Abstract: Embodiments herein relate to prediction, based on previous usage of a cloud-based computing resource by a user of one or more users of the cloud-based computing resource, future usage of the cloud-based computing resource. Based on the predicted future usage, embodiments relate to identifying that throttling of access to the cloud-based computing resource is to occur, and notifying the user of the throttling. Other embodiments may be described and/or claimed.

Abstract: Endpoint security systems and methods include a distance estimation module configured to calculate a travel distance between a source Internet Protocol (IP) address and an IP address for a target network endpoint system from a received packet received by a network gateway system based on time-to-live (TTL) information from the received packet. A machine learning model is configured to estimate an expected travel distance between the source IP address and the target network endpoint system IP address based on a sparse set of known source/target distances. A spoof detection module is configured to determine that the received packet has a spoofed source IP address based on a comparison between the calculated travel distance and the expected travel distance. A security module is configured to perform a security action at the network gateway system responsive to the determination that the received packet has a spoofed source IP address.

Abstract: Systems and methods for preventing cyberattacks using a Density Estimation Network (DEN) for unsupervised anomaly detection, including constructing the DEN using acquired network traffic data by performing end-to-end training. The training includes generating low-dimensional vector representations of the network traffic data by performing dimensionality reduction of the network traffic data, predicting mixture membership distribution parameters for each of the low-dimensional representations by performing density estimation using a Gaussian Mixture Model (GMM) framework, and formulating an objective function to estimate an energy and determine a density level of the low-dimensional representations for anomaly detection, with an anomaly being identified when the energy exceeds a pre-defined threshold. Cyberattacks are prevented by blocking transmission of network flows with identified anomalies by directly filtering out the flows using a network traffic monitor.

Abstract: Systems and methods for optimizing query execution to improve query processing by a computer are provided. A query is analyzed and translated into a logical plan. A runtime query optimizer is applied to the logical plan to identify a physical plan including operators for execution. The logical plan is translated into the physical plan. Execution of the query is scheduled according to the physical plan.

Abstract: Methods and systems for mitigating a spoofing-based attack include calculating a travel distance between a source Internet Protocol (IP) address and a target IP address from a received packet based on time-to-live information from the received packet. An expected travel distance between the source IP address and the target IP address is estimated based on a sparse set of known source/target distances. It is determined that the received packet has a spoofed source IP address based on a comparison between the calculated travel distance and the expected travel distance. A security action is performed responsive to the determination that the received packet has a spoofed source IP address.

Abstract: Endpoint security systems and methods include a distance estimation module configured to calculate a travel distance between a source Internet Protocol (IP) address and an IP address for a target network endpoint system from a received packet received by the target network endpoint system based on time-to-live (TTL) information from the received packet. A machine learning model is configured to estimate an expected travel distance between the source IP address and the target network endpoint system IP address based on a sparse set of known source/target distances. A spoof detection module is configured to determine that the received packet has a spoofed source IP address based on a comparison between the calculated travel distance and the expected travel distance. A security module is configured to perform a security action at the target network endpoint system responsive to the determination that the received packet has a spoofed source IP address.

Abstract: Systems and methods for preventing cyberattacks using a Density Estimation Network (DEN) for unsupervised anomaly detection, including constructing the DEN using acquired network traffic data by performing end-to-end training. The training includes generating low-dimensional vector representations of the network traffic data by performing dimensionality reduction of the network traffic data, predicting mixture membership distribution parameters for each of the low-dimensional representations by performing density estimation using a Gaussian Mixture Model (GMM) framework, and formulating an objective function to estimate an energy and determine a density level of the low-dimensional representations for anomaly detection, with an anomaly being identified when the energy exceeds a pre-defined threshold. Cyberattacks are prevented by blocking transmission of network flows with identified anomalies by directly filtering out the flows using a network traffic monitor.

Abstract: Methods and systems for mitigating a spoofing-based attack include calculating a travel distance between a source Internet Protocol (IP) address and a target IP address from a received packet based on time-to-live information from the received packet. An expected travel distance between the source IP address and the target IP address is estimated based on a sparse set of known source/target distances. It is determined that the received packet has a spoofed source IP address based on a comparison between the calculated travel distance and the expected travel distance. A security action is performed responsive to the determination that the received packet has a spoofed source IP address.

Abstract: Endpoint security systems and methods include a distance estimation module configured to calculate a travel distance between a source Internet Protocol (IP) address and an IP address for a target network endpoint system from a received packet received by the target network endpoint system based on time-to-live (TTL) information from the received packet. A machine learning model is configured to estimate an expected travel distance between the source IP address and the target network endpoint system IP address based on a sparse set of known source/target distances. A spoof detection module is configured to determine that the received packet has a spoofed source IP address based on a comparison between the calculated travel distance and the expected travel distance. A security module is configured to perform a security action at the target network endpoint system responsive to the determination that the received packet has a spoofed source IP address.

Abstract: Endpoint security systems and methods include a distance estimation module configured to calculate a travel distance between a source Internet Protocol (IP) address and an IP address for a target network endpoint system from a received packet received by a network gateway system based on time-to-live (TTL) information from the received packet. A machine learning model is configured to estimate an expected travel distance between the source IP address and the target network endpoint system IP address based on a sparse set of known source/target distances. A spoof detection module is configured to determine that the received packet has a spoofed source IP address based on a comparison between the calculated travel distance and the expected travel distance. A security module is configured to perform a security action at the network gateway system responsive to the determination that the received packet has a spoofed source IP address.

Abstract: Systems and methods for implementing a behavior analysis engine (BAE) to improve computer query processing are provided. A job request to execute an input rule on target log data is received by a BAE service via a user interface. The job request is executed by the BAE service to generate a result by obtaining the input rule from a rule-base, parsing the input rule to create a data structure, optimizing the data structure, and executing one or more operations using the optimized data structure. The result is stored by the BAE service in a result database.

Abstract: Systems and methods for optimizing query execution to improve query processing by a computer are provided. A query is analyzed and translated into a logical plan. A runtime query optimizer is applied to the logical plan to identify a physical plan including operators for execution. The logical plan is translated into the physical plan. Execution of the query is scheduled according to the physical plan.

Abstract: The present invention relates to a video search apparatus and method, and more particularly, to a video search apparatus and method which can be used to search video data collected by a video capture apparatus, such as a closed circuit television (CCTV), for information desired by a user.