A method comprises receiving, at a network infrastructure device, a flow of packets, determining, using the network infrastructure device and for a first subset of the packets, that the first subset corresponds to a first datagram and determining a first length of the first datagram, determining, using the network infrastructure device and for a second subset of the packets, that the second subset corresponds to a second datagram that was received after the first datagram, and determining a second length of the second datagram, determining, using the network infrastructure device, a duration value between a first arrival time of the first datagram and a second arrival time of the second datagram, sending, to a collector device that is separate from the network infrastructure device, the first length, the second length, and the duration value for analysis.

In some examples, a first node is able to communicate with one or more second nodes for participating in a consensus system. The first node may receive, from a computing device, a request to execute a first smart contract associated with a first blockchain. The first node may invoke execution of the first smart contract to cause the first smart contract to execute a transaction by reading at least a portion of transaction data from the first blockchain as a transaction result. Further, the first node may check whether a simulation indicator has been set, which indicates that an expiration time of the first smart contract has been reached. Based on determining that the first smart contract has the simulation indicator set, the first node refrains from writing the transaction result to the blockchain as a valid transaction result and sends the transaction result to the computing device.

An attack detection device includes: a receiver configured to receive messages that are periodically transmitted from a communication device in a network; and a processor. The processor predicts a number of messages to be received by the receiver in a specified monitor range based on a transmission cycle of the messages so as to generate a predicted value. The processor counts a number of messages received by the receiver in the specified monitor range so as to generate a count value. The processor detects an attack in the network according to a result of a comparison between the predicted value and the count value.

A system and a method for secure communications over a network, the method comprising: receiving a data packet from a first device, the data packet comprising an encrypted data part and a metadata part, the metadata part comprising a cleartext part and removable metadata, the removable metadata comprising a network access code that is authenticatable by means of a network access key; validating the data packet, wherein validating the data packet comprises authenticating the network access code using the network access key; removing the removable metadata from the data packet after validating the data packet, thereby altering the data packet; and transmitting the altered data packet to a second device. The system comprises a first, a second, and a third device. The third device may comprise a receiver and a transmitter, and a validator that comprises a processor and a memory.

Methods and systems are described in which a system provides a user interface to confirm whether to review or take an action associated with an untrusted email. A driver on a device monitors the startup of any processes. Responsive to monitoring, the driver detects an application process that was created that indicates than an application was launched, and notifies a user console about the creation of the application process. The user console determines if the application process is of significance, if so, it injects a monitor library into the process. Once injected into the process, the monitor library detects if the application process receives an action of a user to access a domain that is not identified as trusted. The monitor library notifies the user console of the user's URL-access request.

The present disclosure is directed to a method of identifying an infected network node. The method includes identifying a first network node as infected. The method includes collecting a first set of network data from the first network node including anomalous activities performed by the first network node. The method includes generating an anomalous behavior model using the first set of network data. The method includes collecting a second set of network data from a second network node including anomalous activities performed by the second network node. The method includes comparing the second set of data to the generated anomalous behavior model. The method includes determining, from the comparison, that a similarity between first characteristics and second characteristics exceeds a predefined threshold. The method includes ascertaining, based on the determination, the second network node as an infected network node.

A system and method that uses scheduling problems as proof of work in a blockchain system, and that evaluate schedules based on a physics model and a timeline. The system and method can maintain a secured chain of linked messages that include object states and schedule portions. Processing circuitry can receive a message related to an updated state of an object, determine whether the updated state of the object should be linked into the secured chain of linked messages, determine a portion of a schedule for addressing the object based on the updated state of the object as proof of work, create a new message that links the updated state of the object into the secured chain to form an updated chain of linked object state messages and that includes the determined portion of the schedule, and broadcast the new message as the secured chain of linked messages.

A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is big data driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

Systems and methods for location-based automated authentication are disclosed. A system comprises a mobile device, a sensor and a backend platform. The sensor and the backend platform are in network communication. The mobile device is operable to continuously transmit Bluetooth Low Energy (BLE) signals comprising encrypted transitory identifiers. The sensor is operable to receive a BLE signal from the mobile device when the mobile device is within a predetermined range, and communicate over a network connection the encrypted transitory identifier comprised in the BLE signal to the backend platform. The backend platform is operable to extract a unique identifier and a changing encrypted identifier from the received encrypted transitory identifier, generate a changing encrypted identifier, and validate a user identification by comparing the generated changing encrypted identifier and the extracted changing encrypted identifier.

Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for managing blockchain-based centralized ledger systems. One of the methods includes transmitting a timestamp request for a to-be-timestamped block of a blockchain at a time point to a trust time server by a ledger server in a blockchain-based centralized ledger system that stores data in the blockchain, the trust time server being associated with a trust time authority and independent from the blockchain-based centralized ledger system, the blockchain including a plurality of blocks storing transaction data, and disregarding the timestamp request in response to determining that a predetermined time period has lapsed after the time point and that there has been no reply to the timestamp request from the trust time server.