Abstract: Disclosed is a method and system for determining one or more performance characteristics of a target server. A command is transmitted from a coordinator to a plurality of clients. The command instructs the plurality of clients to each transmit a request targeting a sub-system of said target server. A response time is then received from each client and a performance characteristic is determined from the received response times.

Abstract: A system that incorporates teachings of the present disclosure may include, for example, a computing device having an interface for receiving seed information, and a controller to identify one or more outliers from a reduced sampling of a total population of on-line social network (OSN) users according to the seed information and at least one of a social graph or a generalization of portions of the total population of OSN users. Additional embodiments are disclosed.

Abstract: A technique for examining the relationships of autonomous systems (ASes) participating in an Internet Exchange Point (IXP) utilizes packet tracing servers proximate the IXPs. Where such packet tracing servers cannot be found in the participating ASes, the methodology identifies additional vantage points by looking at a list of ASes that are one hop away from the ASes at the IXP. The choice of one-hop away ASes is made judiciously by picking ones that have better connectivity, based on past-data. Plural-hop ASes may also be used where necessary.

Abstract: A method and an apparatus for providing an electronic commerce website over a network are disclosed. For example, the method receives a request for a product or a service from a customer via an electronic commerce website, and identifies internal information pertaining to the request, wherein the internal information is information known by a business enterprise of the electronic commerce website. The method also identifies external information pertaining to the request, wherein the external information is information obtained by the business enterprise from another entity, and sends the internal information and the external information pertaining to the request to the customer.

Abstract: A method and apparatus for providing an anonymization of data are disclosed. For example, the method receives a communications graph that encodes a plurality of types of interactions between two or more entities. The method partitions the two or more entities into a plurality of classes, and applies a type of anonymization to the communications graph.

Abstract: A method and an apparatus for providing privacy in a network are disclosed. For example, the method receives a request, e.g., an HTTP request, from a user for information, wherein the information includes at least a Uniform Resource Locator (URL) of at least an aggregator. The method identifies all personally identifiable information of the user. The method then masks the personally identifiable information from the browser in the endpoint device of the user, while responding to the request.

Abstract: A sketch-based change detection technique is introduced for anomaly detection. The technique is capable of detecting significant changes in massive data streams with a large number of network time series. As part of the technique, we designed a variant of the sketch data structure, called k-ary sketch, uses a constant, small amount of memory, and has constant per-record update and reconstruction cost. A variety of time series forecast models are implemented on top of such summaries and detect significant changes by looking for flows with large forecast errors. Heuristics for automatically configuring the forecast model parameters are presented. Real Internet traffic data is used to demonstrate and validate the effectiveness of sketch-based change detection method for utilization as a building block for network anomaly detection and traffic measurement in large computer networks.

Abstract: Disclosed is a method and apparatus for compensating for a performance degradation of an application session in a plurality of application sessions associated with a network link. The performance of each application session in the plurality of application sessions associated with the network link is determined. The performance of each application session in the plurality is then compared. From this comparison, a lowest performance application session in the plurality of application sessions is identified. Corrective action is performed on packets scheduled to be transmitted over the lowest performance application session.

Abstract: A system to detect anomalies in internet protocol (IP) flows uses a set of machine-learning (ML) rules that can be applied in real time at the IP flow level. A communication network has a large number of routers that can be equipped with flow monitoring capability. A flow collector collects flow data from the routers throughout the communication network and provides them to a flow classifier. At the same time, a limited number of locations in the network monitor data packets and generate alerts based on packet data properties. The packet alerts and the flow data are provided to a machine learning system that detects correlations between the packet-based alerts and the flow data to thereby generate a series of flow-level alerts. These rules are provided to the flow time classifier. Over time, the new packet alerts and flow data are used to provide updated rules generated by the machine learning system.

Abstract: A technique for examining the relationships of autonomous systems (ASes) participating in an Internet Exchange Point (IXP) utilizes packet tracing servers proximate the IXPs. Where such packet tracing servers cannot be found in the participating ASes, the methodology identifies additional vantage points by looking at a list of ASes that are one hop away from the ASes at the IXP. The choice of one-hop away ASes is made judiciously by picking ones that have better connectivity, based on past-data. Plural-hop ASes may also be used where necessary.

Abstract: In embodiments of the disclosed technology, a plurality of ratings of, for example, websites is received, wherein each rating is associated with a category and a rater, and each rater is associated with at least one group. A selection of a category is received from the user, wherein the user is associated with at least one group. One website location, or a plurality of website locations, is provided in the category to the user, based on at least one rating of the plurality of ratings provided by at least one of the raters, wherein at least one group associated with the rater and at least one group associated with the user are the same group.

Abstract: A system and method for filtering unwanted Internet Protocol traffic based on blacklists receives a first blacklist containing a first plurality of Internet protocol addresses associated with unwanted Internet traffic. The system also operates a first plurality of access control lists adapted to block the unwanted Internet traffic from one of the first Internet protocol addresses listed in the first blacklist. The system also assigns a first weight to each of the first Internet protocol addresses based on a reliability of Internet traffic from each of the first Internet protocol addresses. Additionally, the system reduces a first number of the first access control lists to optimally trade off a number of desirable Internet protocol addresses blocked with a number of bad Internet protocol addresses blocked based on the first weight of each of the first Internet protocol addresses.

Abstract: Secondary leakage of private information is identified and remedied. Internet activity of a first party can result in such secondary leakage of private information of a second party. Information about the second party that would not otherwise be known becomes public based simply on related information that has been placed on a public site of a third party by the first party. Such disclosure is detected and the victim may be notified about the location. The victim can then decide if such secondary leakage is acceptable. If not, the first party or the third party may be notified, the activity may be stopped and the offending information can be removed.

Abstract: Described is a method of assigning a network address to a trap, the network address being a dark address of a virtual private network. The network traffic destined for the network address is monitored and a classification of the network traffic is determined. After the classification, a predetermined response is executed based on the classification of the traffic.

Abstract: Disclosed are method and apparatus for identifying members of a social network who have a high likelihood of providing a useful response to a query. A query engine examines the personal pages of a set of members and automatically gleans semantic information relevant to the query. From the automatically-gleaned semantic information, a score indicative of the likelihood that the member may provide a useful response is calculated.

Abstract: A method for detecting Web sites used for phishing, including preselecting one or more Web sites to be examined for duplication, selecting at least one or more elements that are present in the preselected Web site and that relate to characteristic identifying features of the preselected Web site, forming at least one search query using the one or more elements, and submitting the at least one search query to an indexed public search engine. The elements illustratively may be URL substrings, content identification substrings, or tree structure-related substrings. A report of Web sites using the selected one or more search terms is received from the public search engine in response to the query, and the preselected Web site is eliminated from the Web sites found in the search.

Abstract: Traffic flow from a traffic source with a source IP address to a customer system with a destination IP address is filtered by comparing the source IP address to a customer blacklist. If the source IP address is on the customer blacklist, then traffic to the customer system is blocked; else, traffic to the customer system is allowed. The customer blacklist is generated from a network blacklist, comprising IP addresses of unwanted traffic sources, and a customer whitelist, comprising IP addresses of wanted traffic sources. The customer blacklist is generated by removing from the network blacklist any IP address also on the customer whitelist. The network blacklist is generated by acquiring raw blacklists from reputation systems. IP addresses on the raw blacklists are sorted by prefix groups, which are rank ordered by traffic frequency. Top prefix groups are selected for the network blacklist.

Abstract: A request is received at a resource server for a first resource, the request accompanied by a proxy filter. A second resource is identified based on the proxy filter and based on a relationship between the first resource and the second resource. The first resource and information regarding the second resource is provided to a network interface for communication to a proxy server.

Abstract: A method and apparatus for enabling peer networks to reduce the exchange of unwanted traffic are disclosed. For example, the method receives at least one of: a source Internet Protocol (IP) address or a source IP address prefix that has been identified as a source of the unwanted traffic, by an originating peer network from a terminating peer network. The method then blocks the unwanted traffic destined to the terminating peer network by the originating peer network.

Abstract: A method for providing network access privacy by classifying filter parameters of a group of users who are accessing one or more network destinations. The system includes a means for collecting information from both users, and about network destinations, generating suggestions for a user regarding filter parameters, and filtering network communications of users going to network destinations. In operation, users who are accessing network destinations are prompted to choose from a selection of filter parameters. The information provided by these users is then analyzed and used to generate suggested filter parameters for other users. As users provide more information to the system about various network destinations the system is able to provide more information to users about more network destinations and thus generate more accurate filter parameter suggestions. After a user selects their filter parameters the system filters a range of information coming from the user and going out to the network destination.