Techniques are described herein that are capable of using security event correlation to describe an authentication process. Multiple events may describe a common (i.e., same) attempt to authenticate the user. For instance, a first event may include a first description of the attempt, a second event may include a second description of the attempt, and a third event may include a third description of the attempt. The first, second, and third events may be correlated based at least in part on the first, second, and third descriptions. The first, second, and third events may be aggregated to provide an aggregated event that includes an aggregation of the first, second, and third descriptions. An authentication report may be generated to include the aggregation of the first, second, and third descriptions to describe the authentication process.

A method of radio communication of a slave device with a master device, the method comprising steps of: receiving (202) by the slave device of a connection request sent by the master device comprising first communication parameters for communicating with the master device, the communication parameters being indicative of a sequence of frequency channels to be used during successive periods to communicate with the master device, during one of the periods, implementing by the slave device of a processing capable of causing the master device to send a connection update comprising second parameters for communicating with the master device to be used in place of the first communication parameters, the processing comprising an action (210) on one of the frequency channels capable of causing the master device to detect a degradation in communication quality on the frequency channel.

Systems and methods are disclosed for computer network threat assessment. For example, methods may include receiving from client networks respective threat data and storing the respective threat data in a security event database; maintaining affiliations for groups of the client networks; detecting correlation between a network threat and one of the groups; identifying an indicator associated with the network threat, and, dependent on the affiliation for the group, identifying a client network and generating a message, which conveys an alert to the client network, comprising the indicator; responsive to the message, receiving, from the client network, a report of detected correlation between the indicator and security event data maintained by the client network; and updating the security event database responsive to the report of detected correlation.

An abnormality detection apparatus for a mobility entity and for detecting an abnormality in a network system is provided. The network system includes a first network and a second network that use different communication protocols. A first communication circuit receives state information indicating a state of the mobility entity. The state information is acquired from the second network. A second communication circuit transmits and receives a first frame according to a communication protocol used in the first network. A memory stores an abnormality detection rule. A processor detects, based on the state information and the abnormality detection rule, whether a control command included in the first frame received by the second communication circuit is abnormal. In a case where the control command is abnormal, the processor prohibits the control command from being transmitted.

Methods, non-transitory computer readable media, network traffic manager apparatuses, and systems that assist with detecting changes to a firmware software components, and configuration parameters includes obtaining an executable file comprising a basic input-output system firmware and software component data of a hardware component at run-time. A hash value for the obtained executable file at the run-time is identified. The identified hash value is compared with a stored hash value associated with the obtained executable file to determine when the obtained executable file is unmodified, wherein the stored hash value was determined at a build time of the hardware component. The obtained executable file of the hardware component is executed when the obtained executable file is determined to be unmodified.

Each of a plurality of endpoint computer systems monitors data relating to a plurality of events occurring within an operating environment of the corresponding endpoint computer system. The monitoring can include receiving and/or inferring the data using one or more sensors executing on the endpoint computer systems Thereafter, for each endpoint computer system, artifacts used in connection with the events are stored in a vault maintained on such endpoint computer system. A query is later received by at least a subset of the plurality of endpoint computer systems from a server. Such endpoint computer systems, in response, identify and retrieve artifacts within the corresponding vaults response to the query. Results responsive to the query including or characterizing the identified artifacts is then provided by the endpoint computer systems receiving the query to the server.

A method for protecting against cyber attacks in a communication network of a vehicle, including the steps of acquiring dominant voltage measurements; obtaining an electrical characteristic of nodes that transmit messages by acquiring consecutive groups of voltage measurements at receiving nodes and calculating a distribution thereof; calculating values of distribution statistics; calculating a cumulative voltage deviation for each value of statistic; and obtaining a voltage profile by adding the cumulative voltage deviations of each statistic, executing a malicious-node detection procedure and then executing a transmitting-node identification procedure including comparing the at least one characteristic parameter against all the corresponding characteristic parameters of all the messages, defining a range of variation of the characteristic parameter with respect to a given number of previous samples; and evaluating whether the value of the parameter falls within the range of variation of one of the messages and identifying as malicious the node that transmits the message.

A Unified Content Delivery Network system (UCDN) system which is formed from a network of one or more inter-operable Peer networks.

A hierarchical hybrid adaptive Secure Peer-Assisted Networking System (termed SPAN-AI),using a hierarchical AI driven approach under a unified secure content-addressable architecture which is based on five key SPAN-AI sub systems: unified naming; unified discovery; hybrid adaptive routing; scalable pubsub; and embedded security; all of said five key SPAN-AI sub systems securely integrated and jointly optimized via a hierarchical, pluggable AI framework, with an associated simulation, training, and development pipeline that embeds AI agents with varying degrees of awareness and optimization capabilities at peer, edge, or core or other network levels (hierarchies).

In some examples, a method for performing an out-of-band security inspection of a device comprises generating a snapshot of the state of the device, storing data representing the snapshot to a non-volatile storage of the device, and storing a hash of the snapshot in a device BIOS, transitioning the power state of the device, triggering boot of a trusted diskless operating system image, providing the data representing the snapshot and the hash of the snapshot to the trusted diskless operating system image, and executing a script selected on the basis of a trigger event and the hash of the snapshot to analyse at least a portion of the non-volatile storage of the device.

A feature selection recommendation system, the feature selection recommendation system comprising a processing circuitry configured to: obtain: (a) a training data-set, the training data-set comprising a plurality of records, each record including a collection of features describing a given allowed state of a physical entity, and (b) a selection of one or more selected features of the features; generate, using a causality discovery model, for a plurality of pairs of the features of the training data-set, a respective causality score, the causality score being indicative of an influence between the features of the respective pair; identify additional recommended features, being one or more features that comply with a recommendation condition based on the plurality of pairs and the causality scores generated for the pairs; and provide a user of the feature selection recommendation system with an indication of the additional recommended features.