Baseline structure information and/or baseline weight information associated with an AI algorithm is retrieved. For example, the baseline weight information may comprise a hash a weight of the AI algorithm. Current structure information and/or current weight information associated with the AI algorithm is retrieved. The baseline structure information and/or the baseline weight information is compared to the current structure information and/or the current weight information. In response to the baseline structure information and/or the baseline weight information being different from the current structure information and/or the current weight information, a determination is made that the AI algorithm has been compromised. In response to the baseline structure information and/or the baseline weight information being the same as the current structure information and/or the current weight information, a determination is made that the AI algorithm has not been compromised.
A system includes at least one processor and a computer readable memory. When executed by the at least one processor, the at least one processor is caused to scan one or more resources associated with a configuration management database (CMDB) and access metadata regarding an installed software application from the scanned one or more resources. The at least one processor is further caused to create a list of candidate resources from the scanned one or more resources based on a number of attributes used to identify the installed software application from the accessed metadata, select a candidate resource based on the number of attributes used to identify the installed software application, identify the installed software application based on the selected candidate resource and update a Software Application Index (SAI) library with the metadata from the candidate resource.
Devices with low or no security are often added to networks. These devices have the ability to utilize the network and, accordingly, may pose a security risk. Systems and methods herein enable a device to be added to a network and, if the resulting new traffic matches a template, the device is established on an automatically created virtual local area network (VLAN) used solely for the new device. A router is automatically configured to allow traffic that matches the type of device that was newly added, but if other traffic is detected, the device may be treated as a threat and managed accordingly.
A distributed database system maintains a database including a data shard for which a primary computing node is responsible. The primary computing node identifies a data storage plan for the data shard. The plan identifies a file subset of data storage files of the shard to be merged into a larger data storage file, and a node subset of computing nodes of the system that subscribe to the data shard. The primary node identifies which computing nodes of the node subset each have sufficient computing resources to execute the plan, as candidate computing nodes. The primary node identifies which files of the file subset each candidate computing node locally caches. The primary node selects one candidate computing node to execute the plan, based on the files of the file subset that each candidate computing node locally caches. The primary node causes the selected candidate computing node to execute the plan.
A plurality of sets input of parameters are captured. The captured plurality of sets of input parameters are input into a first Artificial Intelligence (AI) algorithm that generates a plurality of corresponding AI generated source code. Each set of the captured plurality of sets of input parameters comprises one or more input parameters. The plurality of corresponding AI generated source code are scanned to identify an issue. For example, the issue may be a type of malware or a software vulnerability. A second AI algorithm identifies a first input parameter from the plurality of sets of input parameters that is associated with the identified issue. The second AI algorithm modifies, based on the first input parameter, a new first input parameter provided to the first AI algorithm. The first new input parameter is used to generate a new corresponding AI generated source code.
Strings of a text file representing a configuration of a target device are respectively tokenized into tokens for the configuration. The tokens for the configuration are sequenced. A target device signature representing the configuration of the target device is generated by applying a hashing technique to the tokens as have been sequenced. Whether the configuration of the target device is anomalous is identified based on the target device signature.
A media is created. The media may be a document, an image, a video file, an audio file, a real-time communication session, an email, a chat session, and/or the like. The media is associated with a plurality of authentication levels. For example, the media may use a first authentication level that requires a username/password and a second authentication level that requires a fingerprint scan of a user. The media is created based on a security process according to the plurality of authentication levels. For example, the security process may be an encryption process and/or a tokenization process. The media is divided into a plurality of sections based on the plurality of authentication levels. The security process is applied to the plurality of sections based on the plurality of authentication levels.
Documents are often generated using a customer communication management (CCM) application that utilizes rules to select and/or modify certain fragments of a document. By analyzing the rules and content that produced a certain fragment, a second CCM application may be automatically provided with the rules, such as when the first set of rules are not available for porting to a second system. Accordingly, a server may access a rule comprising a condition, a document fragment, and a rule identifier. A server may generate a first document to comprise visible content and hidden content. Generating the first document may comprise evaluating the rule and, when the rule is true, including the document fragment as a portion of the visible content and including the rule identifier as a portion of hidden content. A server may provide the first document to a destination.
Log events for a target system are received. In each of a number of iterations, selection of a filter from a library of preexisting filters is received from a user, the selected filter is applied to the log events to generate filtered log events, and the filtered log events are displayed to the user. In each iteration other than a first iteration, the selected filter is applied to the filtered log events that are generated in an immediately preceding iteration.
A trained machine learning algorithm receives input data that may contain sensitive information. For example, the input data may be top secret military specifications that are sent as an attachment in an email that is being sent outside of a government computer network. The trained machine learning algorithm is trained with one of: sensitive training data or insensitive training data (or there may be two trained machine learning algorithms where one is trained with the sensitive training data and one is trained with the insensitive training data). The trained machine learning algorithm determines whether the input data contains the sensitive information. In response to determining that the input data contains the sensitive information, an action is taken to prevent release of the input data. For example, the action may be to block the sending of the email.
A search table is instantiated for a search query for which matching events of the events stored in an events table are to be continually provided as new events are continually loaded into the events table. The matching events satisfy the search query. The search table is to store the matching events. A search job for the search query is generated. The search job is to be continually (i.e., periodically) run to retrieve the matching events stored in the events table that are not already stored in the search table and to insert the retrieved matching events in the search table. The search job is therefore continually (i.e., periodically) run, such that the matching events are continually (i.e., periodically) provided from the search table and not from the events table.
A system includes a processor and a memory. When executed by the processor, the processor is caused to receive a first file including one or more components, parse the first file into a metadata portion and one or more non-metadata portions, generate a manifest for each of the one or more non-metadata portions, generate an output data stream including component manifest and data pairs for each of the one or more non-metadata portions, normalize the output data stream, generate a first hash code corresponding to the normalized output data stream and compare the first hash code to a plurality of hash codes. If the first hash code matches any hash code of the plurality of hash codes, the processor is caused to prevent the first file from being stored in the database or automatically remove the corresponding file associated with the hash code matched with the first hash code.
A simplified, flow-insensitive graph, such as a Steensgaard graph, of a representation of source code of a program is constructed. Static application security testing (SAST) analysis on the representation is performed using the simplified heap graph to identify potential security vulnerabilities in the source code. The SAST analysis is flow-insensitive due to usage of the simplified heap graph. Any lines of the representation that do not contribute to the potential security vulnerabilities are removed. A non-simplified heap graph of the representation is constructed from which any lines that do not contribute to the potential security vulnerabilities have been removed. The SAST analysis is performed on the representation using a flow-sensitive heap model derived from the non-simplified graph to identify actual security vulnerabilities in the source code. The SAST analysis is flow-sensitive due to usage of the flow-sensitive heap model derived from the non-simplified heap graph.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
14.
PERFORMING SAST ON SECOND VERSION OF SOURCE CODE AFTER SAST HAS BEEN PERFORMED ON FIRST VERSION
A second version of source code of a program is analyzed in relation to a first version of the source code to identify: which alarm instructions of the second version require analysis to identify second security vulnerabilities in the second version, and which first security vulnerabilities identified in the first version remain in the second version. Static application security testing (SAST) is performed on the second version in relation to the alarm instructions that have been identified as requiring analysis, to identify the second security vulnerabilities. Each second security vulnerability pertains to one of the alarm instructions. The first security vulnerabilities identified as remaining in the second version are added to the second security vulnerabilities that have been identified.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
15.
Generation of Vectors from Source Code Produced by Artificial Intelligence (AI) Algorithms to Identify Issues in Source Code
A mutated issue in AI generated source code is identified. For example, the mutated issue may be a mutated type of malware. A snippet of source code in the AI generated source code that comprises the mutated issue is identified. A vector based on the snippet of source code in the AI generated source code that comprises the mutated issue is generated. Vectors of a second source code (e.g., a new software application) are compared using the vector generated from the snippet of source code in the AI generated source code that comprises the mutated issue. The comparison is used to identify new types of issues in the second source code.
A blockchain is created. The blockchain comprises an authentication block that defines one or more authentication credentials that are required to be provided by an endorser to add a first type of transaction block to the blockchain. For example, a user may be required to provide a username/password to add a smart contract transaction block to the blockchain. A request to add the first type of transaction block to the blockchain is received. The first type of transaction block is added to the blockchain. Adding the first type of transaction block to the blockchain is based on the endorser providing the one or more authentication credentials.
G06Q 20/40 - Autorisation, p. ex. identification du payeur ou du bénéficiaire, vérification des références du client ou du magasinExamen et approbation des payeurs, p. ex. contrôle des lignes de crédit ou des listes négatives
G06Q 20/02 - Architectures, schémas ou protocoles de paiement impliquant un tiers neutre, p. ex. une autorité de certification, un notaire ou un tiers de confiance
G06Q 20/38 - Protocoles de paiementArchitectures, schémas ou protocoles de paiement leurs détails
Systems and methods are disclosed for configuring a testing device to only perform relevant tests, wherein the test results are more meaningful (e.g., few false-positives) and relevant to the application. Source code is analyzed to determine elements that indicate a particular environment for the source code's corresponding machine code. When the source code indicates that a particular environment is not a candidate for execution of the machine code, tests associated with that particular environment are excluded. The testing device is then configured to perform those tests that are relevant for those environments that actually apply.
In response to a web page of a web site having been loaded, a consent management platform (CMP) used by the web site is identified. That the web page includes a cookie consent portion is detected based on the CMP used by the web site. In response to detecting that the web page includes the cookie consent portion, whether the cookie consent portion includes a reject-all option is detected based on the CMP used by the web site. In response to detecting that the cookie consent portion includes the reject-all option, the reject-all option is automatically selected without user interaction.
An initial corpus of source code is received. The initial corpus of source code is for training an Artificial Intelligence (AI) algorithm that generates source code. The initial corpus of source code is scanned, using a test suite, to identify one or more potential vulnerabilities in the initial corpus of the source code. The identified one or more potential vulnerabilities in the initial corpus of the source code are mitigated to produce a training corpus of source code. For example, the mitigation may comprise removing malware from the initial corpus. The mitigation is to remove the vulnerabilities so that the vulnerabilities do not show up in source code generated by the AI algorithm. The AI algorithm is then trained using the training corpus of source code. The trained AI algorithm is executed to produce generated source code.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
20.
License Analysis for Artificial Intelligence (AI) Generated Compositions
A composition is generated by an AI algorithm. For example, the AI generated composition may be an image that was generated by the AI algorithm. The AI generated composition is analyzed, using a similarity algorithm, to identify a snippet of the AI generated composition that is the same or similar to snippet of a composition used to train the AI algorithm. The license information associated with the snippet of the composition used to initially train the AI algorithm is identified. Licensing information for the AI generated composition that comprises the licensing information associated with the identified snippet of the AI generated composition is generated. The licensing information is associated with the AI generated composition. For example, the licensing information may be used to track the AI generated composition and/or copies of the AI generated composition.
A defect in the code of a software program is identified. An initial ranking for the defect in the code of the software program is determined. One or more network websites are crawled to identify information associated with the defect in the code of the software program. The information associated with the defect in the defect in the code of the software program is analyzed. In response to analyzing the information associated with the defect in the code of the software program, a second ranking is created for the defect in the code of the software program. The defects in the code of the software program and the second ranking are generated for display in a graphical user interface. By prioritizing which defects are more critical, the quality of the released software improved. In addition, the released software is more secure because critical defects have been removed.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 16/951 - IndexationTechniques d’exploration du Web
22.
SUPPLY CHAIN ANALYSIS FOR ARTIFICIAL INTELLIGENCE (AI) GENERATED SOURCE CODE
Source code generated by an Artificial Intelligence (AI) algorithm is analyzed to identify a snippet of source code generated by the AI algorithm that is the same or similar to source code used to train the AI algorithm. For example, a specific function in a component in the source code used to train the AI algorithm is identified in the snippet of source code generated by the AI algorithm. A determination is made to see if the identified snippet of source code generated by the AI algorithm is used in a software application. A bill-of-materials for the software application is generated that comprises information associated with the identified snippet of source code. In other words, the bill-of-materials for the software application includes a bill-of-materials for the AI generated source code in the software application.
Automated scans of a browser are used to simulate user action and access client-side code returned by the client application under test. To maintain a state of a logged-in user, scanners such as WebInspect rely on state synchronization mechanisms. Prior art browsers relied on cookies to store state information. With browser advancements, several additions were made to store client-side data in a browser, such as a database for local storage (e.g., web storage). Embodiments herein are directed to utilization of a local data storage to determine and manage a logged-in state of an automated user and enable automated testing that may otherwise fail if a user is not logged in.
An Artificial Intelligence (AI) generated composition is retrieved. For example, an AI generated composition may be an image generated by an AI algorithm. The AI generated composition is generated based on a training corpus that was used to train the AI algorithm. The training corpus comprises a plurality compositions (e.g., ten thousand images). A similarity algorithm is used to identify a snippet of the AI generated composition that matches a snippet of the one of the plurality of compositions. A watermark associated with the one of the plurality of compositions is identified. The watermark is inserted into the AI generated composition. The watermark may be then used to track illegal copies of the AI generated composition.
Attacks on a first network can be targeted to the first network or components on the first network, or can be untargeted, wherein other networks each receive the same attack. By determining if an attack is targeted or untargeted, a more appropriate response may be initiated to protect the private network. A targeted attack may indicate that an actor, which may be an unfriendly state-sponsored actor, is directing their efforts to penetrate a particular network. In response, additional efforts to protect the network and/or other assets having common ownership of the network may be reinforced in anticipation of a broader attack.
A first graphical object in a graphical user interface is identified using an Artificial Intelligence (AI) algorithm. The graphical user interface comprises a second graphical object that was not properly identified by the AI algorithm. Source code is retrieved from a hierarchical model of the graphical user interface. A determination is made if the identified first identified graphical object and the second graphical are the same type (e.g., a button object). In response to the identified first graphical object and the second graphical object being the same type, an attribute of the identified first graphical object is compared to an attribute of the second graphical object. In response to the attribute of the identified first graphical object being the same as the attribute of the second graphical object, the second graphical object as identified as the same graphical object type as the first graphical object.
A method includes capturing a first image of the GUI at a first time, after the first time, providing the GUI with an input event to change a configuration of at least one of the plurality of graphical elements to include an expanded region and capturing a second image of the GUI at a second time after the input event. A background of the second image of the GUI changes from a background of the first image of the GUI to include one or more background text blocks and an expanded region text block. The method also includes obtaining, a difference image, determining whether the difference image includes the one or more background text blocks and the expanded region text block; and selecting a text block closest to a position of the at least one of the plurality of graphical elements as the expanded region text block.
Attacks on a first network can be targeted to the first network or components on the first network, or can be untargeted, wherein other networks each receive the same attack. By determining if an attack is targeted or untargeted, a more appropriate response may be initiated to protect the private network. A targeted attack may indicate that an actor, which may be an unfriendly state-sponsored actor, is directing their efforts to penetrate a particular network. In response, additional efforts to protect the network and/or other assets having common ownership of the network may be reinforced in anticipation of a broader attack.
Input source code is retrieved. The input source code is subject to one or more licenses. For example, input source code subject to the MIT and GPL V2 open-source licenses may be retrieved from an open-source repository. A code generation Artificial Intelligence (AI) algorithm is trained using the input source code. The trained code generation AI algorithm is executed to produce output source code. For example, a set of parameters that define the output source code may be provided as input to execute the code generation AI algorithm. One or more licenses associated with the output source code are identified. For example, a vector-based AI algorithm may be used to identify the one or more licenses. The one or more licenses are associated with the output source code. This allows for proper licensing and attribution of the output source code.
A virtualization pattern is learned. The learned virtualization pattern comprises information associated with one or more virtualized processes. For example, the virtualization pattern may comprise the creation of a first micro service and the spawning of a second micro service from the first micro service. The learned virtualization pattern is compared to a current virtualization pattern to identify an anomalous virtualization pattern in the current virtualization pattern. In response to identifying the anomalous virtualization pattern in the current virtualization pattern, an action is taken. For example, the action taken may be to quarantine a virtual process, to unload the virtual process, to quarantine a tenant partition, and/or the like.
Source code in a programming language is received. The source code is converted to a generalized intermediate level representation not specific to any programming language. The source code is converted from the generalized intermediate level representation to a generalized lower level representation adapted to a dataflow analysis portion of static application security testing (SAST). The generalized lower level representation is also not specific to any programming language.
In multi-threaded or multi-processor computing systems, a deadlock may occur when two or more processes or threads are unable to proceed because they are each waiting for a resource that the other holds. As a result, progress is halted because conflicting entities are stuck in a circular dependency, and none can release the resources they hold to let the others continue. Systems and methods are provided wherein a resource reservation is carried out in two steps. The first step causes query nodes to add an identifier to a queue and, upon a request and the identifier being in a first position, a non-sharable resource is reserved. As a result, non-sharable resources are reserved in order and when needed, thereby preventing deadlocks.
H04L 67/1012 - Sélection du serveur pour la répartition de charge basée sur la conformité des exigences ou des conditions avec les ressources de serveur disponibles
A training corpus for training a similarity algorithm is retrieved. For example, the training corpus may be source code of a software application. The similarity algorithm is trained using the training corpus. A network is crawled to identify data. For example, the Internet may be randomly crawled to identify source code. The data is run through the similarity algorithm to determine a likely match between the training corpus and the identified data on the network. In response to determining the likely match between the training corpus and the identified data on the network, an action is taken. For example, the action may be to identify a particular website as containing illegally copied source code of the software application.
A system includes a processor and a memory. When executed by the processor, the processor is caused to receive a document including at least one of structured data, semi-structured data, and unstructured data, analyze the metadata in the structured format to generate features enhancing the metadata in the structured format, produce classification data for the document based on the features enhancing the metadata in the structured format and the content in the unstructured format, automatically classify the document based on the classification data and store the classification data in a database structure. The classification data is used to effectively search for the document. The structured data includes metadata about the document in a structured format, the semi-structured data includes content of the document in an unstructured format and metadata about the document in the structured format and the unstructured data includes the content of the document in the unstructured format.
G06F 16/908 - Recherche caractérisée par l’utilisation de métadonnées, p. ex. de métadonnées ne provenant pas du contenu ou de métadonnées générées manuellement utilisant des métadonnées provenant automatiquement du contenu
35.
AUTOMATIC REAL USER MONITORING (RUM) INSTRUMENTATION
Systems and methods are disclosed to develop and use a tool to enable an application package to be instrumented with automatic real user monitoring (RUM) without accessing the original source code. A package, such as Android application bundle (AAB) or Android package kit (APK), is imported and decoded and a generated source code file and/or manifest is obtained. Instrumentation is then added at a location corresponding to a code signature in the generated source code file (e.g., an operation to be instrumented before and/or after the operation). The generated source code file is then compiled and packaged into an APK and/or AAB file. The resulting application package is available for downloading, installation, and use on user devices with the instrumentation having been automatically added and without access to the original source code.
A current software tool is identified. The current software tool is used to manage and/or create a current corresponding software. For example, the current software tool may be a compiler and the current corresponding software may be a binary executable. A current mapping is generated between code provided to the current software tool and the current corresponding software using a first Artificial Intelligence (AI) algorithm. A comparison between the current mapping and a learned mapping is made to determine if the current software tool is manipulating the current corresponding software in an abnormal way. The learned mapping is based on historical code input into historical software tools and corresponding historical code output from the historical software tools. In response to determining that the current software tool is manipulating the current corresponding software in an abnormal way, the current software tool is identified as being compromised or likely compromised.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06N 5/022 - Ingénierie de la connaissanceAcquisition de la connaissance
37.
SECURITY ORCHESTRATION, AUTOMATION, AND RESPONSE (SOAR) PLAYBOOK GENERATION
A security orchestration, automation, and response (SOAR) playbook is often selected to address an incident, such as a fault or attack (e.g., malware, a phishing attack, etc.) on a computer system or component. However, when the incident is new, manual resolution is often utilized to address the incident. By utilizing a neural network trained to identify similarities in a new incident, the neural network can select a SOAR playbook and optionally automatically deploy the playbook to address the incident.
H04L 41/16 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p. ex. des réseaux de commutation de paquets en utilisant l'apprentissage automatique ou l'intelligence artificielle
38.
SENSITIVE INFORMATION DISCOVERY AND TEST COMPONENT CONFIGURATION
Testing software applications often requires a balancing of thoroughness versus the time and computing resources available to perform such tests. Certain data handling operations may potentially expose data to unauthorized parties. However, not all data is equal; some data requires a greater degree of protection than other data, which may be based on a security context (e.g., rule, law, policy, etc.). By generating rules determined by a particular context, extraneous tests on data outside of the context, may be omitted. Unnecessary tests may be omitted and the results of each analysis process correlated to identify actual vulnerabilities and omit false positives, such as vulnerabilities to data that does not require the same degree of care to avoid unauthorized exposure.
Containerized platforms like Kubernetes, OpenShift, EKS (Elastic Kubernetes Service), etc., containerize and orchestrate applications. There are mature solutions for discovering and modeling applications running in physical and virtualized machines, and for containerized platforms, there are solutions for discovering and modeling infrastructure like namespaces, controllers, and pods. While beneficial, such models are incomplete. Accordingly, systems and methods are provided herein for discovering applications and modeling resources utilized for the applications or product suites. As a result, version mismatches or unplanned changes may be detected and corrected.
G06F 9/455 - ÉmulationInterprétationSimulation de logiciel, p. ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
40.
Generalized dataflow analysis for static application security testing
A superlattice corresponding to static application security testing (SAST) of source code specifies lattices respectively corresponding to static analyses performable on the source code. Each lattice is specified by all possible lattice elements of the lattice and an operator indicating how two lattice elements of the lattice are combined during the static analysis to which the lattice corresponds. A lattice product of the lattices specified by the superlattice is generated based on all the possible lattice elements of each lattice and the operator of each lattice indicating how two lattice elements are combined. Generalized dataflow analysis executable code is executed on the source code, using the lattice product, to perform the SAST of the source code, including the static analyses respectively corresponding to the lattices.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
41.
USING CROSS-CHANNEL ANALYSIS TO DETECT ATTACKS ON SPREAD-SPECTRUM NETWORKS
Data of a plurality of channels of a spread-spectrum network are received. For example, the data of the plurality of channels of the spread-spectrum network may be captured by a spread-spectrum router (e.g., a WiFi router). The data of the plurality of channels of the spread-spectrum network is analyzed to identify an anomalous cross-channel pattern across the plurality of channels of the spread-spectrum network. For example, the attack may be a sequential attack across each of the channels of the spread-spectrum network. In response to identifying the anomalous cross-channel pattern across the plurality of channels of the spread-spectrum network, an action is taken to protect the spread-spectrum network. For example, the action may be to notify an administrator of the spread-spectrum network that a potential attack is occurring on the spread-spectrum network or to block access to the spread-spectrum router.
A first device transmits a request message to a proxy device to forward to a second device. The request message includes a public key. The second device transmits a response message to the proxy device to forward to the first device. The response message includes a cryptographic nonce and is encrypted with the public key. The first device decrypts the response message, and generates a session key based on the nonce and a pre-shared password. The first device generates a session key and transmits a challenge response encrypted with the session key to the proxy device to forward to the second device. The second device generates the session key and decrypts the challenge response with the session key. Upon the second device confirming the challenge response such that a secure session is established, the first and second devices communicate with one another over the secure session.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 9/30 - Clé publique, c.-à-d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
43.
Using Cross-Channel Analysis to Detect Attacks on Spread-Spectrum Networks
Data of a plurality of channels of a spread-spectrum network are received. For example, the data of the plurality of channels of the spread-spectrum network may be captured by a spread-spectrum router (e.g., a WiFi router). The data of the plurality of channels of the spread-spectrum network is analyzed to identify an anomalous cross-channel pattern across the plurality of channels of the spread-spectrum network. For example, the attack may be a sequential attack across each of the channels of the spread-spectrum network. In response to identifying the anomalous cross-channel pattern across the plurality of channels of the spread-spectrum network, an action is taken to protect the spread-spectrum network. For example, the action may be to notify an administrator of the spread-spectrum network that a potential attack is occurring on the spread-spectrum network or to block access to the spread-spectrum router.
Text screen description data for a terminal-based application is received. For example, the text screen description data may be received via an Application Programming Interface (API) call. The text screen description data comprises a screen description and one or more text field descriptions associated with the screen description. The one or more text field descriptions are associated with one or more text fields. The text screen description data is based on Basic Mapping Support (BMS) mappings. Image data of a screen for the terminal-based application is captured. The captured image data of the screen of the terminal-based application is correlated to the text screen description data for the terminal-based application to identify the one or text fields. As a result, a test script is automatically generated to test the one or more text fields based on the correlation.
Method and system to improve keyboard input in an automated test environment. The method includes determining a keyboard layout. The method also includes receiving an input, wherein the input comprises a plurality of characters. The method further includes processing the input to determine an input delay between each character of the plurality of characters and entering each character of the plurality of characters with the determined input delay between each character.
G06F 3/04886 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] utilisant des caractéristiques spécifiques fournies par le périphérique d’entrée, p. ex. des fonctions commandées par la rotation d’une souris à deux capteurs, ou par la nature du périphérique d’entrée, p. ex. des gestes en fonction de la pression exercée enregistrée par une tablette numérique utilisant un écran tactile ou une tablette numérique, p. ex. entrée de commandes par des tracés gestuels par partition en zones à commande indépendante de la surface d’affichage de l’écran tactile ou de la tablette numérique, p. ex. claviers virtuels ou menus
46.
Anomaly Detection Based on Multi-Level Authentication
A determination is made to see if a user has authenticated to a computer system using a plurality of authentication levels. For example, the user may have had a first session where the user is authenticated at authentication level one and a second session where the user is authenticated at authentication level two. Behavior of the user is separately tracked at each of the plurality of authentication levels to identify separate usage patterns of the user at each of the plurality of authentication levels. Anomalous behavior of the user is identified based on one or more variations from the separate usage patterns of the user at, at least one of the plurality of authentication levels. An action is taken based on identifying the anomalous behavior of the user. For example, the user's account may be locked, or an administrator may be notified.
One or more characters are input into an auto-complete field. Text of a displayed list of one or more candidate items is retrieved. The text of the displayed list of the one or more candidate items is compared to a predefined candidate item. In response to the text of the displayed list of one or more candidate items not having the predefined candidate item or not being withing a defined ranking, test results are flagged where the predefined candidate item is missing from displayed list of the one or more candidate items or is not withing the defined ranking. This allows the for automated testing of the auto-complete fields.
A watermark is generated. The generated watermark is specific to an individual owner of a media. The media may be any type of electronic media, such as, an image, a document, a movie, an audio file, a software application, and/or the like. The watermark is inserted into the media. The watermark in the media is changed when ownership of the media is changed. For example, as the media is sold to a new owner, the new owner's watermark is added to the media so that a chain of title can be verified directly from the media. In addition, the chain of title may also be verified via a blockchain.
A device, system, and method are provided. In one example, a method for polling for server events is described that includes storing, on a server, a list of events. The method also includes polling, by a client, the server for the list of events. The method includes receiving the list of events stored on the server. The method further includes broadcasting each event in the list of events received to an associated component; and requesting, by each component that receives at least one associated event, component related event data for each associated event.
H04L 41/069 - Gestion des fautes, des événements, des alarmes ou des notifications en utilisant des journaux de notificationsPost-traitement des notifications
H04L 43/10 - Surveillance active, p. ex. battement de cœur, utilitaire Ping ou trace-route
H04L 67/568 - Stockage temporaire des données à un stade intermédiaire, p. ex. par mise en antémémoire
50.
AUGMENTED QUESTION AND ANSWER (Q&A) WITH LARGE LANGUAGE MODELS
Large language models (LLMs) are versatile in responding to user questions on a wide variety of topics. However, LLMs suffer from several drawbacks, such as hallucinations, incomplete information, and inability to cite original sources of information. Disclosed herein are systems and methods for using an LLM in a restricted manner to respond to queries regarding document corpora, e.g., documents related to a set of products, such that the impact of these drawbacks is minimized. Information retrieval is coupled with LLMs to build a question and answer (Q&A) system on the text corpora. Complex retrieved information, incorporating human feedback, and recommendations in the Q&A system are provided.
An input regarding security characteristics of a project is received. For example, a security characteristic of a project may be insecure storage of data related to confidentiality. The project is scanned for one or more security requirements based on the received security characteristics. A list of security requirements is built for the project based on the received first input. A machine learning process is used to identify addition of one or more security requirements and/or removal of one or more security requirements from the list of security requirements. A first security vulnerability scan is run using the list of security requirements with the one or more additional security requirements and/or the removed one or more security requirements. Results for the first security vulnerability scan are generated and displayed to a user.
A first hash of information is generated. The first hash of the information is used to validate if the information (e.g., a software application) has changed. The first hash of the information is generated locally. The first hash of the information is sent to a trusted authority. The trusted authority is a service that is managed by an external party. A validation event associated with the information is detected. For example, a validation event may be where the software application is requesting to be loaded. In response to detecting the validation event associated with the information, a second hash of the information is generated. The second hash of the information is also generated locally. The second hash of the information is sent to the trusted authority. A message is received, from the trusted authority, indicating if the information has changed. The message is used to take an action
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G06F 21/52 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p. ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données
G06F 21/64 - Protection de l’intégrité des données, p. ex. par sommes de contrôle, certificats ou signatures
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
A first hash of information is generated. The first hash of the information is used to validate if the information (e.g., a software application) has changed. The first hash of the information is generated locally. The first hash of the information is sent to the trusted authority. The trusted authority is a service that is managed by an external party. A validation event associated with the information is detected. A request for the first hash of the information is sent to the trusted authority. The first hash of the information is received from the trusted authority. A second hash of the information is generated. The second hash of the information is generated locally. The received first hash of the information is compared to the generated second hash of the information to determine if the received first hash of the information is the same as the second hash of the information.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
54.
DETECTION OF MALICIOUS SOFTWARE PACKAGES USING MACHINE LEARNING ON CODE AND COMMUNITY DATA
Embodiments of the disclosure provide systems and methods for detecting malicious software packages. Detecting malicious software packages can include collecting information identifying one or more known malicious software component classifiers, collecting information identifying one or more known suspicious community behavior classifiers associated with the one or more known malicious software component classifiers and receiving a software package including software components. The method also includes identifying one or more software components of the software package as malicious based on a comparison between the software components of the software package and each of the collected one or more known malicious software component classifiers and the collected one or more known suspicious community behavior classifiers, generating a malicious probability for each of the identified one or more software components and evaluating whether the software package is malicious based on the generated malicious probability for each of the identified one or more software components.
Language used by a specific user in a specific context is gathered. The language used by the specific user in the specific context is language gathered from a plurality of previously captured electronic communication sessions. For example, the language of the specific user is captured from previous voice, video, and/or text communication sessions. A machine learning process based on the language gathered from the plurality of previously captured electronic communication sessions is trained. The trained machine learning process is used to determine if the specific user is actually participating in an electronic communication session or if a potential imposter is likely posing as the specific user in the electronic communication session. In response to determining that the potential imposter is likely posing as the specific user in the electronic communication session, an action is taken to secure the electronic communication session.
A visual media is received. For example, the received visual media may be a digital image, a video file, or a video stream. A plurality of colors in the visual media are identified. In response to identifying the plurality of colors in the visual media, one or more colors not in the visual media are identified. A watermark is placed in the visual media to produce a watermarked visual media. The watermark comprises at least one of the identified colors not in the visual media. The watermarked visual media is verified using image processing.
A current thread pattern is identified. For example, a thread pattern of a running software application is identified. Current resource information associated with the current thread pattern is identified. For example, the current resource information may include disk usage, packets sent, ports used, accounts created, etc. The current thread pattern and the current resource information associated with the current thread pattern are compared to an existing malicious thread pattern associated with a type of malware and existing malicious resource information associated with the existing thread pattern. A determination is made if the comparison meets a threshold. For example, if the current thread pattern is 90% similar to the existing malicious thread pattern and the current resource information is within 75% of the existing malicious resource information, the threshold is met. In response to the comparison meeting the threshold, an action is taken to mitigate the type of malware.
Source code for a type of malware is received. For example, the source code may be source code from a type of computer virus. An Artificial Intelligence (AI) algorithm is identified. For example, the AI algorithm may be ChatGPT. The source code of the type of malware is run through the AI algorithm to produce mutated source code for the type of malware. A prediction algorithm is used to predict a signature of the mutated source code for the type of malware. For example, the prediction algorithm is trained using existing source code of different types of malware to generate a prediction model. The signature of the mutated source code for the type of malware is then compared to a signature of a potentially new type of malware to determine if the signatures are similar.
A request is received, from a first communication device, to create a code (e.g., the request is to create a Quick Response (QR) code). The created code is for automatically creating a user account on a second communication device. For example, the second communication device may be a corporate web server. User information for automatically creating the user account on the second communication device is received. The code is created. The created code comprises at least one of: the user information for creating the user account; and a link to an account server, where the account server contains the user information. The created code is sent to the first communication device. The first communication device uses the code to create the account on the second communication device.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G06K 19/06 - Supports d'enregistrement pour utilisation avec des machines et avec au moins une partie prévue pour supporter des marques numériques caractérisés par le genre de marque numérique, p. ex. forme, nature, code
Documents are often generated using a customer communication management (CCM) application that utilizes rules to select and/or modify certain fragments of a document. By analyzing the rules and content that produced a certain fragment, a second CCM application may be automatically provided with the rules, such as when the first set of rules are not available for porting to a second system. Accordingly, a server may access a rule comprising a condition, a document fragment, and a rule identifier. A server may generate a first document to comprise visible content and hidden content. Generating the first document may comprise evaluating the rule and, when the rule is true, including the document fragment as a portion of the visible content and including the rule identifier as a portion of hidden content. A server may provide the first document to a destination.
Identifying and resolving weaknesses in software are common, resource-intensive tasks for many organizations. Machine-learning models are provided to automatically identify software vulnerabilities or other flaws, such as via entries in a weakness or vulnerability database, identify affected software, generate patches to resolve the vulnerabilities, and apply the patch to affected software. The patch is automatically extracted from code deltas between a software version having the weakness and a subsequent version wherein the weakness has been resolved. Other differences between the versions, not affecting the weakness, are excluded from the code deltas.
A request is received from a tenant. For example, the tenant may be a tenant of a multi-tenant cloud service. The request comprises a one or more Configuration Items (CIs). A CI is used to change data on a computer system or network. A computer resource license associated with the tenant is identified. A determination is made to identify if the request meets the computer resource license. In response to the request meeting the computer resource license, the one or more configuration items are implemented according to the computer resource license. In response to the request not meeting the computer resource license, the request is modified. For example, the request may be split into a plurality of requests.
Devices with low or no security are often added to networks. These devices have the ability to utilize the network and, accordingly, may pose a security risk. Systems and methods herein enable a device to be added to a network and, if the resulting new traffic matches a template, the device is established on an automatically created virtual local area network (VLAN) used solely for the new device. A router is automatically configured to allow traffic that matches the type of device that was newly added, but if other traffic is detected, the device may be treated as a threat and managed accordingly.
Strings of a text file representing a configuration of a target device are respectively tokenized into tokens for the configuration. The tokens for the configuration are shingled. A target device signature representing the configuration of the target device is generated by applying a min-wise independent permutations locality sensitive hashing (MinHash) technique to the tokens as have been shingled. Whether the configuration of the target device is anomalous is identified based on the target device signature.
Embodiments provide for detecting viruses and other malware in executing process threads based on thread patterns. According to one embodiment, detecting previously unknown malware associated with process threads can comprise capturing context information for each thread of a plurality of threads executing on a processor. The context information can define a thread pattern for the thread. The thread pattern for each thread can be compared to stored information defining one or more known patterns for thread execution based on previous execution of one or more threads. A thread pattern variation can be detected when the thread pattern for one or more threads does not match the stored information defining the known thread patterns. A determination can be made as to whether the detected thread pattern variation indicates presence of malware and actions can be performed based on determining the detected thread pattern variation indicates the presence of malware.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/52 - Contrôle des utilisateurs, des programmes ou des dispositifs de préservation de l’intégrité des plates-formes, p. ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p. ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
A sandbox database is created. The sandbox database is typically a temporary database. For example, the sandbox database may be a test database for evaluating a new version of software. Creating the sandbox database comprises creating a sandbox cache in the sandbox database and copying metadata from a main database to the sandbox database. The sandbox cache is used to store record(s) that are accessed during the use of the sandbox database. The metadata is used to reference the record(s). This allows for a simpler process for creating a temporary database to be used for testing software.
G06F 11/36 - Prévention d'erreurs par analyse, par débogage ou par test de logiciel
G06F 16/27 - Réplication, distribution ou synchronisation de données entre bases de données ou dans un système de bases de données distribuéesArchitectures de systèmes de bases de données distribuées à cet effet
67.
Automated testing of user interfaces requiring a time-based one-time password (TOTP)
Automated testing of an application under test (AUT) often requires providing valid responses to an authentication challenge. Many AUTs require a username and password and, increasingly, a time-based one-time password (TOTP) that complicate automated testing. By storing a shared secret on a client device, a human can train an automated testing application to select the shared secret and provide the shared secret to a shared secret provider. The shared secret provider then provides a token code as the TOTP. The shared secret may be stored as a graphical element, such as a quick response (QR) code, and may further correspond to a particular username used to test the AUT.
Software developers and security personnel routinely scan code to look for threats, such as security vulnerabilities. While such scans are useful, they are unable to determine the actual data provided to a client device executing a web application. By monitoring the web traffic to a client, the libraries utilized by the web application may be determined by name, version, and vendor. With the library identified, the libraries may be provided to one or more repositories of vulnerabilities to identify the particular vulnerabilities of the library. With the vulnerability identified, a resolution (e.g., version wherein the vulnerability was fixed) may be identified and/or other action to mitigate the vulnerability.
G06F 21/56 - Détection ou gestion de programmes malveillants, p. ex. dispositions anti-virus
G06F 21/55 - Détection d’intrusion locale ou mise en œuvre de contre-mesures
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
69.
Efficient Length Preserving Encryption of Large Plaintexts
A plaintext is received. For example, a plaintext may be a text record that is to be encrypted and then stored in a database. A determination is made to see if a size of the plaintext is above a threshold. The threshold is based on an efficiency of a Format Preserving Encryption (FPE) algorithm. In response to the size of the plaintext being above the threshold: the plaintext is divided into a plurality of blocks based on a block size; each of the blocks are individually encrypted using the FPE algorithm; and each of the blocks are stored as a single FPE cyphertext. This makes the FPE encryption process much more effacement than has previously been achieved. For example, the FPE process may be 30% more efficient depending on the size of the plain text.
H04L 9/06 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité l'appareil de chiffrement utilisant des registres à décalage ou des mémoires pour le codage par blocs, p. ex. système DES
A first hash of a record is retrieved. The first hash is tokenized by storing the first hash in a tokenization table that has a corresponding hash token. A request is received to validate the record. The request to validate the record comprises a second hash of the record and a second hash token. In response to receiving the request to validate the record, the record is validated by looking up the first hash in the tokenization table using the second hash token and comparing the looked up first hash to the second hash. In response to the looked up first hash being the same as the second hash, the record is validated. In response to the looked up first hash not being the same as the second hash, the record is not validated.
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
A first hash of a record is retrieved. The first hash is encrypted using an encryption key to produce an encrypted hash. The encrypted hash is stored in the record by replacing the first hash with the encrypted hash or by adding the encrypted hash to the record. A request is received to validate the record. In response to receiving the request to validate the record, the record is validated by: unencrypting the encrypted hash using the encryption key to produce a second hash; hashing the record to produce a third hash; and comparing the second hash to the third hash. In response to the second hash being the same as the third hash, the record is validated. In response to the second hash not being the same as the third hash, the record is not validated.
H04L 9/32 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 9/00 - Dispositions pour les communications secrètes ou protégéesProtocoles réseaux de sécurité
72.
Throttling test mode for browser-based web application load testing
For each of a number of test commands of a test script for browser-based load testing of a web application hosted by a server device communicatively connected to the test device over a network, the test command is executed within a browser instance running on the test device and simulating usage of the web application by a user. In response to determining that the test command that has been executed is a browser operation command, that the test command executes for a minimum length of time is ensured in a throttling test mode in which the web application is tested via the browser instance.
One or more unused locations in a software image are identified. An example of a software image may be a container image or virtual machine image. An unused location may be a location where padding is used in the software image. A first watermark is placed in the one or more unused locations to produce a watermarked software image. A request is received to load the watermarked software image. In response to receiving the request to load the watermarked software image, a second watermark is generated using the one or more unused locations in the watermarked software image and the second watermark is then compared to the first watermark. In response to the first watermark matching the second watermark, the software image is loaded. In response to the first watermark not matching the second watermark, the software image is not loaded.
A first execution of a test script is recorded. The recording of the first execution of the test script is of a first interaction between a communication device and an Application Under Test (AUT). First request and response data for the first execution of the test script is captured. A second execution of the test script is recorded. Second request and response data for the second execution of the test script is captured. The first execution of the test script and the second execution of the test script are isolated sessions. The first request and response data is compared to the second request and response data to find one or more varying response values. The one or more varying response values are searched to identify correlations. A second test script is automatically created based on the identified correlations.
An anomaly on a computer network is identified by processing data generated by the computer network. The anomaly is identified based on a first anomaly threshold of a plurality of anomaly thresholds associated with the anomaly. In response to determining that the anomaly has met the first anomaly threshold of the plurality of anomaly thresholds associated with the anomaly, a first authentication level associated with the first anomaly threshold is identified. The plurality of anomaly thresholds associated with the anomaly have a plurality of associated authentication levels. A user interface is displayed to an administrator that includes a prompt to authenticate the administrator at the first authentication level. Authenticating the administrator at the first authentication level allows the administrator to take an action associated with the anomaly. For example, the administrator may unload an application that may likely have been compromised.
An event profile corresponding to a data source at a target system is determined. The event profile includes, for each of a number of fields, a percentage of events that after processing by the data source include data in that event field. A reference event profile is determined that includes, for each of the event fields, a reference percentage. The event profile is compared to the reference event profile. Whether the data source properly processed the events is determined based on comparison of the event profile to the reference event profile.
Software applications often incorporate an embedded browser to perform web-based operations. Not all browsers operate the same way, for example, elements within tabs in Microsoft Edge browsers use messages to communicate through web extensions, while Microsoft Internet Explorer (IE) browsers use the original browsers helper object (BHO). A consequence of the different paradigms is that certain graphical elements may be duplicated in a resource table. A test development may fail to identify the duplication and may produce extraneous or erroneous tests. By launching on a system and monitoring the system's executing processes, a browser application may be determined to be running and, if so, a refresh operation is performed on an application under test (AUT). If the AUT refresh operation results in a browser also performing a refresh, the type of embedded browser may be identified and any duplicates of the same graphical elements identified and merged for subsequent testing.
A first load cycle of an application is determined to have been completed. A load cycle is where the application has been loaded, executed, and then unloaded. One or more of first load parameter associated with the first load cycle of the application, a first execution parameter associated with the first load cycle of the application, and a first unload parameter associated with the first load cycle of the application are retrieved and compared to one or more of a second load parameter associated with a second load cycle of the application, a second execution parameter associated with the second load cycle of the application, and a second unload parameter associated with the second load cycle of the application. The comparison can then be used to identify anomalies between load cycles of the application.
Methods, systems, and techniques are provided for displaying objects in virtual network computing (VNC). For example, a VNC connection may be established between a first device and a second device, where the VNC connection enables a synchronization of an interactive display layout from the first device to the second device. Subsequently, after the VNC connection is established, a page structure of the first device may be retrieved based on an application programming interface (API) on the second device. In some embodiments, based on the retrieved page structure, one or more non-interactive objects on the second device may be displayed, where the one or more non-interactive objects are displayed on top of at least a portion of the interactive display layout at the second device.
G06F 3/0484 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] pour la commande de fonctions ou d’opérations spécifiques, p. ex. sélection ou transformation d’un objet, d’une image ou d’un élément de texte affiché, détermination d’une valeur de paramètre ou sélection d’une plage de valeurs
G06F 3/04886 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] utilisant des caractéristiques spécifiques fournies par le périphérique d’entrée, p. ex. des fonctions commandées par la rotation d’une souris à deux capteurs, ou par la nature du périphérique d’entrée, p. ex. des gestes en fonction de la pression exercée enregistrée par une tablette numérique utilisant un écran tactile ou une tablette numérique, p. ex. entrée de commandes par des tracés gestuels par partition en zones à commande indépendante de la surface d’affichage de l’écran tactile ou de la tablette numérique, p. ex. claviers virtuels ou menus
H04L 41/40 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p. ex. des réseaux de commutation de paquets en utilisant la virtualisation des fonctions réseau ou ressources, p. ex. entités SDN ou NFV
H04L 65/1069 - Établissement ou terminaison d'une session
Documents are often generated using a customer communication management (CCM) application that utilizes rules to select and/or modify certain fragments of a document. By analyzing the rules and content that produced a certain fragment, a second CCM application may be automatically provided with the rules, such as when the first set of rules are not available for porting to a second system. Accordingly, a server may access a rule comprising a condition, a document fragment, and a rule identifier. A server may generate a first document to comprise visible content and hidden content. Generating the first document may comprise evaluating the rule and, when the rule is true, including the document fragment as a portion of the visible content and including the rule identifier as a portion of hidden content. A server may provide the first document to a destination.
G06F 40/284 - Analyse lexicale, p. ex. segmentation en unités ou cooccurrence
G06F 40/131 - Fragmentation de fichiers textes, p. ex. création de blocs de texte réutilisablesLiaison aux fragments, p. ex. par utilisation de XIncludeEspaces de nommage
A plurality of captured packets are received. The plurality of captured packets are from a plurality of packet flows. A packet flow is a communication session between two devices. For example, a packet flow may be a communication session between a client and a server. The plurality of captured packets are sorted into individual packet flows. The individual packet flows are converted into individual videos. For example, each packet from each packet flow is stored as a separate video frame in an individual video. A machine learning algorithm is applied to the individual videos to perform analytic tasks on the individual videos. For example, the machine learning algorithm may be used to identify anomalies within a packet flow and/or between packet flows.
H04L 43/026 - Capture des données de surveillance en utilisant l’identification du flux
G06V 20/40 - ScènesÉléments spécifiques à la scène dans le contenu vidéo
H04L 43/028 - Capture des données de surveillance en filtrant
H04L 65/61 - Diffusion en flux de paquets multimédias pour la prise en charge des services de diffusion par flux unidirectionnel, p. ex. radio sur Internet
82.
AUTO-FIX OBJECT NOT FOUND ERROR USING IMAGE RECOGNITION
A system, device, system-on-a-chip, and method of automatically correcting an object not found error using image recognition are described. The method includes running a test script for testing and analysis of a web page as rendered by a web browser. The method further includes, responsive to detecting the object not found error, automatically locating a missing object associated with the object not found error. One method of locating a missing object includes using image recognition. The method also includes updating the test script with a located object. The method may also include replaying the test script.
Embodiments of the disclosure provide systems and methods for analyzing log files. Automated processing of log files can comprise reading a log file generated during execution of an application and comprising a plurality of log events and generating a plurality of templates based on the plurality of log events in the log file. Each template can map a log event to a candidate value for the log event. The plurality of log events can be aggregated into a plurality of groups based on the candidate value mapped to each log event in the plurality of templates and the plurality of groups of log events can be ranked. The log file can be partitioned based on the ranking of the plurality of groups of log events and one or more groups of log events can be provided to an analysis process based on the partitioning of the log file.
Management program code is executable by a management server on a management network to perform processing. The processing includes establishing a communication stream with a database control agent for a database on a database network separate from the management network, without opening any ports on the database network for access by the management program code. The processing includes receiving a database command for the database from client program code, and dispatching the database command to the database control agent over the communication stream for execution against the database. The processing includes receiving execution results of the database command from the database control agent over the communication stream, and returning the execution results to the client program code in satisfaction of the database command.
Embodiments of the disclosure provide systems and methods for accurately identifying functions in software code that represent vulnerabilities. Identifying vulnerable functions in software code can comprise collecting information identifying one or more known Common Vulnerabilities and Exposures (CVEs) and identifying one or more vulnerable functions in the software code based on relationships between the collected information identifying the one or more known CVEs and the one or more vulnerable functions in the software code. A call graph can be derived for the software code based on the identified one or more vulnerable functions. Each of the identified one or more vulnerable functions can be indicated in the call graph by a vulnerability symbol. A determination can be made as to whether each identified one or more vulnerable functions is a true vulnerability, i.e., when the vulnerable function is encountered when traversing the call graph.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
A communication stream is received. For example, the communication stream may be a part of a communication session, such as, a voicemail, a videomail, a voice conference call, a video conference call, and/or the like. A determination is made if the communication stream is completely generated using a session watermark. The session watermark is associated with the communication session. In response to determining that the communication stream is completely generated using the session watermark, the communication stream is identified as a legitimate communication stream. In response to determining that the communication stream has not been completely generated using the session watermark, the communication stream is identified as potentially a vishing communication steam.
A request to grant control of a virtual resource is received. For example, a user may provide a set of authentication credentials that allow the user to execute a virtual machine. The request to grant control of the virtual resource uses an authentication level of a plurality of authentication levels associated with the virtual resource. The request to grant control of the virtual resource is validated. In response to validating the request to grant control of the virtual resource, control of the virtual resource is granted according to the authentication level of the plurality of authentication levels associated with the virtual resource. The user can then control/access the virtual resource based on privileges associated with the authentication level.
A distributed database system maintains a database including a data shard for which a primary computing node is responsible. The primary computing node identifies a data storage plan for the data shard. The plan identifies a file subset of data storage files of the shard to be merged into a larger data storage file, and a node subset of computing nodes of the system that subscribe to the data shard. The primary node identifies which computing nodes of the node subset each have sufficient computing resources to execute the plan, as candidate computing nodes. The primary node identifies which files of the file subset each candidate computing node locally caches. The primary node selects one candidate computing node to execute the plan, based on the files of the file subset that each candidate computing node locally caches. The primary node causes the selected candidate computing node to execute the plan.
A plurality of circular blockchains are created. The plurality of circular blockchains may comprise different structures. For example, the plurality of circular blockchains may include: a single genesis block where a last block in each of the plurality of circular blockchain links back to the single genesis block, a plurality of genesis blocks where a last block in each of the plurality of circular blockchain links back to individual ones of the plurality of genesis blocks, and a genesis block and one or more connection blocks that form the plurality of circular blockchains.
A method includes parsing a data object model associated with a webpage to change an original color scheme for each node of the data object model. Each node corresponds to a display feature of a layout of the webpage. The method also includes generating a modified data object model by replacing the original color scheme for each node with a calculated color scheme, displaying the layout of the webpage using the modified data object model, capturing an image of the layout of the webpage as displayed and detecting any errors in the layout of the webpage. The calculated color scheme assigns a unique color code to each feature of the node based on a position of each feature within the node and based on a position of each node within the data object model.
Input data is received from an analysis of an application running in a real-world environment. The input data identifies one or more parameters that are associated with one or more test scripts that are used to test a new version of the application running in the real-world environment. One or more inputs are received that map the received input data to the one or more test scripts. The one or more test scripts are used to test the new version of the application. The one or more tests scripts are executed against the new version of the application based on the one or more parameters.
A current a version of an external component (e.g., an open-source component or a third-party component) that is used in a software application is identified. A new version of the current version of the external component is identified (supply chain components). For example, the new version may have been just released by an open-source community. In response to identifying the new version of the current version of the of the external component, a series of actions are implemented that include: identifying changes to Application Programming Interfaces (APIs) in the new version of the current version of the external component; identifying new vulnerabilities in the new version of the current version of the external component; and determining a quality history associated with the new version of the current version of the external component. Based on the actions, a composite score is generated and displayed to a developer.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p. ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
G06F 8/71 - Gestion de versions Gestion de configuration
A request is received to deploy a configuration on a computing resource. A compliance check on the configuration is performed according to a policy to determine whether deployment of the configuration on the computing resource is permitted. In response to determining that the deployment of the configuration on the computing resource is permitted, a deployer for the computing resource is controlled to deploy the configuration on the computing resource.
A request to authenticate to a Blockchain as a Service (BaaS) is received from a tenant (e.g., a user that is acting on behalf of a corporation). An authentication credential of the tenant associated with the request to authenticate to the BaaS is determined to be valid. In response to determining that the authentication credential of the tenant associated with the request to authenticate to the BaaS is valid, a level of access is granted to the BaaS. A request is received, from the tenant, to add a transaction block to a blockchain in the BaaS. The blockchain in the BaaS is interspersed with transaction blocks from a plurality of tenants of the BaaS. The transaction block is then added to the blockchain in the BaaS. This addition to the BaaS represents both an Escrow and an Audit capability.
A database stores, for each of a number of software packages, a software package embedding representing the software package. The database stores, for each software package, code block embeddings respectively representing code blocks of the software package. The database stores, for each software package, functionality embeddings respectively representing functionality clusters into which the code block embeddings representing the code blocks of the software package have been clustered. A query embedding representing a query is generated, and used to query the database to identify a relevant code block within a relevant software package for the query.
One or more iterations are performed. Each iteration includes calculating, for each of a number of data points that each have a label probability distribution, a label quality measure based on the label probability distribution of the data point. Each iteration includes updating the label probability distribution of each of at least one of the data points using either or both of a classification technique and a constrained clustering technique based on the data points and the label quality measure of each data point.
A request is received by a network management server, from a managed node, to get cluster information. The cluster information identifies a coordinator node and a leader node (a node hierarchy) that are used to track liveness of the managed node. The coordinator node and the leader node may be identified based on being in the same location as the managed node. The cluster information is sent to the managed node to make the managed node aware of the hierarchy. The coordinator node consolidates liveness of the nodes in its grouping in the cluster. The coordinator node sends a first liveness message of the managed node to the leader node. The leader consolidates a group of coordinator nodes by sending a second liveness message of the managed node to the network management server. This gives the network management server a status of all the managed nodes in the cluster.
H04L 43/0817 - Surveillance ou test en fonction de métriques spécifiques, p. ex. la qualité du service [QoS], la consommation d’énergie ou les paramètres environnementaux en vérifiant la disponibilité en vérifiant le fonctionnement
H04L 41/0663 - Gestion des fautes, des événements, des alarmes ou des notifications en utilisant la reprise sur incident de réseau en réalisant des actions prédéfinies par la planification du basculement, p. ex. en passant à des éléments de réseau de secours
H04L 43/10 - Surveillance active, p. ex. battement de cœur, utilitaire Ping ou trace-route
A snapshot event is received. The snapshot event is a snapshot of data that was sampled based on a snapshot metric. For example, the snapshot event may be a number of user logins (the data) over a specific time period (the snapshot metric). A destination analytical database is determined for the snapshot event. The snapshot event may then be sent to a queue. The snapshot event is then sent to the destination analytical database and stored in the destination analytical database.
G06F 16/28 - Bases de données caractérisées par leurs modèles, p. ex. des modèles relationnels ou objet
G06F 16/11 - Administration des systèmes de fichiers, p. ex. détails de l’archivage ou d’instantanés
G06F 16/27 - Réplication, distribution ou synchronisation de données entre bases de données ou dans un système de bases de données distribuéesArchitectures de systèmes de bases de données distribuées à cet effet
An indication of a user being authenticated is received. For example, the user authenticates with a valid username/password. In response to receiving the indication of the user being authenticated, a watermark is associated with the user. The watermark is sent to a communication device of the user. For example, the watermark is sent to the user's personal computer. The communication device of the user embeds the watermark into a communication. For example, the watermark may be embedded into a communication session with a web server. The watermark is sent to a routing device on a network (e.g., a router and/or firewall). The routing device uses the watermark embedded in the communication to determine how to route the communication on the network.
An input regarding security characteristics of a project is received. For example, a security characteristic of a project may be insecure storage of data related to confidentiality. The project is scanned for one or more security requirements based on the received security characteristics. A list of security requirements is built for the project based on the received first input. A machine learning process is used to identify addition of one or more security requirements and/or removal of one or more security requirements from the list of security requirements. A first security vulnerability scan is run using the list of security requirements with the one or more additional security requirements and/or the removed one or more security requirements. Results for the first security vulnerability scan are generated and displayed to a user.
