Abstract: This document describes among other things, network security systems that incorporate a feedback loop so as to automatically and dynamically adjust the scope of network traffic that is subject to inspection. Risky traffic can be sent for inspection; risky traffic that is demonstrated to have high rate of threats can be outright blocked without further inspection; traffic that is causing errors due to protocol incompatibility or should not be inspected for regulatory or other reasons can be flagged so it bypasses the security inspection system. The system can operate on a domain by domain basis, IP address basis, or otherwise.

Abstract: A heterogeneous overlay network and cloud compute infrastructure comprises different tiers of PoPs that are configurable to provide different amounts of cloud computing. To facilitate the programming (configuration) of compute and caching operations throughout the heterogeneous network, a control mechanism and methodology are provided for automatically directing the flow of custom compute and caching operations using configurable “operations chains.” A representative operation chain comprises a configuration file that specifies a traffic flow, and a set of operations and their relative ordering. A particular operation chain defines an initial operation that typically starts at a given edge machine in the heterogeneous network and then, as needed, one or more additional locations and their associated machines may then be used to facilitate processing of the operation chain.

Abstract: A high-performance distributed ledger and transaction computing network fabric over which large numbers of transactions are processed concurrently in a scalable, reliable, secure and efficient manner. In one embodiment, the computing network core is configured to support a distributed blockchain network that organizes data in a manner that allows communication, processing and storage of blocks of the chain to be performed concurrently at very high performance and low latency, even when the transactions themselves originate from distant sources. This data organization relies on segmenting a transaction space within autonomous but cooperating computing nodes that are configured as a processing mesh. The system also provides for confidence-based consensus and automated fork resolution.

Abstract: A high-performance distributed ledger and transaction computing network fabric over which large numbers of transactions are processed concurrently in a scalable, reliable, secure and efficient manner. In one embodiment, the computing network core is configured to support a distributed blockchain network that organizes data in a manner that allows communication, processing and storage of blocks of the chain to be performed concurrently at very high performance and low latency, even when the transactions themselves originate from distant sources. This data organization relies on segmenting a transaction space within autonomous but cooperating computing nodes that are configured as a processing mesh. The system also provides for confidence-based consensus. A configuration system is provided to enable configuration updates to be securely implemented across various subsets of the computing nodes.

Abstract: This disclosure provides for automated techniques to measure full reference-based QoE or VQA-as-a-Service (VQAaaS) for an Internet video stream. Generally, the approach herein involves pre-calculating VMAF scores for given media and then correlating those scores with VMAF scores computed from actual playback segments for the given media. By leveraging the pre-calculated VMAF scores and correlating them with playback data, the system provides for enhanced and accurate video quality analysis (VQA) to enable optimization of viewer Quality of Experience (QoE).

Abstract: A multi-tenant service platform provides network services, such as content delivery, edge compute, and/or media streaming, on behalf of, or directly for, a given tenant. The service platform offers a policy layer enabling each tenant to specify levels of acceptable performance degradation that the platform may incur so that the platform can use electricity with desirable characteristics to service client requests associated with that tenant. Service nodes in the platform (e.g., edge servers) enforce the policy layer at the time of a service request. Preferably, the ‘quality’ of the electricity is a measurement of source of the energy, e.g., whether it is sourced from high-carbon fossil fuels (low-quality) or low-carbon renewables (high-quality). If the desired quality of electricity cannot be achieved, the node can resort to using less electricity to handle the request, which is achieved in a variety of ways.

Abstract: A method executes upon receiving data (email, IP address) associated with an account registration. In response, an encoding is applied to the data to generate a node vector. The node vector indexes a database of such node vectors that the system maintains (from prior registrations). The database potentially includes one or more node vector(s) that may have a given similarity to the encoded node vector. To determine whether there are such vectors present, a set of k-nearest neighbors to the encoded node vector are then obtained from the database. This set of k-nearest neighbors together with the encoded node vector comprise a virtual graph that is then fed as a graph input to a Graph Neural Network previously trained on a set of training data. The GNN generates a probability that the virtual graph represents a NAF. If the probability exceeds a configurable threshold, the system outputs an indication that the registration is potentially fraudulent, and a mitigation action is taken.

Abstract: Systems and methods for obfuscating data. The technology herein can be used to produce an obfuscated output that exhibits no easily discernible pattern, making difficult to identify or to filter using regular expressions, signature matching or other pattern matching. The output nevertheless can be reversed and the original data recovered by an intended recipient with a relatively low-cost of processing, making it suitable for low-powered devices. The obfuscation is stateless and does not require encryption.

Abstract: A service for automatic discovery of locations at which instances of an internal enterprise application are located. The service is configured to facilitate routing of connection requests directed to the internal enterprise application, which is hosted in distinct enterprise locations. The service works in association with a set of connectors that each have an associated Internet Protocol (IP) address (typically of a device to which the connector is coupled) at which it is reachable and through which a connection to an internal enterprise application instance can be proxied. Connections to the internal enterprise application are routable along a network path from a client to a given connector through a set of intermediary nodes. Using information collected from the connectors, the service performs a series of correlations to enable service provider mapping technologies to make both global and local traffic mapping decisions for these internal enterprise resources.

Abstract: A location service for automatic discovery of locations at which instances of an internal enterprise application are located. The location service is configured to facilitate routing of connection requests directed to the internal enterprise application, which typically is hosted in distinct enterprise locations. The service works in association with a set of connectors that each have an associated public Internet Protocol (IP) address (typically of a device to which the connector is coupled) at which it is reachable and through which a connection to an internal enterprise application instance can be proxied. Connections to the internal enterprise application are routable along a network path from a client to a given connector through a set of intermediary nodes. Using information collected from the connectors, the service performs a series of correlations (viz.

Abstract: It is often important that a server's responses to a set of client requests are coherent with one another, but if the client's requests are spread over time, that may not occur. In accordance with the teaching of this patent document, a client is able to communicate with a server to achieve coherency. A client can send a request (e.g., an HTTP request for a given resource) with a data preservation directive. The data preservation directive causes the server to initiate a server-side process to preserve the state of underlying server-side data upon which the response relies (or will rely). Also, a client can send a request with an attribute requesting the response be coherent with respect to some date-time or other reference point. This attribute thus asks the server to ensure coherency in the response to the client.

Abstract: A non-transitory computer readable storage medium including instructions that, when executed by a computing system, cause the computing system to perform operations. The operations include collecting, by a processing device, raw data regarding a user action. The operations also include converting, by the processing device, the raw data to characteristic test data (CTD), wherein the CTD represents behavior characteristics of a current user. The operations also include identifying, by the processing device, a characteristic model corresponding to the behavior characteristics represented by the CTD. The operations also include generating, by the processing device, a predictor from a comparison of the CTD against the corresponding characteristic model, wherein the predictor comprises a score indicating a probability that the user action came from an authenticated user.

Abstract: A client application sends DNS requests to a threat protection service when a mobile device operating the client application is operating off-network. The application is configured to detect network conditions and automatically configure an appropriate system-wide DNS resolution setting. Preferably, DNS requests from the client identify the customer and the device to threat protection (TP) service resolvers without introducing a publicly-visible customer or device identifier to the DNS requests or responses. The TP system then applies the correct policy to DNS requests coming from off-network clients. In particular, the resolver recognizes the customer for requests coming for off net clients and apply the customer's policy to such request. The resolver is configured to log the customer and the device associated with requests from the TP off-net client. Request logs from the TP resolver are provided to a cloud security intelligence platform for threat intelligence analytics and customer visible reporting.

Abstract: This patent document describes failure recovery technologies for the processing of streaming data, also referred to as pipelined data. The technologies described herein have particular applicability in distributed computing systems that are required to process streams of data and provide at-most-once and/or exactly-once service levels. In a preferred embodiment, a system comprises many nodes configured in a network topology, such as a hierarchical tree structure. Data is generated at leaf nodes. Intermediate nodes process the streaming data in a pipelined fashion, sending towards the root aggregated or otherwise combined data from the source data streams towards. To reduce overhead and provide locally handled failure recovery, system nodes transfer data using a protocol that controls which node owns the data for purposes of failure recovery as it moves through the network.

Abstract: Improved security inspections for API traffic are disclosed. A data obfuscation process is applied to structured data in a request or response body to obfuscate the content while retaining the structural aspects thereof. The resulting sanitized version of the structured data is sent for analysis. For example a machine learning component is trained on such sanitized data to develop a signature or model that detects anomalous interactions with the API. The retained structure contains signals useful for pattern recognition and anomaly detection. The signature or model is preferably developed for a specific API endpoint. Then, a detection engine can be deployed to assess subsequent API traffic for the API endpoint, with such subsequent live traffic being similarly obfuscated by the system before being assessed. The teachings hereof can be used to block attacks or other malicious activities directed against API endpoints.

Abstract: A method for dynamic and extensible creation of an extensible wireless network, using a set of drones that individually support server processes. The drones interact with one another, exchanging information, type of coverage, type and amount of throughput, location, etc. A control node connects to a wired network. The node operates a leader election protocol, captures state information from the drones, and positions/re-positions the drones as necessary. Drones are flown in to position and then engaged as necessary to stretch/adapt the coverage as necessary. The drone's power utilization is monitored and its coverage area modified as necessary to optimize power utilization. The control node performs drone-based coverage/power utilization computations, and attempts to apply the appropriate location assignments to provide maximum network coverage (extensibility) while also preserving drone-specific power (battery) utilization.

Abstract: A method of traffic forwarding and disambiguation through the use of local proxies and addresses. The technique leverages DNS to on-ramp traffic to a local proxy. The local proxy runs on the end user's device. According to a first embodiment, DNS is used to remap what would normally be a wide range of IP addresses to localhost based on 127.0.0.0/8 listening sockets, where the system can then listen for connections and data. In a second embodiment, a localhost proxy based on a TUN/TAP interface (or other packet interception method) with a user-defined CIDR range to which the local DNS server drives traffic is used. Requests on that local proxy are annotated (by adding data to the upstream connection).

Abstract: A method and apparatus for data collection to facilitate bot detection. According to this approach, and in lieu of conventional user agent-based fingerprinting, a client script is executed to attempt to identify one or more Javascript “landmark” features. In one embodiment, a landmark Javascript feature is a Javascript implementation that exists in a first browser type but not a second browser type distinct from the first browser type, and that also exists in one or more releases of the first browser type, but not in one or more other releases of the first browser type. By testing against landmark Javascript features as opposed to an unconstrained set of API calls and the like, the technique herein provides for much more computationally-efficient client-side operation.

Abstract: A distributed computing system provides a distributed data store for network enabled devices at the edge. The distributed database is partitioned such that each node in the system has its own partition and some number of followers that replicate the data in the partition. The data in the partition is typically used in providing services to network enabled devices from the edge. The set of data for a particular network enabled device is owned by the node to which the network enabled device connects. Ownership of the data (and the data itself) may move around the distributed computing system to different nodes, e.g., for load balancing, fault-resilience, and/or due to device movement. Security/health checks are enforced at the edge as part of a process of transferring data ownership, thereby providing a mechanism to mitigate compromised or malfunctioning network enabled devices.

Abstract: An account protection service to prevent user login or other protected endpoint request abuse. In one embodiment, the service collects user recognition data, preferably for each login attempt (e.g. data about the connection, session, and other relevant context), and it constructs a true user profile for each such user over time, preferably using the recognition data from successful logins. The profile evolves as additional recognition data is collected from successful logins. The profile is a model of what the user “looks like” to the system. For a subsequent login attempt, the system then calculates a true user score. This score represents how well the current user recognition data matches the model represented by the true user profile. The user recognition service is used to drive policy decisions and enforcement capabilities.