A current software tool is identified. The current software tool is used to manage and/or create a current corresponding software. For example, the current software tool may be a compiler and the current corresponding software may be a binary executable. A current mapping is generated between code provided to the current software tool and the current corresponding software using a first Artificial Intelligence (AI) algorithm. A comparison between the current mapping and a learned mapping is made to determine if the current software tool is manipulating the current corresponding software in an abnormal way. The learned mapping is based on historical code input into historical software tools and corresponding historical code output from the historical software tools. In response to determining that the current software tool is manipulating the current corresponding software in an abnormal way, the current software tool is identified as being compromised or likely compromised.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06N 5/022 - Ingénierie de la connaissanceAcquisition de la connaissance
2.
SECURITY ORCHESTRATION, AUTOMATION, AND RESPONSE (SOAR) PLAYBOOK GENERATION
A security orchestration, automation, and response (SOAR) playbook is often selected to address an incident, such as a fault or attack (e.g., malware, a phishing attack, etc.) on a computer system or component. However, when the incident is new, manual resolution is often utilized to address the incident. By utilizing a neural network trained to identify similarities in a new incident, the neural network can select a SOAR playbook and optionally automatically deploy the playbook to address the incident.
H04L 41/16 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p. ex. des réseaux de commutation de paquets en utilisant l'apprentissage automatique ou l'intelligence artificielle
3.
SENSITIVE INFORMATION DISCOVERY AND TEST COMPONENT CONFIGURATION
Testing software applications often requires a balancing of thoroughness versus the time and computing resources available to perform such tests. Certain data handling operations may potentially expose data to unauthorized parties. However, not all data is equal; some data requires a greater degree of protection than other data, which may be based on a security context (e.g., rule, law, policy, etc.). By generating rules determined by a particular context, extraneous tests on data outside of the context, may be omitted. Unnecessary tests may be omitted and the results of each analysis process correlated to identify actual vulnerabilities and omit false positives, such as vulnerabilities to data that does not require the same degree of care to avoid unauthorized exposure.
Containerized platforms like Kubernetes, OpenShift, EKS (Elastic Kubernetes Service), etc., containerize and orchestrate applications. There are mature solutions for discovering and modeling applications running in physical and virtualized machines, and for containerized platforms, there are solutions for discovering and modeling infrastructure like namespaces, controllers, and pods. While beneficial, such models are incomplete. Accordingly, systems and methods are provided herein for discovering applications and modeling resources utilized for the applications or product suites. As a result, version mismatches or unplanned changes may be detected and corrected.
G06F 9/455 - ÉmulationInterprétationSimulation de logiciel, p. ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
5.
Generalized dataflow analysis for static application security testing
A superlattice corresponding to static application security testing (SAST) of source code specifies lattices respectively corresponding to static analyses performable on the source code. Each lattice is specified by all possible lattice elements of the lattice and an operator indicating how two lattice elements of the lattice are combined during the static analysis to which the lattice corresponds. A lattice product of the lattices specified by the superlattice is generated based on all the possible lattice elements of each lattice and the operator of each lattice indicating how two lattice elements are combined. Generalized dataflow analysis executable code is executed on the source code, using the lattice product, to perform the SAST of the source code, including the static analyses respectively corresponding to the lattices.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
6.
USING CROSS-CHANNEL ANALYSIS TO DETECT ATTACKS ON SPREAD-SPECTRUM NETWORKS
Data of a plurality of channels of a spread-spectrum network are received. For example, the data of the plurality of channels of the spread-spectrum network may be captured by a spread-spectrum router (e.g., a WiFi router). The data of the plurality of channels of the spread-spectrum network is analyzed to identify an anomalous cross-channel pattern across the plurality of channels of the spread-spectrum network. For example, the attack may be a sequential attack across each of the channels of the spread-spectrum network. In response to identifying the anomalous cross-channel pattern across the plurality of channels of the spread-spectrum network, an action is taken to protect the spread-spectrum network. For example, the action may be to notify an administrator of the spread-spectrum network that a potential attack is occurring on the spread-spectrum network or to block access to the spread-spectrum router.
A first device transmits a request message to a proxy device to forward to a second device. The request message includes a public key. The second device transmits a response message to the proxy device to forward to the first device. The response message includes a cryptographic nonce and is encrypted with the public key. The first device decrypts the response message, and generates a session key based on the nonce and a pre-shared password. The first device generates a session key and transmits a challenge response encrypted with the session key to the proxy device to forward to the second device. The second device generates the session key and decrypts the challenge response with the session key. Upon the second device confirming the challenge response such that a secure session is established, the first and second devices communicate with one another over the secure session.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 9/30 - Clé publique, c.-à-d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
8.
Using Cross-Channel Analysis to Detect Attacks on Spread-Spectrum Networks
Data of a plurality of channels of a spread-spectrum network are received. For example, the data of the plurality of channels of the spread-spectrum network may be captured by a spread-spectrum router (e.g., a WiFi router). The data of the plurality of channels of the spread-spectrum network is analyzed to identify an anomalous cross-channel pattern across the plurality of channels of the spread-spectrum network. For example, the attack may be a sequential attack across each of the channels of the spread-spectrum network. In response to identifying the anomalous cross-channel pattern across the plurality of channels of the spread-spectrum network, an action is taken to protect the spread-spectrum network. For example, the action may be to notify an administrator of the spread-spectrum network that a potential attack is occurring on the spread-spectrum network or to block access to the spread-spectrum router.
Method and system to improve keyboard input in an automated test environment. The method includes determining a keyboard layout. The method also includes receiving an input, wherein the input comprises a plurality of characters. The method further includes processing the input to determine an input delay between each character of the plurality of characters and entering each character of the plurality of characters with the determined input delay between each character.
G06F 3/04886 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] utilisant des caractéristiques spécifiques fournies par le périphérique d’entrée, p. ex. des fonctions commandées par la rotation d’une souris à deux capteurs, ou par la nature du périphérique d’entrée, p. ex. des gestes en fonction de la pression exercée enregistrée par une tablette numérique utilisant un écran tactile ou une tablette numérique, p. ex. entrée de commandes par des tracés gestuels par partition en zones à commande indépendante de la surface d’affichage de l’écran tactile ou de la tablette numérique, p. ex. claviers virtuels ou menus
10.
Method And Apparatus To Recognize And Correlate Screens
Text screen description data for a terminal-based application is received. For example, the text screen description data may be received via an Application Programming Interface (API) call. The text screen description data comprises a screen description and one or more text field descriptions associated with the screen description. The one or more text field descriptions are associated with one or more text fields. The text screen description data is based on Basic Mapping Support (BMS) mappings. Image data of a screen for the terminal-based application is captured. The captured image data of the screen of the terminal-based application is correlated to the text screen description data for the terminal-based application to identify the one or text fields. As a result, a test script is automatically generated to test the one or more text fields based on the correlation.
A determination is made to see if a user has authenticated to a computer system using a plurality of authentication levels. For example, the user may have had a first session where the user is authenticated at authentication level one and a second session where the user is authenticated at authentication level two. Behavior of the user is separately tracked at each of the plurality of authentication levels to identify separate usage patterns of the user at each of the plurality of authentication levels. Anomalous behavior of the user is identified based on one or more variations from the separate usage patterns of the user at, at least one of the plurality of authentication levels. An action is taken based on identifying the anomalous behavior of the user. For example, the user's account may be locked, or an administrator may be notified.
One or more characters are input into an auto-complete field. Text of a displayed list of one or more candidate items is retrieved. The text of the displayed list of the one or more candidate items is compared to a predefined candidate item. In response to the text of the displayed list of one or more candidate items not having the predefined candidate item or not being withing a defined ranking, test results are flagged where the predefined candidate item is missing from displayed list of the one or more candidate items or is not withing the defined ranking. This allows the for automated testing of the auto-complete fields.
A watermark is generated. The generated watermark is specific to an individual owner of a media. The media may be any type of electronic media, such as, an image, a document, a movie, an audio file, a software application, and/or the like. The watermark is inserted into the media. The watermark in the media is changed when ownership of the media is changed. For example, as the media is sold to a new owner, the new owner's watermark is added to the media so that a chain of title can be verified directly from the media. In addition, the chain of title may also be verified via a blockchain.
A device, system, and method are provided. In one example, a method for polling for server events is described that includes storing, on a server, a list of events. The method also includes polling, by a client, the server for the list of events. The method includes receiving the list of events stored on the server. The method further includes broadcasting each event in the list of events received to an associated component; and requesting, by each component that receives at least one associated event, component related event data for each associated event.
H04L 41/069 - Gestion des fautes, des événements, des alarmes ou des notifications en utilisant des journaux de notificationsPost-traitement des notifications
H04L 43/10 - Surveillance active, p. ex. battement de cœur, utilitaire Ping ou trace-route
H04L 67/568 - Stockage temporaire des données à un stade intermédiaire, p. ex. par mise en antémémoire
15.
AUGMENTED QUESTION AND ANSWER (Q&A) WITH LARGE LANGUAGE MODELS
Large language models (LLMs) are versatile in responding to user questions on a wide variety of topics. However, LLMs suffer from several drawbacks, such as hallucinations, incomplete information, and inability to cite original sources of information. Disclosed herein are systems and methods for using an LLM in a restricted manner to respond to queries regarding document corpora, e.g., documents related to a set of products, such that the impact of these drawbacks is minimized. Information retrieval is coupled with LLMs to build a question and answer (Q&A) system on the text corpora. Complex retrieved information, incorporating human feedback, and recommendations in the Q&A system are provided.
An input regarding security characteristics of a project is received. For example, a security characteristic of a project may be insecure storage of data related to confidentiality. The project is scanned for one or more security requirements based on the received security characteristics. A list of security requirements is built for the project based on the received first input. A machine learning process is used to identify addition of one or more security requirements and/or removal of one or more security requirements from the list of security requirements. A first security vulnerability scan is run using the list of security requirements with the one or more additional security requirements and/or the removed one or more security requirements. Results for the first security vulnerability scan are generated and displayed to a user.
A first hash of information is generated. The first hash of the information is used to validate if the information (e.g., a software application) has changed. The first hash of the information is generated locally. The first hash of the information is sent to a trusted authority. The trusted authority is a service that is managed by an external party. A validation event associated with the information is detected. For example, a validation event may be where the software application is requesting to be loaded. In response to detecting the validation event associated with the information, a second hash of the information is generated. The second hash of the information is also generated locally. The second hash of the information is sent to the trusted authority. A message is received, from the trusted authority, indicating if the information has changed. The message is used to take an action
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G06F 21/52 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p. ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données
G06F 21/64 - Protection de l’intégrité des données, p. ex. par sommes de contrôle, certificats ou signatures
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
A first hash of information is generated. The first hash of the information is used to validate if the information (e.g., a software application) has changed. The first hash of the information is generated locally. The first hash of the information is sent to the trusted authority. The trusted authority is a service that is managed by an external party. A validation event associated with the information is detected. A request for the first hash of the information is sent to the trusted authority. The first hash of the information is received from the trusted authority. A second hash of the information is generated. The second hash of the information is generated locally. The received first hash of the information is compared to the generated second hash of the information to determine if the received first hash of the information is the same as the second hash of the information.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
19.
DETECTION OF MALICIOUS SOFTWARE PACKAGES USING MACHINE LEARNING ON CODE AND COMMUNITY DATA
Embodiments of the disclosure provide systems and methods for detecting malicious software packages. Detecting malicious software packages can include collecting information identifying one or more known malicious software component classifiers, collecting information identifying one or more known suspicious community behavior classifiers associated with the one or more known malicious software component classifiers and receiving a software package including software components. The method also includes identifying one or more software components of the software package as malicious based on a comparison between the software components of the software package and each of the collected one or more known malicious software component classifiers and the collected one or more known suspicious community behavior classifiers, generating a malicious probability for each of the identified one or more software components and evaluating whether the software package is malicious based on the generated malicious probability for each of the identified one or more software components.
Language used by a specific user in a specific context is gathered. The language used by the specific user in the specific context is language gathered from a plurality of previously captured electronic communication sessions. For example, the language of the specific user is captured from previous voice, video, and/or text communication sessions. A machine learning process based on the language gathered from the plurality of previously captured electronic communication sessions is trained. The trained machine learning process is used to determine if the specific user is actually participating in an electronic communication session or if a potential imposter is likely posing as the specific user in the electronic communication session. In response to determining that the potential imposter is likely posing as the specific user in the electronic communication session, an action is taken to secure the electronic communication session.
A visual media is received. For example, the received visual media may be a digital image, a video file, or a video stream. A plurality of colors in the visual media are identified. In response to identifying the plurality of colors in the visual media, one or more colors not in the visual media are identified. A watermark is placed in the visual media to produce a watermarked visual media. The watermark comprises at least one of the identified colors not in the visual media. The watermarked visual media is verified using image processing.
A current thread pattern is identified. For example, a thread pattern of a running software application is identified. Current resource information associated with the current thread pattern is identified. For example, the current resource information may include disk usage, packets sent, ports used, accounts created, etc. The current thread pattern and the current resource information associated with the current thread pattern are compared to an existing malicious thread pattern associated with a type of malware and existing malicious resource information associated with the existing thread pattern. A determination is made if the comparison meets a threshold. For example, if the current thread pattern is 90% similar to the existing malicious thread pattern and the current resource information is within 75% of the existing malicious resource information, the threshold is met. In response to the comparison meeting the threshold, an action is taken to mitigate the type of malware.
Source code for a type of malware is received. For example, the source code may be source code from a type of computer virus. An Artificial Intelligence (AI) algorithm is identified. For example, the AI algorithm may be ChatGPT. The source code of the type of malware is run through the AI algorithm to produce mutated source code for the type of malware. A prediction algorithm is used to predict a signature of the mutated source code for the type of malware. For example, the prediction algorithm is trained using existing source code of different types of malware to generate a prediction model. The signature of the mutated source code for the type of malware is then compared to a signature of a potentially new type of malware to determine if the signatures are similar.
A request is received, from a first communication device, to create a code (e.g., the request is to create a Quick Response (QR) code). The created code is for automatically creating a user account on a second communication device. For example, the second communication device may be a corporate web server. User information for automatically creating the user account on the second communication device is received. The code is created. The created code comprises at least one of: the user information for creating the user account; and a link to an account server, where the account server contains the user information. The created code is sent to the first communication device. The first communication device uses the code to create the account on the second communication device.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G06K 19/06 - Supports d'enregistrement pour utilisation avec des machines et avec au moins une partie prévue pour supporter des marques numériques caractérisés par le genre de marque numérique, p. ex. forme, nature, code
Documents are often generated using a customer communication management (CCM) application that utilizes rules to select and/or modify certain fragments of a document. By analyzing the rules and content that produced a certain fragment, a second CCM application may be automatically provided with the rules, such as when the first set of rules are not available for porting to a second system. Accordingly, a server may access a rule comprising a condition, a document fragment, and a rule identifier. A server may generate a first document to comprise visible content and hidden content. Generating the first document may comprise evaluating the rule and, when the rule is true, including the document fragment as a portion of the visible content and including the rule identifier as a portion of hidden content. A server may provide the first document to a destination.
Identifying and resolving weaknesses in software are common, resource-intensive tasks for many organizations. Machine-learning models are provided to automatically identify software vulnerabilities or other flaws, such as via entries in a weakness or vulnerability database, identify affected software, generate patches to resolve the vulnerabilities, and apply the patch to affected software. The patch is automatically extracted from code deltas between a software version having the weakness and a subsequent version wherein the weakness has been resolved. Other differences between the versions, not affecting the weakness, are excluded from the code deltas.
A request is received from a tenant. For example, the tenant may be a tenant of a multi-tenant cloud service. The request comprises a one or more Configuration Items (CIs). A CI is used to change data on a computer system or network. A computer resource license associated with the tenant is identified. A determination is made to identify if the request meets the computer resource license. In response to the request meeting the computer resource license, the one or more configuration items are implemented according to the computer resource license. In response to the request not meeting the computer resource license, the request is modified. For example, the request may be split into a plurality of requests.
Devices with low or no security are often added to networks. These devices have the ability to utilize the network and, accordingly, may pose a security risk. Systems and methods herein enable a device to be added to a network and, if the resulting new traffic matches a template, the device is established on an automatically created virtual local area network (VLAN) used solely for the new device. A router is automatically configured to allow traffic that matches the type of device that was newly added, but if other traffic is detected, the device may be treated as a threat and managed accordingly.
Strings of a text file representing a configuration of a target device are respectively tokenized into tokens for the configuration. The tokens for the configuration are shingled. A target device signature representing the configuration of the target device is generated by applying a min-wise independent permutations locality sensitive hashing (MinHash) technique to the tokens as have been shingled. Whether the configuration of the target device is anomalous is identified based on the target device signature.
Embodiments provide for detecting viruses and other malware in executing process threads based on thread patterns. According to one embodiment, detecting previously unknown malware associated with process threads can comprise capturing context information for each thread of a plurality of threads executing on a processor. The context information can define a thread pattern for the thread. The thread pattern for each thread can be compared to stored information defining one or more known patterns for thread execution based on previous execution of one or more threads. A thread pattern variation can be detected when the thread pattern for one or more threads does not match the stored information defining the known thread patterns. A determination can be made as to whether the detected thread pattern variation indicates presence of malware and actions can be performed based on determining the detected thread pattern variation indicates the presence of malware.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/52 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p. ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
A sandbox database is created. The sandbox database is typically a temporary database. For example, the sandbox database may be a test database for evaluating a new version of software. Creating the sandbox database comprises creating a sandbox cache in the sandbox database and copying metadata from a main database to the sandbox database. The sandbox cache is used to store record(s) that are accessed during the use of the sandbox database. The metadata is used to reference the record(s). This allows for a simpler process for creating a temporary database to be used for testing software.
G06F 11/36 - Prévention d'erreurs par analyse, par débogage ou par test de logiciel
G06F 16/27 - Réplication, distribution ou synchronisation de données entre bases de données ou dans un système de bases de données distribuéesArchitectures de systèmes de bases de données distribuées à cet effet
32.
AUTOMATED TESTING OF USER INTERFACES REQUIRING A TIME-BASED ONE-TIME PASSWORD (TOTP)
Automated testing of an application under test (AUT) often requires providing valid responses to an authentication challenge. Many AUTs require a username and password and, increasingly, a time-based one-time password (TOTP) that complicate automated testing. By storing a shared secret on a client device, a human can train an automated testing application to select the shared secret and provide the shared secret to a shared secret provider. The shared secret provider then provides a token code as the TOTP. The shared secret may be stored as a graphical element, such as a quick response (QR) code, and may further correspond to a particular username used to test the AUT.
Software developers and security personnel routinely scan code to look for threats, such as security vulnerabilities. While such scans are useful, they are unable to determine the actual data provided to a client device executing a web application. By monitoring the web traffic to a client, the libraries utilized by the web application may be determined by name, version, and vendor. With the library identified, the libraries may be provided to one or more repositories of vulnerabilities to identify the particular vulnerabilities of the library. With the vulnerability identified, a resolution (e.g., version wherein the vulnerability was fixed) may be identified and/or other action to mitigate the vulnerability.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
34.
Efficient Length Preserving Encryption of Large Plaintexts
A plaintext is received. For example, a plaintext may be a text record that is to be encrypted and then stored in a database. A determination is made to see if a size of the plaintext is above a threshold. The threshold is based on an efficiency of a Format Preserving Encryption (FPE) algorithm. In response to the size of the plaintext being above the threshold: the plaintext is divided into a plurality of blocks based on a block size; each of the blocks are individually encrypted using the FPE algorithm; and each of the blocks are stored as a single FPE cyphertext. This makes the FPE encryption process much more effacement than has previously been achieved. For example, the FPE process may be 30% more efficient depending on the size of the plain text.
H04L 9/06 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p. ex. système DES
A first hash of a record is retrieved. The first hash is tokenized by storing the first hash in a tokenization table that has a corresponding hash token. A request is received to validate the record. The request to validate the record comprises a second hash of the record and a second hash token. In response to receiving the request to validate the record, the record is validated by looking up the first hash in the tokenization table using the second hash token and comparing the looked up first hash to the second hash. In response to the looked up first hash being the same as the second hash, the record is validated. In response to the looked up first hash not being the same as the second hash, the record is not validated.
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
A first hash of a record is retrieved. The first hash is encrypted using an encryption key to produce an encrypted hash. The encrypted hash is stored in the record by replacing the first hash with the encrypted hash or by adding the encrypted hash to the record. A request is received to validate the record. In response to receiving the request to validate the record, the record is validated by: unencrypting the encrypted hash using the encryption key to produce a second hash; hashing the record to produce a third hash; and comparing the second hash to the third hash. In response to the second hash being the same as the third hash, the record is validated. In response to the second hash not being the same as the third hash, the record is not validated.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
37.
THROTTLING TEST MODE FOR BROWSER-BASED WEB APPLICATION LOAD TESTING
For each of a number of test commands of a test script for browser-based load testing of a web application hosted by a server device communicatively connected to the test device over a network, the test command is executed within a browser instance running on the test device and simulating usage of the web application by a user. In response to determining that the test command that has been executed is a browser operation command, that the test command executes for a minimum length of time is ensured in a throttling test mode in which the web application is tested via the browser instance.
One or more unused locations in a software image are identified. An example of a software image may be a container image or virtual machine image. An unused location may be a location where padding is used in the software image. A first watermark is placed in the one or more unused locations to produce a watermarked software image. A request is received to load the watermarked software image. In response to receiving the request to load the watermarked software image, a second watermark is generated using the one or more unused locations in the watermarked software image and the second watermark is then compared to the first watermark. In response to the first watermark matching the second watermark, the software image is loaded. In response to the first watermark not matching the second watermark, the software image is not loaded.
A first execution of a test script is recorded. The recording of the first execution of the test script is of a first interaction between a communication device and an Application Under Test (AUT). First request and response data for the first execution of the test script is captured. A second execution of the test script is recorded. Second request and response data for the second execution of the test script is captured. The first execution of the test script and the second execution of the test script are isolated sessions. The first request and response data is compared to the second request and response data to find one or more varying response values. The one or more varying response values are searched to identify correlations. A second test script is automatically created based on the identified correlations.
An anomaly on a computer network is identified by processing data generated by the computer network. The anomaly is identified based on a first anomaly threshold of a plurality of anomaly thresholds associated with the anomaly. In response to determining that the anomaly has met the first anomaly threshold of the plurality of anomaly thresholds associated with the anomaly, a first authentication level associated with the first anomaly threshold is identified. The plurality of anomaly thresholds associated with the anomaly have a plurality of associated authentication levels. A user interface is displayed to an administrator that includes a prompt to authenticate the administrator at the first authentication level. Authenticating the administrator at the first authentication level allows the administrator to take an action associated with the anomaly. For example, the administrator may unload an application that may likely have been compromised.
An event profile corresponding to a data source at a target system is determined. The event profile includes, for each of a number of fields, a percentage of events that after processing by the data source include data in that event field. A reference event profile is determined that includes, for each of the event fields, a reference percentage. The event profile is compared to the reference event profile. Whether the data source properly processed the events is determined based on comparison of the event profile to the reference event profile.
A first load cycle of an application is determined to have been completed. A load cycle is where the application has been loaded, executed, and then unloaded. One or more of first load parameter associated with the first load cycle of the application, a first execution parameter associated with the first load cycle of the application, and a first unload parameter associated with the first load cycle of the application are retrieved and compared to one or more of a second load parameter associated with a second load cycle of the application, a second execution parameter associated with the second load cycle of the application, and a second unload parameter associated with the second load cycle of the application. The comparison can then be used to identify anomalies between load cycles of the application.
Software applications often incorporate an embedded browser to perform web-based operations. Not all browsers operate the same way, for example, elements within tabs in Microsoft Edge browsers use messages to communicate through web extensions, while Microsoft Internet Explorer (IE) browsers use the original browsers helper object (BHO). A consequence of the different paradigms is that certain graphical elements may be duplicated in a resource table. A test development may fail to identify the duplication and may produce extraneous or erroneous tests. By launching on a system and monitoring the system's executing processes, a browser application may be determined to be running and, if so, a refresh operation is performed on an application under test (AUT). If the AUT refresh operation results in a browser also performing a refresh, the type of embedded browser may be identified and any duplicates of the same graphical elements identified and merged for subsequent testing.
Methods, systems, and techniques are provided for displaying objects in virtual network computing (VNC). For example, a VNC connection may be established between a first device and a second device, where the VNC connection enables a synchronization of an interactive display layout from the first device to the second device. Subsequently, after the VNC connection is established, a page structure of the first device may be retrieved based on an application programming interface (API) on the second device. In some embodiments, based on the retrieved page structure, one or more non-interactive objects on the second device may be displayed, where the one or more non-interactive objects are displayed on top of at least a portion of the interactive display layout at the second device.
G06F 3/0484 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] pour la commande de fonctions ou d’opérations spécifiques, p. ex. sélection ou transformation d’un objet, d’une image ou d’un élément de texte affiché, détermination d’une valeur de paramètre ou sélection d’une plage de valeurs
G06F 3/04886 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] utilisant des caractéristiques spécifiques fournies par le périphérique d’entrée, p. ex. des fonctions commandées par la rotation d’une souris à deux capteurs, ou par la nature du périphérique d’entrée, p. ex. des gestes en fonction de la pression exercée enregistrée par une tablette numérique utilisant un écran tactile ou une tablette numérique, p. ex. entrée de commandes par des tracés gestuels par partition en zones à commande indépendante de la surface d’affichage de l’écran tactile ou de la tablette numérique, p. ex. claviers virtuels ou menus
H04L 41/40 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p. ex. des réseaux de commutation de paquets en utilisant la virtualisation des fonctions réseau ou ressources, p. ex. entités SDN ou NFV
H04L 65/1069 - Établissement ou terminaison d'une session
Documents are often generated using a customer communication management (CCM) application that utilizes rules to select and/or modify certain fragments of a document. By analyzing the rules and content that produced a certain fragment, a second CCM application may be automatically provided with the rules, such as when the first set of rules are not available for porting to a second system. Accordingly, a server may access a rule comprising a condition, a document fragment, and a rule identifier. A server may generate a first document to comprise visible content and hidden content. Generating the first document may comprise evaluating the rule and, when the rule is true, including the document fragment as a portion of the visible content and including the rule identifier as a portion of hidden content. A server may provide the first document to a destination.
G06F 40/284 - Analyse lexicale, p. ex. segmentation en unités ou cooccurrence
G06F 40/131 - Fragmentation de fichiers textes, p. ex. création de blocs de texte réutilisablesLiaison aux fragments, p. ex. par utilisation de XIncludeEspaces de nommage
A plurality of captured packets are received. The plurality of captured packets are from a plurality of packet flows. A packet flow is a communication session between two devices. For example, a packet flow may be a communication session between a client and a server. The plurality of captured packets are sorted into individual packet flows. The individual packet flows are converted into individual videos. For example, each packet from each packet flow is stored as a separate video frame in an individual video. A machine learning algorithm is applied to the individual videos to perform analytic tasks on the individual videos. For example, the machine learning algorithm may be used to identify anomalies within a packet flow and/or between packet flows.
H04L 43/026 - Capture des données de surveillance en utilisant l’identification du flux
G06V 20/40 - ScènesÉléments spécifiques à la scène dans le contenu vidéo
H04L 43/028 - Capture des données de surveillance en filtrant
H04L 65/61 - Diffusion en flux de paquets multimédias pour la prise en charge des services de diffusion par flux unidirectionnel, p. ex. radio sur Internet
47.
AUTO-FIX OBJECT NOT FOUND ERROR USING IMAGE RECOGNITION
A system, device, system-on-a-chip, and method of automatically correcting an object not found error using image recognition are described. The method includes running a test script for testing and analysis of a web page as rendered by a web browser. The method further includes, responsive to detecting the object not found error, automatically locating a missing object associated with the object not found error. One method of locating a missing object includes using image recognition. The method also includes updating the test script with a located object. The method may also include replaying the test script.
Embodiments of the disclosure provide systems and methods for analyzing log files. Automated processing of log files can comprise reading a log file generated during execution of an application and comprising a plurality of log events and generating a plurality of templates based on the plurality of log events in the log file. Each template can map a log event to a candidate value for the log event. The plurality of log events can be aggregated into a plurality of groups based on the candidate value mapped to each log event in the plurality of templates and the plurality of groups of log events can be ranked. The log file can be partitioned based on the ranking of the plurality of groups of log events and one or more groups of log events can be provided to an analysis process based on the partitioning of the log file.
Management program code is executable by a management server on a management network to perform processing. The processing includes establishing a communication stream with a database control agent for a database on a database network separate from the management network, without opening any ports on the database network for access by the management program code. The processing includes receiving a database command for the database from client program code, and dispatching the database command to the database control agent over the communication stream for execution against the database. The processing includes receiving execution results of the database command from the database control agent over the communication stream, and returning the execution results to the client program code in satisfaction of the database command.
Embodiments of the disclosure provide systems and methods for accurately identifying functions in software code that represent vulnerabilities. Identifying vulnerable functions in software code can comprise collecting information identifying one or more known Common Vulnerabilities and Exposures (CVEs) and identifying one or more vulnerable functions in the software code based on relationships between the collected information identifying the one or more known CVEs and the one or more vulnerable functions in the software code. A call graph can be derived for the software code based on the identified one or more vulnerable functions. Each of the identified one or more vulnerable functions can be indicated in the call graph by a vulnerability symbol. A determination can be made as to whether each identified one or more vulnerable functions is a true vulnerability, i.e., when the vulnerable function is encountered when traversing the call graph.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
A communication stream is received. For example, the communication stream may be a part of a communication session, such as, a voicemail, a videomail, a voice conference call, a video conference call, and/or the like. A determination is made if the communication stream is completely generated using a session watermark. The session watermark is associated with the communication session. In response to determining that the communication stream is completely generated using the session watermark, the communication stream is identified as a legitimate communication stream. In response to determining that the communication stream has not been completely generated using the session watermark, the communication stream is identified as potentially a vishing communication steam.
A request to grant control of a virtual resource is received. For example, a user may provide a set of authentication credentials that allow the user to execute a virtual machine. The request to grant control of the virtual resource uses an authentication level of a plurality of authentication levels associated with the virtual resource. The request to grant control of the virtual resource is validated. In response to validating the request to grant control of the virtual resource, control of the virtual resource is granted according to the authentication level of the plurality of authentication levels associated with the virtual resource. The user can then control/access the virtual resource based on privileges associated with the authentication level.
A distributed database system maintains a database including a data shard for which a primary computing node is responsible. The primary computing node identifies a data storage plan for the data shard. The plan identifies a file subset of data storage files of the shard to be merged into a larger data storage file, and a node subset of computing nodes of the system that subscribe to the data shard. The primary node identifies which computing nodes of the node subset each have sufficient computing resources to execute the plan, as candidate computing nodes. The primary node identifies which files of the file subset each candidate computing node locally caches. The primary node selects one candidate computing node to execute the plan, based on the files of the file subset that each candidate computing node locally caches. The primary node causes the selected candidate computing node to execute the plan.
A plurality of circular blockchains are created. The plurality of circular blockchains may comprise different structures. For example, the plurality of circular blockchains may include: a single genesis block where a last block in each of the plurality of circular blockchain links back to the single genesis block, a plurality of genesis blocks where a last block in each of the plurality of circular blockchain links back to individual ones of the plurality of genesis blocks, and a genesis block and one or more connection blocks that form the plurality of circular blockchains.
A method includes parsing a data object model associated with a webpage to change an original color scheme for each node of the data object model. Each node corresponds to a display feature of a layout of the webpage. The method also includes generating a modified data object model by replacing the original color scheme for each node with a calculated color scheme, displaying the layout of the webpage using the modified data object model, capturing an image of the layout of the webpage as displayed and detecting any errors in the layout of the webpage. The calculated color scheme assigns a unique color code to each feature of the node based on a position of each feature within the node and based on a position of each node within the data object model.
Input data is received from an analysis of an application running in a real-world environment. The input data identifies one or more parameters that are associated with one or more test scripts that are used to test a new version of the application running in the real-world environment. One or more inputs are received that map the received input data to the one or more test scripts. The one or more test scripts are used to test the new version of the application. The one or more tests scripts are executed against the new version of the application based on the one or more parameters.
A current a version of an external component (e.g., an open-source component or a third-party component) that is used in a software application is identified. A new version of the current version of the external component is identified (supply chain components). For example, the new version may have been just released by an open-source community. In response to identifying the new version of the current version of the of the external component, a series of actions are implemented that include: identifying changes to Application Programming Interfaces (APIs) in the new version of the current version of the external component; identifying new vulnerabilities in the new version of the current version of the external component; and determining a quality history associated with the new version of the current version of the external component. Based on the actions, a composite score is generated and displayed to a developer.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 8/71 - Gestion de versions Gestion de configuration
A request is received to deploy a configuration on a computing resource. A compliance check on the configuration is performed according to a policy to determine whether deployment of the configuration on the computing resource is permitted. In response to determining that the deployment of the configuration on the computing resource is permitted, a deployer for the computing resource is controlled to deploy the configuration on the computing resource.
A request to authenticate to a Blockchain as a Service (BaaS) is received from a tenant (e.g., a user that is acting on behalf of a corporation). An authentication credential of the tenant associated with the request to authenticate to the BaaS is determined to be valid. In response to determining that the authentication credential of the tenant associated with the request to authenticate to the BaaS is valid, a level of access is granted to the BaaS. A request is received, from the tenant, to add a transaction block to a blockchain in the BaaS. The blockchain in the BaaS is interspersed with transaction blocks from a plurality of tenants of the BaaS. The transaction block is then added to the blockchain in the BaaS. This addition to the BaaS represents both an Escrow and an Audit capability.
A database stores, for each of a number of software packages, a software package embedding representing the software package. The database stores, for each software package, code block embeddings respectively representing code blocks of the software package. The database stores, for each software package, functionality embeddings respectively representing functionality clusters into which the code block embeddings representing the code blocks of the software package have been clustered. A query embedding representing a query is generated, and used to query the database to identify a relevant code block within a relevant software package for the query.
One or more iterations are performed. Each iteration includes calculating, for each of a number of data points that each have a label probability distribution, a label quality measure based on the label probability distribution of the data point. Each iteration includes updating the label probability distribution of each of at least one of the data points using either or both of a classification technique and a constrained clustering technique based on the data points and the label quality measure of each data point.
A request is received by a network management server, from a managed node, to get cluster information. The cluster information identifies a coordinator node and a leader node (a node hierarchy) that are used to track liveness of the managed node. The coordinator node and the leader node may be identified based on being in the same location as the managed node. The cluster information is sent to the managed node to make the managed node aware of the hierarchy. The coordinator node consolidates liveness of the nodes in its grouping in the cluster. The coordinator node sends a first liveness message of the managed node to the leader node. The leader consolidates a group of coordinator nodes by sending a second liveness message of the managed node to the network management server. This gives the network management server a status of all the managed nodes in the cluster.
H04L 43/0817 - Surveillance ou test en fonction de métriques spécifiques, p. ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux en vérifiant la disponibilité en vérifiant le fonctionnement
H04L 41/0663 - Gestion des fautes, des événements, des alarmes ou des notifications en utilisant la reprise sur incident de réseau en réalisant des actions prédéfinies par la planification du basculement, p. ex. en passant à des éléments de réseau de secours
H04L 43/10 - Surveillance active, p. ex. battement de cœur, utilitaire Ping ou trace-route
A snapshot event is received. The snapshot event is a snapshot of data that was sampled based on a snapshot metric. For example, the snapshot event may be a number of user logins (the data) over a specific time period (the snapshot metric). A destination analytical database is determined for the snapshot event. The snapshot event may then be sent to a queue. The snapshot event is then sent to the destination analytical database and stored in the destination analytical database.
G06F 16/28 - Bases de données caractérisées par leurs modèles, p. ex. des modèles relationnels ou objet
G06F 16/11 - Administration des systèmes de fichiers, p. ex. détails de l’archivage ou d’instantanés
G06F 16/27 - Réplication, distribution ou synchronisation de données entre bases de données ou dans un système de bases de données distribuéesArchitectures de systèmes de bases de données distribuées à cet effet
An indication of a user being authenticated is received. For example, the user authenticates with a valid username/password. In response to receiving the indication of the user being authenticated, a watermark is associated with the user. The watermark is sent to a communication device of the user. For example, the watermark is sent to the user's personal computer. The communication device of the user embeds the watermark into a communication. For example, the watermark may be embedded into a communication session with a web server. The watermark is sent to a routing device on a network (e.g., a router and/or firewall). The routing device uses the watermark embedded in the communication to determine how to route the communication on the network.
An input regarding security characteristics of a project is received. For example, a security characteristic of a project may be insecure storage of data related to confidentiality. The project is scanned for one or more security requirements based on the received security characteristics. A list of security requirements is built for the project based on the received first input. A machine learning process is used to identify addition of one or more security requirements and/or removal of one or more security requirements from the list of security requirements. A first security vulnerability scan is run using the list of security requirements with the one or more additional security requirements and/or the removed one or more security requirements. Results for the first security vulnerability scan are generated and displayed to a user.
A first node in a distributed blockchain ledger validates all remaining nodes in the distributed blockchain ledger to secure the distributed blockchain ledger. The remaining nodes in the distributed blockchain ledger can be validated in various ways. For example, an encrypted package can be exchanged to obtain a unique session key for each of the remaining nodes in the distributed blockchain ledger. Another alternative is to receive split-key fragments from all the nodes in the distributed blockchain ledger. The received split-key fragments are used to generate a common key for validating all the remaining nodes in the distributed blockchain ledger.
Thread information generated by one or more computing systems is captured. A thread pattern is identified from the captured thread information. The thread pattern is compared to a learned thread pattern. An anomaly is identified in the thread pattern based on a variance from the learned thread pattern. In response to identifying the anomaly in the thread pattern, an action is taken based on the anomalous thread pattern. For example, a user may be notified. The thread patterns may be extended to compare between operating systems, hypervisors, containers, and/or virtual machines.
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 9/455 - ÉmulationInterprétationSimulation de logiciel, p. ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
A multi-factor authentication request of a user is received. For example, the multi-factor authentication request may include a valid username/password and a valid fingerprint scan. A first authentication factor of the multi-factor authentication request is an access authentication factor (e.g., the valid username/password) and a second authentication factor (e.g., the valid fingerprint scan) of the multi-factor authentication request is one of: a time-only authentication factor; a multi-session authentication factor; and a location-only authentication factor. The user is authenticated based on the first authentication factor and the second authentication factor. Access is granted to one or more resources according to one or more rules associated with the first authentication factor and second authentication factor.
Software is commonly built from a package of software packages, such as open-source packages. A package may require a number of interdependent packages, any one of which may have a security vulnerability. However, the dependencies between packages are often version specific and merely upgrading a package to the newest, or newest non-vulnerable, version may break a dependency and cause the software to be unbuildable (e.g., fail to compile or link) or, if built, faulty. By mapping dependencies to non-vulnerable versions a graphical representation may be built having one or more root-to-leaf paths identifying all the required packages by compatible version but exclude any vulnerable versions. The package may then be built to ensure the resulting software is both internally compatible between packages and absent known security vulnerabilities.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
A request to add a new block to a blockchain is received. Data associated with the new block is scanned to identify malware and/or an anomaly. In response to identifying the malware and/or the anomaly in the data associated with the new block, an action is taken. The action includes: rejecting the request to add the new block to the blockchain, or removing the malware/anomaly from the new block and adding the new block to the blockchain. In a second embodiment, a malware event is identified that identifies malware/an anomaly in a block in a blockchain. In response to the malware event, an action is taken. The action includes: consolidating the blockchain, bypassing the block in the blockchain, consolidating the blockchain and bypassing the block in the blockchain, and deleting an encryption key that was used to encrypt the associated data that comprises the malware and/or the anomaly.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
A pointer is set to a first code unit of an original string that encodes characters via code units within an encoding scheme. Whether the code unit of the original string referenced by the pointer is valid within the encoding scheme is determined. If the code unit referenced by the pointer is valid, one or more code units of the original string that encode a single character within the encoding scheme are processed, starting at the code unit referenced by the pointer. The one or more code units as have been processed are appended to a processed string. A single shadow unit indicating that the one or more code units that have been processed are valid is appended to a shadow array. The pointer is advanced to the code unit of the original string following the one or more code units.
Command line inputs to a system by a user or automated script can comprise a number of legitimate commands but, as a series, reveal a reconnaissance attack, such as to gain knowledge of a system without a legitimate reason to do so. A trained artificial intelligence monitors the command line inputs to the system, as a series, and determines therefrom whether a match exists to a reconnaissance attack. The match may be a non-exact match, such as a match determined by a long short-term memory (LSTM) machine learning model. A reconnaissance attack response may then be initiated upon determining a match is present.
H04L 41/16 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p. ex. des réseaux de commutation de paquets en utilisant l'apprentissage automatique ou l'intelligence artificielle
73.
Providing single-sign-on for multifactor authentication
A request to authenticate is received. For example, the request to authenticate may be to authenticate to a software application or a device. The request to authenticate is for a first authentication level for a user. The first authentication level is one of a plurality of authentication levels for the user. The request to authenticate is authorized based on a provided one or more authentication factors (e.g., a valid username/password). A plurality of authentication tokens are retrieved. The plurality of authentication tokens are associated with the first authentication level. In addition, each authentication token of the plurality of authentication tokens is associated with an individual application of a plurality of applications. Access to information in the plurality of applications is granted based on the plurality of authentication tokens.
A request to install a first version of a software application is received. The first version of the software application is stored in a first blockchain in a first distributed blockchain ledger. In response to receiving the request to install the first version of the software application, the first version of the software application is validated by running a hash of the first blockchain. In response to validating the first version of the software application, the first version of the software application is installed from the blockchain to a device. The software application may also be validated after being installed to the device.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 9/06 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p. ex. système DES
Examples relate to detecting an abnormality. The examples disclosed herein enable receiving, from a first user, a first request to perform a first transaction on at least one data record. A plurality of transactions originated from the first request may be organized in a first hierarchical tree-based data structure having multiple depth levels. The data structure may comprise a root node representing the first transaction and a leaf node representing a second transaction. The examples further enable detecting the abnormality based on at least one parameter where the at least one parameter comprises a size of the data structure and a depth level associated with the leaf node.
G06F 11/00 - Détection d'erreursCorrection d'erreursContrôle de fonctionnement
G06F 11/08 - Détection ou correction d'erreur par introduction de redondance dans la représentation des données, p. ex. en utilisant des codes de contrôle
G06F 11/34 - Enregistrement ou évaluation statistique de l'activité du calculateur, p. ex. des interruptions ou des opérations d'entrée–sortie
G06F 16/22 - IndexationStructures de données à cet effetStructures de stockage
G06F 17/00 - Équipement ou méthodes de traitement de données ou de calcul numérique, spécialement adaptés à des fonctions spécifiques
Examples herein involve authorization of use of cryptographic keys based on cryptocurrency payments. An example method includes analyzing a request for a cryptographic key of a key server where the request may be received from a requesting device and the cryptographic key is used to decrypt or encrypt a message of the request, and authorizing use of the cryptographic key to decrypt or encrypt the message based on a balance in a cryptocurrency wallet associated with the request.
G06Q 20/38 - Protocoles de paiementArchitectures, schémas ou protocoles de paiement leurs détails
G06Q 20/06 - Circuits privés de paiement, p. ex. impliquant de la monnaie électronique utilisée uniquement entre les participants à un programme commun de paiement
G06Q 20/40 - Autorisation, p. ex. identification du payeur ou du bénéficiaire, vérification des références du client ou du magasinExamen et approbation des payeurs, p. ex. contrôle des lignes de crédit ou des listes négatives
G06Q 20/12 - Architectures de paiement spécialement adaptées aux systèmes de commerce électronique
G06Q 20/36 - Architectures, schémas ou protocoles de paiement caractérisés par l'emploi de dispositifs spécifiques utilisant des portefeuilles électroniques ou coffres-forts électroniques
Network traffic is monitored over a period of time (e.g., network traffic of a corporate network). Based on the monitored network traffic: an abstract temporal graph of the network traffic is generated; graph-based node embeddings of the abstract temporal graph are learned; edge tabular embeddings for edges of the abstract temporal graph are learned; and hybrid embeddings are computed. The computed hybrid embeddings are based on the learned graph-based node embeddings for the abstract temporal graph and the learned edge tabular embedding for the edges of the abstract temporal graph. This process is then repeated over multiple time periods and temporal trajectories are computed using the computed hybrid embeddings for each time period. The temporal trajectories are then used for analysis of the network. For example, the temporal trajectories are used to identify anomalies for prevention of security breaches of the network.
H04L 41/16 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p. ex. des réseaux de commutation de paquets en utilisant l'apprentissage automatique ou l'intelligence artificielle
H04L 43/08 - Surveillance ou test en fonction de métriques spécifiques, p. ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux
78.
System and method for managing fragmented encryption keys for granting access
A secondary fragment of an encryption key is received. The secondary fragment is associated with an authentication process of a user. The secondary fragment is one of a plurality of secondary fragments of the encryption key. The user is authenticated (e.g., by validating a username/password). The encryption key is regenerated using the secondary fragment and a primary fragment of the encryption key. In response to regenerating the encryption key using the secondary fragment and the primary fragment, and authenticating the user: access is granted, to the user, by unencrypting an encrypted data record using the regenerated encryption key.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
79.
Computing resources discovery via replacing filter parameter of input query with discovery job parameter
Prior to initiating discovery of computing resources of an information technology (IT) infrastructure, an input query and a discovery job are received, and one or more trigger configuration items (CIs) are calculated. The input query specifies how the computing resources are discovered, and has a filter parameter. The discovery job is for the input query, has a job parameter, and is associated with a trigger query that is a subset of the input query. The trigger CIs are calculated based on the trigger query, such that the filter parameter of the input query is replaced with the job parameter in the trigger CIs. Discovery of the computing resources is initiated by dispatching each trigger CI. As discovery of the computing resources occurs, CIs representing the computing resources matching the trigger CIs are received, and the CIs are populated within a configuration management database (CMDB).
Results of an authentication process are received. The authentication process allows for a graded level of authentication using a plurality of authentication types (e.g., a username/password and a fingerprint scan). Encrypted data is then accessed. The encrypted data has been encrypted using a plurality of encryption levels. The data is unencrypted based on the graded level of authentication.
In a second embodiment, a system and method are provided that establish a communication session (e.g., a voice or email communication session). The communication session is between a plurality of users. During the communication session, an indication is received to change an encryption level for the communication session. In response to receiving the indication to change the encryption level for the communication session, an encryption level of the first communication session is dynamically changed from a first level of encryption to a second level of encryption.
Systems and methods include determining a target date; detecting a calendar in a graphical user interface; recognizing a month name in the detected calendar; recognizing one or more date numbers in the detected calendar; identifying a week start day for the detected calendar; identifying a position in the detected calendar associated with the target date based on the identified week start day for the detected calendar and the recognized one or more date numbers in the detected calendar; and automatically selecting the position in the detected calendar associated with the target date.
A request to authenticate is received (e.g., a request to login with a username/password). The request to authenticate comprises an address associated with the request to authenticate (e.g., an IP address). The request to authenticate is validated. In response to validating the request to authenticate, a message is sent to a routing device that identifies the address as authenticated for routing packets. In a second embodiment, a DHCP discover message is received. The DHCP discover message is a request to get an IP address. A determination is made to determine if the DHCP discover message comprises a watermark. In response to determining that the DHCP discover message comprises the watermark: a DHCP offer message is sent with an IP address and a third message is sent to a routing device that identifies the IP address as valid for routing packets.
H04L 61/5014 - Adresses de protocole Internet [IP] en utilisant le protocole de configuration dynamique de l'hôte [DHCP] ou le protocole d'amorçage [BOOTP]
A transaction block in a blockchain is generated. The transaction block in the blockchain comprises a token that points to blockchain data in a tokenization table. An event is detected (e.g., an administrative event). The event is to forget the blockchain data in the tokenization table. In response to detecting the event, the blockchain data in the tokenization table is forgotten. For example, forgetting the blockchain data may comprise permanently deleting the blockchain data in the tokenization table and/or permanently deleting an encryption key for the blockchain data in the tokenization table.
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G06F 16/27 - Réplication, distribution ou synchronisation de données entre bases de données ou dans un système de bases de données distribuéesArchitectures de systèmes de bases de données distribuées à cet effet
An event is identified. The event is associated with device content (e.g., one or more files) and a network location (e.g., a branch location of a corporation). One or more rules are retrieved. The one or more rules are associated with the device content, the network location, and a number of communication devices at the network location. A number of shards (e.g., erasure encoding shards) are determined based on the rules. The number of shards are generated. The number of shards are sent to a plurality of communication devices at the network location according to the rules. The plurality of communication devices at the network location are equal to or less than the number of communication devices at the network location.
G06F 15/16 - Associations de plusieurs calculateurs numériques comportant chacun au moins une unité arithmétique, une unité programme et un registre, p. ex. pour le traitement simultané de plusieurs programmes
H04L 65/61 - Diffusion en flux de paquets multimédias pour la prise en charge des services de diffusion par flux unidirectionnel, p. ex. radio sur Internet
H04L 65/75 - Gestion des paquets du réseau multimédia
85.
Training a system to recognize scroll bars in an application under test
The design for modern graphical interfaces generated by an application under test (AUT) can take many forms. A codeless testing system reads the output generated by the AUT to identify components, however, scroll bars may be present but in a form that is not reliably identified. As a result, an AUT may comprise scrollable graphical elements that are not identified as such resulting in the performance of tests that are incomplete. By applying a middle button click event, an associated pointer changes form and reveals an associated graphical element to comprise a scrollable element. When the pointer change occurs, testing directed to the scrollable element is then included to perform a more complete testing of the features of the AUT.
A self-contained validation process is initiated. For example, an application may contain code to initiate the self-contained validation process. The self-contained validation process comprises at least one of: a self-contained application validation process, a self-contained container validation process, a self-contained virtual machine validation process, and a self-contained hypervisor validation process. In response to initiating the self-contained validation process, the self-contained validation process requests a list of vulnerabilities associated with the self-contained validation process. The list of vulnerabilities associated with the self-contained validation process is received. For example, the received list of vulnerabilities may identify a security vulnerability in the application. An action taken based on the received list of vulnerabilities associated with the computer process. For example, the application may self-quarantine itself based on the received list of vulnerabilities.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
87.
Method and apparatus for efficient file/folder synchronization
A synchronization structure that indicates changes to files that are to be synchronized is created. The synchronization structure is stored as a series of synchronization blocks. A first synchronization message is received from a communication device. The first synchronization message includes a next block number. A second synchronization message is sent to the communication device. The second synchronization message comprises one or more synchronization blocks that are identified based on the next block number. A third synchronization message is received from the communication device. The third synchronization message requests a number of files to be synchronized. The number of files to be synchronized are sent to the communication device.
A controller system receives from a deployer for a computing resource and into which the controller system has been hooked, a state of the computing resource resulting from deployment of a configuration on the computing resource by a deployment user using the deployer. In response to receiving the state of the computing resource from the deployer, the controller system persists the state within a database. In response to receiving the state of the computing resource from the deployer, the controller system automatically invokes a process previously defined by a process user and maintained by a process system into which the controller system has been hooked, based on the state.
For each item represented within log events that have a power law-oriented distribution, first and second metrics for the item are computed based on the log events which pertain to the item. The items are organized over bins according to the first metric. The bins correspond to different ranges of the first metric. For each bin, the items in the bin are ordered according to the second metric. A plot of the bins over which the items have been organized according to the first metric, is graphically displayed, which includes displaying, for each bin, the items in the bin as have been ordered according to the second metric.
A primary blockchain for a software application is created that comprises a first block associated with a software component of the software application. An event is received that is associated with the software component. In response to receiving the event, a component blockchain is created that is associated with the software component. The component blockchain comprises a second block associated with the event. The component blockchain links to the primary blockchain. This provides a structure for managing supply chains of software components. As new software components are received, the new software components can be managed and tracked for quality/security.
G06F 16/27 - Réplication, distribution ou synchronisation de données entre bases de données ou dans un système de bases de données distribuéesArchitectures de systèmes de bases de données distribuées à cet effet
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
91.
Systems and methods for entity interestingness-based retention and removal
A system includes a processor and a memory coupled with and readable by the processor and storing therein a set of instructions. When executed by the processor, the processor is caused to receive application events associated with an application and create data records based on the application events. The processor is further caused to compute an interestingness value for each of the data records based on a goal of the application, assign the computed interestingness value to each of the data records and store each of the data records with the assigned interestingness value.
A request is received, by a plurality of nodes that are part of a distributed blockchain ledger, to add a transaction block to a plurality of blockchains in the distributed blockchain ledger. The transaction block comprises a transaction block authentication credential(s). The plurality of nodes that are part of the distributed blockchain ledger determine if the transaction block authentication credential(s) are valid. An indication is received from at least a majority of the plurality of nodes that are part of the distributed blockchain ledger that the transaction block authentication credential(s) are valid. In response to receiving the indication from the at least a majority of the plurality of nodes that are part of the distributed blockchain ledger that the transaction block authentication credential(s) are valid, the transaction block is added to the plurality of blockchains in the distributed blockchain ledger.
Testing software applications is routinely limited by time or testing iterations rather than exhaustively testing ever possible permutation of inputs or execution paths. By configuring a testing device to only perform relevant tests, the test results are more meaningful (e.g., few false-positives) and relevant to the application. Additional effects include reduced processing times and storage requirements. As described herein, source code is analyzed to determine elements that indicate a particular environment for the source code's corresponding machine code. When the source code indicates that a particular environment is not a candidate for execution of the machine code, tests associated with that particular environment are excluded. The testing device is then configured to perform those tests, either statically or dynamically, that are relevant for those environments that actually apply.
Embodiments of the present disclosure provide a system for generating risk scores in near real-time. The system includes a processor and a memory coupled with and readable by the processor and storing therein a set of instructions. When executed by the processor, the processor is caused to generate risk scores in near real-time by receiving near real-time application events associated with an application in near real-time and identifying anomalies from the near real-time application events. The processor is further caused to generate risk scores in near real-time by generating an intermediate near real-time risk score for the identified anomalies and combining the intermediate near real-time risk score with a batch risk score generated from a batch process executed prior to receiving the near real-time application events to generate a near real-time risk score.
According to an example, a model is selected from models including an augmented buyer model based on probabilities of conceivable transitions, and each conceivable transition includes a multi-step transition between a first URL and a second URL via at least one intermediate URL of the website. A user is determined to likely be a buyer or a non-buyer based on interaction data and the selected model. The user is presented with an offer that encourages the user to buy from the website upon the determination that the user is a buyer.
A sub-archive is initiated. The sub-archive saves changes that have occurred since a previous final archive. Changes to an operational database (i.e., the operational database that is being archived) are allowed during the first sub-archive. A final archive is initiated in series after the sub-archive has completed. The final archive does not allow changes to the operational database when the final archive is active. In one embodiment, the sub-archive may comprise a plurality of sub-archives that depend on an amount of outstanding changes that exist in the operational database.
A request to retroactively add one or more of an encryption level, an encryption type, a security level, and an authentication level to an existing blockchain is received. An authentication/encryption block is added to the existing blockchain. The authentication/encryption block comprises the one or more of the encryption level, the encryption type, the security level, and the authentication level. Based on the added authentication/encryption block in the existing blockchain, the one or more of the encryption level, the encryption type, the security level, and the authentication level are retroactively applied to at least a portion of blockchain data in the existing blockchain. In one embodiment, a data structure is used in place of the authentication/encryption block.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p. ex. par clés ou règles de contrôle de l’accès
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
H04L 9/38 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité le chiffrement étant effectué par un appareil mécanique, p. ex. cames rotatives, interrupteurs, perforatrices de bande à clavier de clé
98.
Sensitive information discovery and test component configuration
Testing software applications often requires a balancing of thoroughness versus the time and computing resources available to perform such tests. Certain data handling operations may potentially expose data to unauthorized parties. However, not all data is equal; some data requires a greater degree of protection than other data, which may be based on a security context (e.g., rule, law, policy, etc.). By generating rules determined by a particular context, extraneous tests on data outside of the context, may be omitted. Unnecessary tests may be omitted and the results of each analysis process correlated to identify actual vulnerabilities and omit false positives, such as vulnerabilities to data that does not require the same degree of care to avoid unauthorized exposure.
G06F 21/00 - Dispositions de sécurité pour protéger les calculateurs, leurs composants, les programmes ou les données contre une activité non autorisée
According to examples, an apparatus may include a processor and a memory on which are stored machine-readable instructions that when executed by the processor, may cause the processor to receive information regarding a performance characteristic of an application during predetermined time periods. The processor may calculate a rate of change in the performance characteristic over the predetermined time periods. Based on a determination that the performance characteristic of the application has changed over the predetermined time periods, the processor may tune values of a set of parameters for the application based on the calculated rate of change in the performance characteristic.
Software applications may be installed on a variety of platforms and/or process a variety of data or data in a variety of structures. As a result, optimizing a system to maximize performance often depends on a specific utilization and the specific data being processed. Systems and methods are provided herein to compare the performance of one processing logic, often a live or production environment to a test environment that varies the performance parameters. The variations may be provided by a machine learning algorithm, such as neural network, and produce an improved set of parameters that may then be applied to the production environment.
