Abstract: Methods, apparatuses and systems directed to enhanced random early discard mechanisms implemented in various networked devices including end-systems such as servers and intermediate systems such as gateways and routers. In one implementation, the present invention enables a random early discard mechanism that intelligently biases the drop probabilities of select packets based on one or more application-aware and/or flow-aware metrics or state conditions.

Abstract: HTTP layered reconstruction is disclosed. A database is queried to identify a location of a previously reconstructed HTML artifact file or packet data of a HTML file in a repository that stores packet data captured from a network. The reconstructed HTML file is analyzed. Links to external files are identified and the database is queried to identify a location of previously reconstructed artifact files or packet data of associated external files. The external files are reconstructed, as needed. A web page is then reconstructed based on the reconstructed HTML file and reconstructed external files, presenting a view of the web page as it originally appeared to a user. A user may specify which external file types to include and/or not include. New versions of external files may be obtained and indicated in the reconstructed web page when associated artifact files or packet data are not stored within the repository.

Abstract: Methods, apparatuses, and systems directed to write command processing in distributed file caching systems. Implementations of the invention allow for write operations to identified files to proceed, while information regarding the identified file is fetched from a remote host and a locally cached version of the file is constructed. Implementations of the present invention can be configured to improve the performance of wide area network file systems, while preserving file consistency.

Abstract: An exemplary embodiment provides for methods, apparatuses and systems to facilitate the detection of network device failures in a variety of network topologies. This is accomplished by equipping a network device, or other devices used in conjunction with network devices, with a bypass port or network interface, such as a secondary outgoing network traffic communication port. In a normal operating mode, network traffic received at a first network interface or port is forwarded, after processing on the packet processing path of the network device, from a second network interface or port. In one implementation, the second network interface or port and the bypass port or network interface are connected to corresponding interfaces of a router or two routers. When a network device failure occurs network traffic bypasses the packet processing path of the network device and is forwarded from the bypass port or interface.

Abstract: Partition configuration and creation mechanisms for network traffic management devices. In some implementations, the present invention enhances the predictability of partition hierarchies that use weighting values and fixed rate guarantees. In some implementations, the present invention includes a configuration interface that constrains the manner in which partitions can be configured to achieve predictable and efficient results. In some implementations, the present invention includes a partition creation and deletion layer that operates to dynamically create partitions based on one or more partition patterns.

Abstract: In one embodiment, downloading one or more content items; determining which ones of the one or more content items are popular among a plurality of users; categorizing the one or more content items into one or more groups, wherein each group comprises one or more related content items; associating one or more keywords with each group, wherein the one or more keywords describe content of the one or more related content items in the corresponding group; and caching the one or more content items categorized into the one or more groups and the one or more keywords associated with each group.

Abstract: A network access point secures a WiFi network, and acts as a picocell, by identifying applications running on computer-based devices, such as mobile phones, tablet computers, and the like, that seek to access the Internet (or another network) via the access point and applying network access policies to data communications by those applications according to application, location, context, device and/or user characteristics.

Abstract: A security gateway appliance is configured to evaluate network traffic according to security rules that classify traffic flows according to specifically identified application programs responsible for producing and/or consuming the network traffic and to enforce policies in accordance with network traffic classifications. The appliance includes an on-box anti-virus/anti-malware engine, on-box data loss prevention engine and on-box authentication engine. One or more of these engines is informed by an on-box dynamic real tie rating system that allows for determined levels of scrutiny to be paid to the network traffic. Security gateways of this type can be clustered together to provide a set of resources for one or more networks, and in some instances as the backbone of a cloud-based service.

Abstract: A cache includes an object cache layer and a byte cache layer, each configured to store information to storage devices included in the cache appliance. An application proxy layer may also be included. In addition, the object cache layer may be configured to identify content that should not be cached by the byte cache layer, which itself may be configured to compress contents of the object cache layer. In some cases the contents of the byte cache layer may be stored as objects within the object cache.

Abstract: A Web browser is configured to participate with a proxy server in enforcing traffic policies within a computer network. This may include modifying the Web browser to report contextual information regarding requests for Web documents to the proxy server and/or causing the Web browser to report information concerning Web documents requested through the proxy server to the proxy server.

Abstract: In certain embodiments, a method includes receiving, by a capture device, traffic flows transmitted by a plurality of client devices, each of the traffic flows being associated with one of the plurality of client devices and comprising encrypted data. The method further includes receiving, by the capture device, flow information communicated from a proxy server communicatively coupled to the capture device, the flow information comprising an identification of a particular traffic flow and a session key associated with the particular traffic flow. The method further includes storing, by the capture device, encrypted data of the particular traffic flow identified by the flow information supplied by the proxy server; storing, by the capture device, the session key associated with the particular traffic flow; and discarding, by the capture device, any of the plurality of received traffic flows not identified in the flow information received from the proxy server.

Abstract: According to one aspect, a method of assessing typicality of a first name that includes a plurality of characters includes obtaining the first name, determining at least a first N-gram size, and extracting a first plurality of N-grams of the first N-gram size from the first name. The first plurality of N-grams is analyzed with respect to a model. Analyzing the first plurality of N-grams with respect to the model includes obtaining a first score. Finally, the method includes determining whether the first score indicates that the first name is typical.

Abstract: An exemplary embodiment provides for a method for use in a network device operative to facilitate classification of data flows in a multipath network topology by intelligently mirroring one or more packets of the data flows to a set of cooperating network devices. The method, in one implementation, can involve tracking asymmetric data flows and synchronizing at least portions of the asymmetric data flows between a plurality of network devices to facilitate classification and other operations in multipath network topologies. In one implementation, the present invention allows a plurality of network devices, each disposed on the boundaries of an autonomous system (such as an ISP network) to communicate enough information about data flows encountered at each of the network devices to enable more accurate data flow classification.

Abstract: Systems, methods, and computer products for detecting protocols in a network proxy are provided. Protocol detection includes receiving from a first computer a request for connection to a second computer, the request conforming to a first protocol; establishing a connection with at least one of the first computer and the second computer; receiving data from at least one of the first computer and the second computer, wherein the data conforms to a second protocol; and performing protocol detection on the data.

Abstract: A cache logically disposed in a communication path between a client and a server receives a request for a content item and, in response thereto, requests from the server header information concerning the content item and an initial portion of data that makes up the content item. The cache then computes a first hashing value from the header information and a second hashing value from the initial portion of data. A content identifier is created by combining the first hashing value and the second hashing value. Using the content identifier, the cache determines whether a copy of the content item is stored by the cache; and, if so provides same to the client. Otherwise, the cache requests the content item from the server and, upon receipt thereof, provides it to the client.

Abstract: The present invention extends to methods, systems, computer program products, and data structures for filtering cached content based on embedded URLs. A computer system accesses a URL that corresponds to cached content. The computer system identifies an embedded URL included in the accessed URL. The embedded URL corresponds to a site that was accessed to retrieve the cached content. The computer system extracts the embedded URL from the accessed URL. The computer system determines whether or not access to the cached content is to be allowed based on the embedded URL.

Abstract: A single- or multi-protocol buffering proxy accepts communication option negotiation commands from a client before establishing a connection between the client and a host. The proxy negotiates a limited set of options with the client before the connection is established and buffers (accepts and temporarily stores without responding to) other option negotiation commands from the client. The proxy accepts credentials from a user and establishes, or denies the connection based on the credentials. If the connection is established, the proxy buffers option negotiation commands sent by the host. After the proxy logs in to the host on behalf of the user or the user logs in directly, the proxy sends each party's buffered option negotiation commands to the other party, ceases buffering option negotiation commands and enters a “pass-through” mode, in which the proxy passes characters and commands between the parties until the session ends.

Abstract: In one embodiment, a method includes receiving an address of a DNS server of a network. A secure communication tunnel is established with a client of the network. The client is notified that requests to the address of the DNS server of the network should not pass through the secure communication tunnel. A request for a DNS lookup of a name of a host of the network is received through the secure communication tunnel. A DNS referral that includes the address of the DNS server of the network is sent to the client.

Abstract: Methods, apparatuses and systems directed to the application of network QoS policy to different data types multiplexed over a connection corresponding to a given session between a first host and a second host. In one implementation, the present invention includes a dual gateway architecture where a first gateway terminates the connection with a remote access client, demultiplexes the remote access session data stream into a plurality of separate streams for transmission to a second gateway. The second gateway re-multiplexes the separate data streams into a single remote access session data stream for transmission to a remote access server. The use of separate data streams between the first and second gateways allows for the application of individual policies on the components of the remote access session data flow. For example, a policy scheme can be configured that gives preference to mouse movements, transmitted in a first data stream, over printer traffic, transmitted in a second data stream.

Abstract: According to one aspect, a method for categorizing at least one image includes obtaining the at least one image and mapping the at least one image to at least a first grid. The first grid is a two-dimensional grid that includes a plurality of cells. The method also includes characterizing the first grid, wherein categorizing the first grid includes determining whether the first grid is indicative of an offensive characteristic, and identifying the at least one image as offensive when it is determined that the first grid is indicative of the offensive characteristic. When it is determined that the first grid is not indicative of the offensive characteristic, the at least one image is identified as not offensive.