Abstract: In one embodiment, a service function forwarder (SFF) analyzes pre-service state and post-service state of an original packet to determine whether to initiate and perform service offload or service bypass. A service function forwarder (SFF) receives a particular packet having a service function chain (SFC) encapsulation of the original packet, the SFC encapsulation identifying a particular service function path (SFP) designating a particular service function (SF). The SFF extracts pre-service state of the original packet, typically adding it to the particular packet in an In-Situ Operations, Administration, and Maintenance (IOAM) data field (or alternatively storing locally) before sending the particular packet to the particular SF. The SFF receives the particular packet after the SF applies the particular network service.

Abstract: In one embodiment, a device in a network generates a machine learning-based traffic model using data indicative of a particular node in the network attempting to retrieve content from a particular resource in the network. The device predicts, using the traffic model, a time at which the particular node is expected to attempt retrieving future content from the particular resource. The device causes the future content from the particular resource to be prefetched in the network prior to the predicted time. The device makes a security assessment of the prefetched content. The device causes performance of a mitigation action in the network based on the security assessment of the prefetched content and in response to the particular node attempting to retrieve the future content from the particular resource.

Abstract: In an example embodiment, there is disclosed herein an apparatus comprising a wireless transceiver and a controller coupled to the wireless transceiver and configured to receive data via the wireless transceiver. The controller operates the wireless transceiver at a first power save state where the wireless transceiver can receive a frame but other circuits are de-energized. The controller is responsive to the wireless transceiver receiving a frame while the wireless transceiver is in a first power state to determine whether the frame is a predefined wakeup frame. The controller provides additional power to the wireless transceiver responsive to determining the frame is a predefined wakeup frame.

Abstract: A method is provided in one example embodiment and may include receiving an Internet Protocol (IP) packet at a node; identifying a content semantic for the IP packet; determining whether the IP packet is an IP interest packet or an IP data packet; determining whether content identified in the IP packet is stored at the node based on a determination that the IP packet is an IP interest packet; forwarding the IP packet toward at least one other node based on a determination that the content is not stored at the node; and transmitting an IP data packet containing the content based on a determination that the content is stored at the node.

Abstract: Techniques are described to provide for authentication and subscription management that are decoupled from a Home Subscriber Server (HSS).

Abstract: A disclosed method is performed at a first node providing mobile services to a user equipment (UE) over an access network (AN). The first node receives a setup request from UE to be connected to a network over an AN. The first node then sends a fully qualified domain name (FQDN) of the first node over a first interface terminated by the first node to an access and mobility management function (AMF). The first node further triggers the AMF to transmit a session establishment request to a session management function (SMF) including the FQDN of the first node, where in response, the SMF selects second node(s) in the network collocated with the first node based at least in part on a topology match of FQDNs. The first node then provides UE access to the network over the AN through the collocated first node and the node(s).

Abstract: In one embodiment, a distributed denial of service attack on a network is identified. In response to the distributed denial of service attack, a script to request a short term certificate is executed. The short term certificate is generated by a certificate server and received either directly or indirectly from the certificate server. An instruction to redirect traffic using the short term certificate and private key is sent to a distributed denial of service attack protection service that is operable to filter or otherwise mitigate malicious traffic involved in the distributed denial of service attack.

Abstract: By determining an alignment point for a photonic element in a substrate of a given material; applying, via a laser aligned with the photonic element according to the alignment point, an etching pattern to the photonic element to produce a patterned region and an un-patterned region in the photonic element, wherein applying the etching pattern alters a chemical bond in the given material for the patterned region of the photonic element that increases a reactivity of the given material to an etchant relative to a reactivity of the un-patterned region, and wherein the patterned region defines an engagement feature in the un-patterned region that is configured to engage with a mating feature on a Photonic Integrated Circuit (PIC); and removing the patterned region from the photonic element via the etchant, various systems and methods may make use of laser patterning in optical components to enable alignment of optics to chips.

Abstract: Embodiments include generating an error message based on an error associated with a packet, adding to the error message an address of a node in a segment routing domain of a network to serve as a destination address of the error message, and adding a new segment routing header to the error message. Embodiments also include rewriting the packet where the rewriting includes replacing a destination address in the packet with a final destination address associated with the packet. Embodiments further include adding the rewritten packet to the error message, and forwarding the error message to the destination address of the error message. In specific embodiments, the rewriting the packet includes removing a segment routing header of the packet. More specific embodiments include deriving the new segment routing header from information in the packet.

Abstract: Location-based, context-aware challenge-response authentication may be provided. First, a challenge may be provided to a user. The challenge may be based on a context corresponding to the user. The context corresponding to the user may comprise a location of a device associated with the user within an environment. Next, in response to providing the challenge, a response to the challenge may be received from the user. Then, in response to receiving the response to the challenge, it may be determined that the response is a correct answer to the challenge. In response to determining the response is the correct answer, a privilege may be provided to the user.

Abstract: Methods and systems are disclosed wherein TCP may approximate Reliable Transport Protocol (RTP) or UDP delivery for real-time video/data conferencing applications that have long RTT connections.

Abstract: Techniques are provided herein for classifying domains based on DNS traffic so that domains that are malicious or associated with malicious activity can be identified. Traffic between one or more domain name system (DNS) resolvers and one or more authoritative name servers hosted on the Internet is analyzed analyzing at a server having network connectivity. A mismatch between a hostname and Internet Protocol (IP) information for the hostname is detected in the traffic and domains included in the traffic are classified based on the detecting.

Abstract: Techniques for optimizing performance of narrowband Internet-of-Things (NB-IoT) devices in a wireless wide area network (WWAN) are described. In one embodiment, a method includes providing a NB-IoT base station in an in-band deployment mode to operate within a WWAN. The NB-IoT base station is configured to use a physical resource block of the WWAN for communicating with a plurality of NB-IoT devices. The method includes causing a reduction of a power level for a transmission from an initial power level to a first reduced power level. The method includes obtaining parameters associated with performance and throughput for the WWAN and comparing the parameters to a quality threshold. Based on the comparison of the parameters to the threshold, the method includes determining whether or not to reduce the power level for the physical resource block from the first reduced power level to a second reduced power level.

Abstract: A replica service of a Content Centric Network can host content published by various publishers, without having to explicitly advertise a name prefix associated with these various publishers. Consumers across CCN can generate an Interest that includes a location-independent name associated with a replica service that hosts content for a given publisher, and includes a hash of the desired Content Object. CCN nodes can forward the Interest to the corresponding replica service based on the Interest's name, and the replica service can return a nameless Content Object whose hash matches the Interest's hash value. It may be possible for nameless Content Objects from various publishers to have matching hash values from time to time. CCN nodes can reduce collisions of nameless Content Objects by using a Publisher ID specified in an Interest to find a matching Content Object that was published by a desired publisher.

Abstract: In one embodiment, a service receives radar data regarding usage of one or more wireless channels by a radar. The service populates a database of radar features with the received radar data. The service trains, using the database of radar features, a machine learning-based model to predict channel usages by the radar. The service causes a wireless access point to change to a different wireless channel, based on the predicted channel usages by the radar.

Abstract: In one embodiment, a method includes receiving current data, the current data including time series data representing a plurality of time instances. The method includes storing at least a recent portion of the current data in a buffer. The method includes reducing the dimensionality of the current data to generate dimensionality-reduced data. The method includes generating a reconstruction error based on the dimensionality-reduced data and a plurality of neural network metrics. At least one of a size of the recent portion of the current data stored in the buffer or an amount of the reducing the dimensionality of the current data is based on the reconstruction error.

Abstract: A video conference system may include two or more video conference endpoints, each having a display configured to display content. The video conference system may detect a plurality of participants within a field of view of a camera of the system. The video conference system may determine an attention score for each endpoint based on the participants. The video conference system may determine whether the content of the first endpoint and/or the content of the second endpoint are active content based on whether the attention scores exceed a predetermined threshold value. The video conference system may send to secondary video conference systems an indication of the active content to enable the secondary video conference systems to display the active content.

Abstract: In one embodiment, a network assurance system discretizes parameter values of a plurality of time series of measurements obtained from a monitored network by assigning tags to the parameter values. The network assurance system detects occurrences of a particular type of failure event in the monitored network. The network assurance system identifies a set of the assigned tags that frequently co-occur with the occurrences of the particular type of failure event. The network assurance system determines, using a Bayesian framework, rankings for the tags in the identified set based on how well each of the tags acts as a predictor of the failure event. The network assurance system initiates performance of a corrective measure for the failure event based in part on the determined rankings for the tags in the identified set.

Abstract: In one embodiment, a security device maintains a plurality of security enclaves for a computer network, each associated with a given level of security policies. After detecting a given device joining the computer network, the security device places the given device in a strictest security enclave of the plurality of security enclaves in response to joining the computer network. The security device then subjects the given device to joint adversarial training, where a control agent representing behavior of the given device is trained against an inciting agent, and where the inciting agent attempts to force the control agent to misbehave by applying destabilizing policies. Accordingly, the security device may determine control agent behavior during the joint adversarial training, and promotes the given device to a less strict security enclave of the plurality of enclaves in response to the control agent being robust against the attempts by the inciting agent.

Abstract: The embodiments of the present disclosure describe forming a semiconductor layer (e.g., III-V semiconductor material) on a silicon substrate using a template. In one embodiment, the template is patterned to form a plurality of cylindrical openings or pores that expose a portion of the underlying silicon substrate. The material of the semiconductor is disposed into the pores to form individual crystals or monocrystals. Because of the lattice mismatch between the crystalline silicon substrate and the material of the semiconductor layer, the monocrystals may include defects. However, the height of the pores is controlled such that these defects terminate at a sidewall of the template. Thus, the monocrystals can be used to form a single sheet (or single crystal) semiconductor layer above that template that is defect free.