A detection device includes: an acquisition unit configured to acquire a target distribution that is a distribution of reception intervals of periodic messages transmitted in an in-vehicle network; an extraction unit configured to extract a part of the target distribution acquired by the acquisition unit, in accordance with a predetermined criterion; and a detection unit configured to perform a detection process of detecting an unauthorized message, based on the part, of the target distribution, extracted by the extraction unit.

Generally discussed herein are devices, systems, and methods for improving legacy cyber security solutions. A method can include receiving a sequence of traffic data, the sequence of traffic data representing operations performed by devices communicatively coupled in a network, generating, by cyber security event detection logic, actions corresponding to the sequence of traffic data, the actions corresponding to a cyber security event in the network, creating a training dataset based on the sequence of traffic data, the training dataset including the actions as labels, training a machine learning model based on the training dataset to generate a classification indicating a likelihood of the cyber security event, and distributing the trained machine learning model in place of the cyber security event detection logic.

Systems, methods, and computer-readable media for on-demand security provisioning using whitelist and blacklist rules. In some examples, a system in a network including a plurality of pods can configure security policies for a first endpoint group (EPG) in a first pod, the security policies including blacklist and whitelist rules defining traffic security enforcement rules for communications between the first EPG and a second EPG in a second pods in the network. The system can assign respective implicit priorities to the one or more security policies based on a respective specificity of each policy, wherein more specific policies are assigned higher priorities than less specific policies. The system can respond to a detected move of a virtual machine associated with the first EPG to a second pod in the network by dynamically provisioning security policies for the first EPG in the second pod and removing security policies from the first pod.

Device and method for intrusion detection in a computer network. A data packet is received at an input of a hardware switch unit, an output of the hardware switch unit being selected for sending the data packet or a copy as a function of data link layer information from the data packet and of a hardware address from a memory of the hardware switch unit. An actual value from a field of the data packet is compared by a hardware filter with a setpoint value for values from this field, the field including data link layer data or network layer data, and the data packet or a copy of the data packet being provided to a computing device as a function of a result of the comparison. The analysis for detecting an intrusion pattern in a network traffic in the computer network id carried out by the computing device.

A method includes obtaining a first plurality of encrypted traffic flows traversing a communication network, performing a first classification, wherein a result of the first classification identifies a traffic type associated with each encrypted traffic flow of the first plurality of encrypted traffic flows, and wherein the first classification is based on a traffic pattern of the each encrypted traffic flow, performing a second classification, wherein a result of the second classification identifies a traffic type associated with each server name indication from which the first plurality of encrypted traffic flows is associated, and wherein the second classification is based on the result of the first classification, and performing a third classification identifying a traffic type associated with each encrypted traffic flow of the first plurality of encrypted traffic flows, wherein the third classification is based on a combination of the results of the first classification and the second classification.

Systems, methods, and devices for performing a layer-2 scan of one or more communication networks to collect detailed information regarding the components/devices attached to the networks at a particular location (e.g., metropolitan area, city, university campus, building, floor within a building, etc.), and using the collected detailed information to generate a device profile for each of the devices attached to the one or more communication networks at the particular location. A server computing device may use the generated device profiles to perform inventory control operations, wireless vendor integration operations and/or security operations. For example, the server may use the device profiles to determine whether a component/device attached to any of the networks is non-benign (e.g., improperly configured, running malware, operated by hacker, spoofing a server, dropping packets, etc.), and initiate a reactive or mitigating action (e.g., quarantine the device, etc.).

A method may include receiving a consent-processing request at a consent management platform from a content-presentation device, and using an identifier string in the request to establish a secure interactive session configured for user selection of consent options associated with a particular consent package of the platform, where the package may include identifiers of consent features of a media distribution system that require user consent in order to be activated for the device. The platform may then receive, via the interactive session, user consent data including a respective consent choice for each of one or more consent options, where each respective consent choice indicates acceptance or rejection of consent to activating an associated consent feature identified with the particular consent package. The received respective consent choices may be stored in a database of the consent management platform. Corresponding data may be stored in a whitelist on the content-presentation device.

A communication system and a communication method for reporting a compromised state in one-way transmission are provided. The communication method includes: receiving a packet by a first port; coupling an error checking circuit to the first port, wherein the error checking circuit checks a header of the packet; coupling a first unidirectional coupler to the first port and the error checking circuit, and coupling a second unidirectional coupler to the first port and the error checking circuit; in response to an error being in the header, disabling the first unidirectional coupler and the data inspection circuit and enabling the second unidirectional coupler by the error checking circuit; receiving the packet from the communication device by a receiving server; and in response to determining the received packet is incomplete by the receiving server, outputting the compromised state by the receiving server.

Systems, methods, and computer readable media are directed in various embodiments for providing multiuser sessions for coordinated electronic transactions. A technical solution is directed to coordinating the electronic transactions across a plurality of instances, where the underlying users of the instances can include at least two users. Access to sensitive information can be restricted using a trusted execution environment and access can be given in accordance with the coordinated electronic transactions.

An example method includes detecting, using sensors, packets throughout a datacenter. The sensors can then send packet logs to various collectors which can then identify and summarize data flows in the datacenter. The collectors can then send flow logs to an analytics module which can identify the status of the datacenter and detect an attack.