Abstract: Disclosed biopsy markers are adapted to serve as localization markers during a surgical procedure. Adaptation includes incorporation of materials detectable under ultrasound during surgery, as well as features for co-registration with image guidance or other real-time imaging technologies during surgery. Such biopsy markers, when used as localization markers, improve patient comfort and reduce challenges in surgical coordination and surgery time. Additional disclosed biopsy markers are adapted to serve as monitoring and/or detection apparatuses, Localization of an implanted marker may be done with ultrasound technology. Ultrasound image data is analyzed to identify the implanted marker. A distance to the marker or a lesion may be determined and displayed. The determined distance may be a distance between the ultrasound probe and the marker or lesion, a distance between the marker or lesion and an incision instrument, and/or a distance between the ultrasound probe and the incision instrument.

Abstract: A method of configuring a filter to perform pattern matching against input data is provided. The method includes receiving one or more rules, each rule including one or more field specifiers, each field specifier including a value specifier that specifies a value to be matched and a location specifier that specifies a location in the input data. For each rule of the one or more rules an empty buffer is initialized. For each field specifier the value specified by the field specifier is appended to the buffer, and the buffer contents are inserted into contents of a probabilistic data structure representing all of the field specifiers of the rule. The probabilistic data structure is configured to receive a query that includes query buffer contents determined from the input data and respond with a match status of probably present based on a predetermined probability, or definitely not present.

Abstract: A method includes selecting one or more green addresses, each being a different IP address from a block of IP addresses, associating the green addresses with the IP address of the server, and receiving a packet from a client directed to an IP address of the block of IP addresses. It is determined whether the destination address matches the one or more green addresses or is a yellow address. When determined that the destination address matches the one or more green addresses, the packet is sent to the IP address associated with the matching green address, bypassing any DPI. Otherwise, the packet is sent to a scrubber to analyze the packet using DPI and handle the packet or perform a redirection of the client. The redirection causes subsequent requests from the client to be sent to the IP address associated with the green address, bypassing any DPI.

Abstract: A method of monitoring a network is provided. The method includes receiving a packet of network traffic, determining a source IP address of the packet, consulting a database of source IP addresses, each source IP address having an associated probability of threat indicator (PTI) that indicates a probability of threat posed by the source IP address. The packet's source IP address' PTI is assigned to the packet as the packet's PTI, and one or more inspection checks are selected to be performed on the packet, wherein the selection of the inspection checks is a function of the packet's source IP address PTI. The method further includes performing the selected inspection checks, assigning treatment of the packet based on a result of the inspection checks performed, and adjusting the packet's source IP address' PTI or the packet's PTI based on the result of the one or more inspection checks performed.

Abstract: A computer system and process for mitigating a Distributed Denial of Service (DDoS) attack by analyzing and correlating inbound and outbound packet information relative to the one or more protected computer networks for detecting novel DDoS Reflection/Amplification attack vectors. Created are separate data repositories that respectively store information relating to captured inbound and outbound packets flowing to and from the protected computer networks. Stored in each respective inbound and outbound data repository are identified inbound destination ports respectively associated with the captured inbound and outbound packets such that each identified inbound destination port number is associated with 1) a packet count relating to the inbound and outbound packets; and 2) a packet byte length count relating to each of the inbound and outbound packets.

Abstract: A computer method and system for mitigating Domain Name System (DNS) misuse using a probabilistic data structure, such as a cuckoo filter. Intercepted is network traffic flowing from one or more external hosts to a computer network, the intercepted network traffic including a DNS request that requests a Resource Record name in a DNS zone file. A determination is made as to whether the DNS request is requesting resolution at a protected DNS Name Server. A hash value is calculated for the requested Resource Record name if it is determined the DNS request is requesting resolution at the protected DNS Name Server. A determination is then made as to whether the calculated hash value for the requested Resource Record name is present in the probabilistic data structure. The DNS request is forwarded to the protected server if the requested Resource Record name is determined present in the probabilistic data structure.

Abstract: A system and computer-implemented method of managing botnet attacks to a computer network is provided. The system and method includes receiving a DNS request included in network traffic, each DNS request included in the network traffic and including a domain name of a target host and identifying a source address of a source host, wherein the translation of the domain name, if translated, provides an IP address to the source host that requested the translation. The domain name of the DNS request is compared to a botnet domain repository, wherein the botnet domain repository includes one or more entries, each entry having a confirmation indicator that indicates whether the entry corresponds to a confirmed botnet.

Abstract: A method includes selecting one or more green addresses, each being a different IP address from a block of IP addresses, associating the green addresses with the IP address of the server, and receiving a packet from a client directed to an IP address of the block of IP addresses. It is determined whether the destination address matches the one or more green addresses or is a yellow address. When determined that the destination address matches the one or more green addresses, the packet is sent to the IP address associated with the matching green address, bypassing any DPI. Otherwise, the packet is sent to a scrubber to analyze the packet using, DPI and handle the packet or perform a redirection of the client. The redirection causes subsequent requests from the client to be sent to the IP address associated with the green address, bypassing any DPI.

Abstract: A method of automated filtering includes receiving a network traffic snapshot having packets with data stored in respective fields, generating a statistical data structure storing each potential unique combination of data stored in respective fields with an associated counter that is incremented for each occurrence that the combination matches one of the packets of the network traffic snapshot and one or more observation timestamps. Determining an observed vector from the statistical data structure, wherein the observed vector has associated attribute/value pairs and counters that satisfy a predetermined criterion. The observed vector's attribute/value pairs are compared to known attribute/value pairs associated with known DDoS attack vectors of an attack vector database.

Abstract: A computer method and system for mitigating Domain Name System (DNS) misuse using a probabilistic data structure, such as a cuckoo filter. Intercepted is network traffic flowing from one or more external hosts to a computer network, the intercepted network traffic including a DNS request that requests a Resource Record name in a DNS zone file. A determination is made as to whether the DNS request is requesting resolution at a protected DNS Name Server. A hash value is calculated for the requested Resource Record name if it is determined the DNS request is requesting resolution at the protected DNS Name Server. A determination is then made as to whether the calculated hash value for the requested Resource Record name is present in the probabilistic data structure. The DNS request is forwarded to the protected server if the requested Resource Record name is determined present in the probabilistic data structure.

Abstract: A method of monitoring a network during a DDoS attack is provided. The method includes receiving packets included in the attack, determining whether the packets are designated for tarpitting, for each packet from a source determined to be designated for tarpitting, assigning the packet to an existing or newly established flow, applying at least one tarpitting technique, and applying a randomization function for adjusting the at least one tarpitting technique or for selecting the at least one tarpitting technique to be applied from a plurality of candidate tarpitting techniques.

Abstract: A method of delaying computer network clients from sending DNS queries. The method includes receiving a DNS query from a client and consulting a client record in a client record database and/or a flow record in a flow record database storing information about the flow including about one or more previous DNS queries and/or responses in the flow. The method further includes formulating a response to the DNS query as a function of the information about the client and/or the information about the flow, updating the client record with information about the client and/or the flow record with information about the DNS query and the response as formulated, and transmitting the response as formulated to the client. The DNS query includes a question and the response is intentionally defective or incomplete and causes the client to be delayed in sending another DNS query as part of an attack.

Abstract: A method and network are provided for monitoring a network during a DDoS attack. The method includes establishing a flow record for flows designated for tarpitting and a state machine, each state of multiple states of the state machine having an associated handler function. The handler function associated with a current state of a state machine associated with a flow is invoked to perform one or more actions associated with the flow or the flow record for applying at least one tarpitting technique of one or more candidate tarpitting techniques associated with the flow record, and return a next state, which is used to update the current state of the state machine. The handler function associated with the current state of the state machine is repeatedly invoked, wherein each invocation of the handler function potentially applies different tarpitting techniques.

Abstract: A system and computer-implemented method to monitor network traffic for a protected network using a block of IP addresses including an IP address for a server. The method includes selecting one or more green addresses, each being a different IP address from the block of IP addresses, associating the green addresses with the IP address of the server, and receiving a packet of the internet traffic from a client directed to an IP address of the block of IP addresses prior to any performance of DPI on the packet. It is determined whether the destination address matches the one or more green addresses or is a yellow address (which belongs to the block of IP addresses, but is not a green address). When determined that the destination address matches the one or more green addresses, the method the packet is sent to the IP address associated with the matching green address, bypassing any DPI.

Abstract: A computer method and system for mitigating Domain Name System (DNS) misuse using a probabilistic data structure, such as a cuckoo filter. Intercepted is network traffic flowing from one or more external hosts to a computer network, the intercepted network traffic including a DNS request that requests a Resource Record name in a DNS zone file. A determination is made as to whether the DNS request is requesting resolution at a protected DNS Name Server. A hash value is calculated for the requested Resource Record name if it is determined the DNS request is requesting resolution at the protected DNS Name Server. A determination is then made as to whether the calculated hash value for the requested Resource Record name is present in the probabilistic data structure. The DNS request is forwarded to the protected server if the requested Resource Record name is determined present in the probabilistic data structure.

Abstract: A computer method and system for prioritizing network traffic flow to a protected computer network. Network traffic flowing from one or more external hosts to the protected computer network is intercepted and intercepted data packets are dropped if forwarding the intercepted data packet to the protected network would cause the value of the bandwidth of network traffic flow to the protected network to exceed a configured overall traffic bandwidth threshold value associated with the protected network. If not dropped, the intercepted data packet is analyzed to determine a classification type for the intercepted data packet based upon prescribed criteria wherein each classification type has an assigned classification bandwidth threshold value, wherein the classification bandwidth threshold value is less than the overall traffic bandwidth threshold value for the protected network.

Abstract: A computer method and system for prioritizing network traffic flow to a protected computer network. Network traffic flowing from one or more external hosts to the protected computer network is intercepted and intercepted data packets are dropped if forwarding the intercepted data packet to the protected network would cause the value of the bandwidth of network traffic flow to the protected network to exceed a configured overall traffic bandwidth threshold value associated with the protected network. If not dropped, the intercepted data packet is analyzed to determine a classification type for the intercepted data packet based upon prescribed criteria wherein each classification type has an assigned classification bandwidth threshold value, wherein the classification bandwidth threshold value is less than the overall traffic bandwidth threshold value for the protected network.

Abstract: A system and computer-implemented method of monitoring a network is provided. The method includes receiving a packet of network traffic, wherein the packet has an associated source and destination address pair, where this pair constitutes a connection pair. The method further includes comparing the packet to a plurality of patterns and/or compare a source or destination address of the packet to known malicious addresses, and upon determining that the packet matches a pattern of the plurality of patterns or the source or destination address of the packet matches a known malicious address. The method further includes deploying a honeypot in a container for the pattern matching the packet, if not yet deployed, and forwarding all network traffic for the connection pair to the honeypot.

Abstract: Detecting a Denial of Service (DoS) attack in a network by a network edge router device whereby network traffic flows from the edge router to a core router in the network. Storing DoS attack traffic information in storage associated with the edge router which receives network traffic. Determining in the edge router if a portion of the received network traffic matches at least a portion of the stored DoS attack information. Determining in the edge router an alert condition exists if a portion of the received network traffic is determined to match at least a portion of the stored DoS attack information. Send an alert signal from the edge router to an attack mitigation device if it is determined an alert condition exists causing the attack mitigation device to transition to a mitigation state for mitigating effects of a DoS attack upon the network.

Abstract: A computer method and system for detecting and preventing over-mitigation of network attacks (e.g., Denial of Service (DoS) attacks) upon a protected computer network by a network security element. A determination is made as to whether captured data packets transmitting to a protected network are associated with legitimate network traffic (e.g., non-attack traffic). A matching pattern of the captured data packets determined legitimate network traffic is generated and test traffic packets utilizing the matching pattern of the captured data packets are then generated. The generated test traffic packets are then injected into the network security element/filter. A determination is then made as to whether if the injected test traffic packets are treated as a malicious traffic (e.g., a DoS attack), or as legitimate traffic, by the network security filter. If treated as malicious traffic (e.g.