Methods and systems for defending an infrastructure against a distributed denial of service (DDoS) attack use a software decoy installed in the infrastructure to deliberately attract a malware. An address or a domain name of a command and control (C&C) server is extracted from the malware. A client of the infrastructure uses the address or the domain name of the C&C server to connect to the C&C server. The client receives a command intended by the C&C server to cause the client to participate in the DDoS attack. The client forwards particulars of the DDoS attack to a cleaning component. The cleaning component discards incoming signals having one or more of the particulars of the DDoS attack. The address or domain name of the C&C server may be obfuscated in the malware, in which case reverse engineering is used to decipher the malware.

An automated content entry detection system to identify inputs received automated agents. Aspects of the automated content entry system include various functional components to perform operations that include: receiving entries that comprise inputs into one or more data entry fields from user accounts; determining behavioral data of the entries based on one or more input attributes of the entries; generating a prediction to be assigned to the user accounts based on the one or more attributes of the entries; and performing operations that include denying further requests received from the automated agents based on the prediction.

A data processing system, according to various embodiments, may receive a data subject access request that includes a request to delete personal data of a particular data subject, modify personal data of the data subject, and/or provide personal data of the data subject. At least partially in response to receiving the data subject access request, the system may determine whether the data subject access request was initiated by an automated source. At least partially in response to determining that the data subject access request was initiated by an automated source, the system may automatically take at least one action to have the data subject access request reinitiated by a human source. At least partially in response to determining that the data subject access request was initiated by a human, the system may automatically facilitate the fulfillment of the data subject access request.

A system includes one or more BotMagnet modules that are exposed to infection by malicious code. The BotMagnets may include one or more virtual machines hosting operating systems in which malicious code may be installed and executed without exposing sensitive data or other parts of a network. In particular, outbound traffic may be transmitted to a Sinkhole module that implements a service requested by the outbound traffic and transmits responses to the malicious code executing within the BotMagnet. Credentials for services implemented by a BotSink may be planted in an active directory (AD) server. The BotSink periodically uses the credentials thereby creating log entries indicating use thereof. When an attacker accesses the services using the credentials, the BotSink engages and monitors an attacker system and may generate an alert. Decoy services may be assigned to a domain and associated with names according to a naming convention of the domain.

A system and method for detecting interactive network of automated accounts, the interactive network of automated accounts comprising a plurality of automated accounts posting to a social media channel, the system comprising: an ingestion engine operated by a computational device for connecting to the social media channel and receiving a plurality of social media postings from a plurality of posting entities; a bot model operated by a computational device for determining whether at least one posting entity is a suspected bot; and a computer network for communication between said computational devices.

A system for malware and anomaly detection via activity recognition based on sensor is disclosed. The system may analyze sensor data collected during a selected time period from one or more sensors that are associated with a device. Once the sensor data is analyzed, the system may determine a context of the device when the device is in a connected state. The system may determine the context of the device based on the sensor data collected during the selected time period. The system may also determine if traffic received or transmitted by the device during the connected state is in a white list. Furthermore, the system may transmit an alert if the traffic is determined to not be in the white list or if the context determined for the device indicates that the context does not correlate with the traffic.

The present invention relates to a user digital journey validation method comprising the steps of: connecting, by a fully distributed blockchain computer system, a trust network comprising: a plurality of user nodes; a plurality of trusted party nodes; a visitor node corresponding to a visitor to a digital service; and a plurality of links, the user nodes corresponding to users, the trusted party nodes corresponding to trusted parties, the visitor node being the most recent node in the trust network, the links being the connections between nodes; rating, by the trust network, the visitor node, the rating being a visitor trust score; recording, via a digital journey mapping system, a digital journey of the visitor; analysing, by the AI system, the digital journey of the visitor; detecting, by the AI system, bot-like behaviour associated with the visitor node or the user nodes; assigning, by the AI system, a warning flag to the visitor node or the user if the visitor node or user node has associated bot-like behaviour; removing, by the AI system, any fraudulent nodes in the trust network, the fraudulent nodes being user nodes or visitor nodes having associated warning flags; updating, by the trust network, the visitor trust score based on the analysis results of the digital journey and the removal of any links connected to or from fraudulent nodes; and providing, by the AI system, a signal or value indicative of a degree of trustworthiness, to the digital service. The present invention aims to provide a means of validating whether a visitor of a digital service is a human.

Arrangements for controlling access to a protected entity include receiving a redirected client request to access the protected entity that includes a public key of the client; granting, in response to the received redirected request, access tokens of a first type to a client using the public key of the client; identifying a conversion transaction identifying a request to convert the first type of access tokens with access tokens of a second type, the transaction designating the protected entity; determining a conversion value for converting the first-type access tokens into second-type access tokens based on at least one access parameter; converting, using the conversion value, a first sum of the first-type access tokens into a second sum of second-type access tokens; and granting the client access to the protected entity when the sum of second-type of access tokens is received as a payment from the protected entity.

Systems, methods, and apparatuses for authenticating requests to access one or more accounts over a network using authenticity evaluations of two or more automated decision engines are discussed. A login request for access to a user account may be submitted to multiple decision engines that each apply different rulesets for authenticating the login request, and output an evaluation of the authenticity of the login request. Based on evaluations from multiple automated decision engines, the login request may be allowed to proceed to validation of user identity and, if user identity is validated, access to the user account may be authorized. Based on the evaluations, the login attempt may also be rejected. One or more additional challenge question may be returned to the computing device used to request account access, and the login request allowed to proceed to validation of identity if the response to the challenge question is deemed acceptable.

A cloud based implemented method (and apparatus) includes receiving input data including bipartite graph data in a format of source MAC (Media Access Control) address data versus destination IP (Internet Protocol) data and timestamp information, and providing the input bipartite graph data into a first processing to detect malicious beaconing activities using a lockstep detection module on the input bipartite graph data, as executed in a cloud environment, to detect possible synchronized attacks against a targeted infrastructure.