Abstract: A Services Delivery Platform (SDP) architecture is provided that is configured to onboard new data sets into an SDP data lake. The SDP enables the crowdsourcing of data on-boarding by configuring this process into an interactive, intuitive, step-by-step guided workflow while governing/controlling key functions like verification, acceptance and execution.

Abstract: Presented herein are methods associated with a Services Delivery Platform (SDP) architecture for a distributed application building blocks, such as microservices, deployment-agnostic. The system includes a central compute node and numerous remote compute nodes. Techniques are provided to “onboard” and assimilate the capabilities of remote compute nodes so that they are an integrated part of the SDP system and can be accessed and used in connection with one or more services provided by the SDP system.

Abstract: In an example embodiment, a Software Defined Networking (SDN) application identifies a domain based on a destination address of a packet that is associated with a primary service. The domain corresponds to the primary service, and the primary service is configured to trigger one or more support flows from one or more ancillary services. The SDN application identifies the one or more support flows based on the domain, and generates one or more rules for distribution to one or more network elements that handle packets of the one or more support flows from the one or more ancillary services.

Abstract: A network monitor may receive network log events and identify: a first set of network devices that have reported a target network log event, a second set of network devices that have not reported the target network log event, a first set of network log events reported by the first set of network devices, and a second set of network log events reported by the second set of network devices. The network monitor may determine which network log events are legitimate, and filter the legitimate network log events from the first set of network log events or the second set of network log events to produce a group of suspicious network log events that may be correlated with the target network log event. The network monitor may predict future suspicious network log events that may be correlated with the target network log event in order to predict equipment failures.

Abstract: In one embodiment, a device receives sensor data from a plurality of nodes in a computer network. The device uses the sensor data and a graph that represents a topology of the nodes in the network as input to a graph convolutional neural network. The device provides an output of the graph convolutional neural network as input to a convolutional long short-term memory recurrent neural network. The device detects an anomaly in the computer network by comparing a reconstruction error associated with an output of the convolutional long short-term memory recurrent neural network to a defined threshold. The device initiates a mitigation action in the computer network for the detected anomaly.

Abstract: A method for classifying network traffic in a network. The method includes obtaining, from an application distribution source, an application distribution data set of comprising information associated with distributing an application from the pre-determined application distribution source, extracting, based on a pre-determined extraction criterion, a token from the application distribution data set of the application, obtaining, from the network traffic, a plurality of flows generated by the application, extracting, in response to detecting the token in a flow of the plurality of flows, context information associated with the token in the flow, and generating an identification rule of the application based on the token and the context information, wherein the identification rule describes one or more rule steps to locate the token in the flow, wherein the network traffic is classified using at least the identification rule.

Abstract: A method for profiling network traffic of a network. The method includes extracting cells from bi-directional payloads generated by a network application, wherein each cell comprises at least one direction reversal in a corresponding bi-directional flow, generating a cell group comprising a portion of the cells that are similar, analyzing the cell group to generate a signature of the network application, and classifying, based on the signature of the network application, a new bi-directional flow as being generated by the network application.

Abstract: A method to provide traveler content service. The method includes receiving, from the traveler and prior to the trip, a request to access traveler content during the trip, wherein the request comprises travel ticket information associated with the trip and access information to a source of the traveler content, wherein the trip crosses a region with no access to the source of the traveler content, retrieving, prior to the trip, the traveler content from the source using the access information, transmitting, in response to detecting a first vehicle assigned to the trip at a departure port of the trip, the traveler content to a first traveler content repository onboard the first vehicle to generate a traveler content first onboard copy, and providing, during the trip and by an onboard computer processor of the first vehicle, the traveler content first onboard copy from the first traveler content repository to the traveler.

Abstract: Sequences of computer network log entries indicative of a cause of an event described in a first type of entry are identified by training a long short-term memory (LSTM) neural network to detect computer network log entries of a first type. The network is characterized by a plurality of ordered cells Fi=(xi, ci-1, hi-1) and a final sigmoid layer characterized by a weight vector wT. A sequence of log entries xi is received. An hi for each entry is determined using the trained Fi. A value of gating function Gi(hi, hi-1)=II (wT(hi?hi-1)+b) is determined for each entry. II is an indicator function, b is a bias parameter. A sub-sequence of xi corresponding to Gi(hi, hi-1)=1 is output as a sequence of entries indicative of a cause of an event described in a log entry of the first type.

Abstract: Embodiments of the invention provide a method, system, and computer readable medium for classifying network traffic based on application signatures generated during a training phase. The application signatures are generated based on tokens extracted from a training set that is generated by a particular application during the training phase. Accordingly, a new token extracted in real-time from current network data is compared to the application signatures to determine if the current network data is generated by the particular application.

Abstract: Systems, methods, and computer-readable media for identifying an optimal cluster configuration for performing a job in a remote cluster computing system. In some examples, one or more applications and a sample of a production load as part of a job for a remote cluster computing system is received. Different clusters of nodes are instantiated in the remote cluster computing system to form different cluster configurations. Multi-Linear regression models segmented into different load regions are trained by running at least a portion of the sample on the instantiated different clusters of nodes. Expected completion times of the production load across varying cluster configurations are identified using the multi-linear regression models. An optimal cluster configuration of the varying cluster configurations is determined for the job based on the identified expected completion times.

Abstract: A method for applying a user-specific policy in a network. The method includes identifying a historical portion of network traffic of the network as associated with a user, analyzing, by a computer processor, the historical portion of network traffic to generate a fingerprint of the user, wherein the fingerprint represents characteristics of user activity in the network, identifying, by the computer processor, an ongoing portion of network traffic of the network as associated with the user, analyzing, by the computer processor and based on the fingerprint, the ongoing portion of network traffic to determine a match, wherein the match is determined at a time point within the ongoing portion of network traffic, and applying, in response to determining the match, the user-specific policy to the ongoing portion of network traffic subsequent to the time point.

Abstract: A network monitor may receive network log events and identify: a first set of network devices that have reported a target network log event, a second set of network devices that have not reported the target network log event, a first set of network log events reported by the first set of network devices, and a second set of network log events reported by the second set of network devices. The network monitor may determine which network log events are legitimate, and filter the legitimate network log events from the first set of network log events or the second set of network log events to produce a group of suspicious network log events that may be correlated with the target network log event. The network monitor may predict future suspicious network log events that may be correlated with the target network log event in order to predict equipment failures.

Abstract: In one embodiment, a device in a network receives one or more data units. The device calculates a hash value based on the one or more data units and using a hash function. Ranges of hash values generated by the hash function are assigned to different devices along the path such that any given hash value generated by the hash function is assigned to a predefined number of the devices along the path. The device determines whether the calculated hash value is within the range of hash values assigned to the device. The device stores data derived from the one or more data units, when the device determines that the calculated hash value is within the range of hash values assigned to to the device.

Abstract: In an example embodiment, a Software Defined Networking (SDN) application identifies a domain based on a destination address of a packet that is associated with a primary service. The domain corresponds to the primary service, and the primary service is configured to trigger one or more support flows from one or more ancillary services. The SDN application identifies the one or more support flows based on the domain, and generates one or more rules for distribution to one or more network elements that handle packets of the one or more support flows from the one or more ancillary services.

Abstract: A method for using a user device. The method includes obtaining, during a fingerprint learning phase, a historical portion of user activity data associated with user activity of a user using the user device, analyzing, by a computer processor of the user device, the historical portion to generate a fingerprint of the user, wherein the fingerprint represents characteristics of the user activity, obtaining, during a fingerprint matching phase subsequent to the fingerprint learning phase, an ongoing portion of the user activity data, analyzing, by the computer processor and based on the fingerprint, the ongoing portion to determine a match, wherein the match is determined at a time point within the fingerprint matching phase, and unlocking, by the computer processor and in response to determining the match, a locked data item for access, therein the locked data item is stored on the user device.

Abstract: A trusted user circle server for encryption key distribution and authentication support, as well as a client-side application which resides on user's devices are disclosed. In particular, the trusted user circle server manages a repository for static public keys (SPUK) which are used for authentication and secure distribution of a dynamic private context key (DPCK) used for the end-to-many encryption. Accordingly, posting users encrypt posted document using the DPCK and viewing users retrieve the DPCK to decrypt the posted document. These keys are associated to the trusted user circle and are generated dynamically for a given circle policy context (CPC). The CPC is an identifier that represents a group of members of a trusted user circle. It changes whenever any member of the trusted user circle leave it, when a new trusted user circle is created or when the DPCK expires after a pre-determined period of time.

Abstract: A method for detecting malicious HTTP redirections. The method includes obtaining, based on a single client IP address, HTTP flows triggered by visiting a website, extracting a sequence of URLs where a downstream URL is extracted from a child HTTP request that is triggered by a parent HTTP request containing an immediate upstream URL, analyzing the URL sequence to generate a statistical feature, and classifying, based on the statistical feature, the HTTP flows as containing at least one malicious HTTP redirection triggered by visiting the website.

Abstract: A method for analyzing a content delivery network. The method includes obtaining network traffic flows corresponding to user nodes accessing contents from a set of servers of the content delivery network, extracting a timing attribute from each network traffic flow associated with a server, where the timing attribute is aggregated into a timing attribute dataset of the server based on all network traffic flows associated with the server, generating a statistical measure of the timing attribute dataset as a portion of a feature vector representing the server, where the feature vector is aggregated into a set of feature vectors representing the set of servers, analyzing the set of feature vectors based on a clustering algorithm to generate a set of clusters, and generating, based on the set of clusters, a representation of server groups in the content delivery network.

Abstract: A method for detecting malicious HTTP redirections. The method includes obtaining, based on a single client IP address, HTTP flows triggered by visiting a website, extracting a sequence of URLs where a downstream URL is extracted from a child HTTP request that is triggered by a parent HTTP request containing an immediate upstream URL, analyzing the URL sequence to generate a statistical feature, and classifying, based on the statistical feature, the HTTP flows as containing at least one malicious HTTP redirection triggered by visiting the website.