Abstract: Disclosed herein are system, method, and computer program product embodiments for implementing global rate limiting of an API cluster capable of dynamically implementing updates without a restart of any instantiation within the API cluster. A local service includes an envoy and a customer resource definition. When an update is received, the customer resource definition identifies changes to be made to a global rate limiting service and dynamically injects those changes into the global rate limiting service. The changes can be instance-specific, with multiple different versions stored for the various instantiations within the cluster. The envoy also extracts and converts header information from a received request into one or more descriptor keys. The global rate limiting service determine global rate limiting based on a set of rules applied to the descriptor keys.

Abstract: A computer-implemented method is disclosed for predicting, based on a previous usage of a cloud-based computing resource by a number of users, a future usage of the cloud-based computing resource and then predicting, based on the predicted future usage, an anomaly event at the computing resource. The method also includes identifying a top contributing user that is responsible for the anomaly event and throttling an access of the top contributing user to the computing resource. The method further includes evaluating a speed of data requests received at the computing resource from the top contributing user after the throttling, and a utilization level of the computing resource. The method also includes dynamically adjusting the speed of data requests received at the computing resource, based on the evaluation of the utilization level of the computing resource, to maintain the utilization level of the computing resource within a predetermined target range.

Abstract: A computer-implemented method is disclosed for predicting, based on a previous usage of a cloud-based computing resource by a number of users of the cloud-based computing resource, a future usage of the cloud-based computing resource. The method includes predicting, based on the predicted future usage of the cloud-based computing resource, an anomaly event at the cloud-based computing resource. The method also includes implementing a first anomaly mitigation action, based on the prediction of the anomaly event at the cloud-based computing resource and re-evaluating a status of the anomaly event at the cloud-based computing resource after the implementation of the first anomaly mitigation action. The method further includes implementing a second anomaly mitigation action at the cloud-based computing resource, based on the re-evaluation of the status of the anomaly event.

Abstract: A computer-implemented method is disclosed for predicting, based on a previous usage of a cloud-based computing resource by a number of users of the cloud-based computing resource, a future usage of the cloud-based computing resource. The method includes predicting, based on the predicted future usage of the cloud-based computing resource, an anomaly event at the cloud-based computing resource. The method also includes implementing a first anomaly mitigation action, based on the prediction of the anomaly event at the cloud-based computing resource and re-evaluating a status of the anomaly event at the cloud-based computing resource after the implementation of the first anomaly mitigation action. The method further includes implementing a second anomaly mitigation action at the cloud-based computing resource, based on the re-evaluation of the status of the anomaly event.

Abstract: A computer-implemented method is disclosed for predicting, based on a previous usage of a cloud-based computing resource by a number of users, a future usage of the cloud-based computing resource and then predicting, based on the predicted future usage, an anomaly event at the computing resource. The method also includes identifying a top contributing user that is responsible for the anomaly event and throttling an access of the top contributing user to the computing resource. The method further includes evaluating a speed of data requests received at the computing resource from the top contributing user after the throttling, and a utilization level of the computing resource. The method also includes dynamically adjusting the speed of data requests received at the computing resource, based on the evaluation of the utilization level of the computing resource, to maintain the utilization level of the computing resource within a predetermined target range.

Abstract: Disclosed herein are system, method, and computer program product embodiments for implementing global rate limiting of an API cluster capable of dynamically implementing updates without a restart of any instantiation within the API cluster. A local service includes an envoy and a customer resource definition. When an update is received, the customer resource definition identifies changes to be made to a global rate limiting service and dynamically injects those changes into the global rate limiting service. The changes can be instance-specific, with multiple different versions stored for the various instantiations within the cluster. The envoy also extracts and converts header information from a received request into one or more descriptor keys. The global rate limiting service determine global rate limiting based on a set of rules applied to the descriptor keys.

Abstract: Embodiments herein relate to prediction, based on previous usage of a cloud-based computing resource by a user of one or more users of the cloud-based computing resource, future usage of the cloud-based computing resource. Based on the predicted future usage, embodiments relate to identifying that throttling of access to the cloud-based computing resource is to occur, and notifying the user of the throttling. Other embodiments may be described and/or claimed.

Abstract: Systems and methods for preventing cyberattacks using a Density Estimation Network (DEN) for unsupervised anomaly detection, including constructing the DEN using acquired network traffic data by performing end-to-end training. The training includes generating low-dimensional vector representations of the network traffic data by performing dimensionality reduction of the network traffic data, predicting mixture membership distribution parameters for each of the low-dimensional representations by performing density estimation using a Gaussian Mixture Model (GMM) framework, and formulating an objective function to estimate an energy and determine a density level of the low-dimensional representations for anomaly detection, with an anomaly being identified when the energy exceeds a pre-defined threshold. Cyberattacks are prevented by blocking transmission of network flows with identified anomalies by directly filtering out the flows using a network traffic monitor.

Abstract: Endpoint security systems and methods include a distance estimation module configured to calculate a travel distance between a source Internet Protocol (IP) address and an IP address for a target network endpoint system from a received packet received by a network gateway system based on time-to-live (TTL) information from the received packet. A machine learning model is configured to estimate an expected travel distance between the source IP address and the target network endpoint system IP address based on a sparse set of known source/target distances. A spoof detection module is configured to determine that the received packet has a spoofed source IP address based on a comparison between the calculated travel distance and the expected travel distance. A security module is configured to perform a security action at the network gateway system responsive to the determination that the received packet has a spoofed source IP address.

Abstract: Systems and methods for optimizing query execution to improve query processing by a computer are provided. A query is analyzed and translated into a logical plan. A runtime query optimizer is applied to the logical plan to identify a physical plan including operators for execution. The logical plan is translated into the physical plan. Execution of the query is scheduled according to the physical plan.

Abstract: Methods and systems for mitigating a spoofing-based attack include calculating a travel distance between a source Internet Protocol (IP) address and a target IP address from a received packet based on time-to-live information from the received packet. An expected travel distance between the source IP address and the target IP address is estimated based on a sparse set of known source/target distances. It is determined that the received packet has a spoofed source IP address based on a comparison between the calculated travel distance and the expected travel distance. A security action is performed responsive to the determination that the received packet has a spoofed source IP address.

Abstract: Endpoint security systems and methods include a distance estimation module configured to calculate a travel distance between a source Internet Protocol (IP) address and an IP address for a target network endpoint system from a received packet received by the target network endpoint system based on time-to-live (TTL) information from the received packet. A machine learning model is configured to estimate an expected travel distance between the source IP address and the target network endpoint system IP address based on a sparse set of known source/target distances. A spoof detection module is configured to determine that the received packet has a spoofed source IP address based on a comparison between the calculated travel distance and the expected travel distance. A security module is configured to perform a security action at the target network endpoint system responsive to the determination that the received packet has a spoofed source IP address.

Abstract: Systems and methods for preventing cyberattacks using a Density Estimation Network (DEN) for unsupervised anomaly detection, including constructing the DEN using acquired network traffic data by performing end-to-end training. The training includes generating low-dimensional vector representations of the network traffic data by performing dimensionality reduction of the network traffic data, predicting mixture membership distribution parameters for each of the low-dimensional representations by performing density estimation using a Gaussian Mixture Model (GMM) framework, and formulating an objective function to estimate an energy and determine a density level of the low-dimensional representations for anomaly detection, with an anomaly being identified when the energy exceeds a pre-defined threshold. Cyberattacks are prevented by blocking transmission of network flows with identified anomalies by directly filtering out the flows using a network traffic monitor.

Abstract: Endpoint security systems and methods include a distance estimation module configured to calculate a travel distance between a source Internet Protocol (IP) address and an IP address for a target network endpoint system from a received packet received by the target network endpoint system based on time-to-live (TTL) information from the received packet. A machine learning model is configured to estimate an expected travel distance between the source IP address and the target network endpoint system IP address based on a sparse set of known source/target distances. A spoof detection module is configured to determine that the received packet has a spoofed source IP address based on a comparison between the calculated travel distance and the expected travel distance. A security module is configured to perform a security action at the target network endpoint system responsive to the determination that the received packet has a spoofed source IP address.

Abstract: Methods and systems for mitigating a spoofing-based attack include calculating a travel distance between a source Internet Protocol (IP) address and a target IP address from a received packet based on time-to-live information from the received packet. An expected travel distance between the source IP address and the target IP address is estimated based on a sparse set of known source/target distances. It is determined that the received packet has a spoofed source IP address based on a comparison between the calculated travel distance and the expected travel distance. A security action is performed responsive to the determination that the received packet has a spoofed source IP address.

Abstract: Endpoint security systems and methods include a distance estimation module configured to calculate a travel distance between a source Internet Protocol (IP) address and an IP address for a target network endpoint system from a received packet received by a network gateway system based on time-to-live (TTL) information from the received packet. A machine learning model is configured to estimate an expected travel distance between the source IP address and the target network endpoint system IP address based on a sparse set of known source/target distances. A spoof detection module is configured to determine that the received packet has a spoofed source IP address based on a comparison between the calculated travel distance and the expected travel distance. A security module is configured to perform a security action at the network gateway system responsive to the determination that the received packet has a spoofed source IP address.

Abstract: Systems and methods for optimizing query execution to improve query processing by a computer are provided. A query is analyzed and translated into a logical plan. A runtime query optimizer is applied to the logical plan to identify a physical plan including operators for execution. The logical plan is translated into the physical plan. Execution of the query is scheduled according to the physical plan.

Abstract: Systems and methods for implementing a behavior analysis engine (BAE) to improve computer query processing are provided. A job request to execute an input rule on target log data is received by a BAE service via a user interface. The job request is executed by the BAE service to generate a result by obtaining the input rule from a rule-base, parsing the input rule to create a data structure, optimizing the data structure, and executing one or more operations using the optimized data structure. The result is stored by the BAE service in a result database.

Abstract: The present invention relates to a video search apparatus and method, and more particularly, to a video search apparatus and method which can be used to search video data collected by a video capture apparatus, such as a closed circuit television (CCTV), for information desired by a user.