The invention relates to data recovery technology. An archive connection driver creates a virtual storage medium that is readable by an operating system, with the operating system running antivirus scanning algorithms on the connected virtual storage medium. Corrupted data and malware are deleted and the relevant data blocks repaired in a connected backup. Corrupted data and infected files are restored in marked invalid data in the backup.

Systems and methods use negative feedback to create generic rules for a high dimensional sparse feature space. A system receives a set of fingerprints, where a fingerprint can be a set of features of a file. The fingerprints can be clustered according to similarity. For each cluster, a proto-rule is created that has a condition for each feature. The proto-rule is simplified using negative feedback to create a well-formed rule having a comparatively small subset of the conditions in the proto-rule that are useful in determining malware. The well-formed rule can be added to a set of rules used in a malware detection system.

A system, method and computer program product for computer based open innovation, includes an asset valuation device receiving asset information regarding tangible or non-tangible assets, and generating a valuation signal, based thereon; a self-executing code device receiving the valuation signal, and generating a self-executing code signal, based thereon; an air router device having both low band radio, and internet router channels for redundant internet communications, and a malicious code removal device for scrubbing malicious code from data received, receiving the valuation signal, and generating a node voting request signal, based thereon; a mesh network having node devices receiving the node voting request signal, and generating vote confirmation signals, based thereon; and computing devices connected to each of the respective node devices, and configured to perform non-fungible token (NFT) generation based on the assets, including tracking respective ownership and valuation of the assets, based on the asset information.

A computer system is provided. The computer system includes a memory and at least one processor coupled to the memory and configured to evaluate a risk associated with an email attachment based on application of security policies to properties of the attachment and to the context associated with receipt of the email. The at least one processor is further configured to detect an attempt by a user to open the email attachment. The at least one processor is further configured to prevent the opening of the attachment based on the evaluated risk. The at least one processor is further configured to redirect the attachment to a secure browser, hosted on a remote server, based on the evaluated risk.

According to some embodiments, a method is performed by a distributed cloud-native application. The method comprises receiving a request from a user to perform an operation. The user is associated with a risk profile. The method further comprises determining a call path through the distributed cloud-native application to perform the operation and classifying a risk level associated with the determined call path based on a distributed call graph. The distributed call graph comprises a risk value for each call path through the distributed cloud-native application and each call path comprises one or more distributed cloud-native application components. The risk value is based on a weakness rating associated with each component in the call path. The method further comprises determining the risk level associated with the determined call path is acceptable based on the risk profile associated with the user and performing the operation.

A process includes obtaining update history information that includes respective update histories of a plurality of versions of software, the plurality of versions including a first version immediately previous to a second version, identifying, from the update history information, second version that corresponds to the update history that includes a predetermined keyword, identifying, based on development history information that includes a change location in a source code of the software between the first version and the second version, a code block deleted from the source code when the first version is upgraded to the second version, as the code block that includes a possibility of including vulnerability, and detecting, out of the plurality of versions, a third version that includes the identified code block in the source code.

The present invention relates to a method for access control of a multimedia system to a secure operating system and a mobile terminal for implementing the method. The method includes the steps of: initiating an application access request for selecting a trusted application from a client application of a multimedia system to a secure operating system; making a decision as to whether the client application is a malicious application, and if not, proceeding to a next step, if yes, returning Selection Failure to the client application and performing an interrupt handling; sending the application access request from the multimedia system to the secure system; and acquiring, at the secure operating system, the trusted application based on the application access request and returning the trusted application to the multimedia system. The malicious accesses initiated by a malicious application to a trusted application in a securing operating system can be prevented without switching between systems, and the problem that a trusted application cannot be accessed due to malicious access can be avoided.

In some embodiments, a processor can receive an input string associated with a potentially malicious artifact and convert each character in the input string into a vector of values to define a character matrix. The processor can apply a convolution matrix to a first window of the character matrix to define a first subscore, apply the convolution matrix to a second window of the character matrix to define a second subscore and combine the first subscore and the second subscore to define a score for the convolution matrix. The processor can provide the score for the convolution matrix as an input to a machine learning threat model, identify the potentially malicious artifact as malicious based on an output of the machine learning threat model, and perform a remedial action on the potentially malicious artifact based on identifying the potentially malicious artifact as malicious.

A system and method of anti-malware analysis including iterative techniques that combine static and dynamic analysis of untrusted programs or files. These techniques are used to identify malicious files by iteratively collecting new data for static analysis through dynamic run-time analysis.

A system and method for software verification provides a lifting dictionary for each desired computer architecture. The lifting dictionary is used to translate native machine language instructions into descriptive intermediate language instructions. Each descriptive intermediate language instruction is atomic, in that, each descriptive intermediate language instruction changes at most one state of the emulated system. An emulator then runs the descriptive intermediate language instructions with tools that show each change of state after each DIL is emulated.