Abstract: A system (200) detects transmission of potentially malicious packets. The system (200) receives, or otherwise observes, packets and generates hash values based on variable-sized blocks of the packets. The system (200) then compares the generated hash values to hash values associated with prior packets. The system (200) determines that one of the received packets is a potentially malicious packet when one or more of the generated hash values associated with the received packet match one or more of the hash values associated with the prior packets.

Abstract: A system (126-129) detects transmission of potentially malicious packets. The system (126-129) receives packets and generates hash values corresponding to each of the packets. The system (126-129) may then compare the generated hash values to hash values corresponding to prior packets. The system (126-129) determines that one of the packets is a potentially malicious packet when the generated hash value corresponding to the one packet matches one of the hash values corresponding to one of the prior packets and the one prior packet was received within a predetermined amount of time of the one packet. The system (126-129) may also facilitate the tracing of the path taken by a potentially malicious packet. In this case, the system (126-129) may receive a message that identifies a potentially malicious packet, generate hash values from the potentially malicious packet, and determine whether one or more of the generated hash values match hash values corresponding to previously-received packets.

Abstract: An arithmetic logic unit (140) improves the processing of information. The arithmetic logic unit (140) includes a register unit (250), a ternary content addressable memory (260), and an operations unit (270).

Abstract: A system processes communication signals in a network [100, 200]. The system may obtain time of arrival information for chunks of data in the network and construct a signal [410, 420] to represent the time of arrival information. The signal may consist of data that is non-uniformly spaced. The system may process the signal using a Lomb technique to obtain periodicity information [600, 800] about the signal.

Abstract: The invention relates to a transport protocol and associated methods and stack architectures for improving the energy efficiency of transmitting packets through an ad hoc network. The protocol controls transmissions by taking into account per-packet energy limits, per-node loss tolerances, and/or minimum availability rates determined based on path quality measurements collected by packets traversing the network and application reliability requirements associated with various applications.

Abstract: A system processes communication signals in a network [100, 200]. The system may obtain time of arrival information for chunks of data in the network and construct a signal [410, 420] represent the time of arrival information. The signal may consist of data that is non-uniformly spaced. The system may process the signal using a Lomb technique to obtain periodicity information [600, 800] about the signal.

Abstract: An apparatus and method for processing data associated with a supply chain management process assessment of an entity. In one embodiment the method includes receiving data in response to a request for supply chain management system assessment information from a plurality of users associated with the supply chain management system, the response data characterizing supply chain process elements in a plurality of categories for the at least one portfolio, transforming the response data in accordance with a predetermined transformation to a corresponding numerical value for each element, and generating a graphical display of at least a portion of the transformed response data, the graphical display comprising the numerical values for at least one elements in at least category for the at least one portfolio.

Abstract: Systems and methods for incorporating information corresponding to an end-to-end transmission in determining access to a communication medium include: receiving a first data packet, said first data packet comprising information corresponding to a destination node; determining an intermediate node for said first data packet; and transmitting, to said intermediate node, a request-to-send (RTS) corresponding to said data packet, said RTS comprising information corresponding to said destination node.

Abstract: Embodiments of the invention reduce the probability of success of a DOS attack on a node receiving packets by decreasing the probability of random collisions of packets sent by a malicious user with those sent by honest users. The probability of random collisions may be reduced in one class of embodiments of the invention by supplementing the identification field of the IP header of each transmitted packet with at least one bit from another field of the header. The probability of random collisions may be reduced in another class of embodiments of the invention by ensuring that packets sent from a transmitting IPsec node to a receiving IPsec node are not fragmented.

Abstract: A system for passively analyzing an aggregation of communication signals simultaneously passing through a network link performs spectral analysis on a trace of communication traffic through the network link. The spectral analysis identifies period components of the trace corresponding to different communication signals. A system for deterring the passive analysis of signals aggregates communication traffic through a network link, such that a plurality of signals simultaneously pass through the network link. The plurality of signals is regulated such that the data packets corresponding to the plurality of signals leave the network link at a common rate. A memory temporarily stores the data packets as they enter the network link, and a timer maintains a fixed time interval for releasing the data packets from the memory.

Abstract: Systems and methods, inter alia, verify traffic flow consistency and audit compliance and adherence to routing protocols employed for carrying data over a computer network. To this end, the systems and methods include, in certain embodiments, devices and methods that monitor data flow across a network and select a data packet moving across the network. The devices and methods observe the route of the data packet as it travels across the network and determine from the observed route whether the data packet traversed the network according to an expected route. Deviations from the expected route are flagged and optionally corrective action is taken to remove from the network a device that is failing to comply with the routing protocol.

Abstract: A system and method for performing source path isolation in a network. The system comprises an intrusion detection system (IDS), a source path isolation server (SS1) and at least one router configured to operate as a source path isolation router (SR1) operating within an autonomous system. When IDS detects a malicious packet, a message is sent to SS1. SS1 in turn generates a query message (QM) containing at least a portion of the malicious packet. Then, QM is sent to participating routers located one hop away. SR1 uses the query message to determine if it has observed the malicious packet by comparing it with locally stored information about packets having passed through SR1. SR1 sends a reply to SS1, and SS1 uses the reply to identify the ingress point into the network of the malicious packet.

Abstract: A system for passively analyzing an aggregation of communication signals simultaneously passing through a network link performs spectral analysis on a trace of communication traffic through the network link. The spectral analysis identifies period components of the trace corresponding to different communication signals. A system for deterring the passive analysis of signals aggregates communication traffic through a network link, such that a plurality of signals simultaneously pass through the network link. The plurality of signals is regulated such that the data packets corresponding to the plurality of signals leave the network link at a common rate. A memory temporarily stores the data packets as they enter the network link, and a timer maintains a fixed time interval for releasing the data packets from the memory.

Abstract: A traffic auditor (130) analyzes traffic in a communications network (100). The traffic auditor (130) performs traffic analysis on traffic in the communications network (100) and develops a model of expected traffic behavior based on the traffic analysis. The traffic auditor (130) analyzes traffic in the communications network (100) to identify a deviation from the expected traffic behavior model.

Abstract: A system (130) receives a covert message from a transmit device (110). The system (130) monitors the transmission of packets from the transmit device (110) to a receive device (120). The transmit device (110) transmits the packets using a transmission pattern that is unknown to the receive device (120). The system (130) receives a covert message from the monitored transmission using the transmission pattern.

Abstract: A computer system for transmitting packets includes a manager and scheduling elements for managing the transmission of the packets over one or more logical channels. The computer system can prioritize the transmission of packets based on the type of traffic and maintain quality of service (QoS) characteristics associated with a logical channel. In addition, the computer system can execute a threading process to ensure the efficient and timely transmission of certain types of packets without using any complex mathematical operations.

Abstract: A system for performing packet based data communications over a parallel set of sublinks is provided. A transmitter unit separates the sublinks into an available set of sublinks and a busy set of sublinks. This transmitter avoids processing delays by utilizing sublinks in the available sublink set and not waiting for sublinks in the busy sublink set to be released. To receive the packets, a receiver unit utilizes a sequence number associated with each packet. Accordingly, the receiver extracts the one or more packets of data received in parallel over the set of sublinks in sequential order. A packet window buffer is used to store packets in sequence if they are initially received out of order. The receiver utilizes a sliding window to provide packets in continuous sequential order and transmits the packets serially over a single communication link.

Abstract: A system for performing packet based data communications over a parallel set of sublinks is provided. A transmitter unit separates the sublinks into an available set of sublinks and a busy set of sublinks. This transmitter avoids processing delays by utilizing sublinks in the available sublink set and not waiting for sublinks in the busy sublink set to be released. To receive the packets, a receiver unit utilizes a sequence number associated with each packet. Accordingly, the receiver extracts the one or more packets of data received in parallel over the set of sublinks in sequential order. A packet window buffer is used to store packets in sequence if they are initially received out of order. The receiver utilizes a sliding window to provide packets in continuous sequential order and transmits the packets serially over a single communication link.

Abstract: A communication technique for transmitting packet data over parallel communication sublinks coupled to a processor unit is provided. Initially, a method receives a packet of data from a first communication link which is coupled to a set of sublinks. The method distributes packets over each of the sublinks utilizing a unique byte-by-byte (BBB) striping technique. Logically, the data bytes associated with each sublink are collected into a slice of data and each set of slices are given a unique predetermined label. Each slice is then synchronously transmitted at the aggregate bandwidth of each sublink in parallel across each corresponding sublink to a receiver. A receiver receives the slices of data from the set of sublinks and aggregates the bandwidth of these two or more communication sublinks into a single communication link. Unless there are errors, a packet is transmitted in order using multiple slices. The system recreates the original packet of data from sets of slices having the same unique label.

Abstract: The router disclosed herein employs a plurality of forwarding processors and a matrix switch for selectively connecting input ports, output ports and the forwarding processors. Each of the input ports includes means for selecting a respective forwarding processor for each incoming data packet in accordance with data in the respective packet header and for transmitting the packet header to the selected forwarding processor. The selected forwarding processor operates to transmit to the originating input port the identity of an output port appropriate for the packet's next hop.