Abstract: A system and a method for detecting anomalous attacks in Internet network flow operate by counting a number of Internet traffic messages that are detected as anomalous attacks to provide a count; computing a running average of the number of messages that are detected as anomalous attacks; and comparing the count to the running average to provide an anomalous attack alarm if the count is greater than a multiple of the running average. The attacks can include at least one of spoofing attacks or denial of service attacks. A computer readable storage medium stores instructions of a computer program, which when executed by a computer system, results in performance of steps of the method.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for performing multi-factor authentication. In one aspect, a method includes determining that the identity of a user has been successfully proven using a first of two or more authentication factors, allowing updates or requests for updates to be initiated after the identity of the user has been successfully proven using the first authentication factor, logging the updates or requests for updates that are initiated after the identity of the user has been successfully proven using the first authentication factor, determining that the identity of the user has not been successfully proven using a second of the two or more authentication factors, and reverting the updates, or discarding the requests for updates, based on determining that the identity of the user has not been successfully proven using the second authentication factor.

Abstract: A computer security system may include a removable security device adapted to connect to the input/output port of a computer. The security device may include: a random access memory (RAM) cell; and a processor. The security system may further include: at least one encrypted update packet stored remotely from the security device and adapted to modify the contents of the RAM cell; and a private key located on the security device and adapted to decrypt the update packet; and at least one of a device driver, a software application, and/or a library stored remotely from, and in communication with, the security device and adapted to cause the contents of the at least one cell to be switched out of the cell, stored remotely from the cell, and loaded back into the cell.

Abstract: A network experience rating system and method determines a network connection quality for a computer by monitoring characteristics of data traffic through a connection with another computer on the network. The network experience rating system statistically analyzes the characteristic data and compares the statistically analyzed data to historical data gathered for the computer. The network experience rating system thus provides a rating that is individualized for a particular computer based on the computer's network usage.

Abstract: Disclosed is a method for a device without unique hardware address to obtain IP address automatically. This method comprises the steps of: the device dividing the hardware address field in the BOOTP request packet into sub-fields which are filled in by the device and the relay proxy servers forwarding the BOOTP request packet; the BOOTP server assigning an IP address to the device according to the contents in all sub-fields in the received BOOTP request packet, then generating a BOOTP response packet including the IP address of the device; and the device obtaining the IP address information from the BOOTP response packet forwarded by relay proxy servers. The content of the sub-fields can be information of interface board number, port number, slot number or Virtual Path Identifier/Virtual Channel Identifier (VPI/VCI) of an ATM Permanent Virtual Connection (PVC) of said device.