A system for detecting malware is described. The system features a traffic analysis device and a network device. The traffic analysis device is configured to receive data over a communication network, selectively filter the data, and output a first portion of the data to the network device. The network device is communicatively coupled with and remotely located from the traffic analysis device. The network device features software that, upon execution, (i) monitors behaviors of one or more virtual machines processing the first portion of the data received as output from the traffic analysis device, and (ii) detects, based on the monitored behaviors, a presence of malware in the first virtual machine.

An example method includes receiving an indication of a selection of a first application environment that includes a first virtual environment associated with a first security domain and is configured to isolate execution of software applications within the first application environment, suspending execution of a second application environment that includes a second virtual environment associated with a second security domain different from the first security domain, initiating execution of the first application environment, identifying information associated with the first security domain and provided by the first application environment that is to be sent to an external computing device associated with the first security domain, selecting communication network(s) from one or more communication networks that are each available to the mobile computing device for data communication, encrypting, based on the first security domain and network(s), the information, and sending, to the external computing device via the network(s), the encrypted information.

Described herein is a process which facilitates segmented security between domain-specific data sets being evaluated as part of a candidate evaluation service and third-party evolution services, wherein the data sets are not transmitted to the evolution service which is evolving candidates for evaluation. This enables customers with secure data sets to use candidate evolution services securely by obtaining a population of potentially optimal candidate models to evaluate and then optimizing on those data sets in their own secure fashion.

Various examples described herein are directed to identifying a particular computing device, such as a computing device having malware. A DNS query may be received with a token identifying an originating computing device. The DNS query may be compared to a list of domain names associated with particular characteristics, such as having malware. The token may be used to identify the originating computing device and perform further actions.

Technologies for managing network traffic through heterogeneous fog network segments of a fog network include a fog node deployed in a fog network segment. The fog node is configured to receive a fog frame that includes control instructions. The fog node is further configured to perform a route selection action to identify a preferred target fog node based on the control instructions, perform action(s) based on the control instructions and network characteristic(s) of the fog network segment relative to corresponding network characteristic(s) of the different fog network segment, and generate updated control instructions based on at least one network characteristic of the different fog network segment. Additionally, the fog node is configured to replace the original control instructions of the received fog frame with the updated control instructions and transmit the received fog frame with the updated control instructions to the preferred target fog node. Other embodiments are described and claimed.

Various embodiments relate generally to computer science, data science, application architecture, and computer data security. More specifically, techniques for credential and authentication management in scalable data networks is described, including, but not limited to, multiplexed data exchanges in a scalable data network. For example, a method may include receiving a subset of requests to access a data network. The requests each may originate from an associated computing device having a source identifier. The method also may include data to cause modification of data representing presentation of a hosted page via the data network, monitoring data traffic from the data network and managing actions initiated via a request based on the data traffic. Optionally, data traffic received via an aggregation port may be filtered to origination of a request associated with a source identifier.

Herein is disclosed a method of verifying the authenticity of emails sent from a first email application of a sender to a second email application of a recipient, the emails each having a sender's email address, a receiver's email address, and a user accessible field for receiving content. The content of the user accessible field is visible to the recipient upon opening an email inbox in the second email application. The method includes the steps of first identifying the receiver for an email to be sent by the sender. A current sequence marker for the receiver is then generated. The current sequence marker represents a next sequence identifier in a sequence of emails between the sender and the receiver. The current sequence marker is then inserted into the user-accessible field of the email and the email is then sent.

A method for link layer authentication includes receiving, at an edge network access node, a link layer authentication packet from a client, seeking network access, using a remote NAS agent running on the edge network access node. The method transmits, using a tunneling connection, the link layer authentication packet to a remote NAS in a link layer authentication process. The link layer authentication process exchanges the link layer authentication packet with an authentication server to authenticate the client. The method includes receiving a link layer authentication packet from the remote NAS over the tunneling connection. The received link layer authentication packet includes a response from the authentication server regarding the transmitted link layer authentication packet. The method includes transmitting the received link layer authentication packet to the client and, in response to link layer authentication packets resulting authorization, authorizing the client for network access through the edge network access node.

A computer security system with enhanced whitelisting includes administrative interfaces that accept user inputs to create and modify entries in a whitelist that define which programs are allowed to execute on one or more target computer systems. Upon an attempt to run a program, the entries in the whitelist are used to determine if the program is allowed to run. If an entry in the whitelist indicates that the program is allowed to run, the program is run. Otherwise, at a later time, an administrative interface is used to either block future execution of the program or to create an entry in the whitelist that allows execution of a class of programs or only that the program in the future until revoked. The whitelist is for a single target computer or many computers.

A method for preventing transmission of malicious data may include receiving transaction data including at least one packet associated with a payment transaction; extracting at least one of network layer data or transport layer data from a header of the at least one packet; determining a first probability indicating that the at least one packet is in a first class based on the at least one of the network layer data or the transport layer data using a classifier. The method may also include determining a second probability indicating that the at least one packet is in a second class based on the at least one of the network layer data or the transport layer data using the classifier; and blocking the at least one packet. A system and a computer program product are also disclosed.