An attack analyzer includes: a security log acquisition unit acquiring a security log including an abnormality detection signal generated by a security sensor mounted on an electronic control device constituting part of an electronic control system and indicating that the security sensor has detected an abnormality; an alive signal acquisition unit acquiring an alive signal; a prediction table storage unit storing a prediction table showing a correspondence relationship between a predicted attack route in the electronic control system and a predicted abnormality detection signal predicted to be generated by the security sensor; an attack route estimation unit estimating, using the prediction table, the attack route of an attack received by the electronic control system from the abnormality detection signal and the alive signal included in the security log; and an attack information output unit outputting attack information indicating the attack route.

An industrial control system and a method of inspecting one or more communication packets in an industrial control system may be provided, the industrial control system firewall module comprising a packet accessing component configured to access a communication packet of an industrial control system; a firewall rules database, the firewall rules database configured to store one or more firewall rules; an inspection module configured to access the one or more firewall rules based on an industrial protocol associated with the communication packet; and the inspection module is further configured to perform a comprehensive inspection of all header fields and data fields of the communication packet based on the one or more firewall rules accessed based on the industrial protocol associated with the communication packet.

Aspects of the disclosure relate to cloud computing architectures. A system may include a plurality of clouds. One or more of the clouds may transfer data to another one or more of the clouds. A data integration platform may control the data transfer. The transfer may be securely routed through the data integration platform. The transfer may be logged, and the log may be transmitted to an administrative network.

Methods and systems are provided for processing a stream of incoming messages sent from a specific input message source and validating each incoming message of that stream before sending them to a specific target system.

Systems and methods for managing communication of a plurality of devices in a computer network having a plurality of access points, including identifying, by a second access point of the computer network, a communication request from at least one device of the plurality of devices; sending, by a first access point of the computer network, at least one communication rule to the second access point, the at least one communication rule including conditions for communication corresponding to the identified communication request; and blocking, by the second access point, communication to the second access point when the received communication request is inadmissible according to the at least one communication rule.

The main objective of Certificate Transparency (CT) is to detect mis-issued certificates or rouge certificate authorities. It has been observed that phishing sites have been increasingly acquiring certificates to look more legitimate and reach more victims, thus providing an opportunity to predict phishing domains early. The present disclosure provides systems and methods for early detection of phishing and benign domain traces in CT logs. The provided system may predict phishing domains early even before content is available via time-, issuer-, and certificate-based characteristics that are used to identify sets of CT-based inexpensive and novel features. The CT-features are augmented with other features including passive DNS (pDNS) and domain-based lexical features.

The present invention discloses a detection method of security equipment based on ALG protocol to realize TCP stack information leak, including: S1, a client sending a detection packet containing an ALG protocol stack to a server; S2, the server responding to the detection packet, wherein a response packet of the server in response to the detection packet includes basic information of a software to be detected and protocol stack information of the security equipment; S3, the client receiving the response packet. The detection method constructs a detection packet containing a protocol stack of a security equipment to enable the security equipment to return the corresponding protocol stack information, thereby recognizing the transparent deployed security equipment to achieve a genuine purpose of network equipment recognition.

In one embodiment, a method comprises: tracking, by a first security agent executed within a user network device, a plurality of wireless data networks that are available for connection by the user network device for secure communications with a second network device in a secure peer-to-peer data network, and maintaining a history of each of the wireless data networks; determining for each of the wireless data networks, by the first security agent, a corresponding risk assessment that identifies a corresponding risk in encountering a cyber threat on the corresponding wireless data network; and supplying, to a second security agent executed within the user network device, a recommendation for connecting to a wireless data link identified as avoiding the cyber threat during the secure communications, wherein the user network device has a two-way trusted relationship with the second network device in the secure peer-to-peer data network.

The system may include a method comprising requesting, by a computer, a receiver identifier associated with a receiver; receiving, by the computer, the receiver identifier in association with content; constructing, by the computer, a URL link comprising access to DICOM viewer code, DICOM data for the selected images, a sender identifier and the receiver identifier; generating, by the computer, a notification to the receiver, wherein the notification includes the URL link; and transmitting, by the computer, the notification to a receiver based on the receiver identifier.

A computer system for verifying information relating to an event. The computer system includes a network interface and a processor to receive a media feed containing information related to a potential event, identify the potential event and determine a location of the potential event from the information in the media feed, and solicit verification of information relating to the potential event from a set of responder devices of a plurality of responder devices. Each responder device of the set of responder devices has a location-tracking device, and each responder device of the set of responder devices is selected from a pool of responder devices in a vicinity of the potential event. The processor is further to determine whether information in the media feed is verified by verification solicited from the set of responder devices and output the determination.