A system (100) and method for detecting a malicious programmable logic controller (PLC) code segment (110) in a PLC program corresponding to a specific type of PLC includes a binary parser (112) that parses the code segment (110) into a plurality of functional elements. A variable and function block mapper (114) maps the functional elements into a high-level data structure. A fuzzer (116) generates a behavioral model of the high-level data structure into an automaton (118). A classifier (120) predicts to which processes the automaton (118) corresponds. A detector (122) detects unsafe states in the automaton (118) and that generates an indication of a detected unsafe state.

A method for determining whether a power system is encountering a malicious attack is provided. The method comprises: receiving a plurality of first phasor measurement unit (PMU) measurements from a plurality of PMUs of the power system; determining a plurality of expected PMU measurements associated with a future time period based on an optimization algorithm that uses differences between a plurality of consecutive predictive entries and the plurality of first PMU measurements; receiving, from the plurality of PMUs, a plurality of second PMU measurements associated with the future time period; determining whether the power system is encountering the malicious attack based on comparing the plurality of expected PMU measurements with the plurality of second PMU measurements; and executing an action based on whether the power system is encountering the malicious attack.

A system and method are provided for authenticating client devices communicating with an enterprise system. The method includes providing a policy enforcement interceptor to intercept API calls and enabling the policy enforcement interceptor to communicate with a policy information point to query the at least one endpoint for entitlements associated with an account. The method also includes intercepting an API call to the application API, communicating with the policy information point to determine entitlements associated with the account by having the policy information point query an entitlements database and, when the entitlements returned to the policy enforcement interceptor are valid, invoking a policy decision point to validate the client device. The method also includes, when the client device is validated, permitting invocation of the API. The method also includes providing an API response to the client device to permit access to the application via the API.

Methods and systems are described herein for improvements for cybersecurity of telecommunication devices. For example, cybersecurity for telecommunication devices may be improved by analyzing activity log data of telecommunication devices for a candidate event (e.g., the uploading of malware) and disabling one or more services of a telecommunication device. By doing so, cybersecurity for telecommunication devices may be improved by detecting a possible malware intrusion attempt and disabling one or more services of the telecommunication devices. For example, activity log data of telecommunication devices may be obtained. A candidate event indicating malware may be detected in the activity log data. A number of proximate telecommunication devices satisfying a proximity threshold condition may be determined. The number of proximate telecommunication devices that satisfy a density threshold condition may be determined. Responsive to the number of telecommunication devices satisfying a density threshold condition, services of telecommunication devices may be disabled.

Concepts for acquiring information for identifying a security configuration for an application are proposed. In particular, the information is obtained by running the application in a development environment, detecting security requests made on behalf of the application, and then storing security information associated with the security requests in a security log. Using this concept, a security log may be obtained from which an appropriate security configuration may be determined.

Disclosed herein are systems and method for preventing zero-day attacks. A method may include receiving a first report including information about an execution of a first script of an application that modifies a file on a first computing device, and receiving a second report including an indication that the file includes malicious code. In response to determining that an identifier of the file is present in both the first report and the second report, the method may include generating and transmitting, to the first computing device, a first rule that prevents execution of any script that shares at least one operation of the first script. The method may include, in response to determining that a vulnerability detected by the first rule is not present in a vulnerability database, generating an entry in the vulnerability database for the vulnerability as a zero-day vulnerability and transmitting an alert to the application developer.

A proactively protected (P2) processing system and method is invented for stopping the cyber-attacks from malicious usages of computing systems. The invention is applicable to eliminate the roots of the cyber-threats before a successful cyber-incident. Thereby, demand for resilient computing systems to survive a cyber-incident will be disappeared. Any recovery act and information loss is not happened. The invention dynamically switches a plurality of instruction sets at random or scheduled time for determining authorized operations with code compatibility. Therefore, a P2 processing system and method can detect and delete only unauthorized operations before being executed while executing authorized operations.

Detection circuitry for an integrated circuit (IC) includes voltage divider circuitry, comparison circuitry, and calibration circuitry. The voltage divider circuitry receives a power supply signal and output a first reference voltage signal and a supply voltage signal based on the power supply signal. The comparison circuitry compares the first reference voltage signal and the supply voltage signal to generate an output signal. The calibration circuitry alters one or more parameters of the voltage divider circuitry to increase a voltage value of the supply voltage signal based on the comparison of the first reference voltage signal with the supply voltage signal.

In accordance with embodiments of this disclosure, a method of securing a processing unit according to some embodiments includes receiving a request for access from a user; detecting a device; determining whether the device is a trusted device; and providing the user access to the processing unit only if the device is a trusted device. In some embodiments, the trusted device may be a Bluetooth device.

A component security device may be disposed at an interface between a component and a cyber-physical system. The disclosed component security device may be physically and/or electrically coupled between the component and infrastructure of the cyber-physical system, such as a backplane, bus, and/or the like. The component security device may be configured to monitor the component, and selectively isolate the component from the cyber-physical system. Since the component security device is interposed at the interface of the component, the component security device may be capable of isolating the component regardless of whether the component has been compromised (e.g., regardless of whether the component is capable of complying with system commands).