A method for determining whether a power system is encountering a malicious attack is provided. The method comprises: receiving a plurality of first phasor measurement unit (PMU) measurements from a plurality of PMUs of the power system; determining a plurality of expected PMU measurements associated with a future time period based on an optimization algorithm that uses differences between a plurality of consecutive predictive entries and the plurality of first PMU measurements; receiving, from the plurality of PMUs, a plurality of second PMU measurements associated with the future time period; determining whether the power system is encountering the malicious attack based on comparing the plurality of expected PMU measurements with the plurality of second PMU measurements; and executing an action based on whether the power system is encountering the malicious attack.

Aspects of the disclosure are directed to a system for classifying software as malicious or benign based on predicting the effect the software has on the platform before the software is actually deployed. A system as described herein can operate in close to real-time to receive, isolate, and classify software as benign or malicious. Aspects of the disclosure provide for accurate classification of malicious programs or scripts even if ostensibly the program appears benign, and vice versa, based on the effect predicted by a machine learning model trained as described herein. The system can also be implemented to isolate and verify incoming scripts or software to the platform, to provide a predicted classification while not substantially impacting processing pipelines involving platform resources or the user experience with the platform in general.

A method is disclosed for authentic data transmission between control devices of a vehicle in which messages which are sent from a first control device to a receiver control device and are provided with a first cryptographic key for authentication, and messages that are sent from a second control device to the receiver control device are provided with a second cryptographic key for authentication. First status information provided with a third cryptographic key is sent from a monitoring module of the first control device to the receiver control device and second status information provided with the second cryptographic key is sent from the second control device to the receiver control device. The first status information and second status information are received by the receiver control device. The received first and second status information is evaluated to detect a manipulation of the first control device.

A computer-implemented method is disclosed. The method includes: receiving transfer parameters associated with a request for a first transfer of resources, the transfer parameters including an identifier of a designated transferor associated with the first transfer; determining that the transferor is eligible to access at least one protected data source based on the transfer parameters; generating a request message for the request including reference data for accessing the at least one protected data source; and providing, to a computing device associated with the transferor, the request message.

Systems and methods are disclosed herein for real-time digital authentication. According to some embodiments, a certification authentication method includes receiving a list of third party root certificates from a remote server, the list of third party root certificates including at least one association between a program configured to run on the computing apparatus and a public key for authenticating communication between the program and an associated server of the program. The method may also include authenticating the list of third party root certificates. The method may also include initiating a communication between the computing apparatus and the associated server and authenticating the communication with the associated server using the public key. Furthermore, the method may also include loading the program onto the one or more memories during a bootstrapping process in response to determining that the communication with the associated server is authentic.

Some examples relate to classifying IoT malware at a network device. An example includes receiving, by a network device, network traffic from an Internet of Things (IoT) device. Network device may analyze network parameters from the network traffic with a machine learning model. In response to analyzing, network device may classify the network traffic into a category of malware activity. Network device may determine an effectiveness of network traffic classification by measuring a deviation of the network parameters from previously trained network parameters that were used for training the machine learning model. In response to a determination that the deviation of the network parameters from the trained network parameters is more than a pre-defined threshold, network device may generate an alert highlighting the deviation, which allows a user to perform a remedial action pertaining to the IoT device.

In one or more embodiments, the disclosed systems, methods, and media include utilizing a crosswalk algorithm to identify controls (e.g., cybersecurity controls) across frameworks, and for utilizing identified controls to generate cybersecurity risk assessments. A cybersecurity module may identify one or more controls in a data structure. The process may utilize a crosswalk algorithm to determine a relatedness between the identified controls and different controls of different frameworks. The process may update the data structure with selected different controls, such that a more robust set of controls are identified when the cybersecurity module indexes into the data structure to identify particular controls. Additionally, the process may generate a risk assessment for a device/software. The process may generate a risk score for the risk assessment, and the risk score may be based on a determined compliance level for each control determined to be related to a defined risk of interest.

A system, non-transitory computer readable medium, and method include entering redundant oscillators and a cascaded oscillator of a spoofing resistant system into an initialization state. All but one of the redundant oscillators are disciplined to a time-and-frequency external input into normal disciplining state with the remaining one of the redundant oscillators in a holdover state. When all but one of the redundant oscillators have reached the normal disciplining state, placing all but one of the redundant oscillators into the holdover state, disciplining the remaining one of the redundant oscillators to the time and frequency external input, and disciplining the cascaded oscillator to one of the all but one of the redundant oscillators now in the holdover state. When the remaining one of the redundant oscillators and the cascaded oscillator have reached the normal disciplining state, transitioning from an initialization stage to a steady state management stage.

One variation of a method includes: intercepting an inbound email received from a sender at an inbound email address and addressed to a recipient within an organization; accessing a keyword list comprising a set of keywords associated with inauthentic email attempts; and, in response to identifying a first word, in a set of words contained in the inbound email, in the set of keywords, scanning the first inbound email for presence of external content linked to the first inbound email. In response to detecting a link to an external document within the first inbound email, the method further includes: accessing a whitelist comprising a set of verified email addresses associated with authentic email attempts within the organization; and, in response to the set of verified email addresses omitting the inbound email address, withholding transmission of the inbound email to the target recipient and flagging the inbound email for authentication.

A computer implemented method to detect a data breach in a network-connected computing system including generating, at a trusted secure computing device, a copy of data distributed across a network; the computing device accessing sensitive information for the network-connected computer system and searching for at least part of the sensitive information in the copy of the data; in response to an identification of sensitive information in the copy of the data identifying the sensitive information as compromised sensitive information.