Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for detecting and managing noisy alarms in a communications network. In some aspects an event is detected on a communications network. Two or more fields of event data of the event are extracted. An event signature that uniquely represents characteristics of the event is created using the two or more fields of event data as input. A magnitude of instances of the given event signature that are encountered over a tracking period are tracked. The event is classified as a flapping event based on a determination that the given event signature has been encountered at least a threshold number of times within a specified amount of time. One or more event processing operations are excluded from being performed for one or more events having event signatures matching the given event signature based on the classification of the event as a flapping event.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for job management in a distributed network include a prioritizer that determines a priority level for a job and inserts the job into a priority queue based on the priority level, a scheduler that, for each element in the distributed network, requests the priorities of one or more jobs scheduled for execution, evaluates, based on the priorities of the one or more jobs scheduled for execution, the priority of a particular job with respect to the element, determines, based on the priorities, that the network element is free to perform job processes, and upon determining that a network element is free, scheduling a particular job for execution, and an executor that determines that all local and remote resources required for the scheduled job are available and executes the job according to processes defined within the distributed network.

Abstract: Methods and systems for context-aware distributed computing. In one aspect, a system includes a work administrator system; an API; a worker module; and a work administrator. One or more worker modules register with one or more work administrators. The worker modules may inform the work administrators of their processing capabilities and capacity. The work administration system receives a request for processing via the API. A work administrator parses a request into one or more discrete work requests and publishes each work request to the worker modules. The worker modules notify the work administrator whether they can perform the work, along with load and capabilities. The work administrator a worker module to perform each work request. When a worker module completes the work, it notifies the work administrator. The work administration system may aggregate the results from one or more worker modules and provide a response via the API.

Abstract: A method is provided for blocking attacks on a private network (12). The method is implemented by a routing device (10) interconnecting the private network (12) to a public network (14). The method includes analyzing an incoming data packet from the public network (14). The incoming data packet is then matched against known patterns where the known patterns are associated with known forms of attack on the private network (12). A source of the data packet is then identified as malicious or non-malicious based upon the matching. In one embodiment, one of the known forms of attack is a denial of service attack and an associated known pattern is unacknowledged data packets. In another embodiment, one of the known forms of attack is an address spoofing attack and an associated known pattern is a data packet having a source address matching an internal address of the private network (12).

Abstract: A network processor is enabled to retrieve a packet transmission data structure (PTD) from a memory. The NP parses packet data from the PTD and transmits the data over the network as a network packet. The PTD may include repetition information used by the NP to transmit a plurality of packets. The PTD use transmission interval information to control transmission timing of consecutive network packets. The PTD may include modification information used to modify the data packet portion. The modification may include incrementing, decrementing, or storing a random number into any portion of the data packet. The PTD may include flow control information to determine the next PTD to process. The flow control information may include criteria including acknowledgement criteria and time delay criteria. The packet data portion preferably includes all formatting information applicable to the network.

Abstract: An active network defense system is provided that is operable to monitor and block traffic in an automated fashion. This active network defense system is placed in-line with respect to the packet traffic data flow as a part of the network infrastructure. In this configuration, inspection and manipulation of every passing packet is possible. An algorithmic filtering operation applies statistical threshold filtering to the data flow in order to identify threats existing across multiple sessions. A trigger filtering operation applies header and content match filtering to the data flow in order to identify threats existing within individual sessions. Threatening packet traffic is blocked and threatening sessions are terminated. Suspicious traffic is extracted from the data flow for further examination with more comprehensive content matching as well as asset risk analysis. A flow control mechanism is provided to control passage rate for packets passing through the data flow.

Abstract: An active network defense system is provided that is operable to monitor and block traffic in an automated fashion. This active network defense system is placed in-line with respect to the packet traffic data flow as a part of the network infrastructure. In this configuration, inspection and manipulation of every passing packet is possible. An algorithmic filtering operation applies statistical threshold filtering to the data flow in order to identify threats existing across multiple sessions. A trigger filtering operation applies header and content match filtering to the data flow in order to identify threats existing within individual sessions. Threatening packet traffic is blocked and threatening sessions are terminated. Suspicious traffic is extracted from the data flow for further examination with more comprehensive content matching as well as asset risk analysis. A flow control mechanism is provided to control passage rate for packets passing through the data flow.

Abstract: An active network defense system is provided that is operable to monitor and block traffic in an automated fashion. This active network defense system is placed in-line with respect to the packet traffic data flow as a part of the network infrastructure. In this configuration, inspection and manipulation of every passing packet is possible. An algorithmic filtering operation applies statistical threshold filtering to the data flow in order to identify threats existing across multiple sessions. A trigger filtering operation applies header and content match filtering to the data flow in order to identify threats existing within individual sessions. Threatening packet traffic is blocked and threatening sessions are terminated. Suspicious traffic is extracted from the data flow for further examination with more comprehensive content matching as well as asset risk analysis. A flow control mechanism is provided to control passage rate for packets passing through the data flow.

Abstract: A network processor is enabled to retrieve a packet transmission data structure (PTD) from a memory. The NP parses packet data from the PTD and transmits the data over the network as a network packet. The PTD may include repetition information used by the NP to transmit a plurality of packets. The PTD use transmission interval information to control transmission timing of consecutive network packets. The PTD may include modification information used to modify the data packet portion. The modification may include incrementing, decrementing, or storing a random number into any portion of the data packet. The PTD may include flow control information to determine the next PTD to process. The flow control information may include criteria including acknowledgement criteria and time delay criteria. The packet data portion preferably includes all formatting information applicable to the network.

Abstract: Methods and apparatus provide for estimating leakage power as a function of delay times. Delay times and leakage power values may be measured for a test circuit of a given circuit design. A statistical sampling of the measurements may be obtained for the test circuit. The delay data and leakage power data may be correlated to express and estimate leakage power as a function of delay distribution. The test circuit may include a proposed circuit that is simulated, and the method and apparatus also may provide for: creating a schematic design of the test circuit, having, for example, defined poly gate lengths, on-chip devices, and power sources; incorporating a delay chain into the schematic design to get delay distribution data; and utilizing the schematic design, wherein the utilitzation may be a simulation.

Abstract: A network discovery functionality, intrusion detector functionality and firewalling functionality are integrated together to form a network security system presenting a self-deploying and self-hardening security defense for a network.

Abstract: A method, device and system for monitoring ionizing radiation. The method including: collecting an ionizing radiation induced charge collected by the depletion region of a diode formed in a silicon layer below an oxide layer buried below a surface of a silicon substrate; and coupling a cathode of the diode to a precharged node of a clocked logic circuit such that the ionizing radiation induced charge collected by a depletion region of the diode will discharge the precharged node and change an output state of the clocked logic circuit.

Abstract: A method of encoding network packets for storage and later transmitting emulated packets includes determining a protocol for the packet and validating the protocol as belonging to a list of recognized protocols. Upon validating the packet, a protocol attribute value from the packet is parsed and a dictionary is referenced using the protocol attribute value to obtain a binary encoding, which is stored as an encoded packet. The packet, for example, may be an HTTP protocol request packet and parsing may include parsing a TYPE attribute value where the TYPE attribute value indicates whether the packet is a GET, POST, PUT or OTHER type of HTTP request. The method may further include modifying environmental data in the packet when the packet is later generated for transmission on a network. The method may further include, for packets of unrecognized protocols, learning and creating an encoding for new protocols.

Abstract: A system for identifying a subscriber includes an access server coupled to a number of subscribers using a first communication network and further coupled to a second communication network, a memory coupled to the access server, and a processor coupled to the memory. The access server receives a communication from a particular subscriber using a particular one of a number of virtual circuits associated with the first communication network. The memory stores path information that identifies a virtual circuit assigned to the particular subscriber. The processor identifies the particular subscriber for connection to the second communication network based upon the path information and the particular virtual circuit used to receive the communication from the particular subscriber.

Abstract: A system and method provides a broadband network node for a best effort network such as the Internet or intranets which supports the inexpensive and rapid deployment of services to the best efforts network. Separate data path and control path mechanisms allow high-speed data transfers with parallel processing flows for the data path that are controlled across data flows by the control path. Packets are classified, modified and shaped to enable the service on the network with an accountant to track packet traffic for control and billing purposes. A series of processing blades perform a modification function for each blade that processes packets according to classifications. The processing blades are modular and scalable for insertion in the broad band switch to rapidly adapt the broadband network node for new services.

Abstract: A packet filtering operation implements a hierarchical technique. Received packet traffic is first filtered with a first filtering criteria. This first filtering action generates a first pass traffic portion and a fail traffic portion from the received packet traffic. The fail traffic portion is then second filtered with a second filtering criteria. This second filtering action generates a second pass traffic portion and a reject traffic portion. The first filtering criteria provide for higher throughput, lower accuracy processing while the second filtering criteria provide for lower throughput, higher accuracy processing. Dynamic adjustments may be made to the first and second filtering criteria to achieve better overall packet filtering performance. For example, load is measured and the filtering criteria adjusted to better balance load between the hierarchical filtering actions.

Abstract: An active network defense system is provided that is operable to monitor and block traffic in an automated fashion. This active network defense system is placed in-line with respect to the packet traffic data flow as a part of the network infrastructure. In this configuration, inspection and manipulation of every passing packet is possible. An algorithmic filtering operation applies statistical threshold filtering to the data flow in order to identify threats existing across multiple sessions. A trigger filtering operation applies header and content match filtering to the data flow in order to identify threats existing within individual sessions. Threatening packet traffic is blocked and threatening sessions are terminated. Suspicious traffic is extracted from the data flow for further examination with more comprehensive content matching as well as asset risk analysis. A flow control mechanism is provided to control passage rate for packets passing through the data flow.

Abstract: An active network defense system is provided that is operable to monitor and block traffic in an automated fashion. This active network defense system is placed in-line with respect to the packet traffic data flow as a part of the network infrastructure. In this configuration, inspection and manipulation of every passing packet is possible. An algorithmic filtering operation applies statistical threshold filtering to the data flow in order to identify threats existing across multiple sessions. A trigger filtering operation applies header and content match filtering to the data flow in order to identify threats existing within individual sessions. Threatening packet traffic is blocked and threatening sessions are terminated. Suspicious traffic is extracted from the data flow for further examination with more comprehensive content matching as well as asset risk analysis. A flow control mechanism is provided to control passage rate for packets passing through the data flow.

Abstract: A method is provided for blocking attacks on a private network (12). The method is implemented by a routing device (10) interconnecting the private network (12) to a public network (14). The method includes analyzing an incoming data packet from the public network (14). The incoming data packet is then matched against known patterns where the known patterns are associated with known forms of attack on the private network (12). A source of the data packet is then identified as malicious or non-malicious based upon the matching. In one embodiment, one of the known forms of attack is a denial of service attack and an associated known pattern is unacknowledged data packets. In another embodiment, one of the known forms of attack is an address spoofing attack and an associated known pattern is a data packet having a source address matching an internal address of the private network (12).

Abstract: A method is provided for blocking attacks on a private network (12). The method is implemented by a routing device (10) interconnecting the private network (12) to a public network (14). The method includes analyzing an incoming data packet from the public network (14). The incoming data packet is then matched against known patterns where the known patterns are associated with known forms of attack on the private network (12). A source of the data packet is then identified as malicious or non-malicious based upon the matching. In one embodiment, one of the known forms of attack is a denial of service attack and an associated known pattern is unacknowledged data packets. In another embodiment, one of the known forms of attack is an address spoofing attack and an associated known pattern is a data packet having a source address matching an internal address of the private network (12).