Embodiments of the invention provide a system, method, software and/or a data signal for identifying software capable of capturing personally identifiable information. The method comprises the steps of connecting to a remote server via a local device, to send at least one request for data and retrieve at least one packet of data in response to the request. The method also determines whether the received requested data originated from a third party server other than the remote server, and if so, determines whether the data received contains evidence of the presence of personally identifiable information.

Methods, systems, and devices for supporting security for private data inputs to artificial intelligence models are described. A device (e.g., an application server) may receive a request to run an artificial intelligence model. The device may run the artificial intelligence model on a public data set and an extended set of data that includes both the public data set and a private data set. The device may determine a first set of outcomes based on running the artificial intelligence model on the public data set and a second set of outcomes based on rerunning the model on the extended set of data. The device may then compare the two sets of outcomes to determine whether a private data value is identifiable based on the second set of outcomes. If a private data value is identifiable, the device may obfuscate the results prior to transmitting the results to the requestor.

Computer-implemented cyber-security processes and machines provide proactive anti-forensics activity detection and prevention to safeguard the integrity of transactions and their associated log details or other data using artificial intelligence and/or machine learning, thereby ensuring that all transactions and logs within the system are complaint for cyber forensics, and helping to make reactive forensic tasks more robust by adding proactive monitoring and compliance activity.

Techniques for sample traffic based self-learning malware detection are disclosed. In some embodiments, a system/process/computer program product for sample traffic based self-learning malware detection includes receiving a plurality of samples for malware detection analysis using a sandbox; executing each of the plurality of samples in the sandbox and monitoring network traffic during execution of each of the plurality of samples in the sandbox; detecting that one or more of the plurality of samples is malware based on automated analysis of the monitored network traffic using a command and control (C2) machine learning (ML) model if there is not a prior match with an intrusion prevention system (IPS) signature; and performing an action in response to detecting that the one or more of the plurality of samples is malware based on the automated analysis of the monitored network traffic using the C2 ML model. In some embodiments, the IPS signatures and C2 ML model are automatically generated and trained.

Techniques for automatically detecting unknown packers are disclosed. In some embodiments, a system/process/computer program product for automatically detecting unknown packers includes receiving a plurality of samples for malware packer detection analysis; performing a packer filter to determine whether each of the plurality of samples is packed; emulating each of the packed samples to extract a plurality of features; and clustering the packed samples based on the extracted features.

Example embodiments of the present disclosure relate to verifiability for execution in a trusted execution environment (TEE). According to a method, a request for execution of a task is transmitted by a first apparatus and to a second apparatus, the task comprising a plurality of functions to be executed. A first validation key is generated from identification information of the plurality of functions based on an expected execution plan in at least one trusted execution environment of the second apparatus. An execution result for the task and a second validation key are received from the second apparatus. Correctness of the execution result is determined by comparing the first validation key with the second validation key. Through the solution, it is possible to provide the verifiability of the correctness of the execution result returned by the remote apparatus and achieves high performance on security, trust, and privacy.

A method, system and computer-usable medium for adaptively assessing risk associated with an endpoint, comprising: determining a risk level corresponding to an entity associated with an endpoint; selecting a frequency and a duration of an endpoint monitoring interval; collecting user behavior to collect user behavior associated with the entity for the duration of the endpoint monitoring interval via the endpoint; processing the user behavior to generate a current risk score for the entity; comparing the current risk score of the user to historical risk scores to determine whether a risk score of a user has changed; and changing the risk score of the user to the current risk score when the risk score of the user has changed.

A decentralized trust assessment system, comprising a neural network, a trust module, and a local subsystem, wherein the trust module controls whether a plurality of inputs to the local subsystem are trustworthy. The decentralized trust assessment system provides rotorcraft and tiltrotor aircraft with airborne systems able to detect bad and spoofed data from a wide variety of data streams.

An authentication device (101) for verifying the security of a task being performed on an electronic device (105) operated by a user (102). The authentication device includes an image capture device for capturing image data of the electronic device and of the user interacting with the electronic device. The authentication device also includes processing circuitry for processing the captured image data to determine when the electronic device is performing a security related task and to determine when the electronic device has been subject to an event that has compromised or may compromise the security of the electronic device. The authentication device also includes an audio or visual output for providing instructions to the user to interact with the electronic device and for advising the user that the electronic device has been subject to an event that has compromised or may compromise the security of the electronic device.

A system, method, and computer-readable medium are disclosed for generating security policies. Generating security policies includes gathering information related to an organization, the information related to the organization comprising electronically-observable information related to the organization; converting the electronically-observable information related to the organization into electronic information related to the organization; using the electronic information related to the organization to automatically generate a plurality of organization specific rules; and, generating an organization specific security policy, the organization specific security policy comprising at least one organization specific rule.