Systems and methods of physical infrastructure and information technology infrastructure security are provided. A data processing system can provide distributed sensing through mobile devices, active cyber defense through time-based port hopping, and message delivery verification through retinal tracking.

A non-transitory computer-readable recording medium records a program for causing a computer to execute processes of: a collecting process of collecting a plurality of pieces of cyberattack information; a specifying process of analyzing the plurality of pieces of collected cyberattack information, specifying a plurality of addresses of cyberattack sources included in the plurality of pieces of cyberattack information, and specifying a period in which each of the specified addresses of the plurality of cyberattack sources is observed; a determining process of determining an address range or some addresses included in the address range as monitoring targets according to a result of comparing a first period distribution of an observed period corresponding to the plurality of specified addresses and a second period distribution of an observed period for each address range; and an outputting process of outputting information regarding the determined address range or some addresses included in the address range.

Secure operations can be performed using security module instances offered as a web service through a resource provider environment. State data and cryptographic material can be loaded and unloaded from the instance as needed, such that the instance can be reused for operations of different customers. The material and data can be stored as a bundle encrypted using a key specific to the hardware security module and a key specific to the resource provider, such that the bundle can only be decrypted in an instance of that type of security module from the associated manufacturer and operated by that particular resource provider. The customer is then only responsible for the allocation of that instance during the respective cryptographic operation(s).

A system for distributed key storage, comprising a requesting device communicatively connected to a plurality of distributed storage nodes, the requesting device designed and configured to receive at least a confidential datum, select at least a distributed storage node of a plurality of distributed storage nodes, whereby selecting further comprises receiving a storage node authorization token from the at least a distributed storage node, querying an instance of a distributed authentication listing containing authentication information using at least a datum of the storage node authorization token, retrieving an authentication determination from the instance of the authentication listing, and selecting the at least a distributed storage node as a function of the authentication determination, generate at least a retrieval authentication datum, and transmit the at least a confidential datum and the at least a retrieval verification datum to the at least a distributed storage node.

Techniques for providing a secure and verifiable data access logging system are disclosed herein. In some embodiments, a computer system receives an indication of a data request from a client device that is requesting data of one or more users from a data server, stores a request log entry corresponding to the data request in a log file, generates a request token based on the received indication of the data request, transmits the generated request token to the client device, receives a fetch event from the data server that requests a request digest corresponding to the request token and configured to indicate that the request log entry corresponding to the data request is stored in the log file, stores a response log entry corresponding to the received fetch event in the log file, and transmits the request digest to the data server based on the received fetch event.

Techniques are described for processing anomalies detected using user-specified rules with anomalies detected using machine-learning based behavioral analysis models to identify threat indicators and security threats to a computer network. In an embodiment, anomalies are detected based on processing event data at a network security system that used rules-based anomaly detection. These rules-based detected anomalies are acquired by a network security system that uses machine-learning based anomaly detection. The rules-based detected anomalies are processed along with machine learning detected anomalies to detect threat indicators or security threats to the computer network. The threat indicators and security threats are output as alerts to the network security system that used rules-based anomaly detection.

Systems and methods for using distributed ledger micro reporting tools are disclosed. In one embodiment, in a distributed computer application executed by an information processing apparatus comprising at least one computer processor, a method for using a distributed ledger micro reporting tool may include: (1) an event listener establishing a connection a distributed ledger; (2) in response to the creation of each block of a plurality of blocks on the distributed ledger, the listener reading block details from the block, wherein the block comprises a plurality of transactions, and the block details comprise a transaction hash for each of the plurality of transactions; (3) indexing the transaction hash with a timestamp; and (4) storing the index of the transaction hash with the timestamp.

A user requests to join a meeting is detected. The meeting includes a meeting audio stream of one or more participant audio streams that include participant timestamps that correspond to when one or more other users are in the meeting. The user is prompted for an authentication credential based on the detecting the request to join the meeting. A participant profile of the user is determined based the authentication credential. The user is authorized access to the meeting and a first timestamp is saved. A first audio stream of the user is recorded. The user is identified as having left the meeting and a second timestamp is saved. A transcript of the meeting audio stream is generated based on the first audio stream and the one or more participant audio streams. The first timestamp, the second timestamp, and the meeting are associated with the participant profile.

Certain embodiments described herein relate to a method for performing dead peer detection (DPD) by a local gateway. The method includes periodically examining one or more array elements of a timestamp array. The method further includes, for each of the examined one or more array elements, determining whether a corresponding idle timeout threshold is met. The method further includes, upon determining that the corresponding idle timeout threshold is not met, refraining from causing a notification to be transmitted to a peer gateway. The method also includes, upon determining that the corresponding idle timeout threshold is met, causing a notification to be transmitted to the peer gateway to determine whether the peer gateway is responsive with respect to a tunnel associated with the examined array element.

Certain embodiments described herein relate to a method for performing dead peer detection (DPD) by a local gateway. The method includes periodically examining one or more array elements of a timestamp array. The method further includes, for each of the examined one or more array elements, determining whether a corresponding idle timeout threshold is met. The method further includes, upon determining that the corresponding idle timeout threshold is not met, refraining from causing a notification to be transmitted to a peer gateway. The method also includes, upon determining that the corresponding idle timeout threshold is met, causing a notification to be transmitted to the peer gateway to determine whether the peer gateway is responsive with respect to a tunnel associated with the examined array element.