Methods, apparatus, systems and articles of manufacture are disclosed for classification of unknown samples using agglomerative clustering. An apparatus includes an extractor to extract a feature from a sample source code, the feature including at least one of a register, a variable, or a library based on a threshold of occurrence in a corpus of samples, the corpus of samples including malware samples, a dendrogram generator to generate a dendrogram based on features extracted from the sample source code, the dendrogram representing a collection of samples clustered based on similarity among the samples, the samples including sample clusters belonging to known malware families, and an anchor point identifier to traverse the dendrogram to identify similarity of an unknown sample to the sample clusters based on a confidence score, and identify anchor point samples from the sample clusters identified as similar to the unknown sample, the anchor point samples to provide metadata for use in extrapolating information to classify the unknown sample.

A computer-implemented method includes monitoring, by a power monitor on a computer device, for a peripheral device connection. The peripheral device connection connecting a peripheral device to an input/output port of the computer device. The input/output port is configured to provide power from a power supply of the computer device to the peripheral device. In response to the monitoring for the peripheral device connection identifying the peripheral device connection, the method includes determining, by the power monitor, a device type and a negotiated power of the peripheral device as connected. The power monitor determines whether the negotiated power of the peripheral device as connected matches expected power information. In response to determining the negotiated power of the peripheral device does not match the expected power information, the power monitor takes action on the computer device.

A discrete three-dimensional (3-D) processor comprises stacked first and second dice. The first die comprises 3-D memory (3D-M) arrays, whereas the second die comprises logic circuits and at least an off-die peripheral-circuit component of the 3D-M array(s). In one preferred embodiment, the first and second dice are face-to-face bonded. In another preferred embodiment, the first and second dice have a same die size.

A discrete three-dimensional (3-D) processor comprises first and second dice. The first die comprises 3-D memory (3D-M) arrays, whereas the second die comprises logic circuits and at least an off-die peripheral-circuit component of the 3D-M array(s). Typical off-die peripheral-circuit component could be an address decoder, a sense amplifier, a programming circuit, a read-voltage generator, a write-voltage generator, a data buffer, or a portion thereof.

A discrete three-dimensional (3-D) processor comprises stacked first and second dice. The first die comprises three-dimensional memory (3D-M) arrays, whereas the second die comprises at least a portion of a logic/processing circuit and an off-die peripheral-circuit component of the 3D-M array(s). The preferred 3-D processor can be used to compute non-arithmetic function/model. In other applications, the preferred 3-D processor may also be a 3-D configurable computing array, a 3-D pattern processor, or a 3-D neuro-processor.

A system for intelligent managing whitelists and blacklist provides options and/or suggestions to the administrators and/or information technology team to allow administration of whitelists and/or blacklists based upon history and rules. For example, if permission to run a certain program is requested by several people in a group or organization and the program is not believed to have a virus, then, the administrator if presented with an option to enable (e.g., add to the whitelist) that program for the entire group or organization.

A system for intelligent managing whitelists and blacklist provides options and/or suggestions to the administrators and/or information technology team to allow administration of whitelists and/or blacklists based upon history and rules. For example, if permission to run a certain program is requested by several people in a group or organization and the program is not believed to have a virus, then, the administrator if presented with an option to enable (e.g., add to the whitelist) that program for the entire group or organization.

A guest operating system executing on a virtual machine hosted by a host operating system may forward information about the state of the guest operating system to the host operating system for analysis regarding security threats. The host operating system may also forward information about the state of the host operating system to the guest operating system for analysis regarding security threats. One or both of the guest operating system and the host operating system may also forward the information about their state(s) to a remote server for analysis regarding security threats to the machine running the host operating system and hosting the virtual machine running the guest operating system. Security threats may be identified based on a detection of abnormal behavior. Abnormal behavior may be detected using machine-learning models. The machine-learning models may be trained/refined over time based on collected state information.

A system for securing electronic devices includes a processor, a storage medium communicatively coupled to the processor, and a monitoring application comprising computer-executable instructions on the medium. The instructions are readable by the processor. The monitoring application is configured to receive an indication that a client has been affected by malware, cause the client to boot from a trusted operating system image, cause a launch of a secured security application on the client from a trusted application image, and analyze a malware status of the client through the secured security application.

Provided is a backup system including a storage system and a backup server, in which the backup server includes a ledger for managing a copy number and a backup acquisition date and time for each backup image, a data volume that stores data accessed by a business server, a backup image volume that stores a plurality of backup images at different time points of the data volume, an access volume having a volume ID for accessing the backup image from the backup server, and a data protection area including at least one volume having an internal volume ID instead of the volume ID for accessing from the backup server are configured in the storage system, and the backup image stored in the data protection area and the access volume are associated, and the backup image in the data protection area is provided to the backup server.