Abstract: Aspects of the present invention disclose a method, computer program product, and system for domain name classification. The method includes one or more processors receiving a request for querying a first domain name. The method further includes one or more processors acquiring a first source internet protocol (IP) address and the first domain name from the request. In response to determining the first domain name is not classified, the method further includes one or more processors an access tendency of the first source IP address based on a plurality of classifications of a plurality of domain names queried by the first source IP address. The method further includes one or more processors estimating a first classification of the first domain name based on the access tendency of the first source IP address.

Abstract: An intelligent network management device including an analytic unit, conducting an analysis according to received packets in order to determine whether a given event is occurred; and a processing unit, generating and sending a control instruction to a SDN controller to change configurations of a SDN switch when the analytic unit determined the given event has been occurred.

Abstract: A technique to secure a wireless communication link that is being shared among a wireless access point (AP), and each of a set of wireless clients (each a mobile station (STA)) that are coupled to the AP over the communication link. A typical implementation is a WPA2-PSK communication link. In this approach, and in lieu of a single secret key being shared by all AP-STA pairs, each AP-STA pair derives its own unique WLAN shared secret, preferably via a Diffie-Hellman (DH) key exchange. The WLAN shared secret is then used to generate WPA2-PSK keys, namely, pairwise master key (PMK) and pairwise transient key (PTK), that establish an 802.11 standards-compliant secure link.

Abstract: Disclosed is a method of customizing an appliance. The method includes steps of pre-storing a public key in the appliance; connecting the appliance to an external storage device; and booting up the appliance to automatically proceed with the following customization process: obtaining a customization file from the external storage device; authenticating the customization file with the public key; and executing customization with the customization file if the authentication succeeds.

Abstract: Securing public hotspot communications by: generating a public-private key pair, deriving an SSID using the generated public key, creating a network using the SSID, specifying a network security setting, and providing a Client the SSID and network security settings. Further, by: receiving a network connection request from the Client, establishing a connection with the Client, receiving a probe request from a network access point, sending an authentication message, receiving SSID configuration information from the network access point, associating the SSID network and the network access point, and receiving Client data.

Abstract: Embodiments provide a system and method for network tracking. Through various methods of packet encapsulation or IP option filling, one or more packets of information can be tagged with a unique security tag to prevent unauthorized access. A user agent can be validated by an authentication server through acceptance of one or more user credentials. The authentication server can generate a security token that can be transmitted to the user agent. The user agent can generate a keystream from the security token, and portions of that keystream can be attached to the packets as the security tag. The tagged packets can be forwarded to an authenticator, who can recreate the keystream from a copy of the security token provided by the authentication server. If the tags generated from the authenticator match the tags on the tagged packet, the authenticator can strip the tag from the tagged packet and forward the packet on to its next network address.

Abstract: Aspects of the present invention disclose a method, computer program product, and system for domain name classification. The method includes one or more processors receiving a request for querying a first domain name. The method further includes one or more processors acquiring a first source internet protocol (IP) address and the first domain name from the request. In response to determining the first domain name is not classified, the method further includes one or more processors an access tendency of the first source IP address based on a plurality of classifications of a plurality of domain names queried by the first source IP address. The method further includes one or more processors estimating a first classification of the first domain name based on the access tendency of the first source IP address.

Abstract: Optimizing receive side scaling (RSS) key selection is provided. Different weights are assigned to different fields of flow data corresponding to a network connection of a registered client device. A score is generated representing an amount of balanced processor loading for each RSS key corresponding to the registered client device based on the different fields of the flow data with assigned weights. A current RSS key on the registered client device is updated with an optimal RSS key based on the score corresponding to the optimal RSS key representing balanced loading of processors on the registered client device.

Abstract: Embodiments pertain to facilitation of live migration of a virtual machine in a network system. During live migration, a first appliance is cloned and state information directed to a first network flow is obtained. The state information is utilized by the cloned appliance to re-direct operations associated with the first network flow. At such time as the first network flow is terminated, the cloned is removed.

Abstract: A data packet is received. The data packet is a unit of data transmitted across a packet-switched network. A determination is made whether a new connection is detected. The data packet is transmitted using the new connection. In response to determining that a new connection is detected, a connection context for the new connection is added to a current connection context in a dynamic event table. The dynamic event table includes the current connection context, one or more previous connection contexts, and a listing of one or more events. Each event of the one or more events is a malicious activity and is retrieved from a repository. A score for each event is calculated based on the current connection context. Each event in the dynamic event table is prioritized based on the calculated score for each event. The event with the highest score receives the highest priority.

Abstract: A technique to secure a wireless communication link that is being shared among a wireless access point (AP), and each of a set of wireless clients (each a mobile station (STA)) that are coupled to the AP over the communication link. A typical implementation is a WPA2-PSK communication link. In this approach, and in lieu of a single secret key being shared by all AP-STA pairs, each AP-STA pair derives its own unique WLAN shared secret, preferably via a Diffie-Hellman (DH) key exchange. The WLAN shared secret is then used to generate WPA2-PSK keys, namely, pairwise master key (PMK) and pairwise transient key (PTK), that establish an 802.11 standards-compliant secure link.

Abstract: Securing public hotspot communications by: generating a public-private key pair, deriving an SSID using the generated public key, creating a network using the SSID, specifying a network security setting, and providing a Client the SSID and network security settings. Further, by: receiving a network connection request from the Client, establishing a connection with the Client, receiving a probe request from a network access point, sending an authentication message, receiving SSID configuration information from the network access point, associating the SSID network and the network access point, and receiving Client data.

Abstract: Optimizing receive side scaling (RSS) key selection is provided. Different weights are assigned to different fields of flow data corresponding to a network connection of a registered client device. A score is generated representing an amount of balanced processor loading for each RSS key corresponding to the registered client device based on the different fields of the flow data with assigned weights. A current RSS key on the registered client device is updated with an optimal RSS key based on the score corresponding to the optimal RSS key representing balanced loading of processors on the registered client device.

Abstract: Optimizing receive side scaling (RSS) key selection is provided. Different weights are assigned to different fields of flow data corresponding to a network connection of a registered client device. A score is generated representing an amount of balanced processor loading for each RSS key corresponding to the registered client device based on the different fields of the flow data with assigned weights. A current RSS key on the registered client device is updated with an optimal RSS key based on the score corresponding to the optimal RSS key representing balanced loading of processors on the registered client device.

Abstract: Selecting a receive side scaling (RSS) key is provided. It is determined whether a defined time interval expired. In response to determining that the defined time interval has expired, it is determined whether one or more keys in a set of randomly generated candidate RSS keys have a higher packet distribution score than an active RSS key. In response to determining that one or more keys in the set of randomly generated candidate RSS keys have a higher packet distribution score than the active RSS key, an RSS key having a highest packet distribution score is selected from the one or more keys in the set of randomly generated candidate RSS keys that have a higher packet distribution score than the active RSS key. The RSS key having the highest packet distribution score is used to distribute incoming network packets across a plurality of processors.

Abstract: A data packet is received. The data packet is a unit of data transmitted across a packet-switched network. A determination is made whether a new connection is detected. The data packet is transmitted using the new connection. In response to determining that a new connection is detected, a connection context for the new connection is added to a current connection context in a dynamic event table. The dynamic event table includes the current connection context, one or more previous connection contexts, and a listing of one or more events. Each event of the one or more events is a malicious activity and is retrieved from a repository. A score for each event is calculated based on the current connection context. Each event in the dynamic event table is prioritized based on the calculated score for each event. The event with the highest score receives the highest priority.

Abstract: Optimizing receive side scaling (RSS) key selection is provided. Different weights are assigned to different fields of flow data corresponding to a network connection of a registered client device. A score is generated representing an amount of balanced processor loading for each RSS key corresponding to the registered client device based on the different fields of the flow data with assigned weights. A current RSS key on the registered client device is updated with an optimal RSS key based on the score corresponding to the optimal RSS key representing balanced loading of processors on the registered client device.

Abstract: Selecting a receive side scaling (RSS) key is provided. It is determined whether a defined time interval expired. In response to determining that the defined time interval has expired, it is determined whether one or more keys in a set of randomly generated candidate RSS keys have a higher packet distribution score than an active RSS key. In response to determining that one or more keys in the set of randomly generated candidate RSS keys have a higher packet distribution score than the active RSS key, an RSS key having a highest packet distribution score is selected from the one or more keys in the set of randomly generated candidate RSS keys that have a higher packet distribution score than the active RSS key. The RSS key having the highest packet distribution score is used to distribute incoming network packets across a plurality of processors.

Abstract: Disclosed is a method of customizing an appliance. The method includes steps of pre-storing a public key in the appliance; connecting the appliance to an external storage device; and booting up the appliance to automatically proceed with the following customization process: obtaining a customization file from the external storage device; authenticating the customization file with the public key; and executing customization with the customization file if the authentication succeeds.

Abstract: A data packet is received. The data packet is a unit of data transmitted across a packet-switched network. A determination is made whether a new connection is detected. The data packet is transmitted using the new connection. In response to determining that a new connection is detected, a connection context for the new connection is added to a current connection context in a dynamic event table. The dynamic event table includes the current connection context, one or more previous connection contexts, and a listing of one or more events. Each event of the one or more events is a malicious activity and is retrieved from a repository. A score for each event is calculated based on the current connection context. Each event in the dynamic event table is prioritized based on the calculated score for each event. The event with the highest score receives the highest priority.