Abstract: A computer-implemented method for analyzing malware may include: 1) identifying a set of malware samples, 2) identifying, for each malware sample in the set of malware samples, a set of static strings present in the malware sample, and then 3) clustering the set of malware samples based on the set of static strings present in each malware sample. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method and apparatus are provided to enable a server to determine if a client connecting to the server is doing so by means of human user interaction, as opposed to an automated process. In order to authorize access to services, the option of determining user identity, such as by means of a graphical shared secret, is also provided. Three aspects are described: (i) image formation from an object model; (ii) presentation of image choices to a user, and (iii) user action. Image formation includes the creation of one or more categorized 2-dimensional images with object regions for each image automatically qualified. These one or more categorized images can be created by means of a Randomizable Image Generation Object for Human Recognition, comprised of (i) a 3-dimensional object model, (ii) a plurality of rendering threshold and constraint parameters, and (iii) categorization and qualitative metadata.

Abstract: Methods and systems for processing network content associated with multiple virtual domains are provided. According to one embodiment, content processing of network traffic associated with multiple virtual domains is performed by a service daemon process initiated within a firewall. The service daemon process handles content processing of network traffic for the virtual domains by aggregating communication channels associated with the virtual domains and by applying to the network traffic an appropriate content processing policy corresponding to a virtual domain with which the network traffic is associated.

Abstract: Disclosed are systems and methods for computer malware detection. The system is configured to emulate execution of a program code, monitor events of program execution, classify the monitored events as malicious or non-malicious, and collect information about unclassifiable events. The system further includes one or more analyst workstations configured to isolate a program analyst from external audiovisual stimuli. The workstation includes a video output device operable to display a list of unclassifiable events and event-related information to the program analyst and a user input device operable to receive analyst's physiological response indicative of whether the displayed list of unclassifiable events exhibits malicious behavior.

Abstract: One embodiment of the present invention provides a system that facilitates intercepting browser communication protocol requests at a client. In addition, the system optionally fulfills the requests with content which is locally cached on the client rather than with content from a web server, which is located externally from the client. During operation, the system receives a communication protocol request at a browser's communication protocol stack. In response to the request, the system identifies a Uniform Resource Locator (URL) for the request. The system also determines if an item of content identified by the URL can be retrieved from a local cache. If so, the system fulfills the request from the local cache.

Abstract: In one example embodiment, a system and method are shown that includes calculating a first SPF tree for a first device, the first SPF tree including a root node and a first child node, the first device being the root node of the first SPF tree. Additionally, the system and method may include calculating a second SPF tree for a second device that is a neighbor of the first device, the second SPF tree including a root node and a first child node, the second device being the root node of the second SPF tree. Further, the system and method may include building a set of interested nodes including the second device, if the first child node if the first SPF tree and the first child node of the second SPF tree are distinct.

Abstract: A method, apparatus and computer readable medium is provided for tracking processes using a socket object. The processes are utilized to execute an application program. Initially, a process list for the socket object is created, such that the process list contains a process identifier for a first process using the socket object. If a second process is using the socket object, the process list is updated to include the process identifier for the second process.

Abstract: A method for processing a packet that includes receiving a packet for a target, classifying the packet, and sending the packet to a receive ring based on the classification. The method also includes obtaining an identifier (ID) associated with the target based on the classification, and sending a request for virtual memory that includes the ID. Furthermore, the method includes determining, using the ID, whether the target has exceeded a virtual memory allocation associated with the target. In addition, the method includes allocating the virtual memory, storing the packet in the virtual memory, and updating the virtual memory allocation associated with the target to reflect the allocation of the virtual memory, all if the target does not exceed the virtual memory allocation. The method further includes waiting until the target is not exceeding the virtual memory allocation if the target exceeds the virtual memory allocation.

Abstract: A method and system for file transfer are provided in which a file is transferred between a source client and a destination client via a middle server. The server receives segments of a file from the source client and stores the segments of the file as they are received. The server also forwards the segments of the file to a destination client as they are received, with the exception of one segment. The server combines the segments to form the whole file and applies a process to the whole file. The process may be for example an authorisation process such as an anti-virus check, a confidentiality check, or a content validity check. If the file passes the process, the remaining excepted segment is forwarded to the destination client.

Abstract: A network system broadcast data from one node to a plurality of other nodes, which can decrease the time required for broadcast. A transfer source node divides the transfer data to be broadcasted, and transfers each divided data separately from the network adapters of the transfer source node to the network adapters of the other nodes, and the other nodes transfer the received data to the network adapters of the other nodes other than the transfer source node. Since more nodes (network adapters) can participate in data transfer in the second data transfer, high-speed transfer processing can be implemented, and the transfer processing time for broadcast can be decreased.

Abstract: A cryptographic system (CS) is provided. The CS (800) comprises a data stream receiving means (DSRM), a generator (702), a mixed radix converter (MRC) and an encryptor (908). The DSRM (902) is configured to receive a data stream (DS). The generator is configured to selectively generate a random number sequence (RNS) utilizing a punctured ring structure. The MRC (704) is coupled to the generator and configured to perform a mixed radix conversion to convert the RNS from a first number base to a second number base. The encryptor is coupled to the DSRM and MRC. The encryptor is configured to generate an altered data stream by combining the RNS in the second number base with the DS. The punctured ring structure and the MRC are configured in combination to produce an RNS in the second number base which contains a priori defined statistical artifacts after the mixed radix conversion.

Abstract: According to an embodiment of the present invention, a method for deriving an analytic model for a session-based system is provided. The method comprises receiving, by a model generator, client-access behavior information for the session-based system, wherein the session-based system comprises a plurality of interdependent transaction types. The method further comprises deriving, by the model generator, from the received client-access behavior information, a stateless transaction-based analytic model of the session-based system, wherein the derived transaction-based analytic model models resource requirements of the session-based system for servicing a workload. According to certain embodiments, the derived transaction-based analytic model is used for performing capacity analysis of the session-based system.

Abstract: A system and method for controlling communications networks. Network performance information is gathered from a first communications network using performance information packet data packets. A network operator of the first communications network is controlled from a secondary communications network using the performance information packet data packets. Changes to the network operator are implemented based on instructions included in the performance information packet data packets.

Abstract: A system and method for verifying the consistency of mirrored data sets between source and destination storage systems is provided. A destination verification module sends version information to the source storage system where the source verification module determines whether the source and destination storage systems are utilizing compatible versions of the verification module. If the destination verification module receives an acceptable version from the source, the destination module then determines a base PCPI to utilize for verification and sends a PCPI identifier of the base PCPI to the source. The source verification module generates and transmits a data stream consisting of comprising of checksum information. The destination verification module compares the received data stream with checksum information retrieved from disk. If there are mismatches, i.e. the received data differs from the data retrieved from disk, the destination verification module logs the data mismatches in a verification log file.

Abstract: A system and method for storing data representing a multidimensional entity using corresponding dimensions for the data, storing a further dimension for the data, the further dimension being a modification timestamp indicating a time when the data was modified, receiving a request for the data representing the multi-dimensional entity, the request including a request timestamp indicating a further time when a previous request for the data representing the multi-dimensional entity was received and transmitting the data only when the modification timestamp is later than the request timestamp.

Abstract: A solution is proposed for implementing a self-adapting reconciliation process. Multiple user accounts are defined on different endpoints for accessing protected resources thereof; a server centralizes the definition of the user accounts on a single point of control which is then synchronized with user account definitions on the endpoints. A dynamic reconciliator, interposed between the server and the endpoints, receives any request from the server for a reconciliation process to be completed in a predefined time-frame. The reconciliator collects the required information from the endpoints and determines an optimal time pattern for the processing of the information by the server over the time-frame according to an estimated amount of information expected to be received and an estimated workload distribution of the server in the time-frame. The reconciliator transmits the information to the server according to this time pattern.

Abstract: A system and method for managing data transfers between client computers and a computer network. Each client comprises a data transfer controller and at least two data transfer rules. The data transfer controller associates each of at least two connection states with one of the data transfer rules. The data transfer controller also detects a connection state of a client device, applies a first data transfer rule to the client device in response to detecting a first connection state, and applies a second data transfer rule to the client device in response to detecting a second connection state. In a further embodiment, the data transfer controller associates a data transfer policy with attributes of a connection between the client device and the computer network, wherein a connection state comprises a set of values of the attributes of the connection.

Abstract: Methods, devices, and systems for smart load balancing are provided. SIP Requests destined for a particular AOR are delivered to one of several registered contact addresses according to associated availability score stored in routing element's contact resolution table. The availability score is periodically updated by the contact entity itself using the SIP PUBLISH mechanism to push the score to the routing element.

Abstract: A method and system for routings are disclosed. The method includes: receiving a SIP request message that carries semantic information of a service; by using the semantic information carried in the SIP request message as an input, searching for the service through semantic inference; generating a standard service request message which carries found service information, and sending the message to an application server that handles the service. The present invention increases the quantity of services available for requesting, and improves the flexibility of requesting services.

Abstract: Implementations of the present invention relate in part to optimizations to peer-to-peer communication systems. For example, one implementation relates to use of a smart transceiver that creates, caches, and manages communication channels dynamically between peers. Another implementation relates to use of a central tracking object that can be used to efficiently register and distribute peer messages among the various peers. In one implementation, the central tracking object is shared amongst peers in the group. Still another implementation relates to associating peer groups with namespaces, and for including peer groups of one namespace within still other peer groups of different namespaces. These and other aspects of the invention can also be used to ensure delivery intent of a given peer message is preserved, and to ensure that optimal numbers of messages are communicated to any given peer at any given time.