Abstract: A method for classifying domains to malware families includes identifying a corpus of malicious domains, identifying one or more suspicious domains, extracting a timeframe corresponding to the one or more suspicious domains, calculating a rank coefficient between the one or more suspicious domains and a current seed domain of the corpus of malicious domains, determining whether the rank correlation coefficient exceeds a rank threshold for the one or more suspicious domains, comparing a number of suspicious domains whose correlation coefficients exceed the rank threshold to a relation threshold, and responsive to determining the number of suspicious domains whose correlation coefficients exceed the rank threshold exceeds the relation threshold, applying a tag to the suspicious domains indicating that the one or more suspicious domains correspond to a same malware family as the current seed domain.

Abstract: Method, system, and computer program product are provided for secure facilities access. The method may include: receiving an access request from a mobile device to a secure facility; authenticating a user using multifactor biometric authentication with data from the mobile device; obtaining data from one or more fixed sensor devices at a location in the physical vicinity of the secure facility; cross-validating data from the mobile device with data from the one or more fixed sensor devices; and granting access to the secure facility if the authentication of the user and the cross-validation are successful. The cross-validating may determine that the access request from the mobile device is made in the vicinity of the secure facility using data from the one or more fixed sensor devices.

Abstract: A method and system for managing and tracking communications within a computer network. A unique user identifier and unique system identifier are assigned to each authorized user and each authorized computer, respectively, within a computer network. The unique user and system identifiers are inserted into the headers of packets for packet communications and transmissions within the network. Subsequently, the unique user and system identifiers are extracted from the headers of the packets and then recorded and logged in a database and associated in the database with the corresponding communication.

Abstract: Methods and systems for establishing secure TCP/IP communications for individual network connections include the steps of intercepting a conventional TCP SYN packet prior to transmission from a source node to a destination node, embedding unique identifiers into standard fields of the packet header, wherein the unique identifiers are associated with the specific connection attempt and wherein the unique identifiers identify the user account and/or the computer hardware initiating the communication attempt, then forwarding the modified TCP SYN packet to the destination node and intercepting the modified TCP SYN packet prior to arrival, determining whether secure communications are required based on the unique identifiers extracted from the packet headers, based on other TCP/IP information, and based on predefined rules associated with the same. If secure communications are required, such requirement is communicated within either an RST or a SYN-ACK back to the source node.

Abstract: The disclosed system, apparatuses, methods, and computer-readable media can be used by a computer to establish the security status of another computer before establishing a network connection to it. Responsive to a request message, security state data indicating this status can be incorporated into a response message as one of the first few packets exchanged by computers to establish a network connection. This enables a computer to determine whether the other computer's security status is compliant with its security policy before establishing the network connection, reducing risk of infection by a virus, worm, or the like.

Abstract: Methods, systems and computer-readable data storage media for authentication and/or access authorization in a communications network. A source node initiates a request for network services, such as session establishment, database access, or application access. Known network resources, authorized user, and/or source information are stored in a database at a network portal along with access policy rules that can be device and/or user dependent. A source node can construct a packet header including a user identifier indicating the user originating the request, and/or a source identifier indicating the hardware from which the request is originated. At least one of these identifiers are included with a synchronization packet for transmission to a destination node. An appliance or firewall in the communications network receives, authenticates, and determines whether resource access is authorized before releasing the packet to its intended destination.

Abstract: A system of the invention comprises first and second computers. The first computer retrieves and incorporates its security state data in a message requesting a network connection with the second computer. The second computer receives the message and determines whether its security policy data permits connection with the first computer given the security state of the first computer as indicated by its security state data. The security state data can comprise data indicating whether an anti-virus application, firewall application, or operating system are running on the first computer, and are up-to-date. If so, the second computer permits the network connection to proceed. If not, then the second computer either drops the connection request or terminates the connection request by transmitting a disconnection message to the first computer. The invention also comprises related apparatuses, methods, and computer-readable media.

Abstract: A method and system for monitoring UDP communications and for preventing unauthorized UDP communications within a computer network. A method for managing access to a resource comprises assigning a unique user identifier to each authorized user, upon initiation of a UDP communication initialed by a specific authorized user for access to a specific resource, appending the unique user identifier of the specific authorized user to each UDP packet of the UDP communication, intercepting the plurality of UDP packets within the computer network, extracting the unique user identifier from each UDP packet to identify the specific authorized user associated with the respective UDP packet, and allowing each respective UDP packet to reach the specific resource as a function of the unique user identifier extracted from the respective UDP packet.

Abstract: A method, system and program for preventing intrusion in a communications network. A source node initiates a request for network services, such as session establishment, database access, or application access. Known network resources and authorized user information is stored in a database at a network portal along with access policy rules that are device and user dependent. Identification of the source node is required before the source node can construct a transformed packet header that is included with a synchronization packet before transmission to a destination node. An appliance or firewall in the communications network receives and authenticates the synchronization packet before releasing the packet to its, intended destination. The authentication process includes verification of the access policy associated with the source node. Once received at the destination node, the transformed packet header is reformed by extracting a key index value.

Abstract: Methods and systems for establishing secure TCP/IP communications for individual network connections include the steps of intercepting a conventional TCP SYN packet prior to transmission from a source node to a destination node, embedding unique identifiers into standard fields of the packet header, wherein the unique identifiers are associated with the specific connection attempt and wherein the unique identifiers identify the user account and/or the computer hardware initiating the communication attempt, then forwarding the modified TCP SYN packet to the destination node and intercepting the modified TCP SYN packet prior to arrival, determining whether secure communications are required based on the unique identifiers extracted from the packet headers, based on other TCP/IP information, and based on predefined rules associated with the same. If secure communications are required, such requirement is communicated within either an RST or a SYN-ACK back to the source node.

Abstract: The present invention provides systems and methods for predicting expected service levels based on measurements relating to network traffic data. Measured network performance characteristics can be converted to metrics for quantifying network performance. The response time metric may be described as a service level metric whereas bandwidth, latency, utilization and processing delays may be classified as component metrics of the service level metric. Service level metrics have certain entity relationships with their component metrics that may be exploited to provide a predictive capability for service levels and performance. The present invention involves system and methods for processing metrics representing current conditions in a network, in order to predict future values of those metrics.

Abstract: Methods, systems and computer-readable data storage media for authentication and/or access authorization in a communications network. A source node initiates a request for network services, such as session establishment, database access, or application access. Known network resources, authorized user, and/or source information are stored in a database at a network portal along with access policy rules that can be device and/or user dependent. A source node can construct a packet header including a user identifier indicating the user originating the request, and/or a source identifier indicating the hardware from which the request is originated. At least one of these identifiers are included with a synchronization packet for transmission to a destination node. An appliance or firewall in the communications network receives, authenticates, and determines whether resource access is authorized before releasing the packet to its intended destination.

Abstract: A method, system and program for preventing intrusion in a communications network. A source node initiates a request for network services, such as session establishment, database access, or application access. Known network resources and authorized user information is stored in a database at a network portal along with access policy rules that are device and user dependent. Identification of the source node is required before the source node can construct a transformed packet header that is included with a synchronization packet before transmission to a destination node. An appliance or firewall in the communications network receives and authenticates the synchronization packet before releasing the packet to its intended destination. The authentication process includes verification of the access policy associated with the source node. Once received at the destination node, the transformed packet header is reformed by extracting a key index value.

Abstract: The present invention provides a framework for metering, monitoring, measuring, analyzing and reporting on network traffic data. The framework of the present invention is comprised of multiple synchronized components that each contribute highly specialized functionality to the framework as a whole. In certain configurations, the present invention includes two types of metering/measuring components, referred to as Instrumentation Access Points (IAPs). The first metering/measuring component is a terminal IAP, referred to as Node Workstation and Node Server. The second metering/measuring component is an edge IAP, referred to as Probe. Probe monitors all traffic that traverses the network segment upon which it is installed, while Node is limited to the traffic specific to the particular host (i.e., workstation or server). The IAPs communicate their data to monitoring, analysis, and reporting software modules that rely upon and reside in another component referred to as Diagnostic Server.

Abstract: The present invention provides methods for identifying and tracking data packets across a network. Specifically, network monitoring devices are configured to identify particular data packets or traffic flows at different points in a network by conversation fingerprinting. Conversation fingerprinting involves creating a unique identifier based on an invariant portion of one or more data packets in a traffic flow. An equivalency test is then performed between two identifiers from different monitoring devices to determine if the same data packet is received at two or more network monitoring devices. In order to reduce the probability of mismatches, additional heuristics may be applied based on additional attributes of the data packet or conversation. If a match occurs, then the timestamps of the two identifiers are compared to determine the point-to-point network transit latency between the two network monitoring devices.

Abstract: A novel human signal-transduction kinase polypeptide is described which is expressed at a particularly high level in human leukocytes. A full length cDNA which encodes the novel stress-activated serine/threonine kinase polypeptide is disclosed as well as the interior structural region and the amino acid residue sequence of the native biological molecule. Methods are provided to identify compounds that modulate the biological activity of the human Ste20-like stress-activated serine/threonine signal transduction kinase.

Abstract: An isolated and purified human Ste20-like serine/threonine signal transduction kinase is described. A cDNA sequence which encodes the native signal transduction molecule is disclosed as well as the structural coding region and the amino acid residue sequence. Methods are provided which employ the sequences to identify compounds that modulate the biological and/or pharmacological activity of the transduction molecule and hence regulate cell physiology. Biologically-effective antisense molecules, as well as dominant negative mutant versions of the biomolecule are described which are suitable for therapeutic use. The invention is also drawn toward the diagnosis, prevention, and treatment of pathophysiological disorders mediated by the signal transduction molecule.

Abstract: A novel human signal-transduction kinase polypeptide is described which is expressed at a particularly high level in human leukocytes. A full length cDNA which encodes the novel stress-activated serine/threonine kinase polypeptide is disclosed as well as the interior structural region and the amino acid residue sequence of the native biological molecule. Methods are provided to identify compounds that modulate the biological activity of the human Ste20-like stress-activated serine/threonine signal transduction kinase.

Abstract: An isolated and purified human Ste20-like serine/threonine signal transduction kinase is described. A cDNA sequence which encodes the native signal transduction molecule is disclosed as well as the structural coding region and the amino acid residue sequence. Methods are provided which employ the sequences to identify compounds that modulate the biological and/or pharmacological activity of the transduction molecule and hence regulate cell physiology. Biologically-effective antisense molecules, as well as dominant negative mutant versions of the biomolecule are described which are suitable for therapeutic use. The invention is also drawn toward the diagnosis, prevention, and treatment of pathophysiological disorders mediated by the signal transduction molecule.

Abstract: A novel human GTPase polypeptide intracellular molecular switch is described. A full length cDNA which encodes the signal transduction polypeptide is disclosed as well as the interior structural region and the amino acid residue sequence of the human GTPase. Methods are provided to identify compounds that modulate the biological activity of the native signal switch biomolecule and hence regulate cellular and tissue physiology.