Abstract: This technology allows for determining the location of client devices via radio scanning for triggered orthogonal frequency-division multiple access (“OFDMA”) uplinks. Access points (“APs”) are configured for OFDMA transmissions. A first AP transmits a trigger frame on particular channel to stations in the wireless network. Neighboring APs scan channels for trigger frames (“TF”). Upon detection of a TF, neighboring APs associate a station identifier with a frequency allocation, or resource unit, in the TF. The neighboring APs receive an OFDMA uplink from the stations, determine a received signal strength indicator (“RSSI”) value for each frequency allocation in the OFDMA uplink, and transmit the RSSI values with the associated station identifier to the first AP. The first AP determines the location of each station by mapping a distance value to the RSSI values.

Abstract: In one embodiment, a process: monitors an access pattern of database objects on a user-connection basis; calculates a wait-time metric for database sessions for the objects; classifies a first number of often-used objects and a second number of not-recently-used objects; classifies the wait-time metric for the database sessions as a wait-time classification that is one of either: an acceptable wait-time metric, a warning-level wait-time metric, or a critical-level wait-time metric; and generates a graphical interface that indicates, for each user-connection pairing of the particular database, an associated wait-time metric and a graphical indication of an associated wait-time classification, as well as an associated first number of often-used objects and an associated second number of not-recently-used objects.

Abstract: Correcting for antennae spatial distortions in Radio Frequency (RF) localization may be provided. A plurality of actual locations associated with a plurality of Access Point (APs) may be received. Then a plurality of signal strengths associated with the plurality of APs may be received. Based on the plurality of signal strengths, a model may be created that models a plurality of inference errors respectively corresponding to the plurality of APs between a plurality of inferred locations respectively corresponding to the plurality of APs and the plurality of actual locations. The model may then be used in determining a location of a device.

Abstract: This disclosure generally relate to a method and system for mapping application dependency information. The present technology relates techniques that enable user-adjustable application dependency mapping of a network system. By collecting internal network data using various sensors in conjunction with external user inputs, the present technology can provide optimized application dependency mapping using user inputs.

Abstract: Techniques for forward error correction are disclosed. These techniques include receiving a forward error correction codeword transmitted over a communication network, the codeword including a parity portion and a payload portion. The techniques further include determining, based on the parity portion, to disable forward error correction for the codeword. The techniques further include disabling forward error correction for the codeword.

Abstract: In one embodiment, a supervisory service for a network obtains quality of experience metrics for application sessions of an online application. The supervisory service maps the application sessions to paths that traverse a plurality of autonomous systems. The supervisory service identifies, based in part on the quality of experience metrics, a particular autonomous system from the plurality of autonomous systems associated with a decreased quality of experience for the online application. The supervisory service causes application traffic for the online application to avoid the particular autonomous system.

Abstract: A system and method are provided for generating a cybersecurity behavioral graph from a log files and/or other telemetry data, which can be unstructured or semi-structured data. The log files are applied to a machine learning (ML) model (e.g., a large language model (LLM)) that generates/extract from the log files entities and relationships between said entities. The entities and relationships can be constrained using a cybersecurity ontology or schema to ensure that the results are meaningful to a cybersecurity context. A graph is then generated by mapping the extracted entities to nodes in the graph and the relationships to edges connecting nodes. To more efficiently extract the entities and relationships from the data file, an LLM is used to generate regular expressions for the format of the log files. Once generated, the regular expressions can rapidly parse the log files to extract the entities and relationships.

Abstract: In one embodiment, a first device in a network receives a quantum computing power metric indicative of a maximum available compute power of quantum computers. The first device receives, from a second device in the network, a listing of cryptographic suites available on the second device. The first device selects, based on the quantum computing power metric, a particular cryptographic suite from among the listing of cryptographic suites available on the second device. The first device sends, to the second device via the network, an indication that the particular cryptographic suite is to be used to encrypt and decrypt traffic exchanged between the first device and the second device.

Abstract: Systems, methods, and computer-readable media for performing threat remediation through a switch fabric of a virtualized network environment. Data traffic passing into a virtualized network environment including a plurality of virtual machines running on a switch fabric is monitored. A network threat introduced through at a least a portion of the data traffic is identified at the switch fabric. One or more remedial measures are performed in the network environment based on the identification of the network threat in the virtualized network environment.

Abstract: Techniques for adjusting a duration of an authenticated user device session. A baseline session duration is determined for a session for which a user account is authorized in response to a request for authentication. A first session is established on behalf of a user device associated with the user account based at least in part on the user account performing a first authentication. A posture associated with the user device is determined. The baseline duration is then adjusted to a dynamic duration based at least in part upon the posture associated with the user device. Based at least in part on the dynamic duration the user can be required to re-authenticate.

Abstract: Systems, methods, and computer-readable media are provided for generating a unique ID for a sensor in a network. Once the sensor is installed on a component of the network, the sensor can send attributes of the sensor to a control server of the network. The attributes of the sensor can include at least one unique identifier of the sensor or the host component of the sensor. The control server can determine a hash value using a one-way hash function and a secret key, send the hash value to the sensor, and designate the hash value as a sensor ID of the sensor. In response to receiving the sensor ID, the sensor can incorporate the sensor ID in subsequent communication messages. Other components of the network can verify the validity of the sensor using a hash of the at least one unique identifier of the sensor and the secret key.

Abstract: Time Sensitive Networking (TSN) Quality of Service (QoS) in overlapped administrative domains may be provided. A first Access Point (AP) may detect at least a second AP in a Co-Channel Interference (CCI) range. A micro-transaction auction between the first AP and at least the second AP may be established, and the first AP may provide compensation to second AP to acquire an agreement, from the second AP, to forgo transmitting during an upcoming service period. Next, the first AP may schedule transmissions for the service period and then transmit in the service period without interference from the second AP.

Abstract: With a controller coupled to a first multicast domain and a second multicast domain having incompatible multicast profiles, source and group (S,G) state information may be extracted from a plurality of nodes of the first multicast domain and the second multicast domain, A first interdomain border node may be within the first multicast domain. A second interdomain border node may be defined within the second multicast domain. The (S,G) state information may be transmitted to the first interdomain border node and the second interdomain border node. The multicast traffic may be transmitted between the first multicast domain and the second multicast domain via the first interdomain border node and the second interdomain border node based at least in part on the (S,G) state information.

Abstract: Crest Factor Reduction (CFR) parameters are determined for a dual band Power Amplifier (PA). A first band of the dual band PA is associated with a first Multi-Link Operation (MLO) link and a second band of the dual band PA is associated with a second MLO link. Determining the CFR parameters comprises determining based on a configuration of the first MLO link and the second MLO link. A first portion of the CFR parameters is provided to a first crest factor reduction block. First portion of the CFR parameters comprises a first clipping threshold associated with the first band and first filter coefficients associated with the first band. A second portion of the CFR parameters is provided to a second crest factor reduction block. The second portion of the CFR parameters comprises a second clipping threshold associated with the second band and second filter coefficients associated with the second band.

Abstract: Techniques for expressing, communicating, de-conflicting, and enforcing consistent access policies between an IBN architecture and a Cloud-Native architecture. Generally, network administrators and/or users of a Cloud-Native architecture and an IBN architecture express access policies independently for the two different domains or architectures. According to the techniques described herein, a Network Service Endpoint (NSE) of the Cloud-Native architecture may exchange access policies with a network device of the IBN architecture. After exchanging access policies, conflicts between the sets of access policies may be identified, such as differences between allowing or denying communications between microservices and/or applications. The conflicts may be de-conflicted using various types of heuristics or rules, such as always selecting an access policy of the IBN architecture when conflicts arise.

Abstract: Techniques for user identity-based security policy enforcement. The techniques may include sending, to an edge device associated with a network, a networking policy associated with a user. The techniques may also include receiving, from an identity provider, an IP address associated with the user. Additionally, the techniques may include sending, to the edge device, an indication to associate the IP address with the user such that the edge device applies the networking policy to packets that include the IP address.

Abstract: According to one or more implementations of the disclosure, a device initiates probing of a path in a network during which one or more probe packets are sent along the path. A hop along the path modifies the one or more probe packets to include energy source information regarding one or more energy sources available to that hop. The device receives results of the probing of the path that include the energy source information. The device generates, based on the results of the probing, a visual representation of the path and those one or energy sources available to different hops along the path. The device provides the visual representation of the path to a user interface for display.

Abstract: In one embodiment, a device may determine a compliance status of a communication of a type of data between a first workload and a second workload based on a data compliancy policy and a verified node location of at least one of the first workload and the second workload. The device may send, based on the compliance status of the communication, an instruction for handling the communication to at least one of a node executing the first workload and a node executing the second workload.