Abstract: This disclosure provides a method of operating a base station in a cellular telecommunications network, and a base station unit for implementing the method, the base station having a central base station unit and a distributed base station unit, wherein the central base station unit and distributed base station unit communicate over a fronthaul link having a first and second capacity configuration, and the cellular telecommunications network further includes a User Equipment (UE) consuming a service via the base station.

Abstract: A method for detecting malware software in a computer system includes accessing a plurality of hostnames for a malware server from a computer system infected with malware and attempting to communicate with the malware server, each hostname including a plurality of symbols in each of a plurality of symbol positions; training an autoencoder based on each of the plurality of hostnames, wherein the autoencoder includes: a set of input units for each possible symbol and symbol position in a hostname; output units each for storing an output of the autoencoder; and a set of hidden units smaller in number than the set of input units and each interconnecting all input and all output units with weighted interconnections, such that the autoencoder is trainable to provide an approximated reconstruction of values of the input units at the output units; selecting a set of one or more symbol and symbol position tuples based on weights of interconnections in the trained autoencoder; and identifying infected computer systems

Abstract: Modifying quality of service treatment for data flows A method of transmitting a data flow via a network is disclosed where the network supports transmission of data in accordance with a plurality of Quality of Service, QoS, models. Prior to transmission of the data flow, a client system configures a first class of service for the data flow based on a first QoS model, and a first portion of the data flow is transmitted through the network in accordance with the first class of service. In response to detecting a renegotiation condition, the network communicates with the client system to configure a second class of service for the data flow based on a second QoS model, and a subsequent portion of the data flow is transmitted through the network using the second class of service.

Abstract: A computer implemented method to generate a signature of a network attack for a network-connected computing system, the signature including rules for identifying the network attack, the method including generating, at a trusted secure computing device, a copy of data distributed across a network; the computing device identifying information about the network attack stored in the copy of the data; and the computing device generating the signature for the network attack based on the information about the network attack so as to subsequently identify the network attack occurring on a computer network.

Abstract: A web server operating in a container has resource and network limits applied to add an extra layer of security to the web server. If a monitor detects that the container's resource usage is approaching one or more of these limits, which may be indicative of a DDoS attack, (step 210) or identifies traffic sources exhibiting suspicious behaviour, such as frequently repeated requests from the same address, or from a related set of addresses, a restrictor function caps the resources allowed by the original Webserver container to allow it to recover from buffer overflow and protect servers running in other containers from overwhelming any shared resources. A duplicator function starts up replica containers with the same resource limits to take overflow traffic, and a load balancing function then directs incoming traffic to these overflow containers etc.

Abstract: A base station for communication with a plurality of mobile terminals in a mobile communications network is disclosed. The base station includes a plurality of transmitters, in which each transmitter is configured to provide a transmit radio signal to a distinct space when compared to the other transmitters. A first transmitter is configured to provide to a first space, a transmit radio signal carrying a multicast service. A second transmitter is configured to provide to a second space, distinct from the first space, a transmit radio signal carrying a unicast service, and the second space shares a first boundary with the first space.

Abstract: A malware detection system to detect malware in a client computer system includes a behavior profile generator adapted to generate a behavior profile specifying operational behaviors of a computer system indicative of the existence of malware in the computer system; an interface adapted to communicate the behavior profile to the client; and an identifier responsive to a message from the client that the behavior profile is exhibited by the client and adapted to identify a reaction instruction for performance by the client, wherein the interface is further adapted to communicate the reaction instruction to the client.

Abstract: A computer implemented method for access control for a restricted resource in a computer system, the method including receiving a first set of records for the computer system, each record detailing an occurrence in the computer system during a training time period when the resource is accessed in an approved manner; generating a sparse distributed representation of the set of records to form a training set for a hierarchical temporal memory (HTM); training the HTM based on the training set in order that the trained HTM provides a model of the operation of the computer system during the training time period; receiving a second set of records for the computer system, each record detailing an occurrence in the computer system during an operating time period for the computer system in use by a consumer of the resource; generating a sparse distributed representation of the second set of records to form an input set for the trained HTM; executing the trained HTM based on the input set to determine a degree of recog

Abstract: A computer implemented method to detect a data breach in a network-connected computing system including generating, at a trusted secure computing device, a copy of data distributed across a network; the computing device accessing sensitive information for the network-connected computer system and searching for at least part of the sensitive information in the copy of the data; in response to an identification of sensitive information in the copy of the data identifying the sensitive information as compromised sensitive information.

Abstract: In a LTE network user devices can access voice application service via Voice over LTE (VoLTE) and Voice over WiFi (VoWiFi). To detect faults in the data link associated with an evolved packet data gateway for providing access by the user device to the LTE network from a non-trusted network which will affect VoWiFi capability, a packet data gateway monitors the status of ePDG and if a fault is detected, the user device is notified that it should connect to voice services via VoLTE.

Abstract: A computer implemented method to mitigate a security attack against a target virtual machine (VM) in a virtualized computing environment, the target VM having a target VM configuration including configuration parameters, and the security attack exhibiting a particular attack characteristic, is disclosed.

Abstract: A computer implemented method of executing a software module includes a machine learning algorithm as an executable software component configurable to approximate a function relating a domain data set to a range data set; a data store; and a message handler as an executable software component arranged to receive input data and communicate output data for the module, wherein the message handler is adapted to determine domain parameters for the algorithm based on the input data and to generate the output data based on a result generated by the algorithm, the method including generating a message as input data for the module, the message including instructions for execution by the module to effect a modification of the machine learning algorithm of the module.

Abstract: The present disclosure provides a method of sending an inter-base station message between a first and second base station in a cellular telecommunications network, wherein the inter-base station message is transmitted via a relay component, the method including the relay component receiving a first inter-base station message from a first base station, wherein the first inter-base station message includes: a first address portion identifying a second and third base station, and a first content portion; the relay component transmitting a second inter-base station message to the second base station, the second inter-base station message including: a second address portion identifying the second base station, and a second content portion; and the relay component transmitting a third inter-base station message to the third base station, the third inter-base station message including: a third address portion identifying the third base station, and a third content portion, wherein the second and third content portio

Abstract: Methods and apparatus are disclosed for configuring one or more processors to implement service function chains comprising one or more virtualised service functions. A method according to one aspect, performed by a processing module (330) implemented on one or more processors (30), involves steps being performed in respect of at least one new virtualised service function (33) to be included in a service function chain of: determining a position in the service function chain at which the new virtualised service function (33) is to be included; allocating at least one internal address to the new virtualised service function, the at least one internal address being an address to be usable by a switching processor (34); and providing to the switching processor (34) an indication of the at least one internal address allocated to the new virtualised service function (33).

Abstract: A computer implemented method of identifying anomalous behavior of a computer system in a set of intercommunicating computer systems, each computer system in the set being uniquely identifiable, the method including monitoring communication between computer systems in the set for a predetermined baseline time period to generate a baseline vector representation of each of the systems; monitoring communication between computer systems in the set for a subsequent predetermined time period to generate a subsequent vector representation of each of the systems; comparing baseline and subsequent vector representations corresponding to a target computer system using a vector similarity function to identify anomalous behavior of the target system in the subsequent time period compared to the baseline time period, wherein a vector representation of the target system for a time period is generated based on a deterministic walk of a graph representation of communications between the computer systems in which nodes of the

Abstract: The invention relates to a method in a cellular telecommunications network, the method including discovering a second donor base station having a first interface for communicating with the first central base station unit and a second interface for wirelessly communicating with the distributed base station unit; determining a capacity of a connection between the central base station unit and the distributed base station unit via the second donor base station; determining that the capacity of the connection satisfies a functional split threshold; and, in response to this determination, causing the centralized base station unit and the distributed base station unit to implement a second functional split in which a third set of protocol functions are implemented in the distributed base station unit and a fourth set of protocol functions are implemented in the central base station unit; and initiating a handover of the distributed base station unit from the first donor base station to the second donor base station

Abstract: A data storage device providing secure data storage for a software application executed by an operating system in a computer system including a file system operation interceptor that detects requests for file system operations in respect of data for the application; a file system operation analyzer that is responsive to the interceptor and that analyses an intercepted file system operation request to identify attributes associated with the file system operation; a comparator that compares the attributes with a predefined security policy definition; a cryptographic unit that encrypts and/or decrypts data using one or more cryptographic functions; wherein the cryptographic unit is operable in response to the comparator to perform an encryption or decryption operation on the data and effect the performance of the requested file system operation by the operating system.

Abstract: A computer implemented method of a network access point for secure network access by a mobile computing device, the mobile device being associated with the access point by a digitally signed record in a blockchain wherein the blockchain is accessible via a network and includes a plurality of records validated by miner computing components, the method including receiving a request from another network access point to associate the mobile device with the other access point, the request having associated identification information for the mobile device; responsive to a verification of an entitlement of the mobile device to access the network, generating a new record for storage in the blockchain, the new record associating the mobile device with the other access point and being validated by the miner components such that the other access point provides access to the network for the mobile device based on the validation of the new record.

Abstract: A computer implemented method of protecting a target subnet, including a set of network connected devices in a hierarchy of subnets of a computer network, from malware attack. The method includes generating a dynamical system for each subnet in the network, each dynamical system modelling a rate of change of a number of network connected devices in the subnet that are: susceptible to infection by the malware; infected by the malware; protected against infection by the malware; and remediated of infection by the malware. The dynamical systems are based on rates of transmission of the malware between pairs of subnets; evaluating a measure of risk of infection of the target subnet at a predetermined point in time based on the dynamical system for the target subnet; and responsive to the measure of risk meeting a predetermined threshold, deploying malware protection measures to devices in the target subnet.

Abstract: A computer implemented method of detecting anomalous behavior in a set of computer systems communicating via a computer network, the method including evaluating a difference in a level of activity of the computer system between a baseline time period and a runtime time period, and responsive to a determination of anomalous behavior, implementing one or more protective measures for the computer network.