A method for preventing Medium Access Control (MAC) spoofing attacks in a communication network may include obtaining, by a protection layer, a connecting request for connecting a terminal to the communication network. The method may include issuing, by the protection layer, a MAC authentication request to a Network Admission Control (NAC) server, the MAC authentication request may be a request to determine whether a MAC address of the terminal is whitelisted. The method may include responding, by the NAC server, to the MAC authentication request of the protection layer by allowing the terminal to join the communication network based on whether the MAC address of the terminal is whitelisted. The method may include sending, by the NAC server, a log message to a log analyzer server, the log message including a result identifying whether the MAC address of the terminal is whitelisted.

The technology disclosed is a method of testing handling of secure communication sessions of clients with servers by device or system under test (DUT). The method includes (i) establishing a secure communication session between the client and the server while the client and the server transitions past a standards-required verification step or validation step without performing the required verification or validation, (ii) establishing a secure communication session between the client and the server while the client and the server reuse standards-required security mechanisms without generating or obtaining new standards-required security mechanisms, or (iii) establishing a secure communication session between the client and the server while the client and the server generate and transmit content contrary to an established standard-based procedure that poses certain requirements of the content.

The technology described herein visibly depicts hidden message traits to help users determine whether an email is genuine or deceptive. The hidden message traits are revealed by identifying and changing attributes that keep the hidden traits from being displayed in a rendered message. Spam messages, phishing messages, and messages that include or link to malicious programs (e.g., malware, ransomware) are examples of unwanted messages that can harm a recipient. These messages often rely on deception to get past email filtering systems and to trick a user into acting on content in a message. The deception often involves including hidden traits in a message that fool an automated filtering system. The technology described herein shows the visible traits to a user by including them in the rendered version of the message.

A database protection system (DPS) is configured to dynamically-optimize security rule validation throughput based on evaluating resource consumption data collected from prior validations. In particular, the DPS analyzes collected resource consumption information and determines which security rules in a set should then be active. To this end, the DPS is configured with multiple security rules engines (SREs), and each is configured to evaluate the same set of security rules. When an SRE applies a validation (to a request or response flow), an associated collector collects and analyzes associated resource consumption data. This data is provided to an optimizer, which receives similar resource consumption data from other SREs. Based on the resource consumption data collected from the SRE collector(s), the optimizer dynamically optimizes security rules validation in real-time, e.g., by dynamically switching on or off given security rule(s) in the set of security rules at given one(s) of the SREs.

Embodiments of the invention are directed to enabling access transaction systems to accept different communication protocols. In some embodiment, an access device receives, from a portable device, an indication that a transaction is to be performed by exchanging transaction information between the portable device and a remote computer, wherein the remote computer is configured to communicate using a first communication protocol. Next, the access device determines that the portable device is configured to communicate using a second communication protocol. The access device then converts communications between the portable device and the remote computer from the second communication protocol to the first communication protocol to assist the portable device and the remote computer in exchanging the transaction information.

A system and method for determining human keystrokes in a secure shell (SSH) session from SSH session data traffic provides insight and evidence of an intrusion into a computer network. In one embodiment, the presence of human keystroke(s) in an SSH session may be inferred using a sensor appliance. In one embodiment, the SSH data traffic is encoded in a vector, one or more communication patterns are identified in the vector and the presence of human keystrokes may be inferred from the one or more communication patterns.

A system and method provide cognitive computing services, comprising: one or more Internet of Things (IoT) sensors; an edge analytics device that performs a preliminary analysis of the IoT sensor data; a cloud computing device of the cloud environment that stores a set of application programming interfaces (APIs) for interfacing between the cloud environment and the IoT sensors and an underlying infrastructure; an analytics device that performs analytics on the IoT sensor data; and a cognitive computing device that regulates one or more of the IoT sensors or the edge analytics device by modifying one or more rules performed by the one or more of the IoT sensors or the edge analytics device.

A communication network authenticates the source of messages transmitted on a flat bus to determine the presence of spoofing events. A programmable intrusion detection device is connected to the bus at a fixed location and compiles templates for various tri-bit signal pulses that form the data transmitted as messages between network nodes. Each tri-bit template compares unique signal characteristics inherent in the signal waveform received by the device from each node, the unique characteristics being directly attributable to the physical topology of the network. In use, the device uses the templates to calculate an inferred source identifier for each message. The inferred source identifier is then compared against the declared source identifier, which is embedded in message metadata, to authenticate the message source. Any lack of reconciliation between the inferred and declared source identifiers causes the device to mark the message as spoofed and initiate a designated response.

A method includes receiving, over an audio channel at a first audio input device, a first audio signal. The method also includes analyzing the first audio signal to identify at least a first portion of authentication data transmitted from an authentication token. The method further includes verifying transmittal of the authentication data by the authentication token utilizing at least a second audio signal. The second audio signal is received at a second audio input device, and the second audio signal comprises at least a second portion of the authentication data. The method further includes providing the authentication data to a validating application responsive to verifying transmittal of the authentication data by the authentication token.

Systems, methods, and computer-readable media are provided for generating a unique ID for a sensor in a network. Once the sensor is installed on a component of the network, the sensor can send attributes of the sensor to a control server of the network. The attributes of the sensor can include at least one unique identifier of the sensor or the host component of the sensor. The control server can determine a hash value using a one-way hash function and a secret key, send the hash value to the sensor, and designate the hash value as a sensor ID of the sensor. In response to receiving the sensor ID, the sensor can incorporate the sensor ID in subsequent communication messages. Other components of the network can verify the validity of the sensor using a hash of the at least one unique identifier of the sensor and the secret key.