Systems and methods for managing Application Programming Interfaces (APIs) are disclosed. Systems may involve automatically generating a honeypot. For example, the system may include one or more memory units storing instructions and one or more processors configured to execute the instructions to perform operations. The operations may include receiving, from a client device, a call to an API node and classifying the call as unauthorized. The operation may include sending the call to a node-imitating model associated with the API node and receiving, from the node-imitating model, synthetic node output data. The operations may include sending a notification based on the synthetic node output data to the client device.

An artefact is received. Features are later extracted from the artefact and are used to populate a vector. The vector is input into a classification model to generate a score. This score is then modified using a time-based oscillation function and is provided to a consuming application or process. Related apparatus, systems, techniques and articles are also described.

Disclosed herein is attack-less adversarial training for robust adversarial defense. The attack-less adversarial training for robust adversarial defense includes the steps of: (a) generating individual intervals (c.sub.i) by setting the range of color (C) and then discretizing the range of color (C) by a predetermined number (k); (b) generating one batch from an original image (X) and training a learning model with the batch; (c) predicting individual interval indices (ŷ.sub.i.sup.alat) from respective pixels (x.sub.i) of the original image (X) by using an activation function; (d) generating a new image (X.sup.alat) through mapping and randomization; and (e) training a convolutional neural network with the image (X.sup.alat) generated in step (d) and outputting a predicted label (Ŷ).

Embodiments of the present disclosure relate to a data analysis system that may receive data comprising a plurality of raw data items from one or more data sources, such as a monitoring agent located in a monitored network. The received data may be scored using one or more scoring rules and/or algorithms, with raw data items satisfying a score threshold designated as “data item leads.” Raw data items associated with a data item lead may be searched and displayed to the user via an interactive user interface. The data analysis system may be used to execute searches and additional enrichments against the received raw data items. The data analysis system may group received raw data items based upon shared attribute values. The data analysis system may be used to categorize received data and construct timelines, histograms, and/or other visualizations based upon the various attributes of the raw data items.

A computer-implemented method includes: receiving system information data representing configurations of digital systems; receiving attack information data associated one or more of the digital systems; analyzing the received system information data and attack information data, to associated attack types; identifying, for each identified attack type, correlations and/or causalities between individual system constituents or combinations thereof in the digital systems associated with attacks; determining and assigning, based on the identified correlations and/or causalities, an attack vulnerability value, for each attack, respectively, to each of the systems and/or systems' constituents and/or combinations thereof; and retrievably storing attack vulnerability values associated with the systems, system constituents and/or combinations thereof.

A data classification apparatus includes a data transformation unit that generates a feature vector by using classification target data, a classification estimation process observation unit that acquires, from a classification estimation unit that estimates classification of the classification target data and including a plurality of weak classifiers, observation information in a classification process based on the feature vector, and generates a classification estimation process feature vector based on the observation information, and an error determination unit that determines, in accordance with an input of the classification estimation process feature vector generated by the classification estimation process observation unit and a classification result output from the classification estimation unit to which the feature vector is input, whether the classification result is correct.

A detection device includes acquisition circuitry, conversion circuitry, and detection circuitry. The acquisition circuitry acquires data to be classified using a model. The conversion circuitry converts the data acquired using noise in a predetermined direction. The detection circuitry detects an adversarial example using a change in output between the data acquired and the data converted, at a time when the data acquired and the data converted are input to the model.

In an example, a method includes providing a computing device with an instruction to cause the computing device to execute the instruction. The method further includes monitoring a side channel of a microarchitectural component of the computing device to obtain an indication of whether or not a state of the microarchitectural component changes as a result of the computing device executing the instruction. The method further includes determining whether or not the indication corresponds to an expected state of the microarchitectural component for the instruction.

Systems and methods are disclosed for analysis of user behavior data to improve security awareness. User behavior data of an organization is received from one or more agents on endpoint devices accessed by the users and using the user behavior data, one or more risk scores representative of the severity of risk associated with the user behavior of the users are determined. Based on the one or more risk scores representative of the severity of risk associated with the user behavior of the users, the behavior of the is determined to pose a security risk to the organization, In response to the determination that the user behavior of the users of the organization poses a security risk to the organization, electronic security awareness training is delivered to the users.

Security can be improved in a business application or system, such as a mission-critical application, by automatically analyzing and detecting anomalies for mission-critical applications. This detection may be based on a dynamic analysis of business process logs and audit trails that includes User and Entity Behavior Analysis (“UEBA”).