A method for managing operation of a circuit includes activating a trigger engine, receiving signals from a target circuit, and detecting a hardware trojan based on the signals. The trigger engine may generate a stimulus to activate the hardware trojan, and the target circuit may generate the received signals when the stimulus is generated. The trigger engine may be a scan chain which performs a circular scan by shifting bit values through a series of flip-flops including a feedback path. The target circuit may be various types of circuits, including but not limited to a high-speed input/output interface. The hardware trojan may be detected based on bit-error rate information corresponding to the signals output from the target circuit.

In some embodiments, a processor can receive an input string associated with a potentially malicious artifact and convert each character in the input string into a vector of values to define a character matrix. The processor can apply a convolution matrix to a first window of the character matrix to define a first subscore, apply the convolution matrix to a second window of the character matrix to define a second subscore and combine the first subscore and the second subscore to define a score for the convolution matrix. The processor can provide the score for the convolution matrix as an input to a machine learning threat model, identify the potentially malicious artifact as malicious based on an output of the machine learning threat model, and perform a remedial action on the potentially malicious artifact based on identifying the potentially malicious artifact as malicious.

There is disclosed in one example a malware analysis server, including: a hardware platform including a processor and a memory; a machine learning model; a store of known objects previously classified by the machine learning model; and instructions encoded within the memory to instruct the processor to: receive a test sample; apply the machine learning model to the test sample to provide the test sample with classified features; compute pairwise distances between the test sample and a set of known objects from the store of known objects; select a group of near neighbor samples from the set of known objects; select a group of far neighbor samples from the set of known objects; and generate an explanation for the test sample according to the near neighbor samples and far neighbor samples.

An apparatus for biometric security having a biometric scanner for capturing over a first field of view image data representative of one or more biometric objects associated with a subject, and a presentation attack detection system for capturing over a second field at one or more locations along the subject information indicative of presence of the one or more biometric objects. One or more processers utilizes the image data received from the biometric scanner to select such one or more locations, and to direct the second field of view of the presentation attack detection system to obtain the information along one or more of the selected one or more locations, and to determine in accordance with the information when the first field of view contains a true or fake presentation to the biometric scanner.

Exemplary security applications and systems are described herein. Such embodiments may be configured to provide backup functionality and ransomware protection for cloud storage systems. The described embodiments may monitor cloud storage systems to detect and classify various events. And the embodiments may perform any number of actions based on classified events, such as transmitting notifications to users, preventing a user or application from accessing the cloud storage system, and/or restoring infected files.

In an example there is provided an apparatus for a computing system. The apparatus comprises a central processing unit (CPU) and at least one further hardware component. The apparatus comprises a probe communicatively coupled with the hardware component and the CPU, to intercept communication between the hardware component and CPU and an inspection module communicatively coupled to the probe, to access communication data intercepted at the probe relating to communication between the hardware component and CPU determine a state of a process executing on the CPU, on the basis of the communication data and apply a model to the state to infer malicious activity on the CPU.

Disclosed herein are systems and methods for granting access to a file. In one aspect, an exemplary method comprises, calculating a first hash of a portion of the file, searching for the first hash in a local database, when the first hash is found indicates that the file is malicious, calculating a second hash, searching for the second hash in the verdict cache, and pronouncing a final decision as to a harmfulness of the file, and when either the first hash is not found in the verdict cache or the first hash is found and indicates that the file is trusted, granting access to the file, calculating a second hash of the file, generating a request for information about the file and sending the request to a remote server, and pronouncing a decision as to harmfulness of the file based on results of the search received from the remote server.

A vehicle diagnostic device includes: a communication unit that communicates with a vehicle which drives autonomously; and a diagnostic unit that performs, via the communication unit, diagnosis as to whether the vehicle is being hacked. The diagnostic unit performs the diagnosis by checking resilience of software which runs a travel system provided in the vehicle.

Disclosed herein are systems and methods for determining a coefficient of harmfulness of a file using a trained learning model. In one aspect, an exemplary method includes forming a first vector containing a plurality of attributes of a known malicious file. A learning model is trained using the first vector to identify a plurality of significant attributes that influence identification of the malicious file. A second vector is formed containing a plurality of attributes of known safe files. The learning model is trained using the second vector to identify attributes insignificant to the identification of the malicious file. An unknown file is analyzed by the learning model. The learning model outputs a numerical value identifying a coefficient of harmfulness relating to a probability that the unknown file will prove to be harmful.

Aspects of the present disclosure are presented for an AI system featuring specially designed AI hardware that incorporates security features to provide iron clad trust and security to run AI applications/solution models. Presented herein are various security features for AI processing, including: a trust and integrity verifier of data during operation of an AI solution model; identity and trust establishment between an entity and the AI solution model; secure isolation for a virtual AI multilane system; a real-time attack detection and prevention mechanism; and built in detection mechanisms related to rogue security attack elements insertion during manufacturing. Aspects also include security to implement an AI network interconnecting multiple user devices in an AI environment.