Abstract: Various systems and methods are provided that detect malicious network tunneling. For example, VPN logs and data connection logs may be accessed. The VPN logs may list client IP addresses that have established a VPN connection with an enterprise network. The data connection logs may list client IP addresses that have requested connections external to the enterprise network and remote IP addresses to which connections are requested. The VPN logs and the data connection logs may be parsed to identify IP addresses that are present in the VPN logs as a client IP address and in the data connection logs as a remote IP address. If an IP address is so present, user data and traffic data associated with the IP address may be retrieved to generate a risk score. If the risk score exceeds a threshold, an alert to be displayed in a GUI is generated.

Abstract: Various systems and methods are provided that detect malicious network tunneling. For example, VPN logs and data connection logs may be accessed. The VPN logs may list client IP addresses that have established a VPN connection with an enterprise network. The data connection logs may list client IP addresses that have requested connections external to the enterprise network and remote IP addresses to which connections are requested. The VPN logs and the data connection logs may be parsed to identify IP addresses that are present in the VPN logs as a client IP address and in the data connection logs as a remote IP address. If an IP address is so present, user data and traffic data associated with the IP address may be retrieved to generate a risk score. If the risk score exceeds a threshold, an alert to be displayed in a GUI is generated.

Abstract: Systems and techniques for sharing security data are described herein. Security rules and/or attack data may be automatically shared, investigated, enabled, and/or used by entities. A security rule may be enabled on different entities comprising different computing systems to combat similar security threats and/or attacks. Security rules and/or attack data may be modified to redact sensitive information and/or configured through access controls for sharing.

Abstract: Computer-implemented techniques for data extraction are described. The techniques include a method and system for retrieving an extraction job specification, wherein the extraction job specification comprises a source repository identifier that identifies a source repository comprising a plurality of data records; a data recipient identifier that identifies a data recipient; and a schedule that indicates a timing of when to retrieve the plurality of data records. The method and system further include retrieving the plurality of data records from the source repository based on the schedule, creating an extraction transaction from the plurality of data records, wherein the extraction transaction comprises a subset of the plurality of data records and metadata, and sending the extraction transaction to the data recipient.

Abstract: Systems and techniques for sharing healthcare fraud data are described herein. Healthcare fraud detection schemes and/or fraud data may be automatically shared, investigated, enabled, and/or used by entities. A healthcare fraud detection scheme may be enabled on different entities comprising different computing systems to combat similar healthcare fraud threats, instances, and/or attacks. Healthcare fraud detection schemes and/or fraud data may be modified to redact sensitive information and/or configured through access controls for sharing.

Abstract: Systems and techniques for sharing security data are described herein. Security rules and/or attack data may be automatically shared, investigated, enabled, and/or used by entities. A security rule may be enabled on different entities comprising different computing systems to combat similar security threats and/or attacks. Security rules and/or attack data may be modified to redact sensitive information and/or configured through access controls for sharing.

Abstract: Various systems and methods are provided that detect malicious network tunneling. For example, VPN logs and data connection logs may be accessed. The VPN logs may list client IP addresses that have established a VPN connection with an enterprise network. The data connection logs may list client IP addresses that have requested connections external to the enterprise network and remote IP addresses to which connections are requested. The VPN logs and the data connection logs may be parsed to identify IP addresses that are present in the VPN logs as a client IP address and in the data connection logs as a remote IP address. If an IP address is so present, user data and traffic data associated with the IP address may be retrieved to generate a risk score. If the risk score exceeds a threshold, an alert to be displayed in a GUI is generated.

Abstract: Various systems and methods are provided that detect malicious network tunneling. For example, VPN logs and data connection logs may be accessed. The VPN logs may list client IP addresses that have established a VPN connection with an enterprise network. The data connection logs may list client IP addresses that have requested connections external to the enterprise network and remote IP addresses to which connections are requested. The VPN logs and the data connection logs may be parsed to identify IP addresses that are present in the VPN logs as a client IP address and in the data connection logs as a remote IP address. If an IP address is so present, user data and traffic data associated with the IP address may be retrieved to generate a risk score. If the risk score exceeds a threshold, an alert to be displayed in a GUI is generated.

Abstract: A method and apparatus for transmitting and receiving data. The method and apparatus previously determines a validity of a data transmission path for transmitting a stream from a source device to a sink device. The validity of the transmission path is verified by checking and securing the data transmission path, thereby executing a streaming service based on the validity.

Abstract: Various systems and methods are provided that detect malicious network tunneling. For example, VPN logs and data connection logs may be accessed. The VPN logs may list client IP addresses that have established a VPN connection with an enterprise network. The data connection logs may list client IP addresses that have requested connections external to the enterprise network and remote IP addresses to which connections are requested. The VPN logs and the data connection logs may be parsed to identify IP addresses that are present in the VPN logs as a client IP address and in the data connection logs as a remote IP address. If an IP address is so present, user data and traffic data associated with the IP address may be retrieved to generate a risk score. If the risk score exceeds a threshold, an alert to be displayed in a GUI is generated.

Abstract: In various embodiments, systems, methods, and techniques are disclosed for generating a collection of clusters of related data from a seed. Seeds may be generated based on seed generation strategies or rules. Clusters may be generated by, for example, retrieving a seed, adding the seed to a first cluster, retrieving a clustering strategy or rules, and adding related data and/or data entities to the cluster based on the clustering strategy. Various cluster scores may be generated based on attributes of data in a given cluster. Further, cluster metascores may be generated based on various cluster scores associated with a cluster. Clusters may be ranked based on cluster metascores. Various embodiments may enable an analyst to discover various insights related to data clusters, and may be applicable to various tasks including, for example, tax fraud detection, beaconing malware detection, malware user-agent detection, and/or activity trend detection, among various others.

Abstract: In various embodiments, systems, methods, and techniques are disclosed for generating a collection of clusters of related data from a seed. Seeds may be generated based on seed generation strategies or rules. Clusters may be generated by, for example, retrieving a seed, adding the seed to a first cluster, retrieving a clustering strategy or rules, and adding related data and/or data entities to the cluster based on the clustering strategy. Various cluster scores may be generated based on attributes of data in a given cluster. Further, cluster metascores may be generated based on various cluster scores associated with a cluster. Clusters may be ranked based on cluster metascores. Various embodiments may enable an analyst to discover various insights related to data clusters, and may be applicable to various tasks including, for example, tax fraud detection, beaconing malware detection, malware user-agent detection, and/or activity trend detection, among various others.

Abstract: Systems and techniques for sharing healthcare fraud data are described herein. Healthcare fraud detection schemes and/or fraud data may be automatically shared, investigated, enabled, and/or used by entities. A healthcare fraud detection scheme may be enabled on different entities comprising different computing systems to combat similar healthcare fraud threats, instances, and/or attacks. Healthcare fraud detection schemes and/or fraud data may be modified to redact sensitive information and/or configured through access controls for sharing.

Abstract: A system and method for wireless communication over multi-rate channels are disclosed. One embodiment of the system includes a first multi-band wireless station that is capable of using a first frequency band and a second frequency band for wireless communication; and a second multi-band wireless station that is capable of using the first frequency band and the second frequency band for wireless communication. One or more of the first and second stations is configured to monitor a status of the second frequency band. The status includes the availability of the second frequency band for communication between the first and second stations. The first and second stations can share the monitored status with each other via the first frequency band.

Abstract: Systems and techniques for sharing security data are described herein. Security rules and/or attack data may be automatically shared, investigated, enabled, and/or used by entities. A security rule may be enabled on different entities comprising different computing systems to combat similar security threats and/or attacks. Security rules and/or attack data may be modified to redact sensitive information and/or configured through access controls for sharing.

Abstract: A method and system for isochronous data stream management in high speed audio/video networks. One implementation comprises isochronous communication management between audio/video (AV) devices by maintaining forwarding information for forwarding data between AV devices, wherein each AV device includes multiple I/O ports for connecting the AV device to another AV device via a communication link including multiple communication lanes. The forwarding information is utilized to communicate AV path set-up request and response control messages between a source AV device and a destination AV device via said communication link, and allocating isochronous communication resources for AV data streaming, for establishing AV path streams for bi-directional isochronous AV data streaming between the source and destination AV devices.

Abstract: Method and system for isochronous communication between audio/video (AV) devices. One implementation comprises establishing isochronous connection between a source AV device and a destination AV device. Each AV device includes multiple I/O ports for connecting the AV device to another AV device via a communication link comprising multiple communication lanes. The isochronous connection is established by determining end-to-end temporal and spatial lane availability between the source AV device and the destination AV device to support a target date rate. Communication resources are allocated on the available lanes based on the target date rate for isochronous communication between the source AV device and the destination AV device.

Abstract: A system and method for efficiently communicating messages over a low-rate channel between multiple devices in a system for wireless communication of uncompressed video is disclosed. The method includes various control bits in a beacon control field of a beacon frame to improve the efficiency of the beacon processing, thereby reducing beacon processing time and size of the beacon frame itself. The transmitting device can use one or more of the various control bits to indicate whether there are changes in various MAC payload information fields. The receiving station can use one or more of the control bits to eliminate the need to parse one or more MAC payload information fields whose values have not changed from the previous beacon frame.

Abstract: A method and system for device discovery in a wireless network is provided. The device discovery involves directionally transmitting a data unit from a transmitting station over a channel in different directions to emulate omni-directional transmission, receiving the data unit transmissions from different directions at a receiving station, determining the quality of the transmissions received from the different directions, and detecting location information for the transmitting station relative to the receiving station based on the highest quality transmission among the transmissions received from the different directions.

Abstract: A system and method for multiple contention access periods is disclosed. In one embodiment, the system for wireless communication comprises a coordinator configured to schedule wireless transmissions among a plurality of wireless devices during a plurality of superframes, at least one of the superframes comprising a period during which the coordinator is configured to receive one or more data packets from the wireless devices via at least one random access scheme, the period being partitioned into a plurality of sub-periods which do not overlap with one another, wherein the coordinator is configured to receive at least a first data packet having a first value for a parameter during a first sub-period and a second data packet having a second value for the parameter during a second sub-period, and wherein the first and second values for the parameter are different from each other.