An analytics containment system store RSSI values of connected stations and corresponding time stamps. If two or more stations have RSSI values within a certain proximity within a certain time period, a first condition for identifying analytics poisoning has been satisfied. Additionally, if RSSI values for the two or more stations changes at similar rate, the stations have satisfied a second optional condition.

A method for computer system forensics includes receiving an identification of at least one host computer that has exhibited an anomalous behavior, in a computer network comprising multiple host computers. Respective images of the host computers in the network are assembled using image information collected with regard to the host computers. A comparison is made between at least one positive image of the at least one host computer, assembled using the image information collected following occurrence of the anomalous behavior, and one or more negative images assembled using the image information collected with respect to one or more of the host computers not exhibiting the anomalous behavior. Based on the comparison, a forensic indicator of the anomalous behavior is extracted from the positive and negative images.

A system and method detects and handles replay attacks using counters maintained for each of several different periods for various values of IP addresses and browser description attributes encountered.

A first set of device usage characteristics of a first user interaction with a user communication device are received. For example, a device usage characteristic may be an average key pressure, a used WiFi access point, an install date of an application, an angle of a user communication device, etc. The first set of device usage characteristics of the first user interaction with the user communication device are compared to a second set of device usage characteristics of a second user interaction with the user communication device that is stored in a blockchain. One or more reason codes that identifies why the first and second compared sets of device usage codes do not match is generated in response to the first and second compared sets of device usage characteristics not matching. The one or more reason codes are used for identifying a level of trust of a user in a communication session.

Aspects of the subject disclosure may include, for example, obtaining a content item, receiving a first token that comprises an identification of a date and a time when a first portion of the content item is obtained, a location where the first portion of the content item is obtained, or a combination thereof, and transmitting the content item and the first token to a database. Other embodiments are disclosed.

A server obtains a challenge from another computer system during a negotiation with a client according to a protocol. The server injects the challenge into a message of the protocol to the client. The client uses the challenge in an authentication request. The server submits the authentication request to the other computer system for verification. The other computer system verifies the authentication request using a key registered to the client. The server operations are further dependent at least in part on whether verification of the authentication request was successful.

A method and system for dynamically modifying rules in a firewall infrastructure. A signed passport is encrypted based on a public key certificate registered with a trusted signer. The signed passport includes a hash value that includes a heart-beat time-out interval and a firewall rule. A trigger signal within the heart-beat time-out interval is generated. The signed passport and the trigger signal are transmitted within the heart-beat time-out interval to a border control agent of a firewall in the firewall infrastructure. In response to receiving, from the border control agent, a continuous confirmation of the firewall rule within a time interval shorter than the heart-beat time-out interval, the firewall is modified according to the firewall rule. In response to determining that the trigger signal was not received by the border control agent within the heart-beat time-out interval, the firewall rule is reset.

The system receives exemplary time-series sensor signals comprising ground truth versions of signals generated by a monitored system associated with a target use case and a synchronization objective, which specifies a desired tradeoff between synchronization compute cost and synchronization accuracy for the target use case. The system performance-tests multiple synchronization techniques by introducing randomized lag times into the exemplary time-series sensor signals to produce time-shifted time-series sensor signals, and then uses each of the multiple synchronization techniques to synchronize the time-shifted time-series sensor signals across a range of different numbers of time-series sensor signals, and a range of different numbers of observations for each time-series sensor signal. The system uses the synchronization objective to evaluate results of the performance-testing in terms of compute cost and synchronization accuracy. Finally, the system selects one of the multiple synchronization techniques for the target use case based on the evaluation.

A computer-implemented method for detecting replay attack comprises: obtaining at least one candidate transaction for adding to a blockchain, the obtained candidate transaction comprising a timestamp; verifying if the timestamp is within a validation range and if an identification of the candidate transaction exists in an identification database; and in response to determining that the timestamp is within the validation range and the identification does not exist in the identification database, determining that the candidate transaction is not associated with a replay attack.

A method of scheduling and validating a multiple-participant process, the method including: submitting, by a submitting node associated with a participant in the multiple-participant process, a proposed transaction by sending a cryptographically-protected message to one or more recipient nodes, wherein the cryptographically-protected message includes at least an unencrypted submessage readable by an external node and a cryptographically-protected submessage to preserve privacy from at least the external node; determining, by the external node, an order of the proposed transaction relative to other transactions; by way of at least some of the recipient nodes, validating the cryptographically-protected message; receiving a confirmation of validity of the cryptographically-protected message from at least some of the recipient nodes; finalizing the proposed transaction, as a confirmed transaction, based on receiving one or more confirmations from at least some of the recipient nodes that satisfy a confirmation condition; and writing the confirmed transaction to a distributed ledger according to the order determined by the external node.