Abstract: In one embodiment, a method comprises: obtaining, by a process, path trace data collected by a plurality of performance monitoring agents across a computer network; obtaining, by the process, one or more catalogs having application-based correlation information for the path trace data; generating, by the process, network mapping directed graphs by correlating the path trace data using the one or more catalogs, the network mapping directed graphs logically comprising nodes categorized at a plurality of levels of aggregation and edges connecting the nodes; associating, by the process, test-based performance data with the edges of the network mapping directed graphs; and providing, by the process, at least one Sankey diagram based on the network mapping directed graphs and test-based performance data associated with their edges for selectable display by a user interface.

Abstract: This disclosure describes techniques for device to device authentication. For instance, a first device may detect a second device, such as when a user physically attaches the second device to the first device or when the second device wireless communicates with the first device. A component of the first device and/or an authentication entity may then determine to authenticate the second device. In some instances, the component determines to authenticate the second device using information associated with an environment of the second device. To authenticate the second device, the authentication entity may send a request to a user, receive a response from the user, and then verify the response. After the authentication, the first device may determine that the second device includes a trusted device and establish a connection with the second device.

Abstract: In one embodiment, a method to authenticate a hardware component, by a system, includes performing a verification process to determine whether the hardware component is authorized to run on the system. The hardware component comprises an electronic fuse storing a hash of a data package and a memory storing the data package, wherein the electronic fuse is configured to provide the hash to the memory. The verification process comprises transmitting a random value (K) to the hardware component to prompt the hardware component to sign a response. The verification process further comprises receiving a signed response containing the random value (K) and the data package, wherein the data package comprises a first serial number associated with the hardware component and a first system number associated with the system. The verification process further comprises decrypting the signed response to verify a value of the random value (K).

Abstract: Backscatter Device (BKD) scheduling and, specifically, narrowband BKD excitation for multiple BKD scheduling may be provided. An AP may determine to transmit an excitation transmission to a plurality of BKDs. The AP may determine a trigger frequency for each of the plurality of BKDs, and the AP may transmit an excitation transmission comprising a plurality of excitation signals. Each excitation signal may have a frequency corresponding to one of the trigger frequencies for the plurality of BKDs. The plurality of excitation signals may be ordered for the plurality of BKDs to perform backscattering (i) concurrently; (ii) staggered in a single Transmit Opportunity; or (iii) a combination of (i) and (ii).

Abstract: An access point in a wireless network communicates wirelessly with one or more client devices over a channel that includes a plurality of subchannels. Radar is detected on a first subchannel of the plurality of subchannels. It is determined to puncture the first subchannel, based on the detecting the radar on the first subchannel and based on one or more puncturing factors. The first subchannel is punctured, the puncturing comprising muting one or more subcarriers on the first subchannel.

Abstract: According to an embodiment, a node comprises one or more processors operable to execute instructions to cause the node to perform operations. The operations comprise determining a link quality associated with each satellite link of a plurality of satellite links and applying load balancing to the plurality of satellite links. The load balancing is based at least in part on the respective link quality associated with each satellite link. The load balancing comprises determining which of the satellite links to include in an active set selected to communicate data to or from the node and, for each satellite link in the active set, determining a portion of the data to communicate via the respective satellite link. The operations further comprise transmitting or receiving the data via the satellite links in the active set. Each satellite link in the active set communicates its respective portion of the data.

Abstract: In one embodiment, a device in a network receives an attack mitigation request regarding traffic in the network. The device causes an assessment of the traffic, in response to the attack mitigation request. The device determines that an attack detector associated with the attack mitigation request incorrectly assessed the traffic, based on the assessment of the traffic. The device causes an update to an attack detection model of the attack detector, in response to determining that the attack detector incorrectly assessed the traffic.

Abstract: Techniques for an email-security system to screen emails, extract information from the emails, analyze the information, assign probability scores to the emails, and classify the emails as likely fraudulent or not. The system may analyze emails for users and identify fraudulent emails by analyzing the contents of the emails. The system may evaluate the contents of the emails to determine probability score(s) which may further determine an overall probability score. The system may then classify the email as fraudulent, or not, and may perform actions including blocking the email, allowing the email, flagging the email, etc. In some instances, the screened emails may include legitimate brand domain addresses, names, images, URL(s), and the like. However, the screened emails may contain a reply-to domain address that matches a free email service provider domain. In such instances, the email-security system may assign a probability score indicative that the screened email is fraudulent.

Abstract: Embodiments relate to a method for enhancing and prioritizing operation technology (OT) control systems in a safety instrumented system (SIS) environment by incorporating safety levels. The method includes receiving network packets associated with OT systems by network interface. From network packets, OT systems associated with safety integrity level (SIL) values are identified. In response to identifying OT control systems associated with SIL values, determining priority levels from SIL values of OT systems. The method includes identifying, among OT control systems, network packets associated with a critical OT system associated with a SIL value having a higher priority level. The critical OT system may be prioritized that comprises encoding the network packets of the critical OT system, with corresponding SIL value. The prioritized critical OT system may be prioritized based on SIL value and classified into a network group associated with a network tag to deliver traffic with higher priority.

Abstract: Presented herein are techniques to enhance the audio portion of a video conference. In one embodiment, a method includes determining, using a multi-microphone array, a direction of arrival of sound signals from a user, detecting, using an image from a camera, a face of the user, determining a position of the face of the user with respect to a position of the camera, and forming a spatial beam for the multi-microphone array based on the direction of arrival of sound signals from the user and the position of the face of the user.

Abstract: The disclosure relates to a system and method of optimizing one or more paths between an Application Programing Interface (API) gateway and one or more endpoints. Properties associated with each of a plurality of paths between at least one device and an API gateway are collected, and the properties associated with each of the plurality of paths are monitored to determine a current level of performance for each of the paths. Using gathered data, the API gateway can then analyze, using machine learning, the current level of performance for each of the paths and the current load of the at least one device to determine if a corrective action is needed to maintain an optimal performance of the API gateway, the plurality of paths, and the at least one device.

Abstract: This disclosure describes techniques for identifying the criticality of an asset in a network. In an example method, a first security metric of a first asset in a network, as well as network data that identifies data flows associated with a second asset in the network are identified. The second asset is a nearest neighbor of the first asset in the network. The method includes determining, based on the network data, a number of hosts in the network that exchanged data traffic with the second asset during a time period and generating a second security metric of the second asset based on the first security metric and the number of hosts. A security policy of the second asset is adjusted based on the security metric.

Abstract: A method includes receiving, at a chaos level engine, initial input parameters. The method may further include, with the chaos level engine, determining scaled input parameters based on the initial input parameters. The scaled input parameters define how the initial input parameters effect a computing environment to be tested. The method may further include, with the chaos level engine determining a chaos level for performing a chaos experiment on the computing environment based on the scaled input parameters and sending the chaos level to the computing environment for the chaos experiment. The method may further include, with the chaos level engine, receiving, from the computing environment, feedback defining an impact caused by the chaos experiment created at the computing environment and an intended level of chaos.

Abstract: A system and associated methods provide solutions for reducing a volume of traffic through a multicast network attributed to repeated maintenance messages, which are required in order to maintain a multicast connection. The system configures provider edge devices to generate and send maintenance messages on behalf of members of a multicast group to establish and maintain the multicast connection and provides options for determining unknown locations of sources and/or subscribers, thereby reducing the overall volume of traffic transmitted over the multicast network.

Abstract: Techniques are provided that rotate a device address used to identify a wireless client device on a wireless network. The wireless client device and at least one network infrastructure component identify a plurality of device addresses associated with the wireless client device. In some embodiments, the plurality of device addresses are generated via a corresponding plurality of invocations of a stateful random number generator, such as a cryptographically secure pseudorandom number generator.

Abstract: This disclosure describes techniques to operate a control plane in a network fabric. The techniques include determining a stateless rule corresponding to communication between a first segment of the network fabric and a second segment of the network fabric. The techniques further include configuring the control plane to enforce the stateless rule.

Abstract: Disclosed herein are methods of forwarding data over an IP network. The methods may include receiving a packet from a source host connected to the IP network, identifying the IP address of a destination host designated in the packet, determining the location on the IP network where the destination host designated by the packet is connected, without reference to the MAC address specified in the packet, by using location-identification information stored on the IP network, and forwarding the packet to the location on the IP network where the destination host is connected without reference to the MAC address specified in the packet. Also disclosed herein are related network devices implementing such techniques and operations, as well as IP networks which include such network devices.

Abstract: In part, in one aspect, the disclosure relates to a method for passivating a waveguide of an optical circuit. The method includes etching a suspended waveguide in the optical circuit; the suspended waveguide having a top surface, a bottom surface, and side surfaces; and covering the top surface and side surfaces of the suspended waveguide with a passivation coating having a thickness that ranges from between about 10 nm to about 20 nm. In one embodiment, the method further includes removing one or more coatings from a portion of the optical circuit. The disclosure also relates to various passivated optical silicon circuit embodiments.

Abstract: Various implementations disclosed herein enable malleable routing for data packets. For example, in various implementations, a method of routing a type of data packets is performed by a device. In some implementations, the device includes a non-transitory memory and one or more processors coupled with the non-transitory memory. In some implementations, the method includes determining a routing criterion to transmit a set of data packets across a network. In some implementations, the method includes identifying network nodes and communication links in the network that satisfy the routing criterion. In some implementations, the method includes determining a route for the set of data packets through the network nodes and the communication links that satisfy the routing criterion. In some implementations, the method includes configuring the network nodes that are on the route with configuration information that allows the set of data packets to propagate along the route.

Abstract: A client device identifier for dual-Wi-Fi connections may be provided. First, it may be determined that a client device has associated over a first link having a first Media Access Control (MAC) address. Next, from the client device over the first link, a first management frame may be received that identifies a MAC address of a second link associated with the client device. Then, based on information in the first management frame, it may be determined that the first link and the second link are associated with the client device.