keys and digital certificates
99.
DERIVING STATISTICALLY PROBABLE AND STATISTICALLY RELEVANT INDICATOR OF COMPROMISE SIGNATURE FOR MATCHING ENGINES
Methods and systems are provided for a histogram model configuring a computing system to derive an indicator of compromise signature based on a sliding window index of identified malware samples, and a matching rule constructor configuring a computing system to generate matching signatures by selecting statistically relevant n-grams of an unidentified file sample. A matching rule constructor configures the computing system to construct a matching rule including, as a signature, 32 n-grams found in the unidentified file sample which occur most frequently, and another 32 n-grams found in the unidentified file sample which occur least frequently amongst records of the threat database across 32 discrete file size ranges. These functions can configure backend operations to a sample identification operation performed by a user operating a client computing device, in a fashion that does not require a user to manually discern strings from the unidentified file sample to derive a signature for the matching engine to search against the threat database.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
100.
System, method and computer program product for smart upload automation
Systems, methods, and computer program products for smart upload automation in which actions are automatically performed on a set of digital assets against a target item. In one embodiment, a system includes a network, a server machine, a client machine and a data storage device, each of which is coupled to the network. The client machine designates digital assets and a target item against which the assets will be uploaded. The digital assets are uploaded by the client machine to the data storage device via the network. The server machine automatically performs actions on the digital assets without intervention by the client machine, where the actions are associated with or in some way defined by the target item. The actions may include setting metadata values of the digital assets based upon metadata associated with the target item, or generating different renditions of the digital assets.
G06F 3/0484 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] pour la commande de fonctions ou d’opérations spécifiques, p. ex. sélection ou transformation d’un objet, d’une image ou d’un élément de texte affiché, détermination d’une valeur de paramètre ou sélection d’une plage de valeurs
G06F 16/48 - Recherche caractérisée par l’utilisation de métadonnées, p. ex. de métadonnées ne provenant pas du contenu ou de métadonnées générées manuellement
G06F 16/957 - Optimisation de la navigation, p. ex. mise en cache ou distillation de contenus
G06F 16/958 - Organisation ou gestion de contenu de sites Web, p. ex. publication, conservation de pages ou liens automatiques
H04L 67/02 - Protocoles basés sur la technologie du Web, p. ex. protocole de transfert hypertexte [HTTP]
H04L 67/06 - Protocoles spécialement adaptés au transfert de fichiers, p. ex. protocole de transfert de fichier [FTP]
H04L 67/565 - Conversion ou adaptation du format ou du contenu d'applications
G06F 15/16 - Associations de plusieurs calculateurs numériques comportant chacun au moins une unité arithmétique, une unité programme et un registre, p. ex. pour le traitement simultané de plusieurs programmes