In some implementations, a method includes retrieving data from multiple sensors in a computing device, and the multiple sensors comprise different types of sensors. The sensor data is analyzed based on a predictive model, and the predictive model is trained to detect malware. Initiation of malware is determined based on the analysis. In response to the determination, the malware is terminated.

In some implementations, a method includes retrieving data from multiple sensors in a computing device, and the multiple sensors comprise different types of sensors. The sensor data is analyzed based on a predictive model, and the predictive model is trained to detect malware. Initiation of malware is determined based on the analysis. In response to the determination, the malware is terminated.

Described herein are systems and methods for predicting a metric value for an entity associated with a query node in a graph that represents a network. In embodiments, using a user's profile as the query node, a metric about that user may be estimated based, at least in part, as a function of how well connected the query node is to a whitelist of “good” users/nodes in the network, a blacklist of “bad” users/nodes in the network, or both. In embodiments, one or more nodes or edges may be weighted when determining a final score for the query node. In embodiments, the final score regarding the metric may be used to take one or more actions relative to the query node, including accepting it into a network, allowing or rejecting a transaction, assigning a classification to the node, using the final score to compute another estimate for a node, etc.

Described herein are systems and methods for predicting a metric value for an entity associated with a query node in a graph that represents a network. In embodiments, using a user's profile as the query node, a metric about that user may be estimated based, at least in part, as a function of how well connected the query node is to a whitelist of “good” users/nodes in the network, a blacklist of “bad” users/nodes in the network, or both. In embodiments, one or more nodes or edges may be weighted when determining a final score for the query node. In embodiments, the final score regarding the metric may be used to take one or more actions relative to the query node, including accepting it into a network, allowing or rejecting a transaction, assigning a classification to the node, using the final score to compute another estimate for a node, etc.

A method and a system for providing security information about an application container for an Industrial Edge device, wherein the application container displays an application, runtime libraries and parts of an execution environment, where first information is obtained from the application or source code, second information is obtained from the application program or source code of the application, where confidentiality classes and processing classes are ascertained, and where the security information is formed by linking arising confidentiality classes to arising processing classes and the security information is associated with the application container such that specific and reliable security information about the application container or applications is generated and the security information is provided to a user or an installation system via association of the security information with the application container or the application to make information about the specific security problems or properties available before an application is used.

Described herein are systems and methods for predicting a metric value for an entity associated with a query node in a graph that represents a network. In embodiments, using a user's profile as the query node, a metric about that user may be estimated based, at least in part, as a function of how well connected the query node is to a whitelist of “good” users/nodes in the network, a blacklist of “bad” users/nodes in the network, or both. In embodiments, one or more nodes or edges may be weighted when determining a final score for the query node. In embodiments, the final score regarding the metric may be used to take one or more actions relative to the query node, including accepting it into a network, allowing or rejecting a transaction, assigning a classification to the node, using the final score to compute another estimate for a node, etc.

Described herein are systems and methods for predicting a metric value for an entity associated with a query node in a graph that represents a network. In embodiments, using a user's profile as the query node, a metric about that user may be estimated based, at least in part, as a function of how well connected the query node is to a whitelist of “good” users/nodes in the network, a blacklist of “bad” users/nodes in the network, or both. In embodiments, one or more nodes or edges may be weighted when determining a final score for the query node. In embodiments, the final score regarding the metric may be used to take one or more actions relative to the query node, including accepting it into a network, allowing or rejecting a transaction, assigning a classification to the node, using the final score to compute another estimate for a node, etc.

Systems and methods are disclosed for utilizing sender-recipient pair data to establish sender-level trust in future communication. One method comprises receiving raw communication data over a network and testing the received raw communication data against trained machine learning data to predict whether the raw communication data is associated with expected communication data. The raw communication data is sorted for expected communication data, which is further analyzed for sender-recipient pair data and assigned an expected communication pair data score. Senders associated with an expected communication pair data score that meets or exceeds a threshold are labeled and stored in a database as trusted. As a result of the sender-recipient pair analysis, recipients at-risk for being scammed can be identified, senders misidentified as spammers can be properly classified, and machine learning techniques utilized for analyzing raw communication data can be fine-tuned.

A system and method that detects malicious account creation in a web-based platform. A method includes detecting suspicious events associated with an account creation process using a username classifier that evaluates a username used to create a new account, an IP address classifier that evaluates an IP address used to create the new account, and a domain classifier that evaluates a domain from an email address used to create the new account; analyzing each detected suspicious event with a density analysis classifier to determine if each detected suspicious event comprises a malicious event based on a density of detected suspicious events from a collections of account creation processes; and determining an alert condition based on at least one malicious event detection.

Examples of the present disclosure describe systems and methods for identifying anomalous network behavior. In aspects, a network event may be observed network sensors. One or more characteristics may be extracted from the network event and used to construct an evidence vector. The evidence vector may be compared to a mapping of previously-identified events and/or event characteristics. The mapping may be represented as one or more clusters of expected behaviors and anomalous behaviors. The mapping may be modeled using analytic models for direction detection and magnitude detection. One or more centroids may be identified for each of the clusters. A “best fit” may be determined and scored for each of the analytic models. The scores may be fused into single binocular score and used to determine whether the evidence vector is likely to represent an anomaly.