Techniques are disclosed relating to malware clustering based on execution-behavior reports. In some embodiments, a computer system may access malware information that includes a plurality of reports corresponding to a plurality of malware samples. In some embodiments, each of the malware reports specifies a set of features relating to execution behavior of a corresponding malware sample. The computer system may, in various embodiments, process the plurality of reports to generate a plurality of vectors that includes, for each of the malware samples, a corresponding vector indicative of the execution behavior of the corresponding malware sample. Based on the plurality of vectors, the computer system may generate similarity values indicative of a similarity between ones of the plurality of vectors. Further, based on the similarity values, the computer system may assign each of the plurality of malware samples to one of a plurality of clusters of related malware samples.

Control circuitry is configured to establish a first connection with one or more onboard passenger service devices using a network interface. The control circuitry is further configured to receive a set of system log data from the one or more onboard passenger service devices via the network interface and store one or more log signatures in non-volatile data storage media. The control circuitry is further configured to detect a first fault related to a first onboard passenger service device of the one or more onboard passenger service devices and store a first set of transmission rule data in the non-volatile data storage media. The control circuitry is further configured to filter the set of system log data, establish a second connection with a remote computing device using the network interface, and transmit a subset of system log data to the remote computing device via the network interface.

This disclosure generally relate to a method and system for network policy simulation in a distributed computing system. The present technology relates techniques that enable simulation of a new network policy with regard to its effects on the network data flow. By enabling a simulation data flow that is parallel and independent from the regular data flow, the present technology can provide optimized network security management with improved efficiency.

The invention relates to a method and system that combines payment data and cyber fraud indicators to identify potential fraud in payment requests from a client. The system comprises: a memory that stores and maintains a list of known fraud characteristics and cyber fraud indicators; and a computer processor, coupled to the memory, programmed to: receive, via an electronic input, a payment instruction from the client; identify one or more cyber fraud indicators associated with the payment instruction; apply payment decisioning to merge the one or more cyber fraud indicators to the payment instruction; generate a risk score based on the payment decisioning to determine whether the payment instruction should be executed; and automatically apply the payment decisioning to the payment instruction.

Cloud-based data loss prevention (DLP) systems and methods include monitoring a file to be checked for sensitive data from a user associated with a tenant; obtaining one or more dictionaries for the tenant; identifying a DLP match based on any of identifying exact document matches between the file and files in the one or more dictionaries, identifying same text in the file as in an indexed document in the one or more dictionaries, identifying content in the file that contains a subset of text in an indexed document in the one or more dictionaries, and identifying content that is similar but not exact as the text in an indexed document in the one or more dictionaries; and, responsive to the DLP match, blocking the file in the cloud-based system.

A data transmission system for a mobile platform comprises non-volatile data storage media, a network interface, and control circuitry. The control circuitry is configured to establish a first connection with one or more onboard passenger service devices providing a passenger service at the mobile platform using the network interface. The control circuitry is further configured to receive a set of system log data from the one or more onboard passenger service devices via the network interface and store one or more log signatures in the non-volatile data storage media. The control circuitry is further configured to detect faults fault related to onboard passenger service devices, store transmission rule data that includes rules for filtering system log data, filter the set of system log data based on the transmission rule data, and transmit a subset of system log data to the remote computing device via the network interface.

Various embodiments of the present invention provide methods, apparatuses, systems, computing devices, and/or the like that are configured to enable effective and efficient monitoring of software application frameworks. For example, certain embodiments of the present invention provide methods, apparatuses, systems, computing devices, and/or the like that are configured to perform software application framework monitoring using an interactive software application platform monitoring dashboard comprises a set of user interfaces (e.g., an alert feed user interface, an alert monitoring user interface, and/or the like) that enable an end user to hierarchically view event monitoring metadata fields associated with each recorded suspicious activity alert of one or more recorded suspicious activity alerts of the software application platform, provide user-selected alert validity indicators for each recorded suspicious activity alert of the recorded suspicious activity alerts, and/or generate a suspicious activity monitoring workflow for each recorded suspicious activity alert of the recorded suspicious activity alerts.

An e-mail is detected as being sent or received. The e-mail can be identified as a customer interaction. The e-mail is scanned to determine a sentimental value using artificial intelligence. Responsive to the sentimental value exceeding a sentimental threshold, a network security audit or other action can be performed on the user and the user device using the sentimental value as a factor in determining a security action.

A method for dynamically authenticating and granting access to a computing system may be provided. The method comprises deriving at least one authentication question from at least one identified fact contained in a received text data. The at least one identified fact is stored in a knowledge base relating to a user profile. The method comprises conducting a textual authentication dialog. The textual authentication dialog comprises presenting the at least one authentication question and determining, based on natural language processing, that a received response comprises the at least one identified fact from which the at least one authentication question has been derived. The method comprises granting access to the computing system based on the textual authentication dialog.

An executable version of an application is deployed at a dynamically provisioned execution resource. An encryption key, based at least partly on an analysis of the execution resource, is transmitted to the execution resource after the application is instantiated. In response to a software verification request, which includes a security artifact, a verification response indicating that the software used for the application at the execution resource meets a trust criterion is provided. The security artifact is generated using the encryption key, and the verification response is based on analysis of the security artifact.