In a general aspect, a network transmission interface can include, within an egress data path, a physical coding sublayer (PCS) operating in a constant bitrate domain for transmitting data frames on a network link; a timestamp unit configured to insert timestamps in payloads of the frames; a transmission media access control (MAC) unit located at a boundary between the constant bitrate domain and a variable bitrate domain, configured to receive the frames at a variable bitrate, encapsulate the frames, and provide the encapsulated frames at a constant bitrate; a MAC layer security unit located downstream from the timestamp unit, configured to sign and optionally encrypt the payloads and expand each frame with a security tag and an integrity check value (ICV). The timestamp unit and the MAC layer security unit (26b) can both operate in the constant bitrate domain.

A data processing system communicates with a secure third-party database to provide updated user data that is then usable by a plurality of other entities. In some embodiments, the system may be configured to coordinate access to user account information via user-provided authentication credentials, apply account identification rules to the accessed account information to identify a plurality of accounts of the user, and initiate updates to a database record of the user at the secure third-party database associated indicative of any accounts identified.

A data processing system communicates with a secure third-party database to obtain information about a plurality of users and generates a model usable to identify other users with similar characteristics. A scoring algorithm may be selected for use on user data based on the associated users identified with the model. The scoring algorithm determines an estimated score change for the user, and may provide the user information regarding how the user can achieve the estimated score change.

A data processing system is disclosed for data processing, including database and file management, as well accessing one or more databases or other data structures, authenticating users, and categorizing data items for addition to the database system. In some embodiments, the system may be configured to coordinate access to user account information via user-provided authentication credentials; apply account identification rules to the accessed account information to identify a plurality of accounts of the user; and initiate updates to a database record associated with the user indicative of any accounts identified.

A data processing system communicates with a secure third-party database to obtain information about a user that is usable to determine one or more items associated with the user. The system then coordinates gathering and identification of additional data relevant to the user from other third-party data sources, to potentially update the user's information stored with the secure third-party database. The updated information may then be accessed at the secure third-party database to determine items associated with the user, which may include additional items in view of the additional data

A user permission system manages and regulates access to secure data at one or more third-party data sites. The system may provide access to one or more databases or other data structures based on user authentication and access rules that have been established, such as by a user associated with the data being accessed at the third party data store. Access may be provided via an API to the third-party data site, along with access credentials of a user with data stored with the third-party data site, allowing the system to access data on behalf of the user.

Techniques are provided herein for contextual embedding of features of operational logs or network traffic for anomaly detection based on sequence prediction. In an embodiment, a computer has a predictive recurrent neural network (RNN) that detects an anomalous network flow. In an embodiment, an RNN contextually transcodes sparse feature vectors that represent log messages into dense feature vectors that may be predictive or used to generate predictive vectors. In an embodiment, graph embedding improves feature embedding of log traces. In an embodiment, a computer detects and feature-encodes independent traces from related log messages. These techniques may detect malicious activity by anomaly analysis of context-aware feature embeddings of network packet flows, log messages, and/or log traces.

A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is big data driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

The present embodiments relate to an image processing apparatus and a user authentication method of the image processing apparatus. The image processing apparatus according to an embodiment of the disclosure includes: a first authentication unit configured to receive first authentication data from a user terminal, and to determine whether the first authentication data matches pre-stored first reference data to authenticate the user terminal; and a second authentication unit configured to generate, when additional authentication is set up, second reference data, requesting the user terminal to send second authentication data, to receive the second authentication data from the user terminal, and to determine whether the second authentication data matches the second reference data to authenticate the user terminal.

A suspicious event analysis device includes: a display device; a communication circuit, arranged to operably receive multiple suspicious activities records related to multiple computing devices in a target network and corresponding multiple time stamps and multiple attribute tags through internet; a storage circuit, arranged to operably store a suspicious event sequence diagram generating program; and a control circuit, arranged to operably execute the suspicious event sequence diagram generating program to conduct a suspicious event sequence diagram generating operation, so as to identify multiple suspicious events related to the target network as well as multiple time records corresponding to the multiple suspicious events, and to generate and display a suspicious event sequence diagram corresponding to the multiple suspicious events according to the multiple suspicious events and the multiple time records.