Abstract: In one embodiment, a device obtains network telemetry and environmental telemetry associated with a physical environment. The device forecasts, based on the network telemetry and environmental telemetry, future values of the network telemetry and environmental telemetry. The device predicts, based on the future values, quality of experience metrics for an online application for different locations within the physical environment. The device provides, based on the quality of experience metrics, a recommendation to a user interface that recommends a user of the online application navigate to a particular location from among the different locations to access the online application at a future point in time.

Abstract: In some aspects, the techniques described herein relate to a method for detecting malicious emails, the method including: receiving an email, wherein the email is associated with a markup payload; determining, based on the markup payload, text data associated with the email; determining, using the text data and a first machine learning model, a first representation of the email representing text associated with the email; rendering the email to generate image data that represents a rendering of the email; determining, using the image data and a second machine learning model, a second representation of the email that represents at least the rendering of the email; and determining a prediction for the email based on the first representation and the second representation, wherein the prediction represents whether the email is predicted to be malicious based on the first representation and the second representation.

Abstract: Techniques for improved peer-to-peer communication are provided. A roaming peer-to-peer device may identify a new access point (AP) and initiate a transition to the new AP. Initiating transition can involve sending, to the new AP, the current peer-to-peer communication schedule for approval and/or negotiating a modified peer-to-peer communication schedule with the new AP. When the roaming peer-to-peer device and the new AP agree on the peer-to-peer communication schedule, the peer-to-peer device may notify its counterpart that it has roamed to the new AP and also notify the counterpart of any updates to the peer-to-peer communication schedule.

Abstract: Techniques described herein provide procedures for reducing MACsec Key Agreement (MKA)-related traffic and improving resource allocation for MKA protocol through an EVPN environment. Techniques include leveraging Border Gateway Protocol (BGP) signaling for MKA between Provider Edge (PE) routers instead of between Customer Edge (CE) routers, which mitigates both hardware restrictions and scalability challenges with a new Xaas enablement. A new BGP-EVPN route type is defined that can communicate a set of MKA information along with an address destination associated with a provider edge device to establish a BGP MKA session and enable MACsec encryption/decryption at the provider edge device.

Abstract: In one embodiment, a device sends data traffic to a gateway of a backhaul mesh network via a first wireless access point of the backhaul mesh network. The device maintains, while associated with the first wireless access point, an association with a second wireless access point of the backhaul mesh network by sending a frame to the first wireless access point that is relayed by the first wireless access point to the second wireless access point. The device makes a determination that additional data traffic should be sent to the gateway of the backhaul mesh network via the second wireless access point. The device sends, based on the determination, the additional data traffic to the gateway of the backhaul mesh network via the second wireless access point.

Abstract: In an aspect, an embodiment of the present disclosure is directed to network control topology that implements a centralized network controller to deterministically assign, and reassign, underlay multicast groups according to one or more policies and/or parameterized intent of the network administrator. The centralized network controller, in some embodiments, comprises a map server-map resolver controller configured to provide deterministic and centralized allocation of LISP underlay multicast groups, e.g., to provide security, traffic engineering, network and resource management.

Abstract: Embodiments provide for assuring policy based alerting, via clustering, via a first neural network, operational data reported from a network into a plurality of anomalies organized into several clusters; correlating, via the first neural network, alerts received from devices in the network according to the several clusters; determining, via the second neural network, anomaly impacts in the several clusters from the filtered alerts; in response to determining that the anomaly impacts for a first cluster exceed an alerting threshold: identifying a first shared node in the first cluster; identifying a second cluster including a second shared node matching the first shared node that has not been determined to exceed the alerting threshold; and transmitting an alert for the first cluster and the second cluster; and in response to receiving a response to the alert, updating, via the second neural network, the first neural network.

Abstract: In one embodiment, a device obtains data regarding routing decisions made by a machine learning-based predictive routing engine for a network. The device determines, based on the data regarding the routing decisions, a behavior of the machine learning-based predictive routing engine. The device compares the behavior of the machine learning-based predictive routing engine to a behavioral policy for the machine learning-based predictive routing engine. The device adjusts operation of the machine learning-based predictive routing engine, when the behavior of the machine learning-based predictive routing engine violates the behavioral policy.

Abstract: A computerized method for detection of format drift and format anomalies is described. A format representation for each data point of a first data sample is extracted. Transformations of each format representation is conducted, resulting in a first plurality of count values (reference) and a second plurality of count values. Each count value identifies a number of occurrences of a transformed format representation within that data sample. Thereafter, a first probability distribution for the first plurality of count values and a second probability distribution for the second plurality of count values are computed. Analytics using the first and probability distributions are conducted to produce a first metric. A format drift is determined based on an evaluation of the first metric to a second metric operating as a threshold metric. Format anomalies are detected based on analytics of hashed format representation and determination of infrequent usage of a particular format representation.

Abstract: Techniques for beamforming from wireless stations (STAs) are disclosed. These techniques include identifying a plurality of STAs for a beamforming group, for transmission to a wireless access point (AP). The techniques further include receiving, at the AP, first data transmitted from each of the plurality of STAs in the beamforming group to the AP at least partially at the same time, wherein the transmitting the first data from each of the plurality of STAs results in constructive interference between the transmissions from the plurality of STAs to the AP, and wherein the same first data is received from each of the plurality of STAs in the beamforming group.

Abstract: This disclosure describes techniques for enabling distributed path computation and centralized path enforcement in a computer network used to implement a software application. In some cases, the disclosed techniques include using a central controller that initializes and coordinates monitoring agents deployed to network regions. The monitoring agents may collect monitoring data associated with application segments in their respective regions and share this data with each other. Using the aggregated data, the agents can compute optimal paths between application segment pairs spanning multiple regions. The optimal inter-region paths may be sent to the controller, which can program the paths into the routing application programming interfaces (APIs) of the various network environments like public cloud and on-premises networks.

Abstract: A computer-implemented method for detecting malicious content is disclosed that includes operations of: receiving a character set as an input, converting the input into an integer array containing indexes of each character, and creating an input vector from the integer array, the input vector being a dense numerical representation of the character set. The input vector is passed to a machine learning model to generate a plurality of features based on the character set, the plurality of features comprising at least two of: a length of the character set, a Shannon Entropy of the character set, n-gram similarity score of the character set with English dictionary words, n-gram similarity score of the character set with a set of legitimate domains, and an online web traffic ranking service. A dense input vector is formed by concatenating the plurality of features to the input vector, and then processed to obtain a comparison score.

Abstract: This disclosure describes techniques for protecting privacy of a user with respect to emotion detection via a computer network. The techniques may include receiving sensed data associated with a user. A privacy policy of the user may be used with processing of the sensed data. For example, based at least in part on the privacy policy, a private subset of the sensed data may be filtered from remaining sensed data. The remaining sensed data may be used to determine an emotion classification result. The emotion classification result may indicate a sharable emotion of the user, for instance.

Abstract: Techniques for identifying malicious actors across datasets of different origin. The techniques may include receiving input data indicative of network interactions between entities and modalities. Based at least in part on the input data, a maliciousness score associated with a first entity may be determined. In some instances, a value of the maliciousness score may be partially based on a number of the modalities that are interacting with the first entity and also interacting with one or more malicious entities. The techniques may further include determining whether the value of the maliciousness score exceeds a threshold value and, based at least in part on the value of the maliciousness score exceeding the threshold value, a request may be made to identify the first entity as a new malicious entity.

Abstract: According to one or more embodiments of the disclosure, a supervisory networking device in an Ethernet ring obtains identity information for each of a plurality of other networking devices in the Ethernet ring. The supervisory networking device determines, based on the identity information, a relative position for each of the plurality of other networking devices in the Ethernet ring. The supervisory networking device generates, based on the relative position of each of the plurality of other networking devices in the Ethernet ring, a load balancing configuration for the Ethernet ring. The supervisory networking device implements the load balancing configuration in the Ethernet ring by blocking a first link of the supervisory networking device for a first subset of the plurality of other networking devices and a second link of the supervisory networking device for a second subset of the plurality of other networking devices.

Abstract: Validation of privacy requests for mutual Access Point (AP) and client device protection may be provided. A first computing device may accept association with a second computing device. Then the first computing device may receive frame anonymization parameters associated with a parameter rotation from the second computing device. Next, the first computing device may determine to one of: i) accept the parameter rotation based on the frame anonymization parameters; and ii) reject the parameter rotation based on the frame anonymization parameters.

Abstract: This disclosure describes techniques for migrating nodes from a first communication protocol to a second communication protocol. An example method is performed by a software-defined wide area network (SDWAN) controller. The example method includes identifying nodes in a network; identifying features associated with the nodes; identifying Internet Protocol version 6 (IPv6)-incompatible features among the features; and outputting, to a user, a list of the IPv6-incompatible features. The example method further includes receiving, from the user, a selection of nonessential features including at least one of the IPv6-incompatible features; identifying at least one of the nodes corresponding to the selection; and causing migration of the at least one of the nodes to IPv6.

Abstract: In one embodiment, a method comprises determining, by a first networking device, that a first subflow of a multipath transmission control protocol (MPTCP) connection has been established between a first internet protocol (IP) address of a first computing device and an IP address of a second computing device, wherein the first computing device is multihomed to the first networking device and a second networking device. The method also includes determining, by the first or second networking device, a request to establish a second subflow of the MPTCP connection between a second IP address of the first computing and the IP address of the second computing device. In addition, the method includes advertising, by the first networking device, a primary IP address (PIP) of the first networking device for the first subflow and advertising, by the second networking device, a PIP of the second networking device for the second subflow.

Abstract: In one embodiment, a videoconference service determines a selection of a virtual background for a videoconference from a particular participant of a plurality of participants in the videoconference. The videoconference service determines an audio context filter that is associated with a visual context of the virtual background. The videoconference service modifies an audio stream of the videoconference into a modified audio stream according to the audio context filter. The videoconference service presents, to the plurality of participants during the videoconference, the particular participant using the virtual background and the modified audio stream. In an embodiment, the videoconference service ascertains the visual context of the virtual background based on applying a machine learning model to the virtual background.

Abstract: Systems, methods, and computer-readable media for determine a neighborhood graph can include the following processes. A neighborhood graph system generates a neighborhood graph for a plurality of nodes in an enterprise network, the neighborhood graph representing a multi-hop connections between any two nodes of the plurality of nodes. A security score service determines a security score for each of the plurality of nodes to yield a plurality of scores. The neighborhood graph system updates the neighborhood graph of the plurality of nodes using the plurality of scores to provide a visual representation of securities of the plurality of nodes relative to each other.