Described herein are solutions for detecting anomalies in communications exchanged through a communication network between a respective source and a respective destination. For this purpose, a computer (40a) generates pre-processed data (PD) that comprise one or more tokens for the respective communication. Next, the computer divides the monitoring interval (MI) into a training interval (TI) and a verification interval (VI).

The computer then generates (1008) a first list of features (F.sub.SRC,TI) for the connections of a given source (SRC) in the training interval (TI). For this purpose, the computer determines, for the connections of the given source (SRC), the unique destination identifiers and, for each token, the respective unique values. Next, the computer determines a first set of enumeration rules and associates, by means of the first set of enumeration rules, to each connection a respective enumerated destination identifier and one or more respective enumerated tokens. Likewise, the computer generates, by means of a second set of enumeration rules, a second list of features (F.sub.GRP,TI) for the connections of a set of devices (GRP) to which the given source (SRC) belongs.

The computer then generates (1010) a first set of Bayesian networks by training, for each feature of the first list of features (F.sub.SRC,TI), a respective Bayesian network using the data of the other features of the first list of features (F.sub.SRC,TI), and generates a second set of Bayesian networks by training, for each feature of the second list of features (F.sub.GRP,TI), a respective Bayesian network using the data of the other features of the second list of features (F.sub.GRP,TI).

Next, the computer generates, for the connections of the given source (SRC) in the verification interval (VI), a third list of features (F.sub.SRC,VI) using the first set of enumeration rules and a fourth list of features (F.sub.GRP,VI) using the second set of enumeration rules. Consequently, by means of the first set of Bayesian networks and the second set of Bayesian networks, the computer can classify each value of the third list of features (F.sub.SRC,VI) and of the fourth list of features (F.sub.GRP,VI), respectively, as normal or anomalous. In various embodiments, the classification can also use one or more SVMs (Support Vector Machines).

A computer-implemented method, system and computer program product for embedding contextual information in an image or video frames. A generative adversarial network (GAN) is trained to provide contextual information to be embedded in an image or video frames, where the contextual information includes text, sound and/or video frames that provides context to the image or video frames. After training the GAN, an image or video frames are received to be embedded with contextual information if necessary. Features are then extracted from the received image/video frames. An image(s) or video frame(s) are identified in a database using the GAN associated with features with a similarity to the extracted features of the received image/video frames that exceeds a threshold value. Such identified images and/or video frames are associated with “references” containing contextual information which are extracted. The received image/video frames are then augmented with the extracted references to provide context.

A method for acquiring measurements for a data structure corresponding to an array of variable includes: selecting a subset of elements from the data structure; measuring a sampled value for each of the selected subset of elements; storing each of the sampled values in a K-nearest neighbour (KNN) database and labelling the sampled value as certain; generating a predicted value data structure where each predicted element is generated as the value of its nearest neighbor based on the values stored in the KNN database; for each predicted element: retrieve the predicted element's X nearest neighbours for the sampled value in the KNN database, and when a value of the X nearest neighbours is the same as the predicted element, the predicted element is labelled as certain, otherwise the predicted element is labelled the values as uncertain; and repeating until all elements are labelled as certain.

Integration code usable to cause a computing device to determine which category from a plurality of categories corresponds to an interface of an interface provider is generated based at least in part on output from a machine learning algorithm trained to categorize interfaces. The computing device is caused, by providing the integration code to the computing device, to execute the integration code to cause the computing device to evaluate characteristics of an interface of an interface provider, determine a category of an interface of the interface provider, and interact with the interface in a manner that accords with the category.

Certain embodiments involve flow-based color transfers from a source graphic to target graphic. For instance, a palette flow is computed that maps colors of a target color palette to colors of the source color palette (e.g., by minimizing an earth-mover distance with respect to the source and target color palettes). In some embodiments, such color palettes are extracted from vector graphics using path and shape data. To modify the target graphic, the target color from the target graphic is mapped, via the palette flow, to a modified target color using color information of the source color palette. A modification to the target graphic is performed (e.g., responsive to a preview function or recoloring command) by recoloring an object in the target color with the modified target color.

A method of using an adaptive fault diagnostic system for motor vehicles is provided. A diagnostic tool collects unlabeled data associated with a motor vehicle, and the unlabeled data is transmitted to a central computer. An initial diagnostic model and labeled training data associated with previously identified failure modes and known health conditions are transmitted to the central computer. The central computer executes a novelty detection technique to determine whether the unlabeled data is novelty data corresponding with a new failure mode or normal data corresponding with one of the previously identified failure modes or known health conditions. The central computer selects an informative sample from the novelty data. A repair technician inputs a label for the informative sample, and the central computer propagates the label from the informative sample to the associated novelty data. The central computer updates the labeled training data to include the labeled novelty data.

A method, a computing unit and a system for token-based information exchange between a computing unit of a first entity (400A) and a computing unit of one second entity (400B) are presented. The method comprises obtaining (110) a token set (200A) associated with the first entity (400A) and a token set (200B) associated with the one second entity (400B), clustering (120) the token set (200A) associated with the first entity (400A) into clusters, requesting (130) information on tokens (205, 205A, 205B) from the computing unit of the one second entity (400B), receiving (140) information on said tokens (205, 205 A, 205B) from the computing unit of the one second entity (400B), determining (150) an active cluster associated with the first entity (400A), modifying (160) the token subset (310, 320) associated with the determined active cluster of the first entity (400A) at least partly with information on the received tokens (205, 205A, 205B) associated with the second entity (400B).

A method, a computing unit and a system for token-based information exchange between a computing unit of a first entity (400A) and a computing unit of one second entity (400B) are presented. The method comprises obtaining (110) a token set (200A) associated with the first entity (400A) and a token set (200B) associated with the one second entity (400B), clustering (120) the token set (200A) associated with the first entity (400A) into clusters, requesting (130) information on tokens (205, 205A, 205B) from the computing unit of the one second entity (400B), receiving (140) information on said tokens (205, 205 A, 205B) from the computing unit of the one second entity (400B), determining (150) an active cluster associated with the first entity (400A), modifying (160) the token subset (310, 320) associated with the determined active cluster of the first entity (400A) at least partly with information on the received tokens (205, 205A, 205B) associated with the second entity (400B).

Systems, methods, and non-transitory computer-readable media can identify a virtual character being presented to a user within a real-time immersive environment. A first animation to be applied to the virtual character is determined. A nonverbal communication animation to be applied to the virtual character simultaneously with the first animation is determined. The virtual character is animated in real-time based on the first animation and the nonverbal communication animation.

A cybersecurity incident is registered at a security incident response platform. At a playbook generation system, details are received of the cybersecurity incident from the security incident response platform. At least some of the details correspond to a set of features of the cybersecurity incident. A set or subset of nearest neighbors of the cybersecurity incident is localized in a feature space. The nearest neighbors of the cybersecurity incident are other cybersecurity incidents having a distance from the cybersecurity incident within the feature space that is defined by differences in features of the nearest neighbors with respect to the set of features of the cybersecurity incident. A playbook is created for responding to the cybersecurity incident having prescriptive procedures based on occurrences of prescriptive procedures previously employed in response to the nearest neighbor cybersecurity incidents. The differences in features of the nearest neighbors with respect to the set of features of the cybersecurity incident are calculated, for at least one feature, using a present-or-equal metric, and for at least one other feature, using a symmetric difference metric. The playbook generation system is also a parent recommendation system, which identifies a parent for the cybersecurity incident, based on distances of the nearest neighbors of the cybersecurity incident in the feature space. The parent recommendation system adjusts, based on the recommended parent or the parent other than the recommended parent being selected, weights of features upon which distances in the feature space are based.