Abstract: Stateless address translation at an Autonomous System (AS) boundary for host privacy may be provided. An address associated with a host device in the AS may be received. The address may comprise a network prefix and an interface identifier (ID). Then a cypher value may be assigned to a cypher bit range in the network prefix. The cypher value may be associated with a first cypher algorithm of a plurality of cypher algorithms. Next, the address may be encoded wherein encoding the address comprises applying the first cypher algorithm to encode a coding bit range in the address that is less significant than the cypher bit range. The encoded address may then be used for flows from the host that egress the AS.

Abstract: In one aspect, a method of IP obfuscation of a user device includes receiving, over an Extendible Authentication Protocol (EAP) session between a user device and a network access point, location preferences of the user device, generating, based on the location preferences or a network policy, a geohash for the user device, identifying, for the user device, an IP anchor, sending, over the EAP session, the geohash to the user device, and receiving, from the user device, network traffic, wherein the network access point utilizes the geohash and the IP anchor to route the network traffic for the user device and obfuscate IP address of the user device from third-party access.

Abstract: In one embodiment, a processor of a vehicle detects a difference between a physical characteristic of the vehicle predicted by a first machine learning-based model and a physical characteristic of the vehicle indicated by telemetry data generated by a sub-system of the vehicle. The processor forms a packet payload of an update packet indicative of the detected difference, based in part on a relevancy of the physical characteristic to the first machine learning-based model. The processor applies a synchronization strategy to the update packet, to synchronize the update packet with a second machine learning-based model executed by a receiver. The processor sends the update packet to the receiver via a network, to update the second machine learning-based model.

Abstract: Stateless address translation at an Autonomous System (AS) boundary for host privacy may be provided. An address associated with a host device in the AS may be received. The address may comprise a network prefix and an interface identifier (ID). Then a cypher value may be assigned to a cypher bit range in the network prefix. The cypher value may be associated with a first cypher algorithm of a plurality of cypher algorithms. Next, the address may be encoded wherein encoding the address comprises applying the first cypher algorithm to encode a coding bit range in the address that is less significant than the cypher bit range. The encoded address may then be used for flows from the host that egress the AS.

Abstract: Object movement detection may be provided. Channel State Information (CSI) data may be obtained. The CSI data may be associated with a plurality of links between a plurality of Access Points (APs) that provide coverage to an area. Next, a plurality of features may be extracted from the CSI data. The plurality of features may then be converted to a plurality of scores. Then motion in sub-areas of the area may be classified based on a comparison of the plurality of scores to a threshold for the area. The threshold may be determined based upon data collected when no motion occurred in the area.

Abstract: Correcting for antennae spatial distortions in Radio Frequency (RF) localization may be provided. A plurality of actual locations associated with a plurality of Access Point (APs) may be received. Then a plurality of signal strengths associated with the plurality of APs may be received. Based on the plurality of signal strengths, a model may be created that models a plurality of inference errors respectively corresponding to the plurality of APs between a plurality of inferred locations respectively corresponding to the plurality of APs and the plurality of actual locations. The model may then be used in determining a location of a device.

Abstract: Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a virtual IP (VIP) address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a virtual network of VIP addresses. The client device may then communicate data packets to the server using the VIP address as the destination address, and a virtual network service that works in conjunction with DNS can convert the VIP address to the actual IP address of the server using NAT and forward the data packet onto the server.

Abstract: Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a virtual IP (VIP) address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a virtual network of VIP addresses. The client device may then communicate data packets to the server using the VIP address as the destination address, and a virtual network service that works in conjunction with DNS can convert the VIP address to the actual IP address of the server using NAT and forward the data packet onto the server.

Abstract: Embodiments include detection of physical events associated with a wireless network, where the detected physical events are associated with the measurable effects on radio signals between devices in the wireless network. The detected physical event and associated radio signal information is used to provide precise low cost time synchronization for a device in a network.

Abstract: Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a random IP address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a random IP address that cannot be used to identify the endpoint device or service. The client device may then communicate data packets to the server using the random IP address as the destination address, and a gateway that works in conjunction with DNS can convert the random IP address to the actual IP address of the server using NAT and forward the data packet onto the server.

Abstract: In one embodiment, a processor of a vehicle detects a difference between a physical characteristic of the vehicle predicted by a first machine learning-based model and a physical characteristic of the vehicle indicated by telemetry data generated by a sub-system of the vehicle. The processor forms a packet payload of an update packet indicative of the detected difference, based in part on a relevancy of the physical characteristic to the first machine learning-based model. The processor applies a synchronization strategy to the update packet, to synchronize the update packet with a second machine learning-based model executed by a receiver. The processor sends the update packet to the receiver via a network, to update the second machine learning-based model.

Abstract: Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a virtual IP (VIP) address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a virtual network of VIP addresses. The client device may then communicate data packets to the server using the VIP address as the destination address, and a virtual network service that works in conjunction with DNS can convert the VIP address to the actual IP address of the server using NAT and forward the data packet onto the server.

Abstract: In one embodiment, a service receives signal data indicative of phases and gains associated with wireless signals received by one or more antennas located in a particular area. The service determines, from the received signal data, changes in the phases and gains associated with the wireless signals. The service estimates a direction of motion of one or more objects located in the particular area, based on the determined changes in the gains associated with the wireless signals. The service estimates a total mass of the one or more objects located in the particular area based on a ratio of the determined changes in the gains associated with the wireless signals over the determined changes in the phases associated with the wireless signals.

Abstract: In one embodiment, a device in a serial network de-multiplexes a stream of traffic in the serial network into a plurality of data streams. The device determines that data from a particular data stream should be reported to an entity external to the serial network based on an event indicated by the data from the particular data stream. The device quantizes the data from the particular data stream. The device applies compression to the quantized data to form a compressed representation of the particular data stream. The applied compression is selected based on a data type associated with the data. The device sends a compressed representation of the particular data stream to the external entity as Internet Protocol (IP) traffic.

Abstract: Embodiments include detection of physical events associated with a wireless network, where the detected physical events are associated with the measurable effects on radio signals between devices in the wireless network. The detected physical event and associated radio signal information is used to provide precise low cost time synchronization for a device in a network.

Abstract: In one embodiment, a service receives signal characteristic data indicative of characteristics of wireless signals received by one or more antennas located in a particular area. The service identifies an object in the particular area, based on the received signal characteristic data. The service associates the identified object with an object kinematics model. The service updates the object kinematics model over time by applying Bayesian inference to changes in the signal characteristic data.

Abstract: In one embodiment, a processor of a vehicle predicts a state of the vehicle using a behavioral model. The model is configured to predict the state based in part on one or more state variables that are available from one or more sub-systems of the vehicle and indicative of one or more physical characteristics of the vehicle. The processor computes a representation of a difference between the predicted state of the vehicle and a measured state of the vehicle indicated by one or more state variables available from the one or more sub-systems of the vehicle. The processor detects a malicious intrusion of the vehicle based on the computed representation of the difference between the predicted and measured states of the vehicle exceeding a defined threshold. The processor initiates performance of a mitigation action for the detected intrusion, in response to detecting the malicious intrusion of the vehicle.

Abstract: In one embodiment, a service receives signal characteristic data indicative of characteristics of wireless signals received by one or more antennas located in a particular area. The service uses the received signal characteristic data as input to a Bayesian inference model to predict physical states of an object located in the particular area. A physical state of the object is indicative of at least one of: a mass, a velocity, an acceleration, a surface area, or a location of the object. The service updates the Bayesian inference model based in part on the predicted state of the object and a change in the received signal characteristic data and based in part by enforcing Newtonian motion dynamics on the predicted physical states.

Abstract: In one embodiment, a device in a serial network de-multiplexes a stream of traffic in the serial network into a plurality of data streams. The device determines that data from a particular data stream should be reported to an entity external to the serial network based on an event indicated by the data from the particular data stream. The device quantizes the data from the particular data stream. The device applies compression to the quantized data to form a compressed representation of the particular data stream. The applied compression is selected based on a data type associated with the data. The device sends a compressed representation of the particular data stream to the external entity as Internet Protocol (IP) traffic.

Abstract: In one embodiment, a device in a serial network de-multiplexes a stream of traffic in the serial network into a plurality of data streams. A particular one of the data streams is associated with a particular endpoint in the serial network. The device determines that data from the particular data stream associated with the particular endpoint should be reported to an entity external to the serial network based on an event indicated by the data from the particular data stream. The device quantizes the data from the particular data stream. The device applies compression to the quantized data to form a compressed representation of the particular data stream. The applied compression is selected based on a data type associated with the data. The device sends a compressed representation of the particular data stream to the external entity as Internet Protocol (IP) traffic.