A method of identifying risky user behaviors in computer networks includes determining behavior data of a user. The behavior data describes user activities of the user using a computer network. A particular event chain is identified from the behavior data. The particular event chain includes one or more events of the user activities. A risk coefficient of the particular event chain is determined. Based on the risk coefficient, whether the particular event chain represents a risky user behavior is determined.

Embodiments utilize two types of passwords that each, separately, allow a device user to logon to a network. The first is a master password that allows a user to log on at any time. The second is a turn-varying password that changes with each logon and is valid for only one logon. The network may be accessed by using either the master password or the turn-varying password. The turn-varying password may be presented to a user at the device. A device and a network apparatus may each initially synchronize and maintain a turn state that is based on a number of user logons. When a logon occurs, the device and network apparatus update the turn-varying password for the next logon using the turn-varying password. If a user is in an unsecure location and logs on only using the turn-varying password, a sniffed or stolen turn-varying password is not useable.

A method and system of detecting a delinquent mobile user device. An international mobile subscriber identity (IMSI) of a subscriber identity module (SIM) card of the user device is determined by the user device. The IMSI is sent to a Remote Recovery Server (RRS). A message is received from the RRS as to whether the IMSI is authorized for the user device. Upon determining that the IMSI is not authorized for the user device, a notification is displayed on a display of the user device.

In one embodiment, a networking device in a network detects an traffic flow conveyed in the network via the networking device. The networking device generates flow data for the traffic flow. The networking device performs a classification of the traffic flow using the flow data as input to a machine learning-based classifier. The networking device performs a mediation action based on the classification of the traffic flow.

In one embodiment, a networking device in a network detects an traffic flow conveyed in the network via the networking device. The networking device generates flow data for the traffic flow. The networking device performs a classification of the traffic flow using the flow data as input to a machine learning-based classifier. The networking device performs a mediation action based on the classification of the traffic flow.

Measurements of a device's firmware are made regularly and compared with prior, derived measurements. Prior measurements are derived from a set of identical firmware measurements obtained from multiple devices having the same make, model and firmware version number. The firmware integrity status is reported on a data and device security console for a group of managed endpoints. Alerts about firmware changes, which may be potential attacks on the firmware, are given automatically.

Detecting fraudulent activity can be a complex, manual process. In this paper, we adapt statistical properties of count data in a novel algorithm to uncover records exhibiting high risk for fraud. Our method identifies shelves, partitioning data under the counts using a Student's t-distribution. We apply this methodology on a univariate dataset including cumulative results from phone calls to a customer service center. Additionally, we extend this technique to multivariate data, illustrating that the same method is applicable to both univariate and multivariate data.

A system is disclosed for managing a communication network subscription identifier associated with a device. The system comprises a Core Network node configured to provide a subscription identifier for the device to a Device Management node with management responsibility for the device. The system further comprises a Verification node configured to receive from the Device Management node the subscription identifier and a characteristic of the device, and to bind the subscription identifier to the characteristic such that the subscription identifier is uniquely associated with the characteristic. The system further comprises a Network Access node configured to obtain the subscription identifier from the device. The Verification node, Network Access node and Core Network node are configured to cooperate to verify that the device from which the Network Access node obtained the subscription identifier is in possession of the characteristic that is bound to the subscription identifier.

A method and apparatus for preventing access to an IoT device is provided herein. During operation an apparatus will inquire about current and/or past connections to an IoT device. A list of identities of current and/or past apparatuses that were connected to the IoT device will be provided, and a determination on whether or not to allow access to the IoT device will be based on the identities of current and/or past apparatuses that are accessing, or have accessed the IoT device.

A method for preventing fraud in incentive transactions is provided that includes receiving metadata from a brand manufacturer for an incentive associated with a selected product, the metadata including a product identifier and a redemption rule. The method includes requesting a host to create a record in a distributed ledger for the incentive using the metadata, providing the incentive to a consumer via a mobile device, assigning a public address to the incentive, receiving from the host a first private key associated with the public address in the record, providing the first private key to the consumer, and receiving a second private key indicative of a redemption of the incentive at a retailer. The method includes validating redemption of the incentive and recording the redemption of the incentive at a retailer in the distributed ledger record when the redemption of the incentive is validated. A system to perform the above method is also provided.