53results about How to "Low false positive rate" patented technology

An integrated surveillance system combining video surveillance and data from other sensor-based security networks is used to identify activities that may require attention.

Scanning of computer files for malware uses a classifying technique to classify an input file as a clean file or a dirty file. The parameters of the classifying technique are derived to train the classification on a corpus of reference files including clean files known to be free of malware and dirty files known to contain malware. The classification is performed using a representation of the files in a feature space defined by a set of predetermined features for respective file formats, the features being a predetermined value or range of values for one or more data fields of given meanings. The representation of a file is derived by determining the file format, parsing the file on the basis of the structure of data fields in the determined file format to identify the data fields and their meaning, and determining, on the basis of the identified data fields, which of the set of predetermined features are present.

A malware classifier uses features of suspect software to classify the software as malicious or not. The classifier uses a pattern classification algorithm to statistically analyze computer software. The classifier takes a feature representation of the software and maps it to the classification label with the use of a trained model. The feature representation of the input computer software includes the relevant features and the values of each feature. These features include the categories of: applicable software characteristics of a particular type of malware; dynamic link library (DLL) and function name strings typically occurring in the body of the malware; and other alphanumeric strings commonly found in malware. By providing these features and their values to the classifier, the classifier is better able to identify a particular type of malware.

Disclosed is a method and system for detecting malicious entities and malicious behavior in a time evolving network via a graph framework by modeling activity in a network graph representing associations between entities. The system utilizes classification methods to give score predictions indicative of a degree of suspected maliciousness, and presents a unified graph inference method for surfacing previously undetected malicious entities that utilizes both the structure and behavioral features to detect malicious entities.

Methods and computer apparatus are disclosed for deriving first order logic language rules for use in analysing new data to identify anomalies in the new data. Historical data is formatted to be in a form suitable for application of a machine-learning algorithm thereto. The machine-learning algorithm is applied to the formatted historical data to generate a set of first order logic language rules that cover the formatted historical data. The set of first order logic language rules are analysed to obtain a subset of said set of first order logic language rules which can be used as first order logic language rules in analysing new data.

A hierarchical data structure of digested payload information (e.g., information within a payload, or information spanning two or more payloads) allows a payload excerpt to be attributed to earlier network flow information. These compact data structures permit data storage reduction, while permitting efficient query processing with a low level of false positives. One example of such a compact data structure is a hierarchical Bloom filter. Different layers of the hierarchy may correspond to different block sizes.

A software algorithm that matches tandem mass spectra created simultaneously and automatically to theoretical peptide sequences derived from a protein database is disclosed. The program characterizes shotgun proteomic data sets obtained from proteins (such as histones) that possess extensive posttranslational modifications that are often difficult to characterize. Data is searched against all theoretical peptides including all combinations of modifications. The program returns four scores to assess the quality of match. The employed algorithm is sensitive to mass accuracy. For high mass accuracy data, a false positive rate as low as 2% may be achieved. Monte Carlo Simulations were also used to obtain a solution to statistical models and calculate statistical scores. The program can also be used to automatically and directly identify disulfide linked proteins and peptides in tandem mass spectra without chemical reduction and/or other derivatization using a probabilistic scoring model.

Methods and systems for non-intrusively detecting the existence of fissile materials in a container via the measurement of energetic prompt neutrons are disclosed. The methods and systems use the unique nature of the prompt neutron energy spectrum from photo-fission arising from the emission of neutrons from almost fully accelerated fragments to unambiguously identify fissile material. The angular distribution of the prompt neutrons from photo-fission and the energy distribution correlated to neutron angle relative to the photon beam are used to distinguish odd-even from even-even nuclei undergoing photo-fission. The independence of the neutron yield curve (yield as a function of electron beam energy or photon energy) on neutron energy also is also used to distinguish photo-fission from other processes such as (γ, n). Different beam geometries are used to detect localized samples of fissile material and also fissile materials dispersed as small fragments or thin sheets over broad regions. These signals from photo-fission are unique and allow the detection of any material in the actinide region of the nuclear periodic table.

An open architecture, transparent and expandable system for proactively preventing cyber-attacks into and within a communication network of a user organization. The system includes a plurality of modals in the form of abstract security objects. The modals are the expandable feature of the system that perform at least one of the following security operations: Internet protocols (IP's); context-based pattern matching; target quarantine; faking responses; defragmentation; monitoring; a virtual honeypot; and protocol analysis, wherein the modals perform different operations using different data. The system also includes: a plurality of bricks, wherein the bricks are specific implementations of the modals, such that a brick equals a modal plus data, and such that the bricks create a course of action that defines the inspection flow within a single policy and between policy chains; a plurality of policies, wherein the policies are chains of bricks that are executed by the system architecture, wherein the security manager of the user organization may define the profile on which the policy will be performed; an intelligence database for storing information about the attacks and the attackers; and a modal system development kit (SDK), wherein third party companies develop new modals according to the open architecture, and transparently integrate the new modals into the system.

The present disclosure provides a method for anomaly classification for an industrial control system (ICS) communication network based on statistical learning and deep learning. This method designs LSTM deep learning structure parameters and performs modeling analysis based on a large amount of traffic data during normal operation of the ICS communication network; based on real-time communication traffic data thresholds generated by a SARIMA online statistical learning model, designs correlated algorithms to analyze a numerical relationship between background traffic and real-time traffic; and classifies ICS communication network anomalies according to an ICS network anomaly classification algorithm. In the present disclosure, an ICS test network range involving virtual and physical devices and a test platform in Zhejiang Province are used for experimental analysis, a physical simulation platform is built in a laboratory environment for validation, and detailed examples are provided to verify the reliability and accuracy of the algorithm.

Systems and methods are described for synergistically combining static file based detection and behavioral analysis to improve both threat detection time and accuracy. An endpoint security solution running on an endpoint device generates a static analysis score by performing a static file analysis on files associated with a process initiated on the endpoint device. When the static analysis score meets or exceeds a static analysis threshold, then a network security platform treats the process as malicious and blocks execution of the process. When the static analysis score is less than the static analysis threshold, then the endpoint security solution obtains a dynamic analysis score for the process. The network security platform treats the process as malicious and causes execution of the process to be blocked based on a function of the static analysis score and the dynamic analysis score.

A method of quickly detecting a handmade explosive in a bottle with a low erroneous alarm frequency is provided. A sample gas generated from a bottle placed on a bottle placement space is sucked-in, and ions of the sample gas are generated by an ion source and subjected to mass analysis. The presence/absence of a mass spectrum derived from the handmade explosive is determined from an obtained mass spectrum, and the result thereof is displayed on a monitor, thereby quickly detecting the handmade explosive in the bottle or the handmade explosive adhering to the surface of the bottle at a low erroneous alarm frequency.

The invention discloses a real-time multidirectional pedestrian counting and tracking method. The method includes: acquiring depth images and color images by adopting a depth camera; extracting moving block masses from the depth images; extracting Harris angular points from the color images; calculating optical flow vector groups through the Harris angular points mutually matched in two frames of images which are mutually spaced by one frame of image; clustering the optical flow vector groups into a pedestrian location point; calculating optical flow vectors of the pedestrian location point. A pedestrian-crowded scene and a pedestrian sparse scene can be monitored and counted with the method which is high in practical application value, small in calculating amount and low in error recognition, the signal camera is used, convenience in installation is achieved, and impact on the monitoring environment is quite small.

Certain example embodiments test an application for security vulnerabilities. Binary and/or source code representations are subjected to static testing. Static testing identifies potential security weaknesses in the application. For each potential security weakness, a corresponding dynamic test set, containing one or more test cases, is generated based on (i) the corresponding potential security weakness, and (ii) lookups to weakness, application context, and attack pattern databases. The weakness database includes different weakness types and descriptions thereof. The attack pattern database includes information about how to generate attacks for the different weakness types. An instance of the application running in a test runtime environment is dynamically tested using the dynamic test cases. The dynamic test results verify whether each potential security weakness is a real vulnerability. The dynamic test results include fewer false-positives than the raw static test results. Verified security weakness of the application are repairable automatically.

The invention discloses a method for testing the multi-PRC reaction of a transgenic fruit. The method is characterized by including the following steps: (1) proper primer sequences are designed and selected; (2) the hexadecyl triethyl ammonium bromide method is used for extracting the genome DNA of a fruit to test and for determining the concentration of DNA; in the primer sequence of the step (1), the extracted DNA is used as a template for the multi-PCR amplification of 35S promoter, NOS terminator, plant endogenous rbcl gene; and (3) restriction enzyme is used for the restriction endonuclease reaction of the result of the multi-PCR amplification, and the agarose gel electrophoresis analysis and the DNA sequencing are used for judging whether the fruit contains transgenic ingredients or not. The method can successfully distinguish a transgenic fruit from a non-transgenic fruit, and can quickly, conveniently and accurately determine the transgenic ingredients in the fruits.

One embodiment of the present invention sets forth a technique for detecting malicious domains via registration profiling. The technique includes receiving domain registration information associated with a plurality of malicious domains and generating a plurality of domain clusters based on the domain registration information. The technique further includes comparing a domain registration profile associated with a candidate domain to the plurality of domain clusters to generate a similarity score and classifying the candidate domain as a malicious domain based on the similarity score.

A computer implemented method for predicting equipment failure by monitoring equipment data, the method comprising: generating a first set of predictions by processing equipment data via a plurality of first models of data analysis and machine learning techniques; generating a second set of predictions by processing equipment data via a plurality of second models of data analysis and machine learning techniques; generating, using machine learning techniques, a consensus decision by comparing the first set of predictions and the second set of predictions; estimating, using machine learning techniques, a level of confidence for the consensus decision; and selectively disclosing the consensus decision qualifying a confidence threshold.