Abstract: Recording network traffic is disclosed. Data associated with a network flow are monitored. If it is determined that the data associated with the network flow satisfy a first criterion based at least in part on a prediction value that reflects a likelihood that the network flow will result in a security event, the data associated with the network flow are begun to be recorded even though a second criterion corresponding to the security event has not been satisfied.

Abstract: Analyzing security risk in a computer network includes receiving an event associated with a selected object in the computer network, and determining an object risk level for the selected object based at least in part on an event risk level of the event received, wherein the event risk level accounts for intrinsic risk that depends at least in part on the event that is received and source risk that depends at least in part on a source from which the event originated.

Abstract: Detecting access point MAC spoofing in a wireless digital network. A sensor in a wireless digital network learns the MAC address and operating channel for at least one access point. If the sensor detects frames being sent to a MAC address on a channel other than the channel associated with that MAC address, then the access point associated with the MAC address is being spoofed. These frames may be association frames, or data frames. If the sensor is running as part of an access point the sensor also knows what clients are associated with the access point. If the sensor detects frames indicating association, such as data frames, sent to its MAC address, but the client is not associated with the access point, then the access point is being spoofed. Similarly, if the sensor receives frames on a channel other than that associated with the access point and receives traffic for the access point's MAC address, the access point is being spoofed.

Abstract: Detecting a network security threat is disclosed. Network traffic is classified with a security risk related classification, the classification being determined at least in part by applying a threat detection heuristic to at least a portion of the network traffic. Classification data that indicates the security risk related classification into which the network traffic has been classified is added to the network traffic. The network traffic is subjected to a level of network security threat detection processing that corresponds to the security risk related classification into which the network traffic has been classified as determined based at least in part on the classification data.

Abstract: Configuring a device operating in a network environment comprises receiving a network policy from a policy authority, classifying the network policy based on the identity of the policy authority, determining a local policy according to the classification, and determining a device configuration change to comply with the network policy in accordance with the local policy. Configuring a device joining a network environment includes detecting that a device has joined the network environment, sending a network policy from a policy authority to the device, the network policy including authentication information for the policy authority, and notifying the presence of the device to a policy monitor.

Abstract: Network evasion and misinformation detection are disclosed. Techniques are provided for network security, including determining whether a particular packet, segment, frame, or other data encapsulation has been retransmitted. By detecting and tracking retransmits, the packet may be compared to the original packet to determine whether an attack exists. By evaluating the original data stream and a copy of the original data stream modified with the retransmitted packet, an evasion or misinformation attempt may be detected, invoking pattern or signature matching to determine whether an attack is attempted against a target host.

Abstract: Detecting network threats through dynamic depth inspection is disclosed. A mandatory threat detection procedure is performed on data received via a network. It is determined probabilistically whether to perform an optional threat detection procedure on at least a portion of the data. The optional threat detection procedure is then performed if it is determined that it should be performed.

Abstract: A method and related CAD system and computer readable medium. A method includes loading an object model in a CAD system, the object model including a plurality of parts each of which may contain one or more shapes which in turn are composed of multiple polygons. The method includes adding the shapes to a spatial tree, the shapes each corresponding to at least one cell, each cell corresponding to a spatial region of the object model. The method also includes, for each cell that is too complex to process within a memory space of the CAD system, subdividing the cell into a plurality of subcells using a first subdivision process. The method also includes subdividing each cell into a plurality of subcells using a multi-threaded subdivision process, and combining the subcells into the spatial tree.

Abstract: Enhancing security capability of a network is described. In some embodiments, the method comprises detecting a security threat, sending a request to a networked device on the network to perform a deputized function that is not ordinarily performed by the networked device, receiving response data from the networked device and processing the response data. In some embodiments, the method comprises receiving a request from a security authority on the network to perform a deputized function that is not ordinarily performed, performing the deputized function as requested and sending response data to the security authority to be further processed.

Abstract: Detecting a network worm is disclosed. Network traffic between a plurality of network nodes is monitored to determine if the traffic exhibits a characteristic associated with worm propagation. Responsive action is taken if it is determined that a portion of the network traffic does exhibit the characteristic associated with worm propagation. The characteristic associated with worm propagation comprises a data communication or a variant thereof arriving at a first node and propagating from the first node to a second node within a prescribed interval after arriving at the first node.

Abstract: Network evasion and misinformation detection are disclosed. Techniques are provided for network security, including determining whether a particular packet, segment, frame, or other data encapsulation has been retransmitted. By detecting and tracking retransmits, the packet may be compared to the original packet to determine whether an attack exists. By evaluating the original data stream and a copy of the original data stream modified with the retransmitted packet, an evasion or misinformation attempt may be detected, invoking pattern or signature matching to determine whether an attack is attempted against a target host.

Abstract: Network evasion and misinformation detection are disclosed. Techniques are provided for network security, including determining whether a particular packet, segment, frame, or other data encapsulation has been retransmitted. By detecting and tracking retransmits, the packet may be compared to the original packet to determine whether an attack exists. By evaluating the original data stream and a copy of the original data stream modified with the retransmitted packet, an evasion or misinformation attempt may be detected, invoking pattern or signature matching to determine whether an attack is attempted against a target host.

Abstract: Analyzing security risk in a computer network includes receiving an event associated with a selected object in the computer network, and determining an object risk level for the selected object based at least in part on an event risk level of the event received, wherein the event risk level accounts for intrinsic risk that depends at least in part on the event that is received and source risk that depends at least in part on a source from which the event originated.

Abstract: Evasion detection is disclosed. Techniques are provided for network security, including comparing a received header value to a baseline header value, determining based on the comparison whether a threshold has been satisfied, and generating an alert if the threshold has been satisfied. Header values may be representative of data included in packet headers that, depending upon a data communication protocol in use (e.g., TCP, IP, etc.) may include information such as a time-to-live (TTL) value or IP options. After retrieving a received packet's header value, it is compared to a baseline header value and, in combination with evaluating a flip count threshold, used to detect an evasion attempt.

Abstract: An apparatus for automatically detecting and selecting between progressively scanned and interlaced signals has an input video signal 11 applied to a progressive frame detector 12, a de-interlacer 14 and a compensating delay 13 which has the same latency as the de-interlacer 14. The progressive frame detector determines if the input video signal is an interlaced signal or a progressively scanned signal. If it is determined that the applied signal is interlaced, then output from the de-interlacer 14 is selected. If, on the other hand, it is determined that the applied signal is progressively scanned, then the input video signal is selected after passing through the compensating delay. In both instances, the selected output is a progressive video signal 19 which may be transmitted if the device is used in an encoder or applied to a display device if the apparatus is used in a decoder.

Abstract: A system and method are disclosed for analyzing security risks in a computer network. The system constructs asset relationships among a plurality of objects in the computer network and receives an event associated with a selected object, where the event has an event risk level. The system also propagates the event to objects related to the selected object if the event risk level exceeds a propagation threshold.

Abstract: Remote activation of covert service channels is provided. A remote host can initiate and establish a connection with a target host without exposing a service channel or communications port to an unauthenticated host. Triggers can be received by and sent to a host and an associated operating system, under direction of a stealth listener. The stealth listener provides can control and direct an operating system to respond to incoming data packets, but can also open and close ports to enable access to services on a host. Using a variety of transport mechanisms, protocols, and triggers to covertly enable a connection to be established between a service and a remote client, the disclosed techniques also enable reduction of processing and storage resources by reducing the amount of host or client-installed software.

Abstract: Remote activation of covert service channels is provided. A remote host can initiate and establish a connection with a target host without exposing a service channel or communications port to an unauthenticated host. Triggers can be received by and sent to a host and an associated operating system, under direction of a stealth listener. The stealth listener provides can control and direct an operating system to respond to incoming data packets, but can also open and close ports to enable access to services on a host. Using a variety of transport mechanisms, protocols, and triggers to covertly enable a connection to be established between a service and a remote client, the disclosed techniques also enable reduction of processing and storage resources by reducing the amount of host or client-installed software.

Abstract: A golfing aid, in particular a golf training aid for promoting a correct swing path and alignment, both when hitting golf balls with irons and woods and putting with a putter, and a golf training system.

Abstract: A system, method, and computer program for storing a polygonal topology, comprising representing a primitive with a plurality of vertices, internal half-edges and external half-edges; and storing said plurality of vertices in a vertex array and said plurality of external half-edges in a half-edge array, wherein said arrays are indexed and parallel to one another; whereby said primitive is re-created from said parallel array with said internal half-edges that are implicit from a primitive structure and appropriate means and computer-readable instructions.