Abstract: The present disclosure relates to systems and methods for ML model feature selection and transformation. Specifically, the system and method Include receiving information and data from a network having resources; implementing feature selection on one or more network Machine Learning (ML) models, such that each is a pipeline of a plurality of functions to control the resources and with specified interfaces to other control applications; utilizing one or more feature graph engines (FGEs) which creates one or more feature graphs, from the information and data, as a functional component to derive a design-time set of feature vector for a specific context, each feature graph represents network layer representations in the network which includes multiple layers; and implementing changes to the one or more feature graphs based on any run-time updates from the pipeline.

Abstract: Artificial Intelligence (AI)-based network control includes obtaining data from a network having a plurality of network elements; analyzing the data with one or more Machine Learning (ML) algorithms to determine one or more actions for network control; analyzing the determined one or more actions to determine any risks associated therewith; and one of allowing, modifying, and blocking the determined one or more actions based on the determined risks to safeguard the network. The risks can be based on one or more of (1) non-deterministic behavior AI inference which is statistical in nature, (2) unbounded uncertainty of the AI inference that can result in arbitrarily large inaccuracy on rare occasions, (3) unpredictable behavior of the AI inference in presence of input data that is different than data in training and testing datasets, and (4) malicious input data.

Abstract: Systems and methods include receiving information from a governed system having resources; implementing one or more context neutral or specific control applications that each is a pipeline of a plurality of functions to control the resources; utilizing the information as one input to a first function in the plurality of functions; utilizing inputs from one or more control applications as inputs to any of the plurality of functions; and causing actions on the resources based on outputs of a last function in the plurality of functions. The plurality of functions can include sensing, discerning, inferring, deciding, and causing the actions.

Abstract: Artificial Intelligence (AI)-based network control includes obtaining data from a network having a plurality of network elements; analyzing the data with one or more Machine Learning (ML) algorithms to determine one or more actions for network control; analyzing the determined one or more actions to determine any risks associated therewith; and one of allowing, modifying, and blocking the determined one or more actions based on the determined risks to safeguard the network. The risks can be based on one or more of (1) non-deterministic behavior AI inference which is statistical in nature, (2) unbounded uncertainty of the AI inference that can result in arbitrarily large inaccuracy on rare occasions, (3) unpredictable behavior of the AI inference in presence of input data that is different than data in training and testing datasets, and (4) malicious input data.

Abstract: Systems and methods include receiving information from a governed system having resources; implementing one or more context neutral or specific control applications that each is a pipeline of a plurality of functions to control the resources; utilizing the information as one input to a first function in the plurality of functions; utilizing inputs from one or more control applications as inputs to any of the plurality of functions; and causing actions on the resources based on outputs of a last function in the plurality of functions. The plurality of functions can include sensing, discerning, inferring, deciding, and causing the actions.

Abstract: An Artificial Intelligence (AI)-based network control system includes an AI system configured to obtain data from a network having a plurality of network elements and to determine actions for network control through one or more Machine Learning (ML) algorithms; a controller configured to cause the actions in the network; and a safeguard module between the AI system and the controller, wherein the safeguard module is configured to one of allow, block, and modify the actions from the AI system.

Abstract: An Artificial Intelligence (AI)-based network control system includes an AI system configured to obtain data from a network having a plurality of network elements and to determine actions for network control through one or more Machine Learning (ML) algorithms; a controller configured to cause the actions in the network; and a safeguard module between the AI system and the controller, wherein the safeguard module is configured to one of allow, block, and modify the actions from the AI system.

Abstract: A dynamic registration system includes a slice registration server communicatively coupled to one or more clients, and to one or more Application Programming Interfaces (APIs), wherein each API is communicatively coupled to an associated network of one or more networks, each network having resources including one or more of transport, compute, and storage resources; wherein the slice registration system is configured to receive requests for resources of the one or more of transport, compute, and storage resources in the one or more networks, for a client, exchange request/response messages with the one or more networks for a slice registration of the resources in the one or more networks, cause instantiation of the resources in the one or more networks, based on the request/response messages, and provide an acknowledgment to the client based on the instantiation of the resources.

Abstract: A method, implemented by a slice registration server, for dynamic reservation of network slices includes receiving a first request from a client for a network slice including one or more of networks, compute, and storage resources in one or more networks for a time period; determining availability of the network resources based on the first request and a state of the one or more networks; transmitting a response to the client based on the availability; receiving a second request from the client based on the response; and causing instantiation of the network resources and providing an acknowledgment to the client based thereon.

Abstract: A method, implemented by a slice registration server, for dynamic reservation of network slices includes receiving a first request from a client for a network slice including one or more of networks, compute, and storage resources in one or more networks for a time period; determining availability of the network resources based on the first request and a state of the one or more networks; transmitting a response to the client based on the availability; receiving a second request from the client based on the response; and causing instantiation of the network resources and providing an acknowledgment to the client based thereon.

Abstract: A Software Defined Networking (SDN) controller is described associated with a local domain and configured to control remote services in a remote domain. The SDN controller includes a network interface communicatively coupled to the remote domain; a processor communicatively coupled to the network interface; and memory storing instructions that, when executed, cause the processor to, subsequent to instantiation of a logical switch in a device in the remote domain, establish a control channel with the logical switch, wherein the control channel flows over the local domain and the remote domain, and control the logical switch in the remote domain via the control channel.

Abstract: A network element is configured to provide a distributed data center architecture between at least two data center locations. The network element includes a plurality of ports configured to switch packets between one another; wherein a first port of the plurality of ports is connected to an intra-data center network of a first data center location and a second port of the plurality of ports is connected to a second data center location that is remote from the first data center location over a Wide Area Network (WAN), and wherein the intra-data center network of the first data center location, the WAN, and an intra-data center network of the second data center location utilize an ordered label structure between one another to form the distributed data center architecture.

Abstract: A Software Defined Networking (SDN) controller is described associated with a local domain and configured to control remote services in a remote domain. The SDN controller includes a network interface communicatively coupled to the remote domain; a processor communicatively coupled to the network interface; and memory storing instructions that, when executed, cause the processor to, subsequent to instantiation of a logical switch in a device in the remote domain, establish a control channel with the logical switch, wherein the control channel flows over the local domain and the remote domain, and control the logical switch in the remote domain via the control channel.

Abstract: An organizational fraud detection (OFD) system and method for flagging one or more transactions as a potential fraudulent activity, in an organization is disclosed. The OFD system comprises: a processor; and a memory communicatively coupled to the processor, wherein the memory stores processor-executable instructions, which, on execution, cause the processor to: receive a suspected transaction for investigation, classify the suspected transaction into one or more groups of fraudulent activity; select, based on the classification, a set of investigation rules for investigating the suspected transaction; determine, based on data selection rules, the data associated with the suspected transaction; ascertain an accuracy score and an impact score associated with the suspected transaction; and classify the suspected transaction as a potential fraudulent activity on at least one of the accuracy score and the impact score exceeding a pre-defined threshold.

Abstract: An Ethernet Tree (E-Tree) service is described instantiated on an Ethernet switch and in an Ethernet network. The E-Tree service is implemented using Private Forwarding Groups (PFGs), asymmetric Virtual Local Area Networks (VLANs), virtual switches, and port configurations. The use of PFGs in addition to asymmetric VLANs provides higher levels of security in the described E-Tree systems and methods. The E-Tree systems and methods also can utilize Access Control Lists (ACLs) at Network-Network Interfaces (NNIs) for controlling unknown unicasts from reaching wrong ports. The E-Tree systems and methods can also seamlessly interoperate with packet switches using an IEEE 802.1Q-2011 approach.

Abstract: An Ethernet Tree (E-Tree) service is described instantiated on an Ethernet switch and in an Ethernet network. The E-Tree service is implemented using Private Forwarding Groups (PFGs), asymmetric Virtual Local Area Networks (VLANs), virtual switches, and port configurations. The use of PFGs in addition to asymmetric VLANs provides higher levels of security in the described E-Tree systems and methods. The E-Tree systems and methods also can utilize Access Control Lists (ACLs) at Network-Network Interfaces (NNIs) for controlling unknown unicasts from reaching wrong ports. The E-Tree systems and methods can also seamlessly interoperate with packet switches using an IEEE 802.1Q-2011 approach.

Abstract: The present disclosure relates a network, a network element, a system, and a method providing an efficient allocation of protection capacity for network connections and/or services. These may be for services within a given Virtual Private Network (VPN) or Virtual Machine (VM) instance flow. Network ingress/egress ports are designed to be VM instance aware while transit ports may or may not be depending on network element capability or configuration. A centralized policy management and a distributed control plane are used to discover and allocate resources to and among the VPNs or VM instances. Algorithms for efficient allocation and release of protection capacity may be coordinated between the centralized policy management and the distributed control plane. Additional coupling of attributes such as latency may provide more sophisticated path selection algorithms including efficient sharing of protection capacity.

Abstract: The present disclosure provides systems and methods for Ethernet Connectivity Fault Management (CFM) extensions to provide a CFM messaging mechanism for support of information exchange and the like, in addition to end-to-end connectivity and fault management. In an exemplary embodiment, the present invention utilizes CFM extensions to provide Pseudowire (PW) MAC addressing. Here, the present invention can enable the exchanging of MAC addresses and other attributes for PDH pseudowire transport. Advantageously, this avoids involving the OSS/EMS/NMS in pre-provisioning these necessary but arbitrary attributes across the network elements supporting a pseudowire service. Also, the present invention can be extended to support numerous other applications involving sharing of attributes between nodes over the extensions provided herein.

Abstract: The present disclosure relates a network, a network element, a system, and a method providing an efficient allocation of protection capacity for network connections and/or services. These may be for services within a given Virtual Private Network (VPN) or Virtual Machine (VM) instance flow. Network ingress/egress ports are designed to be VM instance aware while transit ports may or may not be depending on network element capability or configuration. A centralized policy management and a distributed control plane are used to discover and allocate resources to and among the VPNs or VM instances. Algorithms for efficient allocation and release of protection capacity may be coordinated between the centralized policy management and the distributed control plane. Additional coupling of attributes such as latency may provide more sophisticated path selection algorithms including efficient sharing of protection capacity.

Abstract: The present disclosure provides systems and methods for Ethernet Connectivity Fault Management (CFM) extensions to provide a CFM messaging mechanism for support of information exchange and the like, in addition to end-to-end connectivity and fault management. In an exemplary embodiment, the present invention utilizes CFM extensions to provide Pseudowire (PW) MAC addressing. Here, the present invention can enable the exchanging of MAC addresses and other attributes for PDH pseudowire transport. Advantageously, this avoids involving the OSS/EMS/NMS in pre-provisioning these necessary but arbitrary attributes across the network elements supporting a pseudowire service. Also, the present invention can be extended to support numerous other applications involving sharing of attributes between nodes over the extensions provided herein.