A system and method for batched, supervised, in-situ machine learning classifier retraining for malware identification and model heterogeneity. The method produces a parent classifier model in one location and providing it to one or more in-situ retraining system or systems in a different location or locations, adjudicates the class determination of the parent classifier over the plurality of the samples evaluated by the in-situ retraining system or systems, determines a minimum number of adjudicated samples required to initiate the in-situ retraining process, creates a new training and test set using samples from one or more in-situ systems, blends a feature vector representation of the in-situ training and test sets with a feature vector representation of the parent training and test sets, conducts machine learning over the blended training set, evaluates the new and parent models using the blended test set and additional unlabeled samples, and elects whether to replace the parent classifier with the retrained version.

The portable peripheral (1001) of communication with a data storage peripheral and a data network utilizing the internet protocol, comprises: a connector to mechanically connect and establish a removable wired connection between the peripheral and a portable terminal, a first means of wired bidirectional communication with the portable terminal, a second means of bidirectional communication with a data storage peripheral or a data network and a security unit protecting the communication between the portable terminal and the data storage peripheral or the data network, this communication being established between the first and the second means of communication.

The portable peripheral (1001) of communication with a data storage peripheral and a data network utilizing the internet protocol, comprises: a connector to mechanically connect and establish a removable wired connection between the peripheral and a portable terminal, a first means of wired bidirectional communication with the portable terminal, a second means of bidirectional communication with a data storage peripheral or a data network and a security unit protecting the communication between the portable terminal and the data storage peripheral or the data network, this communication being established between the first and the second means of communication.

Secure device data records (DDRs) are provided. In some embodiments, a system for secure DDRs includes a processor of a wireless communication device for wireless communication with a wireless network, in which the processor is configured with a secure execution environment, and in which the secure execution environment is configured to: monitor service usage of the wireless communication device with the wireless network; and generate a plurality of device data records of the monitored service usage of the wireless communication device with the wireless network, in which each device data record is associated with a unique sequence order identifier; and a memory coupled to the processor and configured to provide the processor with instructions. In some embodiments, the secure execution environment is located in an application processor, in a modem processor, and/or in a subscriber identity module (SIM).

Secure device data records (DDRs) are provided. In some embodiments, a system for secure DDRs includes a processor of a wireless communication device for wireless communication with a wireless network, in which the processor is configured with a secure execution environment, and in which the secure execution environment is configured to: monitor service usage of the wireless communication device with the wireless network; and generate a plurality of device data records of the monitored service usage of the wireless communication device with the wireless network, in which each device data record is associated with a unique sequence order identifier; and a memory coupled to the processor and configured to provide the processor with instructions. In some embodiments, the secure execution environment is located in an application processor, in a modem processor, and/or in a subscriber identity module (SIM).

In one embodiment, a networking device in a network detects an traffic flow conveyed in the network via the networking device. The networking device generates flow data for the traffic flow. The networking device performs a classification of the traffic flow using the flow data as input to a machine learning-based classifier. The networking device performs a mediation action based on the classification of the traffic flow.

In one embodiment, a networking device in a network detects an traffic flow conveyed in the network via the networking device. The networking device generates flow data for the traffic flow. The networking device performs a classification of the traffic flow using the flow data as input to a machine learning-based classifier. The networking device performs a mediation action based on the classification of the traffic flow.

Techniques for neutralizing malicious malware embedded in a media item being sent to a user equipment (UE) are discussed herein. A network device may receive (e.g., intercept) a medial file in transit via a wireless communication network being sent to a UE. The media file may include some type of perceptible content (e.g., audio, video, image data, etc.) as well as malware embedded in the media file. The network device may generate a transcoded media file based on the received media file that includes the perceptible content while neutralizing the malware.

Techniques for neutralizing malicious malware embedded in a media item being sent to a user equipment (UE) are discussed herein. A network device may receive (e.g., intercept) a medial file in transit via a wireless communication network being sent to a UE. The media file may include some type of perceptible content (e.g., audio, video, image data, etc.) as well as malware embedded in the media file. The network device may generate a transcoded media file based on the received media file that includes the perceptible content while neutralizing the malware.

A method for monitoring and identifying changes in one or more parameters of an OS is disclosed. The method includes performing a measurement by a measurement application of a first computer system of the one or more parameters of a first OS executing on the first computer system, receiving the measurement of the one or more parameters of the first OS by an appraisal application, and storing the measurement of the one or more parameters of the first OS in a data store. The method also includes comparing the measurement with one or more first OS parameter norms associated with the first network slice, and identifying a change in the one or more parameters of the first OS by the appraisal application in response to comparing the measurement of the one or more parameters of the first OS with the one or more first OS parameter norms.