Some embodiments of the invention provide a novel method for performing firewall operations on a computer. The method of some embodiments instantiates first and second firewall processes on the computer. These two processes are two separate processes, which in some embodiments have separate memory allocations in the memory system of the computer. The method uses the first firewall process to examine a data message to determine whether an encryption based firewall policy (e.g., a TLS-based firewall policy) has to be enforced on the data message. Based on a determination that the encryption-based firewall policy has to be enforced on the data message, the method provides metadata, which is produced by the first firewall process in its examination of the data message, to the second firewall process. The second firewall process then uses the provided metadata to perform an encryption-based firewall operation based on the encryption-based firewall policy. In some embodiments, the data message is encrypted, the first firewall process cannot decrypt the data message, and the second firewall process performs a decryption operation (e.g., a TLS-based decryption operation) to decrypt the data message.

The present disclosure relates to a system, a method, and a non-transitory computer readable storage medium for deep packet inspection scanning at an application layer of a computer. A method of the presently claimed invention may scan pieces of data received out of order without reassembly at an application layer from a first input state generating one or more output states for each piece of data. The method may then identify that the first input state includes one or more characters that are associated with malicious content. The method may then identify that the data set may include malicious content when the first input state combined with one or more output states matches a known piece of malicious content.

Systems, methods, and non-transitory computer readable media are provided for providing category-sensitive chat channels. A category-sensitive chat channel may be provided. The category-sensitive chat channel may be assigned a given category level. The given category level may determine a scope of content allowed in the category-sensitive chat channel. Information to be posted through the category-sensitive chat channel may be obtained. The obtained information may be filtered based on the given category level. The filtered information may be posted in the category-sensitive chat channel.

An information processing method of processing data frames flowing over an onboard network includes a frame collecting step of obtaining, from each of received data frames, a payload included in the data frame and configured of at least one field, and recording in a reception log as one record, and a field extracting step of calculating, regarding each of a plurality of payload splitting pattern candidates indicating different regions within payloads of the plurality of data frames, one or more features relating to time-sequence change of values of the payload in the region, from the plurality of records, selecting a payload splitting pattern indicating a region of a field within the payload, based on the features, and outputting field extracting results indicating the region indicated by the selected payload splitting pattern candidate, and a category of the field based on the features.

Systems and methods for protecting an automated system (AS) including building a security configuration based on architecture data of the AS such that compliance with the security configuration ensures a security level for AS devices, installing a data transmission application on a gateway of an AS network using the security configuration, and transmitting data from one of the AS devices through the data transmission application such that the actions of the data transmission application are defined by the security configuration.

External messaging attacks are detected using trust relationships. A profile is built for each target within an organization using extracted header data from multiple prior messages. Trust scores are derived for each sender of a message for each target profile, each trust score is derived from a degree and a quantity of communication between the respective sender and the target in the extracted header data. Incoming messages are received and a target and a sender of each incoming message is determined. A trust score is retrieved for the sender from the profile of the target for each incoming message, labels are generated for each of incoming message based on the respective trust score, and the respective label is applied to be visible to the target in association with the message for each respective message.

Techniques for content inspection in a communication network, including detecting a packet in transit between a first and second endpoint, determining that content of the packet fails a content check, modifying a payload containing the content, adjusting a sequence number to account for the modification, and injecting a response message into a corresponding stream in an opposite direction. The response message may contain information relating to a reason for the rejection.

A containerized cross-domain solution (CDS) is disclosed herein. In some examples, a first network interface container can be executed on a server to run a first network interface application to receive a data packet that includes data generated by a first process executing at a first security domain. A filter container can be executed on the server to run a data filter to evaluate a data content of the data to determine whether the data content violates a set of data rules. A second network interface container can be executed on the server to run a second network interface application. The data packet can be provided to the second network interface application in response to determining that the data content does not violates the set of data rules. The second network interface application can provide the data packet to a second security domain for a second process executing therein.

In an approach for prohibiting voice attacks, a processor, in response to receiving a voice input from a source, determines, using a predetermined filter including an allowlist, that the voice input does not match any corresponding entry of the predetermined filter. A processor routes the voice input to an adversarial pipeline for processing. A processor identifies an adversarial example of the voice input using a predetermined connectionist temporal classification method. A processor generates a configurable distorted adversarial example using the adversarial example identified. In response to a user reply, a processor injects the configurable distorted adversarial example as noise into a voice stream of the user reply in real-time to alter the voice stream. A processor routes the altered voice stream to the source.

A method in a cloud network to detect compromises within an enterprise network based on tokens tunneled outside of the enterprise network to the cloud network. The method includes receiving, at a tunnel gateway server within the cloud network, a first set of packets via a tunnel across a public network from a first server within the enterprise network, where the first set of packets were generated responsive to the first server receiving a second set of packets that originated from within the enterprise network and that included data and a source enterprise network address, where the first set of packets does not include the source enterprise network address and the data includes a token. The method further includes transmitting, by the tunnel gateway server, the data within a third set of packets to a second server that acts as if it were an enterprise server within the enterprise network.