In general, in one aspect, a method includes receiving software code with an invalid characteristic, repeatedly attempting to execute the software code with the invalid characteristic on a device, and in response to successful execution of the software code with the invalid characteristic, taking an action. The action may include an action to remediate the device.

In one embodiment, a networking device in a network detects an traffic flow conveyed in the network via the networking device. The networking device generates flow data for the traffic flow. The networking device performs a classification of the traffic flow using the flow data as input to a machine learning-based classifier. The networking device performs a mediation action based on the classification of the traffic flow.

In one embodiment, a networking device in a network detects an traffic flow conveyed in the network via the networking device. The networking device generates flow data for the traffic flow. The networking device performs a classification of the traffic flow using the flow data as input to a machine learning-based classifier. The networking device performs a mediation action based on the classification of the traffic flow.

A method and apparatus for analyzing a URL included in contents and displaying the analyzed result is provided. The method includes detecting a URL from contents, analyzing the URL, and displaying the analyzed result.

A method and apparatus for analyzing a URL included in contents and displaying the analyzed result is provided. The method includes detecting a URL from contents, analyzing the URL, and displaying the analyzed result.

There is disclosed a method of providing passive phishing remediation for an enterprise, including: displaying, to a user of a mobile device, an email; receiving from the user a one-click request to perform additional analysis of the email; providing the email to a phishing mitigation service; assigning the email a reputation score, generating a human-readable reputation display for the email, wherein the human-readable reputation display includes at least three grades comprising safe, unknown or unreliable, and unsafe or malicious; and providing the human-readable reputation display as a push notification to the mobile device.

Disclosed herein are systems and methods for categorizing an application on a computing device including gathering a set of attributes of an application. The set of attributes of the application includes at least one of: a number of files in an application package of the application; a number of executable files in the application package; numbers and types of permissions being requested; a number of classes in the executable files in the application package; and a number of methods in the executable files in the application package. sending the gathered set of attributes to a trained classification model. The application is classified, using the classification model, based on the gathered set of attributes by generating one or more probabilities of the application belonging to respective one or more categories of applications. A category of the application is determined based on the generated one or more probabilities.

Disclosed herein are systems and methods for categorizing an application on a computing device including gathering a set of attributes of an application. The set of attributes of the application includes at least one of: a number of files in an application package of the application; a number of executable files in the application package; numbers and types of permissions being requested; a number of classes in the executable files in the application package; and a number of methods in the executable files in the application package. sending the gathered set of attributes to a trained classification model. The application is classified, using the classification model, based on the gathered set of attributes by generating one or more probabilities of the application belonging to respective one or more categories of applications. A category of the application is determined based on the generated one or more probabilities.

A method and a User Equipment, UE (120) for detecting that the UE has received a fraudulent missed call, e.g. from a non-legitimate device (150). When receiving a missed call which is ended before a user of the UE has answered the incoming call, the UE determines the duration of the missed call, and indicates, e.g. to a user of the UE, the 5 duration of the missed call. The missed call may be determined as potentially fraudulent if the duration of the missed call is below or equal to a predetermined threshold.

A method and a User Equipment, UE (120) for detecting that the UE has received a fraudulent missed call, e.g. from a non-legitimate device (150). When receiving a missed call which is ended before a user of the UE has answered the incoming call, the UE determines the duration of the missed call, and indicates, e.g. to a user of the UE, the 5 duration of the missed call. The missed call may be determined as potentially fraudulent if the duration of the missed call is below or equal to a predetermined threshold.