Abstract: Among a great deal of other disclosure and scope, systems and methods are disclosed in relation to a dual network entity designed for classification in problem spaces where the target can be one of multiple possibilities with as few labeled training examples as possible. In one of many possible implementations, a network is first used to identify vectors considered to possess immense amounts of information regarding the problem space. An oracle is then tasked with labeling such vectors. The secondary network uses the new insights gleaned about the problem space to identify unlabeled vectors that our target model has correctly identified. These vectors are pseudolabeled, providing further information about the problem space to our target model. The cycle continues until the operator is satisfied with the performance of the target model.

Abstract: Among a great deal of other disclosure and scope, systems and methods are enclosed that enable for highly efficient labeling of data. For example, in some of many cases, a novel methodology for ranking vectors most useful to label next is disclosed. In such an example, a neural network is trained to predict this ranking methodology upon being given a set of heuristics from which to assess the given problem space. A user can continue the cycle of identifying a set of candidate vectors to label, compiling relevant heuristics from said vectors, ranking vectors via the trained neural network, selecting a subset of the ranked vectors, inquiring an oracle regarding the true labels of the vectors, and then appending the subset of newly labelled vectors to the labelled set of vectors until satisfaction.

Abstract: Among a great deal of other disclosure and scope, systems and methods are disclosed in relation to training regression machine learning models. In one of many possible implementations, a region of particular interest is identified where it is important for the target model to be very accurate within the region even at the expense of accuracy outside the region. The operator then tunes the loss function hyperparameters in order to correctly fit the region of interest and importance dropoff desired for the problem space. The loss function generated is easily differentiable and scales the importance of the training example based on its distance from the region of interest. The custom loss function is plugged into one of multiple training algorithms such as the gradient descent algorithm Adam and can be used to train our target model as before.

Abstract: Systems, devices, and methods are discussed for forward testing rule sets at a granularity that is less than all activity on the network. In some cases, the granularity is that of an individual application.

Abstract: Among a great deal of other disclosure and scope, systems and methods are enclosed that enable automated labelling of a subset of vectors in a given problem space. For example, in some of many cases, a first machine learning model pre-trained on a given problem space makes predictions regarding fresh, unseen data. In addition to this prediction, the model can output a confidence metric indicating its confidence regarding the prediction made. A subset of these vectors with the highest confidence may be selected. Relevant heuristics assessing each vector in the subset may be computed. These heuristics can be fed through a second machine learning model, which identifies if the given prediction made by the first model is correct. If so, the vector is automatically annotated with the correct predicted label, the vector is appended to the labeled set of data, and the first model is retrained with the new labeled set of data.

Abstract: Among a great deal of other disclosure and scope, systems and methods are enclosed that adapt adversarial learning principles to an active learning regime. Given a problem space of note, a set of labeled vectors, a machine learning model trained on the set of labeled vectors, and a set of unlabeled vectors, we identify the unlabeled vectors our model is most unsure of. Each of our unlabeled vectors in our set of unlabeled vectors is initially classified by our model, and the prediction probabilities are taken note of. Then, each of our unlabeled vectors in our set of unlabeled vectors is perturbed by adding some random noise. The perturbed vectors are reclassified by our model, with the prediction probabilities taken note of once again.

Abstract: Systems, devices, and methods are discussed for determining zero trust network access policy from a policy from a perspective focused on one or more network elements.

Abstract: Among a great deal of other disclosure and scope, systems and methods are enclosed that enable efficient assessment of the currently known manifolds within a problem space. A set of labeled vectors is identified as well as a set of unlabeled vectors. An angular based comparison is made between each unlabeled vector and each labeled vector. If the smallest angle between a given unlabeled vector and any of the labeled vectors is deemed satisfactory, such as when the angle is small and acute, the vector is deemed not crucial to obtain information regarding. However, if the smallest between a given unlabeled vector and any of the labeled vectors is deemed large, such as when the angle is orthogonal to the labeled set, then the given vector possesses vital information pivotal to learning our problem space. All such vectors are ranked, with the unlabeled vectors with the largest angles to our labeled set sent to our oracle first in order to improve our labeled set of vectors.

Abstract: Various systems and methods for for clustering facial images in, for example, surveillance systems.

Abstract: Various embodiments provide systems and methods for updating a training dataset so that the generated machine learning model can adapt to both short-term and long-term face variations including, for example, head pose, dressing, lighting conditions, and/or aging.

Abstract: Various systems and methods for clustering facial images in, for example, surveillance systems.

Abstract: Systems and methods for a security rating framework that translates compliance requirements to corresponding desired technical configurations to facilitate generation of security ratings for network elements is provided. According to one embodiment, a host network element executes a collection of security checks on at least a first network element. The execution is performed by receiving configuration data of the first network element pertaining to each security check of the collection of security checks in response to a request by the host network element and validating each security check by comparing the received configuration data pertaining to each security check with a pre-defined or configurable network security configuration recommendation to generate a compliance result. Further, the host network element generates a compliance report by aggregating the compliance results obtained by executing each security check of the collection of security checks.

Abstract: Various approaches for providing network maintenance and health monitoring. In some cases, some approaches include systems, methods, and/or devices that provide for receiving and cataloging network incidents and invoking automated remediation in relation to network incidents.

Abstract: Systems and methods for inspection of traffic between UE and the core network to mitigate DDoS attacks on mobile networks are provided. According to one embodiment, the method involves parsing SCTP packets and monitoring header anomalies to block anomalous packet floods. According to another embodiment, a memory table maintains requesting S1AP-IDs which have sent certain monitored commands and then blocking those which are sending these messages at abnormally high rates. According to yet another embodiment, a packet classifier parses the GTP-U protocol, unwraps the encapsulated IP packet and then monitors layer 3, 4 and 7 rate-based attacks such as UDP, ICMP, SYN, HTTP GET floods and drops them to protect the targeted Internet server as well as mobile infrastructure (e.g., the MME, the SGW, the PGW, and the PDN) downstream from the DDoS mitigation system.

Abstract: Systems and methods for efficient kernel space packet processing and IoT device classification are provided. According to one embodiment, a computer system performs IoT device detection processing. Packet header information is received for multiple packets. Based on the packet header information, multiple Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) flows between a given source device of multiple devices and a given destination device of the multiple devices are identified. For each TCP or UDP flow: a variable-length feature set is created having a size limited by a predetermined or configurable aggregate number of packets sent and received for the TCP or UDP flow; and it is inferred whether the TCP or UDP flow represents an IoT device communication or a non-IoT device communication by applying a machine-learning model to the variable length feature set.

Abstract: Embodiments discussed generally relate to cellular network gateways. In some cases, embodiments discussed relate to cellular network gateways capable of processing multiple streams of IP traffic over multiple channels.

Abstract: Various approaches for providing scalable network access processing. In some cases, approaches discussed relate to systems and methods for providing scalable zero trust network access control.

Abstract: Systems and methods for network traffic metering credit distribution and packet processing in a network device having multiple processing units are provided. According to an embodiment, management of multiple meters is distributed among multiple processing units of a network device. Each meter is implemented in a form of a master entry and a slave entry. Responsive to receipt by one of the processing units of a packet subject to rate-limiting by a meter, an action to be taken on the packet is made with reference to a slave entry managed by the processing unit based on available credit of the slave entry. When the action indicates the packet is to be passed: (i) credits associated with passing the packet are deducted from the available credit; and (ii) the packet is passed to a subsequent stage of packet processing; otherwise, the packet is dropped.

Abstract: Systems and methods for determining an efficiency score for an automation platform are provided. According to one embodiment, a first weight for each playbook of multiple playbooks of an automation framework and a second weight for each type of error of multiple types of errors that may cause execution of one of the multiple playbooks to fail are maintained. The first weight represents a relative importance of the playbook and the second weight represents an effort required to address the error. An efficiency score is calculated for execution of one or more playbooks of the multiple playbooks during a particular time period based on the first weight for each of the one or more playbooks and the second weight for each type of error observed during the particular time period. An indication of a health of the automation framework is then displayed based on the efficiency score.

Abstract: Systems and methods for selectively disabling anti-replay security checks based on a defined network policy that can override the globally-defined defaults for specific network sessions are provided. A network security device protecting a private network receives a packet associated with a network traffic flow between a source computing device and an internal destination computing device. The network security device identifies an anti-replay policy associated with the network traffic flow and whether the anti-replay policy is intended to override a global anti-replay policy of the network security device. When the identifying is affirmative, the network security device performs one or more anti-replay security checks in accordance with the anti-replay policy. When the identifying is negative, the network security device performs the one or more anti-replay security checks in accordance with the global anti-replay policy.