An optimization apparatus collects cyber attack information that is information related to a cyber attack, and system information that is information related to an entire system including a device that has received the cyber attack. Based on the collected cyber attack information and system information, the optimization apparatus identifies an attack route of the cyber attack, and extracts, as dealing point candidates, devices that are on the attack route and have an effective dealing function against the cyber attack. Subsequently, the optimization apparatus selects a dealing point from the extracted dealing point candidates by using optimization logic that has been set.

In a method for detecting unauthorized or suspicious financial activity, a graph convolutional network for financial crime prevention, a separate node is created for each entity: each account, each person, each address (e.g. email address), etc. Separate attributes are provided to aggregate transactions in which the node acts as a sender; transactions in which the node acts as a receiver; transactions using a specific channel (e.g. ATM); and transactions of a specific type (e.g. online money transfer). In some embodiments, the attributes exclude data on individual transactions to reduce the amount of data and hence provide more effective computer utilization. The approach is suitable for many applications, including anti-money laundering. Other features are also provided, as well as systems for such detection.

A secure data broker includes a public network interface, an authorization module, a database interface, and an encryption module. The public network interface is configured to receive a database query and authorization information from a client device over a secure connection and return a response to the database query to the client device over the secure connection. The authorization module is configured to authorize the client device based on the authorization information, which was issued to the client device by the public safety platform. The database interface is configured to submit the database query to a secure database in response to the authorization of the client device and to receive the response to the database query from the secure database. The encryption module is configured to encrypt the response to the database query using a broker key.

Systems, methods, and software can be used to share content. In some aspect, an electronic device selects a base station to camp on. A first message is sent from the electronic device to the base station. The first message is addressed to a server and requests the server to send a second message to the electronic device. Whether the electronic device receives the second message from the base station within a threshold time period after the first message is sent is determined. The electronic device determines that the base station has a security risk based at least in part on whether the second message is received within the threshold time period.

Collection and analysis of network transaction information which includes the mobile device's usage, location, movements coupled with data from non-wireless network sources allow for the automation of analysis for the detection of smuggling or other criminal behaviors and tasking of high-accuracy location surveillance.

A method, computer program product, and computer system for applying deductive artificial intelligence (AI) attribution and auditability to data inputs, wherein the deductive AI may account for ontologies and competing system information, and wherein the deductive AI attribution and auditability may be applied to the data inputs by user workflow. The data inputs applied with the deductive AI attribution and auditability may be processed via a feedback loop to align a sense-understand-decide-act (SUDA) understanding with an inductive AI understanding. The inductive AI may be automated via the feedback loop based upon, at least in part, an AI expert system processing of the data inputs. One or more policy based rules may be developed for user automation authorization based upon, at least in part, the feedback loop.

An apparatus, method, and computer program product that intentionally illuminate at least one target device with electromagnetic energy having specific characteristics (e.g., frequency, power, waveform, directionality, duration, etc.). The target device, which may be an unpowered data storage device, acts as a non-linear mixer and is forced to emit radiative signals containing information about the target device behavior, state, and physical characteristics. Embodiments receive the forced emissions, extract useful data, and analyze the data to determine target device characteristics (e.g., a target device type, based on a comparison of data from known types). Embodiments control the illumination so the forced emissions radiate from an enclosure without interfering with tactical communications, and so that stored target device data is not affected. Embodiments can locate a hidden target device via the strength and directionality of the forced emissions. The apparatus is portable for use by military, intelligence, and security personnel.

A method of detecting an event includes selecting a region and time frame of interest, obtaining a set of social media data streams associated with the region and the time frame of interest, and applying a lexical graph generation algorithm to the set of social media data streams to obtain lexical graphs. Performing similarity analysis on the lexical graphs is based on candidate lexical graphs related to the event to generate matching data, and investigating the event is based on the matching data.

There is provided a method of tracking a plurality of military units during a battlefield exercise. The method comprising receiving an operational hierarchy, said operational hierarchy: (a) associating each unit of the plurality of military units with one or more respective tasks, and (b) associating each unit with one or more respective unit elements. For one or more time periods of the battlefield exercise, receiving respective unit element tracking data for each element. For the one or more time periods, updating the operational hierarchy by applying a trained classification algorithm to the respective unit element tracking data to generate an updated operational hierarchy for said time period. The step of updating comprises, modifying one or more of the associations between each unit and one or more respective unit elements or one or more respective tasks.

A computer-implemented method of managing security services for one or more cloud computing platforms is disclosed. The method comprises receiving, by a security gateway system having a processor, a digital communication related to one of one or more computing applications hosted by a virtual cluster for private use on a cloud computing platform, the security gateway system residing within the cloud computing platform, the security gateway system performing network security gateway functions for the one or more computing applications. The method also comprises storing the digital communication in association with a timestamp in a storage device. The method further comprises receiving a piece of threat intelligence data indicating a security threat from a main controller residing outside the virtual cluster; storing the piece of threat intelligence data in a database; and determining whether the piece of threat intelligence data applies to any of the digital communications in the storage device. Finally, the method comprises transmitting an estimate of an extent or timing of an impact of the security threat based on the determining.