Abstract: Various embodiments of the present disclosure provide a system and method for detecting network connections having a plurality of interconnected network nodes; a connection-based behavioral anomaly detection device (“CBAD”) connected to one of the plurality of network nodes such that the CBAD may observe data traffic flowing through at least one node of the plurality of network nodes; an application loaded onto a first node of the plurality of network nodes, the application initializing a connection from the first node to a second node of the plurality of network nodes; and a computer-readable storage device communicatively connected to the CBAD; wherein the application transmits a plurality of data packets from the first node to the second node of the plurality of network nodes; the CBAD observes at least one of the plurality of data packets exchanged between the first node and the second node; the CBAD extrapolates packet information from at least one of the plurality of data packets observed; and the extra

Abstract: Disclosed is a method of evaluating membership in a membership set. The membership query system receives data to determine membership. A representative pattern is extracted from the data that may be of a predetermined length or of an arbitrary length. A learning mode of the membership query system defines the membership set as a membership signature. The membership query system then determines whether the representative pattern is a member of the membership signature by applying a membership function. In the context of cybersecurity, if the data is a member of a set of known good executable files, then the executable file may be allowed or installed. If the data is not a member of a set of known good executable files, then the file is flagged for further investigation.

Abstract: Disclosed is a method of evaluating membership in a membership set. The membership query system receives data to determine membership. A representative pattern is extracted from the data that may be of a predetermined length or of an arbitrary length. A learning mode of the membership query system defines the membership set as a membership signature. The membership query system then determines whether the representative pattern is a member of the membership signature by applying a membership function. In the context of cybersecurity, if the data is a member of a set of known good executable files, then the executable file may be allowed or installed. If the data is not a member of a set of known good executable files, then the file is flagged for further investigation.

Abstract: The spam blocker monitors the SMTP/TCP/IP conversation between a sending message transfer agent MTA—0 and a receiving message transfer agent MTA—1; catches MTA—0's IP address IP—0, MTA—0's declared domain D—0, from-address A—0; and to-address A—1; and uses this source and content based information to test for unsolicited messages. It interrupts the conversation when MTA—0 sends a command_specifying the recipient (an “RCPT” command) and uses the various test results to decide if the message is suspected of being unsolicited. If the message is suspected of being unsolicited then it logs the rejected message, sends an error reply to MTA—0 which forces MTA—0 to terminate the connection with MTA—1 before the body of the message is transmitted; else it logs the allowed message, releases the intercepted RCPT command which allows the conversation between MTA—0 and MTA—1 to proceed.

Abstract: The spam blocker monitors the SMTP/TCP/IP conversation between a sending message transfer agent MTA—0 and a receiving message transfer agent MTA—1; catches MTA—0's IP address IP—0, MTA—0's declared domain D—0, from-address A—0; to-address A—1, and the body of the message; and uses this source and content information to test for unsolicited messages. It alters the conversation to reject, divert or intercept the message if the message is suspected of being unsolicited.

Abstract: An overlaid switching network is derived by overlaying perpendicularly one multistage interconnection network with a second multistage interconnection network. The new network is formed by placing a switching element corresponding to the position of switching elements in either multistage interconnection network. Each switching element in the overlaid network has the ports defined by the two multistage interconnection networks as does its interconnection networks. A special case occurs when the number of rows and columns of the first multistage interconnection network is the number of columns and rows of the second multistage interconnection network, respectively. The overlaid switching networks also inherit their upgradeability from the multistage interconnection networks from which they are derived, such as in the case of a redundant blocking compensated cyclic group multistage network.

Abstract: Most unsolicited commercial email (UCE) countermeasures call for a message by message analysis. However, some UCE attacks occur when a single sender of UCE floods a mail transfer agent (MTA) with a number of copies of a UCE, in a mail flood attack. The attacks rarely rise to the level of denial of service attacks but are significant enough to place a strain on MTAs and anti-UCE countermeasures. The anti-mail flood methodology disclosed herein provides a system and method for protecting mail systems from such mail flood attacks enabling anti-UCE countermeasures to work more efficiently.

Abstract: Most unsolicited commercial email (UCE) countermeasures call for a message by message analysis. However, some UCE attacks occur when a single sender of UCE floods a mail transfer agent (MTA) with a number of copies of a UCE, in a mail flood attack. The attacks rarely rise to the level of denial of service attacks but are significant enough to place a strain on MTAs and anti-UCE countermeasures. The anti-mail flood methodology disclosed herein provides a system and method for protecting mail systems from such mail flood attacks enabling anti-UCE countermeasures to work more efficiently.

Abstract: Stations in standby mode in a wireless local area network (WLAN) become disassociated with their access point. In the event traffic is intended for the station in standby mode, a wakeup message needs to be communicated to the station. Typically, a wakeup message could be broadcast on a broadcast or multicast address, and when the station checks for broadcasts, the station can determine whether it needs to wake up. However, in a protected network, a disassociated station cannot decrypt messages from the access point without reassociating. However, the cost of reassociating in time and power can be significant, so reassociating should not be performed unless the station needs to wake up, leading to a vicious cycle as the station does not know it must wake up unless it can decrypt the message. To address this issue, in one embodiment the access points do not encrypt messages on a select multicast address, whereby messages such as wakeup message can be transmitted.

Abstract: The creation of a variety of upgradeable scalable switching networks are set forth including multistage switching networks as well as novel multidirectional architectures. Systems and methods exploiting the properties such as fault tolerance, upgradeability with out service disruption and path redundancy are incorporated into a variety of systems. A wide range of methods for upgrading and reconfiguration the scalable switching networks are presented including manifestations of implementations of these networks and methods. Methods for designing new upgradeable scalable switching and the novel architectures derived thereof including architectures built from the redundant blocking compensated cyclic group networks are set forth.

Abstract: Visually based children's cognitive tests can be used as a human challenge or Turing test to verify that a human and not an automated process is operating a particular system, such as purchasing tickets, downloading files, accessing a database, or requesting a reprieve from an anti-spam system. Several different visually oriented cognitive tests can be used as a human challenge, for example, selecting one object in a group of object that is different, selecting an object from a group of objects which is most similar to a given object, selecting two objects in a group of objects that are most similar, finding a given object in a scene, counting the number of instances of an object in a scheme and object based analogies.

Abstract: The creation of a variety of upgradeable scalable switching networks are set forth including multistage switching networks as well as novel multidirectional architectures. Systems and methods exploiting the properties such as fault tolerance, upgradeability without service disruption and path redundancy are incorporated into a variety of systems. A wide range of methods for upgrading and reconfiguring the scalable switching networks are presented including manifestations of implementations of these networks and methods. Methods for designing new upgradeable scalable switching and the novel architectures derived thereof including architectures built from the redundant blocking compensated cyclic group networks are set forth.

Abstract: Protective proxies are used to shield a destination agent from undesirable source agents or transactions. Because protective proxies are usually tied to one but sometimes more fixed destination agents, they are usually configured directly to the destination agent. As a result, many protective proxies are lightweight and allow the destination agent to manage the protocol. As a result, a catastrophic condition can occur if the protective proxy is inadvertently misconfigured so that a connectivity loop occurs. A low level loop detected can be incorporated into the protective proxy. Alternatively, a loop detector which augments the existing application layer protocol can also be employed in a protective proxy.

Abstract: The spam blocker monitors the SMTP/TCP/IP conversation between a sending message transfer agent MTA—0 and a receiving message transfer agent MTA—1; catches MTA—0's IP address IP—0, MTA—0's declared domain D—0, from-address A—0; and to-address A—1; and uses this source and content based information to test for unsolicited messages. It interrupts the conversation when MTA—0 sends a RCPT command and uses the various test results to decide if the message is suspected of being unsolicited. If the message is suspected of being unsolicited and to-address is not in the save_spam database then the spam blocker logs the rejected message, sends an error reply to MTA—0 which forces MTA—0 to terminate the connection before the body of the message is transmitted.

Abstract: The spam blocker monitors the SMTP/TCP/IP conversation between a sending message transfer agent MTA—0 and a receiving message transfer agent MTA—1; catches MTA—0's IP address IP—0, MTA—0's declared domain D—0, from-address A—0; to-address A—1, and the body of the message; and uses this source and content information to test for unsolicited messages. It interrupts the conversation when MTA—0 sends a .\r\n end-of-message indicator and uses the various test results to decide if the message is suspected of being unsolicited. If the message is suspected of being unsolicited then it logs the rejected message and sends an error reply to MTA—0 which forces MTA—0 to send a QUIT command before the body of the message is transmitted; else it logs the allowed message and releases the intercepted RCPT command which allows the conversation between MTA—0 and MTA—1 to proceed.

Abstract: Extra stages can be added to a switching network to provide pathwise redundancy for fault tolerance and to alleviate traffic blocking. Also, the addition of extra stages can alleviate the loss of pathwise redundancy when the width of switching networks is increased. An in-service method of upgrading a switching network by adding stages allows the addition of redundancy to an existing network without the need to take the network out of service. From an operational point of view, it is often desirable for the upgrade process to be performed by a plurality of sequential steps. However, it is also desirable to minimize the number of steps performed. Because the insertion of extra stages into an existing network calls. for the rewiring of interconnection networks above and below the insertion point, the number of steps can be minimized while also minimizing the impact to network traffic by concurrently rewiring those interconnection networks through a plurality of disconnection and connection steps.

Abstract: The spam blocker monitors the SMTP/TCP/IP conversation between a sending message transfer agent MTA—0 and a receiving message transfer agent MTA—1; catches MTA—0's IP address IP—0, MTA—0's declared domain D—0, sender_address A—0; and recipient A—1; and uses this source and content based information to test for unsolicited messages. It interrupts the conversation when MTA—0 sends a command specifying the recipient (an “RCPT” command) and uses the various test results to decide if the message is suspected of being unsolicited. If the message is suspected of being unsolicited then it logs the rejected message, sends an error reply to MTA—0 which forces MTA—0 to terminate the connection with MTA—1 before the body of the message is transmitted; else it logs the allowed message, releases the intercepted RCPT command which allows the conversation between MTA—0 and MTA—1 to proceed.

Abstract: Stations in standby mode in a wireless local area network (WLAN) become disassociated with their access point. In the event traffic is intended for the station in standby mode, a wakeup message needs to be communicated to the station. Typically, a wakeup message could be broadcast on a broadcast or multicast address, and when the station checks for broadcasts, the station can determine whether it needs to wake up. However, in a protected network, a disassociated station cannot decrypt messages from the access point without reassociating. However, the cost of reassociating in time and power can be significant, so reassociating should not be performed unless the station needs to wake up, leading to a vicious cycle as the station does not know it must wake up unless it can decrypt the message. To address this issue, in one embodiment the access points do not encrypt messages on a select multicast address, whereby messages such as wakeup message can be transmitted.

Abstract: The creation of a variety of upgradeable scalable switching networks are set forth including multistage switching networks as well as novel multidirectional architectures. Systems and methods exploiting the properties such as fault tolerance, upgradeability with out service disruption and path redundancy are incorporated into a variety of systems. A wide range of methods for upgrading and reconfiguration the scalable switching networks are presented including manifestations of implementations of said networks and said methods. Methods for designing new upgradeable scalable switching and the novel architectures derived thereof including architectures built from the redundant blocking compenstated cyclic group networks are set forth.

Abstract: A redundant multistage network can be expanded by increasing the fanout of each router in a non-stop manner, involving a port addition, a reconfiguring and an activation section. The port addition section involves the addition of new ports to each switching element. The reconfiguring section involves the selection of a port and disconnecting any connections necessary to connect that port with its proper corresponding port as derived from the final desired topology. This section can further include the optional permutation of port address to minimize traffic disruption. The activation section involves attaching any new external ports desired to external sources and putting those new connections into service.