A method with biometric information spoof detection includes extracting an embedding vector from an intermediate layer of a neural network configured to detect whether biometric information of a user is spoofed from an image including the biometric information; detecting first information regarding whether the biometric information is spoofed, based on the embedding vector; and detecting second information regarding whether the biometric information is spoofed based on whether the first information is detected, using an output vector output from an output layer of the neural network.

Provided are a secure processor, an operating method thereof, and a storage device including the secure processor. Provided is a secure processor including a secure core including a vector table register containing boot-up address information, and a vector table register controller configured to communicate with the secure core, wherein the vector table register controller includes a lock controller configured to lock the vector table register and a count register configured to store a lock count value that is the number of times the boot-up address information of the vector table register is updated.

An applet may be downloaded or provided to a web browser when a user visits a site in order to protect data input by the user from being captured by malicious software, such as key loggers. The applet may present a user input field in the web browser and may generate a random sequence of low-level key stroke or mouse click events within the input field when the user enters information, such as a username and/or password. A listening key logger will receive a large amount of random data, whereas the applet will receive and buffer the actual user data that may be communicated to a remote site access by the user.

A two-dimensionality detection method for industrial control system attacks: collecting data; transmitting the data to a PLC and an embedded attack detection system; uploading, by the PLC, received data to an SCADA system; transmitting, by the SCADA system, the data to the embedded attack detection system after classifying and counting the data; before starting detection, directly reading, by the embedded attack detection system, the data measured by sensors; refining data association relationships and probability distribution characteristics of the sensors of normal operation to complete storage of health data model; after starting detection, in first dimensionality, comparing the data collected directly by the sensors with statistical data of the SCADA system to judge the attacked condition of the SCADA system, and in second dimensionality, comparing the characteristics of the data collected directly by the sensors and counted online with the health data model to judge the attacked condition of the sensors.

A password verifying method includes the following steps: providing a plurality of interactive regions in which several known password characters are arranged and shown randomly, at least one interactive region containing at least two characters; accepting selection of one of said plurality of interactive regions by a user, and after selection of one of the interactive regions by the user, randomly re-distributing said several known password characters into said interactive regions for subsequent selection by the user; and comparing characters contained in a predefined password sequence with characters contained in the interactive regions selected by the user, and outputting a signal representing a successful password verification when each character contained in the password sequence is identical to corresponding ones of the characters shown in respective ones of the interactive regions selected by the user.

A computer-implemented method for protecting files from malicious encryption attempts may include (1) detecting an attempt to alter a file, (2) identifying at least one characteristic of the attempt to alter the file, (3) determining, based on the characteristic of the attempt to alter the file, that the attempt to alter the file represents a malicious attempt by a third party to encrypt the file, and (4) performing a security action in response to determining that the attempt to alter the file represents a malicious attempt by the third party to encrypt the file. Various other methods, systems, and computer-readable media are also disclosed.

According to one embodiment, a computerized method for detecting malware is described. The method includes receiving configuration information that identifies (i) at least one type of lure data and (ii) one or more locations of a system operating within a virtual machine for placement of the lure data into the system. The lure data is configured to entice interaction of the lure data by malware associated with an object under analysis. Thereafter, the lure data is placed within the system according to the configuration information and lure data information is selectively modified. The information may include a name or content within a directory including the lure data. During processing of an object within the virtual machine, a determination is made whether the object exhibits file altering behavior based on a comparison of actions performed that are associated with the lure data and one more known file activity patterns.

According to an embodiment provided herein, there is provided a system that binds a trusted output session to a trusted input session. The system includes a processor to execute an enclave application in an architecturally protected memory. The system includes at least one logic unit forming a trusted entity to, responsive to a request to set up a trusted I/O session, generate a unique session identifier logically associated with the trusted I/O session and set a trusted I/O session indicator to a first state. The system includes at least one logic unit forming a cryptographic module to, responsive to the request to set up the trusted I/O session, receive an encrypted encryption key and the unique session identifier from the enclave application; verify the unique session identifier; and responsive a successful verification, decrypt and save the decrypted encryption key in an encryption key register.

Embodiments are disclosed for a method for private transfer learning. The method includes generating a machine learning model comprising a training application programming interface (API) and an inferencing API. The method further includes encrypting the machine learning model using a predetermined encryption mechanism. The method additionally includes copying the encrypted machine learning model to a trusted execution environment. The method also includes executing the machine learning model in the trusted execution environment using the inferencing API.

A device-local key derivation scheme generates, during a first boot session for an electronic device, a sealing key that is derived at least in part from a device-generated random seed and an internal secret that is unique to the electronic device. After generating the sealing key, access to the internal secret is disabled for a remainder of the first boot session and until a second boot session is initiated. At runtime, the sealing key is used to sign a module manifest that describes the software that is authorized to access the sealing key, and the module manifest containing the sealing key is persisted in non-volatile memory of the electronic device. The module manifest can be used to validate software during a subsequent boot session and to authorize software updates on the electronic device without relying on an external entity or external information to protect on-device secrets.