Abstract: A computer implemented method for access control for a restricted resource in a computer system, the method including receiving a first set of records for the computer system, each record detailing an occurrence in the computer system during a training time period when the resource is accessed in an approved manner; generating a sparse distributed representation of the set of records to form a training set for a hierarchical temporal memory (HTM); training the HTM based on the training set in order that the trained HTM provides a model of the operation of the computer system during the training time period; receiving a second set of records for the computer system, each record detailing an occurrence in the computer system during an operating time period for the computer system in use by a consumer of the resource; generating a sparse distributed representation of the second set of records to form an input set for the trained HTM; executing the trained HTM based on the input set to determine a degree of recog

Abstract: A computer implemented method to detect a data breach in a network-connected computing system including generating, at a trusted secure computing device, a copy of data distributed across a network; the computing device accessing sensitive information for the network-connected computer system and searching for at least part of the sensitive information in the copy of the data; in response to an identification of sensitive information in the copy of the data identifying the sensitive information as compromised sensitive information.

Abstract: In a LTE network user devices can access voice application service via Voice over LTE (VoLTE) and Voice over WiFi (VoWiFi). To detect faults in the data link associated with an evolved packet data gateway for providing access by the user device to the LTE network from a non-trusted network which will affect VoWiFi capability, a packet data gateway monitors the status of ePDG and if a fault is detected, the user device is notified that it should connect to voice services via VoLTE.

Abstract: A computer implemented method to mitigate a security attack against a target virtual machine (VM) in a virtualized computing environment, the target VM having a target VM configuration including configuration parameters, and the security attack exhibiting a particular attack characteristic, is disclosed.

Abstract: A computer implemented method of executing a software module includes a machine learning algorithm as an executable software component configurable to approximate a function relating a domain data set to a range data set; a data store; and a message handler as an executable software component arranged to receive input data and communicate output data for the module, wherein the message handler is adapted to determine domain parameters for the algorithm based on the input data and to generate the output data based on a result generated by the algorithm, the method including generating a message as input data for the module, the message including instructions for execution by the module to effect a modification of the machine learning algorithm of the module.

Abstract: The present disclosure provides a method of sending an inter-base station message between a first and second base station in a cellular telecommunications network, wherein the inter-base station message is transmitted via a relay component, the method including the relay component receiving a first inter-base station message from a first base station, wherein the first inter-base station message includes: a first address portion identifying a second and third base station, and a first content portion; the relay component transmitting a second inter-base station message to the second base station, the second inter-base station message including: a second address portion identifying the second base station, and a second content portion; and the relay component transmitting a third inter-base station message to the third base station, the third inter-base station message including: a third address portion identifying the third base station, and a third content portion, wherein the second and third content portio

Abstract: Methods and apparatus are disclosed for configuring one or more processors to implement service function chains comprising one or more virtualised service functions. A method according to one aspect, performed by a processing module (330) implemented on one or more processors (30), involves steps being performed in respect of at least one new virtualised service function (33) to be included in a service function chain of: determining a position in the service function chain at which the new virtualised service function (33) is to be included; allocating at least one internal address to the new virtualised service function, the at least one internal address being an address to be usable by a switching processor (34); and providing to the switching processor (34) an indication of the at least one internal address allocated to the new virtualised service function (33).

Abstract: A computer implemented method of identifying anomalous behavior of a computer system in a set of intercommunicating computer systems, each computer system in the set being uniquely identifiable, the method including monitoring communication between computer systems in the set for a predetermined baseline time period to generate a baseline vector representation of each of the systems; monitoring communication between computer systems in the set for a subsequent predetermined time period to generate a subsequent vector representation of each of the systems; comparing baseline and subsequent vector representations corresponding to a target computer system using a vector similarity function to identify anomalous behavior of the target system in the subsequent time period compared to the baseline time period, wherein a vector representation of the target system for a time period is generated based on a deterministic walk of a graph representation of communications between the computer systems in which nodes of the

Abstract: The invention relates to a method in a cellular telecommunications network, the method including discovering a second donor base station having a first interface for communicating with the first central base station unit and a second interface for wirelessly communicating with the distributed base station unit; determining a capacity of a connection between the central base station unit and the distributed base station unit via the second donor base station; determining that the capacity of the connection satisfies a functional split threshold; and, in response to this determination, causing the centralized base station unit and the distributed base station unit to implement a second functional split in which a third set of protocol functions are implemented in the distributed base station unit and a fourth set of protocol functions are implemented in the central base station unit; and initiating a handover of the distributed base station unit from the first donor base station to the second donor base station

Abstract: A computer implemented method of a network access point for secure network access by a mobile computing device, the mobile device being associated with the access point by a digitally signed record in a blockchain wherein the blockchain is accessible via a network and includes a plurality of records validated by miner computing components, the method including receiving a request from another network access point to associate the mobile device with the other access point, the request having associated identification information for the mobile device; responsive to a verification of an entitlement of the mobile device to access the network, generating a new record for storage in the blockchain, the new record associating the mobile device with the other access point and being validated by the miner components such that the other access point provides access to the network for the mobile device based on the validation of the new record.

Abstract: A data storage device providing secure data storage for a software application executed by an operating system in a computer system including a file system operation interceptor that detects requests for file system operations in respect of data for the application; a file system operation analyzer that is responsive to the interceptor and that analyses an intercepted file system operation request to identify attributes associated with the file system operation; a comparator that compares the attributes with a predefined security policy definition; a cryptographic unit that encrypts and/or decrypts data using one or more cryptographic functions; wherein the cryptographic unit is operable in response to the comparator to perform an encryption or decryption operation on the data and effect the performance of the requested file system operation by the operating system.

Abstract: A computer implemented method of protecting a target subnet, including a set of network connected devices in a hierarchy of subnets of a computer network, from malware attack. The method includes generating a dynamical system for each subnet in the network, each dynamical system modelling a rate of change of a number of network connected devices in the subnet that are: susceptible to infection by the malware; infected by the malware; protected against infection by the malware; and remediated of infection by the malware. The dynamical systems are based on rates of transmission of the malware between pairs of subnets; evaluating a measure of risk of infection of the target subnet at a predetermined point in time based on the dynamical system for the target subnet; and responsive to the measure of risk meeting a predetermined threshold, deploying malware protection measures to devices in the target subnet.

Abstract: A computer implemented method of scheduling a plurality of virtual machines for execution by a physical computing infrastructure is described. The plurality of virtual machines are deployable to a subset of the physical computing infrastructure to execute a computing task. The method includes determining a subset of the infrastructure and a time period for deployment of each virtual machine, so that the virtual machines are scheduled to execute to completion over an aggregate of all time periods. The determination is based on a mathematical optimization of a risk function for each of the plurality virtual machines that corresponds to a relative risk that at least one virtual machine will fail to fully execute its task to completion.

Abstract: A computer implemented method of detecting anomalous behavior in a set of computer systems communicating via a computer network, the method including evaluating a difference in a level of activity of the computer system between a baseline time period and a runtime time period, and responsive to a determination of anomalous behavior, implementing one or more protective measures for the computer network.

Abstract: This disclosure invention relates to a method of operating a network node in a cellular telecommunications network, wherein the cellular telecommunications network further includes a first base station and a first User Equipment (UE), and the first UE is connected to the first base station by a first and second connection having resources associated with a first and second subscription, respectively, the method including determining that the first connection and second connection relate to the first and second subscription respectively; determining that the first connection and second connection relate to the first UE; monitoring a first resource usage of one or both of the first and second connections with the first UE; and initiating a handover of one or both of the first and second connections based on the first resource usage.

Abstract: A method of anomaly detection for network traffic communicated by devices via a computer network, the method including receiving a set of training time series each including a plurality of time windows of data corresponding to network communication characteristics for a first device; training an autoencoder for a first cluster based on a time series in the first cluster, wherein a state of the autoencoder is periodically recorded after a predetermined fixed number of training examples to define a set of trained autoencoders for the first cluster; receiving a new time series including a plurality of time windows of data corresponding to network communication characteristics for the first device; for each time window of the new time series, generating a vector of reconstruction errors for the first device for each autoencoder based on testing the autoencoder with data from the time window; and evaluating a derivative of each vector; training a machine learning model based on the derivatives so as to define a fi

Abstract: A method and a base station for a mobile communications network. The base station includes a first transceiver configured to communicate over radio signals with a plurality of mobile terminals, in which the first transceiver configured to: transmit a first signal to serve a mobile terminal over multicast; receive from the mobile terminal information derived from the signal quality of a second signal received at the mobile terminal from a second transceiver; and receive from the mobile terminal further information on the quality of the first signal received at the mobile terminal from the first transceiver and on the quality of a third signal received at the mobile terminal from a third transceiver.

Abstract: In a method of operating a content delivery network having a plurality of content caches to deliver requested content to at least one user device, the user device has one or more access network interfaces for connection to content caches of the content delivery network via one or more respective access networks, and the method is performed by a content delivery route decision function running on the user device and interfacing with the content delivery network and the access networks.

Abstract: A communications router (6) is provided with an add-on device (7) for diverting data traffic over a replacement connection (70, 80) when a primary connection route (60) meets a failover criterion. Traffic addressed to an allocated network address associated with the primary connection (60) is diverted to a network termination of the replacement connection (70) by a routing function (31) if the replacement connection (70) has been authenticated by an authentication system (35). Authentication is provided by setting up an association between the internet IP address of the router (6) when addressed through the link (60), and a network identity of the add-in unit (7).

Abstract: Methods and apparatus are disclosed for selecting an encoding specification for encoding audio and/or video data to be streamed between a user-device (11) and a remote device (28), where the user-device is operable to communicate with the remote device via a digital subscriber line (DSL, 13) for a portion of a path (29) between the user-device and the remote device, the DSL portion (13) extending between a user-side DSL modem device (22) and a DSL aggregation transceiver device (24).