Some examples relate to classifying IoT malware at a network device. An example includes receiving, by a network device, network traffic from an Internet of Things (IoT) device. Network device may analyze network parameters from the network traffic with a machine learning model. In response to analyzing, network device may classify the network traffic into a category of malware activity. Network device may determine an effectiveness of network traffic classification by measuring a deviation of the network parameters from previously trained network parameters that were used for training the machine learning model. In response to a determination that the deviation of the network parameters from the trained network parameters is more than a pre-defined threshold, network device may generate an alert highlighting the deviation, which allows a user to perform a remedial action pertaining to the IoT device.

A system and method of performing communications over a communications network that uses a communication protocol having multiple different versions, provides for backwards compatibility when devices that support a higher or more secure version of the communication protocol are added to a network having devices that only support a lower or less secure version of the communication protocol. The system and method includes a technique of negotiating and establishing security procedures to be implemented in a communication connection between two devices on the network based on initial session request messages that indicate the version of the communication protocol supported by one or both of the devices. This system and method enable higher and lower protocol version devices (i.e., devices that conform to or that use the same communication protocol but that have different versions of the protocol installed therein) to communicate with one another in the most secure manner, thereby making higher version devices added to a network backward compatible with lower version devices already within the network.

The present application describes a system that uses endpoint data and network data to detect an anomaly. Once an anomaly is detected, the system may determine a severity of the anomaly by comparing the anomaly to a global database of known anomalies. The system may then initiate preventative measures to address the anomaly.

A computer-implemented method for building socket transferring between containers in cloud-native environments by using kernel tracing techniques is provided including probing a connection-relevant system call event by using an eBPF to collect and filter data at a router, creating a mirror call at a host namespace with a dummy server and dummy client by creating the dummy server with mirror listening parameters, sending a server host address mapping to overlay the server host address to the client coordinator in an overlay process, and creating and connecting the dummy client to return a client host address to the server coordinator. The method further includes transferring mirror connections to the overlay process via a forwarder by temporary namespaces entering and injecting socket system calls and probing a transfer call event to map an overlay socket with a transferred dummy socket to activate duplication when the overlay socket is not locked.

Domain Name System (DNS) security using process information is provided. An application accessing an internet service using a domain name is determined. Process information associated with the application along with an associated DNS query to identify an IP address associated with the domain name are identified. The process information and the associated DNS query to a DNS security service are sent. An action based on a response from the DNS security service is performed.

A method for protecting against exposure to content violating a content policy, the method including receiving a number of content items including a first set of content items associated with a content group, determining a measurement associated with an amount of the first set of content items belonging to a specific content category, assigning one or more of the number of content items to be categorized by at least one of the machine learning algorithm or a manual review process, automatically applying the specific content category to one or more other content items of the content group such that the one or more other content items are not reviewed by the manual review process, and transmitting at least one of the number of content items, wherein the content category of each of the number of content items indicates whether the specific content item violates any content policies.

Techniques for providing network slice-based security in mobile networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for network slice-based security in mobile networks in accordance with some embodiments includes monitoring network traffic on a service provider network at a security platform to identify a new session, wherein the service provider network includes a 5G network or a converged 5G network; extracting network slice information for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the network slice information.

A system and method for preventing hacking of blockchain is proposed. The system includes a cryptocurrency owner configured to own a cryptocurrency wallet storing a cryptocurrency, a public key, and a private key, and capable of setting monitoring-subjected data and monitoring-excluded data, a hacking countermeasure system configured to check status of the cryptocurrency wallet by being connected to the cryptocurrency owner to receive the cryptocurrency and the public key, invalidate a hacking transaction when the hacking transaction matching the monitoring-subjected data is received, and allow the cryptocurrency to be traded by opening the cryptocurrency wallet with the private key and process transaction details into a block file when a monitoring-excluded transaction matching the monitoring-excluded data is received, and a blockchain network configured to receive the block file from the hacking countermeasure system and duplicate the block file into a plurality of block files to distribute and store each block file.

A method includes determining a corresponding level of a security model associated with each device of a plurality of devices connected to a network, each level of the security model having a corresponding tag; applying, to each of the plurality of devices, the corresponding tag based on the corresponding level of the security model with which each of the plurality of devices are associated; receiving, over a network connection, network traffic from at least one of the plurality of devices and the corresponding tag; analyzing the corresponding tag associated with the network traffic; determining a destination for the network traffic; applying one or more security measures to the network traffic based on the corresponding tag for the at least one device and a corresponding tag of the destination for the network traffic; and sending the network traffic to the destination with the corresponding tag of the destination.

A computer-implemented method for team-sourced anomaly vetting via automatically-delegated role definition. The method may include automatically determining that an event of the computing system corresponding to activity of an end user is anomalous. Based on the anomalous event, a permission store of the computing system may automatically be edited to include an access restriction on the end user, and a notification may be automatically generated and transmitted to one or both of the end user and another end user. The notification may provide access to an executable statement including code configured to be executed to remove the access restriction. A call to the executable statement by the other end user may be automatically received. Further, the permission store may be automatically edited to remove the access restriction on the end user.