A system and method for preventing hacking of blockchain is proposed. The system includes a cryptocurrency owner configured to own a cryptocurrency wallet storing a cryptocurrency, a public key, and a private key, and capable of setting monitoring-subjected data and monitoring-excluded data, a hacking countermeasure system configured to check status of the cryptocurrency wallet by being connected to the cryptocurrency owner to receive the cryptocurrency and the public key, invalidate a hacking transaction when the hacking transaction matching the monitoring-subjected data is received, and allow the cryptocurrency to be traded by opening the cryptocurrency wallet with the private key and process transaction details into a block file when a monitoring-excluded transaction matching the monitoring-excluded data is received, and a blockchain network configured to receive the block file from the hacking countermeasure system and duplicate the block file into a plurality of block files to distribute and store each block file.

A device may receive security data identifying assets of an entity, security issues associated with the assets, and objectives associated with the assets and may utilize a data model to generate, based on the security data, asset related data identifying mapped sets of security data. The device may process a first portion of the asset related data, with a first model, to calculate an asset risk likelihood score for an asset of the assets and may process a second portion of the asset related data, with a second model, to calculate an asset criticality score for the asset. The device may process a third portion of the asset related data, with a third model, to calculate an asset control effectiveness score for the asset and may combine the scores to generate a security risk score for the asset. The device may provide the security risk score for display.

Embodiments of the present invention provide systems and methods for evaluating and weighting resource usage activity data. The system may establish a communicable link to a user device via a user application to receive resource activity data and historical data from one or more users or systems via multiple communication channels. The system may evaluate the historical data and determine evaluation criteria based on perceived chance of loss associated with particular metadata characteristics, and use the evaluation criteria as weighted metrics for determining an overall evaluation score for the user based on indication from resource activity data that the user has conducted resource transfers with entities or channels identified in the historical data.

Techniques for providing network traffic security in a virtualized environment are described. A threat aware controller uses a threat feed provided by a threat intelligence service to establish a threat detection engine on virtual switches. The threat aware controller and threat detection engine work together to detect any anomalous or malicious behavior of network traffic on the virtual switch and established virtual network functions to quickly detect, verify, and isolate network threats.

This disclosure is related to methods and apparatus used to for preventing malicious content from reaching a destination via a dynamic analysis engine may operate in real-time when packetized data is received. Data packets sent from a source computer may be received and be forwarded to an analysis computer that may monitor actions performed by executable program code included within the set of data packets when making determinations regarding whether the data packet set should be classified as malware. In certain instances all but a last data packet of the data packet set may also be sent to the destination computer while the analysis computer executes and monitors the program code included in the data packet set. In instances when the analysis computer identifies that the data packet set does include malware, the malware may be blocked from reaching the destination computer by not sending the last data packet to the destination computer.

A method for a cyber threat defense system is provided. The method comprises receiving a first abnormal behavior pattern where the first abnormal behavior pattern represents behavior on a first network deviating from a normal benign behavior of that network; and receiving a second abnormal behavior pattern where the second abnormal behavior pattern representing either behavior on the first network or on a second network deviating from a normal benign behavior of that network. The method further comprises comparing the first and second abnormal behavior patterns to determine a similarity score between the first and second abnormal behavior patterns and determining, based on the comparison, that the first abnormal behavior pattern likely corresponds to malicious behavior when the similarity score is above a threshold. A corresponding non-transitory computer readable medium is also provided.

Techniques for detection of the fraudulent use of content delivery network (CDN) served byte streams are described. A fraud detection service obtains CDN log data, distribution data, and account data and uses elements therefrom to perform a distribution-centric fraud analysis using machine learning techniques. Based on the likelihood of fraud determined by the analysis, the fraud detection service can rapidly perform actions to address the fraud, such as the termination of service for the distribution, throttling of resources provided for the distribution, or further investigation techniques.

A computer implemented method of identifying anomalous behavior of a computer system in a set of intercommunicating computer systems, each computer system in the set being uniquely identifiable, the method including monitoring communication between computer systems in the set for a predetermined baseline time period to generate a baseline vector representation of each of the systems; monitoring communication between computer systems in the set for a subsequent predetermined time period to generate a subsequent vector representation of each of the systems; comparing baseline and subsequent vector representations corresponding to a target computer system using a vector similarity function to identify anomalous behavior of the target system in the subsequent time period compared to the baseline time period, wherein a vector representation of the target system for a time period is generated based on a deterministic walk of a graph representation of communications between the computer systems in which nodes of the graph correspond to computer systems in the set and weighted directed edges between nodes of the graph correspond to a characteristic of communication between pairs of computer systems in the set.

The present disclosure presents blockchain-based cyber security management systems and related methods. One such method comprises obtaining cyber intelligence input data from a cyber defender computing device, wherein the cyber defender computing device manages network security of a network, wherein the cyber intelligence input data identifies a cyber attacker or a victim of a cyber attack on the network; executing one or more Cyber Security Management (CSM) functions with the cyber intelligence input data received from the cyber defender computing device and cyber data stored in the blockchain ledger, wherein the cyber data stored in the blockchain ledger provides details on a cyber attack on a network that is managed by another cyber defender computing device; and outputting an alert to the cyber defender computing device with a potential cyber attacker or potential victim of the cyber attack on the network managed by the cyber defender computing device.

A method of determining that a client is likely engaged in the sending of spam emails via a network node. The method comprises, at the network node, defining a message size threshold and a message sending rate threshold, detecting the opening of Simple Mail Transfer Protocol, SMTP connections between a client device and an email server, identifying messages sent from the client over the SMTP connections which exceed said message size threshold and counting the identified messages to determine a client email message sending rate. The method further comprises making an assumption that the client is engaged in the sending of spam emails if the client message sending rate exceeds said message sending rate threshold.