A suspicious event analysis device includes: a display device; a communication circuit, arranged to operably receive multiple suspicious activities records related to multiple computing devices in a target network and corresponding multiple time stamps and multiple attribute tags through internet; a storage circuit, arranged to operably store a suspicious event sequence diagram generating program; and a control circuit, arranged to operably execute the suspicious event sequence diagram generating program to conduct a suspicious event sequence diagram generating operation, so as to identify multiple suspicious events related to the target network as well as multiple time records corresponding to the multiple suspicious events, and to generate and display a suspicious event sequence diagram corresponding to the multiple suspicious events according to the multiple suspicious events and the multiple time records.

A cyber breach diagnostics system includes: an activity records collection device arranged to operably collect multiple suspicious activities records related to multiple computing devices in a target network and corresponding multiple time stamps and multiple attribute tags, and to operably process the multiple suspicious activities records, the multiple time stamps, and the multiple attribute tags to generate a return data; and a suspicious event analysis device arranged to operably conduct a suspicious event sequence diagram generating operation to identify multiple suspicious events related to the target network as well as multiple time records corresponding to the multiple suspicious events, and to operably generate and display a suspicious event sequence diagram corresponding to the multiple suspicious events according to the multiple suspicious events and the multiple time records.

The present teaching relates to a method and system for reducing request traffic directed to a server. Upon receiving a request associated with an application in a time-window, an identifier that is to be associated with the request is generated. A first criterion associated with the request is evaluated based on the identifier, and the request is transmitted to a server based on a second criterion related to the time-window and the first criterion.

The disclosure relates to a method of detecting suspicious electronic messages. The method is performed in a messaging server which is in communication with a plurality of message senders and a plurality of message receivers, and comprises the steps of: receiving electronic messages sent from the plurality of message senders to at least one message receiver; extracting from each received message at least one message sender feature and at least one message content feature; recording the extracted message sender features and message content features in a database; determining, on the basis of the message content features recorded in the database, whether a specific content feature that can be associated with a current message has already been recorded in the past; if the specific content feature has already been recorded in the past, determining, on the basis of the message sender features recorded in the database, a number of message senders that can be associated with the specific content feature; and classifying the current message as suspicious if the determined number of message senders that can be associated with the specific content feature exceeds a predetermined threshold value. Also disclosed is a messaging server implementing the above described method.

Embodiments for securely determining a separation distance between wireless communication devices is provided. These embodiments include receiving a measurement request and a first random identifier from a first wireless communication device at a second wireless communication device. The embodiments also includes deriving a transient key using the first random identifier, a second random identifier (generated by the second device), and a pre-shared key. The first and second random identifiers, the pre-shared key, and the transient key derived therefrom are shared between the first and second devices, but are not known to any other devices. The embodiments further include encrypting measurement data exchanged between the two devices using the transient key, and using the encrypted measurement data to calculate and verify a separation distance between the devices. The embodiments thus prevent dishonest wireless communication devices from intercepting communications and spoofing a location of one of the two honest devices.

A method includes receiving an ingress Diameter message related to a mobile subscriber from a MME located in a non-home network, sending a RIR message containing a mobile subscriber identifier to a HSS in a home network of the mobile subscriber, receiving identification information identifying a MME in the home network that conducted a most recent attachment of the mobile subscriber, utilizing the identification information to send an IDR message containing the mobile subscriber identifier to the identified MME, receiving an IDA message containing attachment timestamp data corresponding to the most recent attachment of the mobile subscriber in the home network, determining a transit time using the UE attachment timestamp data and timestamp information corresponding to the ingress Diameter message, and analyzing the transit time to determine if the ingress Diameter message is to be designated as a suspicious ingress message.

A concierge system assists users in completing tasks they have. The concierge system may provide a curated experience, so that the users are provided suggestions in how to complete their tasks. For example, if a user is interested in answering the question on what to have for dinner, the concierge system may provide advice on what to get and help the user have items needed delivered to the user's front door.

Systems and methods provide access to location-restricted resources outside of recognized locations. An example, a method includes receiving a request for a controlled access resource from a client device and determining that the request is not associated with a recognized location but that state data exists for the client device identifier. In response to identifying the state data, the method includes generating a link for accessing the controlled access resource at a server, generating an encrypted token including a timestamp, a random number, and licensed resource information from the state data, including the encrypted token in the link, and providing the link to the client device. The client device uses the link to request the controlled access resource from the server, which determines that the request includes the token, determines that the token is not expired, and provides the controlled access resource to the client device.

A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is big data driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

Method and system of encrypting data using device authentication key disclosed. The system of encrypting data may include a transmitting device, configured to transmit a device identification information to request an authentication and a receiving device, configured to perform the authentication, and to generate an authentication key to provide to the transmitting device when the authentication is successful,