Abstract: Systems and methods for discovery and mapping of industrial control and SCADA networks are described herein. The disclosed systems and methods help operators ensure the cyber security of their SCADA network through accurate discovery, fingerprinting and mapping the industrial control network map, including PLCs (Programmable Logic Controller) and RTUs (Remote Terminal Unit), using passive techniques.

Abstract: Disclosed is a method 101 to be used on collected network data flow 116 associated with a network 100; the method 101 includes: an anomaly-detection operation 103 including: (A) obtaining the collected network data flow 116; and (B) performing an iterative principal component analysis on the collected network data flow 116 to detect an anomaly associated with the collected network data flow 116. The method may be used in a server and a network, and may also be implemented as a non-transitory computer-readable media. A corresponding system for detecting the anomaly in the network flow data is also provided.

Abstract: Network traffic flow records received from a network probe are recorded in multiple sets of buckets of different granularity, optimized for the purpose of almost instant analysis and display as well as for longer term report generation. The flow data is pre-processed and stored redundantly in parallel in multiple bucketized data base tables of different time window sizes. Denormalized tables keyed on different combinations of traffic flow attributes are precomputed and stored in parallel tables redundantly to facilitate a near real time display of summarized network traffic data, and a capability to rapidly generate reports for different monitoring periods.

Abstract: Network traffic flow records received from a network probe are filtered and short traffic flows are selected so that the total number of short traffic flows is high but the number of bytes in the short traffic flows is negligible, followed by discarding of the short traffic flows. Traffic flow data is recorded in multiple sets of buckets of different granularity, optimized for the purpose of almost instant analysis and display as well as for longer term report generation. The traffic flow data is pre-processed and stored redundantly in parallel in multiple bucketized data base tables of different time window sizes. A corresponding method and system are provided.

Abstract: Devices, networks and methods relating to routing gateway traffic in a mesh network for wireless access. A mesh network has multiple nodes in at least one gateway node through which all incoming and outgoing data traffic pass through. The nodes provide wireless access to wireless and user devices, each of which is associated with anode in the mesh network. Each gateway node contains a record detailing which nodes are providing wireless access to which wireless end user device and which nodes are associated with which end user devices. This record of each end user device's location is periodically updated as the gateway node periodically receives data from the nodes which detail the device is being serviced by which node. Any incoming data traffic destined for an end user device is encapsulated and routed to the proper node servicing that end user device.

Abstract: A real-time network-analysis system comprises a network appliance and a plurality of management devices. The network appliance continuously monitors an object network and synthesizes a current network image comprising contemporaneous indicators of connectivity, occupancy, and performance of the object network. A management-client device may gain access to the network image for timely control and for use in producing long-term network-evolution plans. To enable the creation of a real-time network image, optimized topology synthesis algorithms are devised to minimize the computational effort. The real-time network-analysis system is adapted for use with an object network employing a variety of routing protocols, such as link-state protocols, and network-management protocols, such as the Simple-Network-Management protocol.

Abstract: Devices, networks and methods relating to routing gateway traffic in a mesh network for wireless access. A mesh network has multiple nodes in at least one gateway node through which all incoming and outgoing data traffic pass through. The nodes provide wireless access to wireless and user devices, each of which is associated with anode in the mesh network. Each gateway node contains a record detailing which nodes are providing wireless access to which wireless end user device and which nodes are associated with which end user devices. This record of each end user device's location is periodically updated as the gateway node periodically receives data from the nodes which detail the device is being serviced by which node. Any incoming data traffic destined for an end user device is encapsulated and routed to the proper node servicing that end user device.

Abstract: Devices, networks and methods relating to routing gateway traffic in a mesh network for wireless access. A mesh network has multiple nodes in at least one gateway node through which all incoming and outgoing data traffic pass through. The nodes provide wireless access to wireless and user devices, each of which is associated with a node in the mesh network. Each gateway node contains a record detailing which nodes are providing wireless access to which wireless end user device and which nodes are associated with which end user devices. This record of each end user device's location is periodically updated as the gateway node periodically receives data from the nodes which detail the device is being serviced by which node. Any incoming data traffic destined for an end user device is encapsulated and routed to the proper node servicing that end user device.

Abstract: Methods and apparatus for topology discovery of a network having heterogeneous network devices are disclosed. A network appliance communicates with the network devices to acquire device descriptors and characterize the network devices accordingly. Topology discovery is based on device characteristics, media-access data, and encoded connectivity patterns, where each connectivity pattern is defined by devices of specific device types and respective media-access data. A topology deduction module of the network appliance synthesizes a network image starting with unconnected devices and progressively incorporating detected connectivity patterns.

Abstract: Methods and apparatus for topology discovery of a network having heterogeneous network devices are disclosed. A network appliance communicates with the network devices to acquire device descriptors and characterize the network devices accordingly. Topology discovery is based on device characteristics, media-access data, and encoded connectivity patterns, where each connectivity pattern is defined by devices of specific device types and respective media-access data. A topology deduction module of the network appliance synthesizes a network image starting with unconnected devices and progressively incorporating detected connectivity patterns.

Abstract: A real-time network-analysis system comprises a network appliance and a plurality of management devices. The network appliance continuously monitors an object network and synthesizes a current network image comprising contemporaneous indicators of connectivity, occupancy, and performance of the object network. A management-client device may gain access to the network image for timely control and for use in producing long-term network-evolution plans. To enable the creation of a real-time network image, optimized topology synthesis algorithms are devised to minimize the computational effort. The real-time network-analysis system is adapted for use with an object network employing a variety of routing protocols, such as link-state protocols, and network-management protocols, such as the Simple-Network-Management protocol.

Abstract: Devices, networks and methods relating to routing gateway traffic in a mesh network for wireless access. A mesh network has multiple nodes in at least one gateway node through which all incoming and outgoing data traffic pass through. The nodes provide wireless access to wireless and user devices, each of which is associated with a node in the mesh network. Each gateway node contains a record detailing which nodes are providing wireless access to which wireless end user device and which nodes are associated with which end user devices. This record of each end user device's location is periodically updated as the gateway node periodically receives data from the nodes which detail the device is being serviced by which node. Any incoming data traffic destined for an end user device is encapsulated and routed to the proper node servicing that end user device.

Abstract: An alert system for a communications network has a plurality of client devices and a plurality of alert servers each adapted to provide alerts to a respective subset of the client devices to provide scalability. Users at the client devices subscribe to receive alerts by selecting a scope of distribution of alerts. The selection involves selecting a type of alert to receive, a level of severity of alerts to receive, and a geographic scope. In response to receiving a request to issue an alert, an alert server notifies the other alert servers of the alert. Each alert server determines which client devices of the respective subset of client devices are to receive the alert. Each alert server then sends an alert message to its client devices that are to receive the alert.

Abstract: Devices, networks and methods relating to routing gateway traffic in a mesh network for wireless access. A mesh network has multiple nodes in at least one gateway node through which all incoming and outgoing data traffic pass through. The nodes provide wireless access to wireless and user devices, each of which is associated with a node in the mesh network. Each gateway node contains a record detailing which nodes are providing wireless access to which wireless end user device and which nodes are associated with which end user devices. This record of each end user device's location is periodically updated as the gateway node periodically receives data from the nodes which detail the device is being serviced by which node. Any incoming data traffic destined for an end user device is encapsulated and routed to the proper node servicing that end user device.

Abstract: A method for monitoring lightpaths in an optical network comprising nodes interconnected by wavelength-multiplexed links is disclosed. Each lightpath is identified by a respective optical signature. A node stores identifiers of optical signatures of lightpaths designated to traverse the node and identifiers of adjacent nodes. Each node also maintains a record of all optical signatures it detects. A command-line interface associated with a selected node tracks a selected lightpath, designated to traverse the selected node, by propagating messages in an upstream direction, a downstream direction, or both, requesting other nodes to provide information pertinent to the selected lightpath. The selected node may also send messages to all its neighboring nodes requesting each to indicated detection, or otherwise, of the selected lightpath.

Abstract: An alert system for a communications network has a plurality of client devices and a plurality of alert servers each adapted to provide alerts to a respective subset of the client devices to provide scalability. Users at the client devices subscribe to receive alerts by selecting a scope of distribution of alerts. The selection involves selecting a type of alert to receive, a level of severity of alerts to receive, and a geographic scope. In response to receiving a request to issue an alert, an alert server notifies the other alert servers of the alert. Each alert server determines which client devices of the respective subset of client devices are to receive the alert. Each alert server then sends an alert message to its client devices that are to receive the alert.

Abstract: A system of hitless restart in a network, where at least one node in the network provides routing control distributed among ingress ports (ingress cards) and egress ports (egress cards), is disclosed. With distributed routing control, each ingress card has its own routing-control software and each egress card has its own routing-control software. When the routing-software at an ingress port or an egress port of a node is restarted, current connections traversing a restarting ingress card or a restarting egress card continue to function normally during a restart period without data loss. The disclosed system is tailored to a multi-protocol label switching (MPLS) network employing distributed-resource-reservation-protocol traffic engineering (RSVP-TE). The system relies on messaging between ingress card control planes, ingress card data planes, egress card control planes, and egress card data planes of a restarting node.

Abstract: A real-time network-analysis system comprises a network appliance and a plurality of management devices. The network appliance continuously monitors an object network and synthesizes a current network image comprising contemporaneous indicators of connectivity, occupancy, and performance of the object network. A management-client device may gain access to the network image for timely control and for use in producing long-term network-evolution plans. To enable the creation of a real-time network image, optimized topology synthesis algorithms are devised to minimize the computational effort. The real-time network-analysis system is adapted for use with an object network employing a variety of routing protocols, such as link-state protocols, and network-management protocols, such as the Simple-Network-Management protocol.

Abstract: Devices, networks and methods relating to routing gateway traffic in a mesh network for wireless access. A mesh network has multiple nodes in at least one gateway node through which all incoming and outgoing data traffic pass through. The nodes provide wireless access to wireless and user devices, each of which is associated with a node in the mesh network. Each gateway node contains a record detailing which nodes are providing wireless access to which wireless end user device and which nodes are associated with which end user devices. This record of each end user device's location is periodically updated as the gateway node periodically receives data from the nodes which detail the device is being serviced by which node. Any incoming data traffic destined for an end user device is encapsulated and routed to the proper node servicing that end user device.

Abstract: A method to trace, detect, discover and monitor the nodes traversed by a light path from its source to its destination in an Optical Communication Network (OCN) is provided. In accordance with the embodiment of the invention, the system examines various provisioned and discovered optical nodes either sequentially or in parallel to determine whether a unique signature (wavekey) associated with the light path is present. Connectivity and mis-fibering problems are detected by sequentially examining provisioned nodes in the light path to determine if the wavekey associated with the light path can be observed. Control Network topology information is utilized to contact all nodes in the network to trouble-shoot mis-fibering problems.