Abstract: A computer implemented method to generate a classification scheme for configuration parameters of virtual machines (VMs) in a virtualized computing environment including: training a machine learning algorithm as a classifier based on a plurality of training data items, each training data item corresponding to a training VM and including a representation of parameters for a configuration of the training VM and a representation of characteristics of security attacks for the training VM; and generating a data structure for storing one or more relationships between VM configuration parameters and attack characteristics, wherein the data structure is generated by sampling the trained machine learning algorithm to identify the relationships.

Abstract: A computer implemented method to identify one or more parameters of a configuration of a target virtual machine (VM) in a virtualized computing environment used in a security attack against the target VM, the security attack exhibiting a particular attack characteristic, is disclosed.

Abstract: A computer implemented method to determine a configuration of a target virtual machine (VM) in a virtualized computing environment to protect against a security attack exhibiting a particular attack characteristic.

Abstract: A computer implemented method to mitigate a security attack against a target virtual machine (VM) in a virtualized computing environment, the target VM having a target VM configuration including configuration parameters, and the security attack exhibiting a particular attack characteristic, is disclosed.

Abstract: A computer implemented method to generate a classification scheme for configuration parameters of virtual machines (VMs) in a virtualized computing environment including: training a machine learning algorithm as a classifier based on a plurality of training data items, each training data item corresponding to a training VM and including a representation of parameters for a configuration of the training VM and a representation of characteristics of security attacks for the training VM; and generating a data structure for storing one or more relationships between VM configuration parameters and attack characteristics, wherein the data structure is generated by sampling the trained machine learning algorithm to identify the relationships.

Abstract: A computer implemented method to mitigate a security attack against a target virtual machine (VM) in a virtualized computing environment, the target VM having a target VM configuration including configuration parameters, and the security attack exhibiting a particular attack characteristic, is disclosed.

Abstract: A computer implemented method to mitigate a security attack against a target virtual machine (VM) in a virtualized computing environment, the target VM having a target VM configuration including configuration parameters, and the security attack exhibiting a particular attack characteristic, is disclosed.

Abstract: A computer implemented method to determine a configuration of a target virtual machine (VM) in a virtualized computing environment to protect against a security attack exhibiting a particular attack characteristic.

Abstract: A computer implemented method to determine whether a target virtual machine (VM) in a virtualized computing environment is susceptible to a security attack, the method comprising: training a machine learning algorithm as a classifier based on a plurality of training data items, each training data item corresponding to a training VM and including a representation of parameters for a configuration of the training VM and a representation of characteristics of security attacks for the training VM; generating a data structure for storing one or more relationships between VM configuration parameters and attack characteristics, wherein the data structure is generated by sampling the trained machine learning algorithm to identify the relationships; determining a set of configuration parameters for the target VM; and identifying attack characteristics in the data structure associated with configuration parameters of the target VM as characteristics of attacks to which the target VM is susceptible.

Abstract: A computer implemented method to identify one or more parameters of a configuration of a target virtual machine (VM) in a virtualized computing environment used in a security attack against the target VM, the security attack exhibiting a particular attack characteristic, is disclosed.

Abstract: A multi-stage event detector for monitoring a system to detect the occurrence of multistage events in the monitored system, the multi-stage event detector includes: one or more event detecting detector units (142, 144) for detecting observable events occurring on the monitored system; one or more parameter generating detector units (152, 154) for generating parameter values which vary over time dependent on the behavior of the monitored system; a hidden state determiner (120) for determining a likely sequence of states of interest of the system based on the outputs of the one or more event detecting detector units; and a transition determiner (130) for determining a likely transition occurrence based on a comparison of a set of values of a parameter or set of parameters generated by one or more of the one or more parameter generating detector units with a plurality of pre-specified functions or sets of values of a corresponding parameter or set of parameters associated with different transition occurrences.

Abstract: A multi-stage event detector for monitoring a system, the multi-stage event detector including: a process generator operable to generate main and sub-processes, each main and sub-process being operable to generate and initiate a detection agent each of which is operable to be triggered by detecting the occurrence of a trigger event and to report back to its generating process or sub-process upon being so triggered. Each process or sub-process is operable to respond to receipt of a report from a triggered detection agent by reporting the detection of a multi-stage event to an overall controller.

Abstract: Methods may be used by a Multi Radio Resource Management function for assisting the control of a User Terminal's access to an access network domain in a radio communications network. The MRRM function is arranged to communicate with a first radio access network domain to which a first authorization entity, A1, authorizes UTs access, and to communicate with at least a second radio access network domain to which a second authorization entity, A2, authorizes UTs access. The methods include receiving at least one radio resource information message, RRIM, from the second access network domain, the message comprising at least one parameter value, X2, of at least one radio resource parameter, P2, related to the traffic load and/or the radio resource consumption and/or the characteristics of at least one radio traffic channel, associated with said second access network domain.

Abstract: A multi-stage event detector for monitoring a system, the multi-stage event detector including: a process generator operable to generate main and sub-processes, each main and sub-process being operable to generate and initiate a detection agent each of which is operable to be triggered by detecting the occurrence of a trigger event and to report back to its generating process or sub-process upon being so triggered. Each process or sub-process is operable to respond to receipt of a report from a triggered detection agent by reporting the detection of a multi-stage event to an overall controller.

Abstract: A multi-stage event detector for monitoring a system to detect the occurrence of multistage events in the monitored system, the multi-stage event detector includes: one or more event detecting detector units (142, 144) for detecting observable events occurring on the monitored system; one or more parameter generating detector units (152, 154) for generating parameter values which vary over time dependent on the behaviour of the monitored system; a hidden state determiner (120) for determining a likely sequence of states of interest of the system based on the outputs of the one or more event detecting detector units; and a transition determiner (130) for determining a likely transition occurrence based on a comparison of a set of values of a parameter or set of parameters generated by one or more of the one or more parameter generating detector units with a plurality of pre-specified functions or sets of values of a corresponding parameter or set of parameters associated with different transition occurrences.

Abstract: A method is disclosed for assisting a handover of a data session from a first routing path, associated with a first access network, to an alternative routing path, associated with an alternative access network. Data is routed over the first access network to a UT by binding a session identifier to a first routing identifier. The session identifier and the first routing identifier are defined in accordance with a standard protocol routing scheme of the first access network. The method comprises receiving a capability message uniquely identifying the UT according to both a standard protocol routing scheme of said first access network, and an alternative standard protocol routing scheme of said alternative access network. The method further comprises creating an alternative routing identifier complying with the alternative standard protocol routing scheme, associating the alternative routing identifier with the UT, and associating the session identifier with the alternative routing identifier.

Abstract: A method of authenticating a user to a service provider by means of an authentication provision unit, the method comprising: in a first stage of the method: receiving credentials from a user; determining whether the credentials received from the user represent a valid logon; and if that determination is positive: generating at least one network address comprising a domain address and at least one instance parameter, the instance parameter uniquely identifying the user and the instance of generation of the network address; and providing the network address to the user; and in a second stage of the method: receiving a parameter from a service provider; determining whether the received parameter indicates a valid attempt to log on to the service provider by checking that the received parameter matches an instance parameter that has previously been issued to a user and that has not previously been received from a service provider; and if that determination is positive: signalling to the service provider over a se

Abstract: The present invention relates to communications, and in particular though not exclusively to forming a secure connection between two untrusted devices. The present invention provides a method of securely connecting a first device (A) to a second device (B) using a third party authentication server (AS) coupled to the second device, the first device and the authentication server both having first device shared secret data (SSDa) and the second device and the authentication server both having second device shared secret data (SSDb).

Abstract: A method and devices for performing a handover of a data unit based communication that involves a sequence of data units from a first connection (51) between a first sender (10) and a receiver (4) to a second connection (52) between a second sender (20) and said receiver (4), which comprises indicating to the receiver (4) a reference data unit among data units provided to both the first sender (10) and the second sender as a part of the handover, and where the receiver, based on the reference data unit, keeps a record for identifying such data units among those data units provided to both the first sender (10) and the second sender (20) that were sent over the first connection (51) and successfully received by the receiver (4), prior to the communication having been passed to the second communication (52).

Abstract: The invention provides a method, to be used by a network node, for assisting a handover of a data session from a first routing path, associated with a first access network, to an alternative routing path, associated with an alternative access network, wherein data is routed over said first access network to a UT by binding a session identifier to a first routing identifier, wherein said session identifier and said first routing identifier are defined in accordance with a standard protocol routing scheme of said first access network, the method comprising the following steps: receiving a capability message uniquely identifying said UT according to a standard protocol routing scheme of said first access network and according to an alternative standard protocol routing scheme of said alternative access network, creating an alternative routing identifier for said session complying with the standard protocol routing scheme of said alternative access network and associating said alternative routing identifier wi