Abstract: The described technology is generally directed towards a short message service (SMS) congestion manager that can evaluate, predict, and mitigate SMS congestion. The SMS congestion manager can be implemented within a short message services function (SMSF) of a fifth generation (5G) or subsequent generation cellular network. The SMS congestion manager can monitor a volume of non-access stratum (NAS) SMS messages in order to detect potential overload conditions wherein the volume of messages exceeds a capability of a network function. In response to detecting potential overload conditions, the SMS congestion manager can inhibit messages directed to the network function in order to prevent overloads from developing. The SMS congestion manager can use machine learning to learn to detect the potential overload conditions as well as to learn actions to take to address the potential overload conditions.

Abstract: An insider attack resistant system for providing cloud services integrity checking is disclosed. In particular, the system utilizes an automated integrity checking script and virtual machines to check the integrity of a service. The system may utilize the integrity checking script and virtual machines to execute a set of operations associated with the service so as to check the integrity of the service. When executing the set of operations, the system may only have access to the minimum level of access to peripherals that is required for each operation in the set of operations to be executed. After each operation is executed, the system may log each result for each operation, and analyze each result to determine if a failure exists for any of the operations. If a failure exists, the system may determine that a change in an expected system behavior associated with the service has occurred.

Abstract: Concepts and technologies directed to scrubbed internet protocol domain for enhanced cloud security are disclosed herein. In various aspects, a system can include a processor and memory storing instructions that, upon execution, cause performance of operations. The operations can include exposing an application to a service provider network that provides an internet connection, where the application is provided by a datacenter that communicates with the service provider network. The operations can include monitoring traffic flows to the application during an observation time period, where the traffic flows include probe traffic that attempts to reach the application. The operations can include constructing a scrubbed internet protocol domain such that detected probe traffic is prevented from reaching a plurality of virtual machines provided by the datacenter.

Abstract: Concepts and technologies directed to scrubbed internet protocol domain for enhanced cloud security are disclosed herein. In various aspects, a system can include a processor and memory storing instructions that, upon execution, cause performance of operations. The operations can include exposing an application to a service provider network that provides an internet connection, where the application is provided by a datacenter that communicates with the service provider network. The operations can include monitoring traffic flows to the application during an observation time period, where the traffic flows include probe traffic that attempts to reach the application. The operations can include constructing a scrubbed internet protocol domain such that detected probe traffic is prevented from reaching a plurality of virtual machines provided by the datacenter.

Abstract: Aspects of the subject disclosure may include, for example, selecting, a group of International Mobile Subscriber Identities (IMSIs), selecting a group of traffic simulator devices, and provisioning each of the group of IMSIs to each of the group of traffic simulator devices. Further embodiments can include providing first instructions to a first portion of the group of traffic simulator devices. The first instructions cause the first portion of the group of traffic simulator devices to generate simulated voice traffic over a first plurality of time periods. Additional embodiments can include providing second instructions to a second portion of the group of traffic simulator devices. The second instructions cause the second portion of the group of traffic simulator devices to generate simulated data traffic over a second plurality of time periods. Other embodiments are disclosed.

Abstract: Concepts and technologies directed to scrubbed internet protocol domain for enhanced cloud security are disclosed herein. In various aspects, a system can include a processor and memory storing instructions that, upon execution, cause performance of operations. The operations can include exposing an application to a service provider network that provides an internet connection, where the application is provided by a datacenter that communicates with the service provider network. The operations can include monitoring traffic flows to the application during an observation time period, where the traffic flows includes probe traffic that attempts to reach the application. The operations can include constructing a scrubbed internet protocol domain such that detected probe traffic is prevented from reaching a plurality of virtual machines provided by the datacenter.

Abstract: Aspects of the subject disclosure may include, for example, determining a first access point name according to a first service set identifier associated with a first wireless message transmitted according to a first wireless protocol from a first device, where the first access point name is included in a set of access point names of a cellular communication system, and transmitting a second wireless message according to a second wireless protocol to a communication node of a guided wave communication system, where the guided wave communication system is communicatively coupled to the cellular communication system, where the second wireless message is associated with the first wireless message and includes the first access point name, and where the cellular communication system determines a first routing of first communications associated with the first device according to first access point name. Other embodiments are disclosed.

Abstract: Aspects of the subject disclosure may include, for example, determining a first access point name according to a first service set identifier associated with a first wireless message transmitted according to a first wireless protocol from a first device, where the first access point name is included in a set of access point names of a cellular communication system, and transmitting a second wireless message according to a second wireless protocol to a communication node of a guided wave communication system, where the guided wave communication system is communicatively coupled to the cellular communication system, where the second wireless message is associated with the first wireless message and includes the first access point name, and where the cellular communication system determines a first routing of first communications associated with the first device according to first access point name. Other embodiments are disclosed.

Abstract: An insider attack resistant system for providing cloud services integrity checking is disclosed. In particular, the system utilizes an automated integrity checking script and virtual machines to check the integrity of a service. The system may utilize the integrity checking script and virtual machines to execute a set of operations associated with the service so as to check the integrity of the service. When executing the set of operations, the system may only have access to the minimum level of access to peripherals that is required for each operation in the set of operations to be executed. After each operation is executed, the system may log each result for each operation, and analyze each result to determine if a failure exists for any of the operations. If a failure exists, the system may determine that a change in an expected system behavior associated with the service has occurred.

Abstract: A system and method for identifying distributed attacks, such as, but not limited to, distributed denial of service attacks and botnet attacks, in a first network serviced by a first carrier and configured to alert a second network serviced by a second carrier that is different from the first carrier is disclosed. Once an attack has been identified, an attack alert is generated and provided to the second network or other aspects of the first network, or both. The attack alerts may be distributed dynamically with the second network via diameter based security protocol Rs. Such system and method may mitigate distributed malicious attacks by sharing destination internet protocol and bad international mobile subscriber identity information across carriers.

Abstract: An insider attack resistant system for providing cloud services integrity checking is disclosed. In particular, the system utilizes an automated integrity checking script and virtual machines to check the integrity of a service. The system may utilize the integrity checking script and virtual machines to execute a set of operations associated with the service so as to check the integrity of the service. When executing the set of operations, the system may only have access to the minimum level of access to peripherals that is required for each operation in the set of operations to be executed. After each operation is executed, the system may log each result for each operation, and analyze each result to determine if a failure exists for any of the operations. If a failure exists, the system may determine that a change in an expected system behavior associated with the service has occurred.

Abstract: A system for providing access control in a cloud includes a software defined network including a software defined network controller. The system is configured to authenticate user access using multi-factor authentication. If the user is authorized to access a cloud resource the software defined network controller sends instructions to insert layer 3 and 4 user-specific flows to a software defined network device connected to the cloud resource. The user-specific flows cause the software defined network device to grant access to the cloud resource to the user.

Abstract: A system and method for identifying distributed attacks, such as, but not limited to, distributed denial of service attacks and botnet attacks, in a first network serviced by a first carrier and configured to alert a second network serviced by a second carrier that is different from the first carrier is disclosed. Once an attack has been identified, an attack alert is generated and provided to the second network or other aspects of the first network, or both. The attack alerts may be distributed dynamically with the second network via diameter based security protocol Rs. Such system and method may mitigate distributed malicious attacks by sharing destination internet protocol and bad international mobile subscriber identity information across carriers.

Abstract: A system and method for identifying distributed attacks, such as, but not limited to, distributed denial of service attacks and botnet attacks, in a first network serviced by a first carrier and configured to alert a second network serviced by a second carrier that is different from the first carrier is disclosed. Once an attack has been identified, an attack alert is generated and provided to the second network or other aspects of the first network, or both. The attack alerts may be distributed dynamically with the second network via diameter based security protocol Rs. Such system and method may mitigate distributed malicious attacks by sharing destination internet protocol and bad international mobile subscriber identity information across carriers.

Abstract: An insider attack resistant system for providing cloud services integrity checking is disclosed. In particular, the system utilizes an automated integrity checking script and virtual machines to check the integrity of a service. The system may utilize the integrity checking script and virtual machines to execute a set of operations associated with the service so as to check the integrity of the service. When executing the set of operations, the system may only have access to the minimum level of access to peripherals that is required for each operation in the set of operations to be executed. After each operation is executed, the system may log each result for each operation, and analyze each result to determine if a failure exists for any of the operations. If a failure exists, the system may determine that a change in an expected system behavior associated with the service has occurred.

Abstract: An insider attack resistant system for providing cloud services integrity checking is disclosed. In particular, the system utilizes an automated integrity checking script and virtual machines to check the integrity of a service. The system may utilize the integrity checking script and virtual machines to execute a set of operations associated with the service so as to check the integrity of the service. When executing the set of operations, the system may only have access to the minimum level of access to peripherals that is required for each operation in the set of operations to be executed. After each operation is executed, the system may log each result for each operation, and analyze each result to determine if a failure exists for any of the operations. If a failure exists, the system may determine that a change in an expected system behavior associated with the service has occurred.

Abstract: Systems and methods provide mitigation for denial of service attacks against servers open to the Internet by preventing delivery of malicious traffic to servers using network gateways.

Abstract: A system for providing access control in a cloud includes a software defined network including a software defined network controller. The system is configured to authenticate user access using multi-factor authentication. If the user is authorized to access a cloud resource the software defined network controller sends instructions to insert layer 3 and 4 user-specific flows to a software defined network device connected to the cloud resource. The user-specific flows cause the software defined network device to grant access to the cloud resource to the user.

Abstract: A method provides for the dynamic traffic prioritization in a communication network. The method electronically monitors traffic in a communication network and determines when traffic exceeds configured thresholds on the links of the communication network. Thus, the method determines a link which is potentially about to be congested in the communication network. The method categorizes the traffic on this link by an end system attached to one end of the potentially congested link into a plurality of priority categories using application layer parameters. Using a re-direct capability of the end system, the method re-directs at least one of the pluralities of priority categories of traffic to an alternate Internet Protocol address. The method uses preconfigured Quality of Service mechanisms on the provider edge router attached to the other end of the potentially congested link to guarantee a predetermined amount of bandwidth capacity of the link to traffic destined to the alternate Internet Protocol address.

Abstract: An insider attack resistant system for providing cloud services integrity checking is disclosed. In particular, the system utilizes an automated integrity checking script and virtual machines to check the integrity of a service. The system may utilize the integrity checking script and virtual machines to execute a set of operations associated with the service so as to check the integrity of the service. When executing the set of operations, the system may only have access to the minimum level of access to peripherals that is required for each operation in the set of operations to be executed. After each operation is executed, the system may log each result for each operation, and analyze each result to determine if a failure exists for any of the operations. If a failure exists, the system may determine that a change in an expected system behavior associated with the service has occurred.