Abstract: A method and system for mitigating a threat associated with network data packets are provided. The method commences with receiving, by an authentication server, a request for access to a server from a client. The method further includes authenticating the client by the authentication server. The authentication includes providing an authentication token to the client. The method continues with receiving, by a mitigation device, from the client, at least one network packet directed to the server. The at least one network packet embeds the authentication token. The method further includes validating, by the mitigation device, authenticity of the authentication token and selectively forwarding, based on the validation, the at least one network packet to the server. The authentication token is independently generated by the authentication server and the mitigation device, and is unique for each packet.

Abstract: A method and system for mitigating a threat associated with network data packets are provided. The method commences with receiving, by an authentication server, a request for access to a server from a client. The method further includes authenticating the client by the authentication server. The authentication includes providing an authentication token to the client. The method continues with receiving, by a mitigation device, from the client, at least one network packet directed to the server. The at least one network packet embeds the authentication token. The method further includes validating, by the mitigation device, authenticity of the authentication token and selectively forwarding, based on the validation, the at least one network packet to the server. The authentication token is independently generated by the authentication server, the mitigation device, and the server using a shared token generation algorithm based on a hash salt value.

Abstract: Provided are systems and methods for configuring a network servicing node with user-defined instruction scripts. A method for configuring a network servicing node with user-defined instruction scripts may commence with receiving, from a user of the network servicing node, a user loadable program. The user loadable program may include at least the user-defined instruction scripts. The method may continue with receiving a data packet from a data network associated with the user. The method may further include determining a condition associated with the data packet. The method may continue with identifying, in a name table, a program name associated with a program using the condition. The program may be the user loadable program. The method may further include processing the data packet by getting an instruction of the user-defined instruction scripts from a storage module and applying the instruction to the data packet.

Abstract: Systems and methods for TCP fast open support in proxy devices are provided. An example system may include at least one circuit and at least one data plane communicatively coupled to the circuit. The circuit may be configured to receive at least one SYN packet. The at least one SYN packet is associated with at least one client device and includes a cookie. The circuit can be configured to validate the cookie. If the result of the validation is positive, the data plane can be configured to initiate, based on the at least one SYN packet, a connection between the at least one client device and at least one server. If the result of the validation is negative, the circuit can be configured to generate, based on the SYN packet, a new cookie and send a SYN-ACK packet to the client, the SYN-ACK packet including the new cookie.

Abstract: Provided are methods and systems for establishing secure sessions. A method for establishing secure sessions may commence with receiving a request to establish a secure session between a client and a server. Client security parameters may be provided in client extension fields of the request. The method may include forwarding the request to the server and receiving a secure session response from the server. Server security parameters may be provided in server extension fields of the secure session response. The method may include receiving a server key secret, forwarding the secure session response and the server key secret to the client, receiving a client key secret, and forwarding the client key secret to the server. The method may continue with calculating a session key and establishing a first secure session between the security gateway and the server and a second secure session between the security gateway and the client.

Abstract: Provided is a method for identifying suspicious traffic. The method may commence with compiling statistical data for a plurality of hosts. The method may further include generating data lists for with the plurality of hosts based on the statistical data. The method may continue with receiving a data packet from a host of the plurality of hosts. The data packet may be associated with a plurality of parameters. The method may further include analyzing one or more of the plurality of parameters associated with the data packet using the data lists. The method may continue with determining, based on the analysis, that the one or more of the plurality of parameters are outside a predetermined tolerance zone. Based on the determination that the one or more of the plurality of parameters are outside the predetermined tolerance zone, a mitigation action associated with the host may be selectively initiated.

Abstract: Provided are methods and systems for biometric verification of a human Internet user. A method for biometric verification of a human Internet user comprises receiving, from a client machine, a web request for a service and environmental parameters associated with the client machine. The method further comprises determining whether the environmental parameters are indicative of the human Internet user. Based on the determination, the service is selectively provided to the client machine in response to the web request.

Abstract: Provided are methods and systems for a Transmission Control Protocol (TCP) state handoff of a data traffic flow. A method for a TCP state handoff of a data traffic flow comprises determining a TCP state at predetermined times by a state machine unit. The TCP state includes data concerning a session between a client and a server. The TCP state for the predetermined times is stored to a database. A request to apply a predetermined policy to the session is received by a transaction processing unit and, in response to the request, a session request associated with the session between the client and the server is sent to an access control unit. The session request is processed by the access control unit based on the TCP state and according to the predetermined policy.

Abstract: Provided are methods and systems for transition between a current cloud-based code environment and an updated cloud-based code environment. A method for transition between a current cloud-based code environment and an updated cloud-based code may commence with generating a steering policy. The steering policy may include a set of rules to guide steering decisions between a current cloud-based code environment and an updated cloud-based code environment. The method may further include sending the steering policy to a steering server. The steering server may make steering decisions to steer, based on the steering policy, service requests between the current cloud-based code environment and the updated cloud-based code environment. The method may continue with receiving feedback concerning actual steering decisions made by the steering server. The method may further include automatically adjusting the steering policy in response to the feedback.

Abstract: Application Delivery Controller (ADC), Global Server Load Balancer (GSLB), and methods for their operation in data networks are disclosed. The methods for load balancing may include receiving a query concerning a host name from a client, determining that there are two or more host servers associated with the host name, measuring various metrics associated with each of the two or more host servers and a local Doman Name Server (DNS), and based at least in part on the measurement, selecting a host server among the two or more host servers. The load balancing may also be based on a measured round trip time.

Abstract: Provided are systems and methods for configuring a network servicing node with user-defined instruction scripts. A method for configuring a network servicing node with user-defined instruction scripts may commence with receiving, from a user of the network servicing node, a user loadable program. The user loadable program may include at least the user-defined instruction scripts. The method may continue with receiving a data packet from a data network associated with the user. The method may further include determining a condition associated with the data packet. The method may continue with identifying, in a name table, a program name associated with a program using the condition. The program may be the user loadable program. The method may further include processing the data packet by getting an instruction of the user-defined instruction scripts from a storage module and applying the instruction to the data packet.

Abstract: Provided are methods and systems for adjusting subscriber policies. A method for adjusting of subscriber policies may include applying traffic enforcement rules to a data traffic associated with a subscriber. The method can further include determining network conditions associated with the data traffic. The method can include modifying, based on the determination of the network conditions, attributes according to attribute adjustment rules to obtain modified attributes. The method can further include modifying the traffic enforcement rules based on the modified attributes to obtain modified traffic enforcement rules.

Abstract: Provided are methods and systems for cluster-based determination of signatures for detection of anomalous data traffic. An example method may include capturing, by a network module, data packets routed to a destination. The method may further include grouping, by at least one processor in communication with the network module, the data packets into clusters. The method may also include detecting, by the processor, an anomaly in the data packets and, in response to the detection, determining, by the processor and based on the clusters, one or more signatures associated with the data packets. The method may further include generating, by the processor and based on the signatures, one or more rules for allowing the data packets. The method may further include providing, by the processor, the one or more rules to a policy enforcement point associated with the destination.

Abstract: A security platform running on a server includes (a) protocol stacks each configured to receive and to transmit IP data packets over a network interface, wherein the protocol stacks have predetermined performance characteristics that are different from each other and wherein each protocol stack includes one or more program interfaces to allow changes to its performance characteristics; (b) application programs each configured to receive and transmit payloads of the IP data packets, wherein at least two of the application programs are customized to handle different content types in the payloads and wherein each application program accesses the program interface of at least one protocol stack to tune performance characteristics of the protocol stack; (c) classifiers configured to inspect at a given time IP data packets then received in the network interface to select one of the protocol stack and one of the application programs to service the data packets; and (d) a control program to load and run the selected

Abstract: Provided are methods and systems for cluster-based mitigation of a network attack. A method for cluster-based mitigation of a network attack may commence with detecting an unusual pattern in network data traffic associated with data sources. The method may further include extracting signature parameters associated with the network data traffic. The signature parameters may be indicative of the network attack. The method may continue with assigning importance weights to the signature parameters based on historical signature data to generate weighted signature parameters. The method may further include building a decision tree for the data sources based on the weighted signature parameters. The method may continue with creating an optimal number of clusters for the data sources based on an analysis of the decision tree. The method may further include selectively taking at least one mitigating action with regard to the data sources within the clusters.

Abstract: Provided are methods and systems for mitigating a distributed denial of service (DDoS) event. The method may commence with sending a request to a health monitor concerning a state of a network. The method may continue with attributing a lack of response to the request from the health monitor to be an indication of a collapse of a collapsible virtual data circuit associated with network data traffic. The collapsible virtual data circuit may be designed to collapse in response to the DDoS event in the network. The method may include redirecting the network data traffic associated with the collapsible virtual data circuit based on the indication of the collapse of the collapsible virtual data circuit.

Abstract: Exemplary embodiments for configuring a network device using user-defined scripts are disclosed. The systems and methods provide for a servicing node to receive a request for a network session between a client device and a server, receive a user defined class and a user defined object configuration from a node controller, and use the information to instruct an object virtual machine to generate at least one user defined object. The servicing node can then apply the at least one user defined object to a data packet of the network session, where the user defined object allows a user to configure the network device with user-defined instruction scripts.

Abstract: Provided are methods and systems for dynamically distributing a service session from a client device. The method may commence with receiving a packet associated with the service session from the client device by a gateway node. The method may include determining that the packet matches a service address in a forwarding policy. The method may continue with selecting one of a plurality of forwarding nodes for sending the packet to the one of the plurality of forwarding nodes. The method may include receiving the packet of the service session by the one of the plurality of forwarding nodes. The method may continue with determining that the packet matches the service address serviced by a servicing node of a plurality of servicing nodes. The method may further include sending the packet to the servicing node for forwarding the packet to a server by the servicing node.

Abstract: Provided are methods and systems for intercepting encrypted data packets. A system for intercepting encrypted data packets includes a first device and a second device. The first device serves a client-side data traffic associated with a client device and the second device serves a server-side data traffic associated with a server. The first device is configured to intercept at least one encrypted data packet. The first device is further configured to decrypt the encrypted packet to produce at least one decrypted data packet. The first device provides the decrypted data packet to one or more monitoring devices for inspection of the decrypted data packet. The second device is configured to receive, from the one or more monitoring devices, the at least one decrypted data packet. The second device is further operable to re-encrypt the decrypted data packet to produce the at least one encrypted data packet.

Abstract: Provided is a method and system for TCP SYN cookie validation. The method includes receiving a session SYN packet by a TCP session setup module of a host server, generating a transition cookie including a time value representing the actual time, sending a session SYN/ACK packet, including the transition cookie, in response to the received session SYN packet, receiving a session ACK packet, and determining whether a candidate transition cookie in the received session ACK packet comprises a time value representing a time within a predetermined time interval from the time the session ACK packet is received.