Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to control auditing devices, comprising a communications interface to transmit first auditing instructions to the auditing devices, a sampling frequency determiner to collect sampling information corresponding to a first number of stores at a first time, a a sample size determiner to calculate a second number of stores to sample based on the sampling information, and when a difference between the first number of stores and the second number of stores satisfies a threshold, improve an accuracy in the sampling information by calculating second auditing instructions having an updated sampling frequency.

Abstract: A system including one or more processors and one or more non-transitory computer-readable media storing computing instructions that, when executed on the one or more processors, cause the one or more processors to perform operations: training, using labeled training data and a list of substitutes for an item, a machine learning algorithm; determining, using the machine learning algorithm, as trained, a respective similarity score for each substitute of the list of substitutes; ranking each substitute of the list of substitutes based on its respective similarity score; and re-training the machine learning algorithm based on at least the labeled training data and a highest ranked substitute of the list of substitutes. Other embodiments are disclosed herein.

Abstract: A system including one or more processors and one or more non-transitory computer-readable media storing computing instruction that, when executed on the one or more processors, cause the one or more processors to perform operations: generating, using a training procedure, labels based at least in part on price band activity data from a time period; training, using the training procedure, an affinity prediction model of a machine learning architecture; analyzing, using the affinity prediction model of the machine learning architecture, as trained, the price band activity data indicating interactions of a user with items; and generating, using the labels and the affinity prediction model of the machine learning architecture, as trained, one or more price affinity predictions for one or more items for the user. Other embodiments are disclosed herein.

Abstract: A system including one or more processors and one or more non-transitory computer-readable media storing computing instructions configured to run on the one or more processors and perform generating personalized product-type metrics for the user based at least in part on a user embedding for the user and product-type embedding Gaussian mixture distributions; determining top product types based at least in part on personalized product-type complementarity metrics generated using the personalized product-type metrics and cosine similarity measurements; generating a set of first items associated with the top product-types; ranking each respective item in the set of first items generated using an item-level embedding Gaussian distribution for the anchor item and a respective item-level embedding Gaussian distribution for the each respective item; and selecting a set of top items as the personalized complementary item recommendations based on the ranking. Other embodiments are disclosed.

Abstract: This application relates to systems and methods for providing search results based on a primary intent. In some examples, a disclosed system includes a memory resource storing instructions; and one or more processors coupled to the memory resource. The one or more processors are configured to execute the instructions to: receive, from a user, a search query including a plurality of words, identify a plurality of intention terms from the words of the search query, compute, for each of the plurality of intention terms, a compatibility score between the intention term and a query context associated with the intention term, determine, from the plurality of intention terms, a primary intention term having a maximum compatibility score among the plurality of intention terms, and generate, based on the primary intention term, a set of intent-based search results in response to the search query, the set of intent-based search results identifying a set of items associated with the primary intention term.

Abstract: This disclosure describes techniques and mechanisms for improving security within SDWAN fabric and utilizing telemetry data from non-enterprise providers to remediate compromised SDWAN site(s) and/or user(s). The techniques may implement an integration of non-enterprise application(s) and API(s) with an enterprise network, thereby enabling the enterprise network to identify compromised endpoint(s), identify user(s), group(s), site(s) that are impacted, and take a corrective action (by the enterprise network and/or the non-enterprise application(s) or API(s)) on the enterprise fabric.

Abstract: A method including training a recurrent neural network model to create a trained model based at least in part on: (a) first images associated with first items on a website, (b) first search terms used by users of the website to search for the first items on the website, and (c) personal features of the users. The method also can include receiving an input image that was uploaded by a current user. The method additionally can include obtaining a user encoded representation vector for the current user based on a set of personal features of the current user. The method further can include generating an image encoded representation vector for the input image. The method additionally can include deriving search terms that are personalized to the current user for the one or more items depicted in the input image, using the trained model and based on the user encoded representation vector for the current user and the image encoded representation vector for the input image. Other embodiments are disclosed.

Abstract: In one embodiment, a method includes receiving, by a first node of a node cluster in a software-defined wide area network (SD-WAN), traffic from a wide area network (WAN), assigning, by the first node of the node cluster, flow ownership of the traffic to the first node, and communicating, by the first node of the node cluster, the traffic to a local area network (LAN). The method also includes receiving, by the first node of the node cluster, return traffic from a second node of the node cluster and detecting, by the first node of the node cluster, a diversion of the return traffic. The method further includes relinquishing, by the first node of the node cluster, the flow ownership and assigning, by the first node of the node cluster, the flow ownership to the second node of the node cluster.

Abstract: Techniques for user identity-based security policy enforcement. The techniques may include sending, to an edge device associated with a network, a networking policy associated with a user. The techniques may also include receiving, from an identity provider, an IP address associated with the user. Additionally, the techniques may include sending, to the edge device, an indication to associate the IP address with the user such that the edge device applies the networking policy to packets that include the IP address.

Abstract: In one embodiment, a method includes receiving, by a first node of a node cluster in a software-defined wide area network (SD-WAN), traffic from a wide area network (WAN), assigning, by the first node of the node cluster, flow ownership of the traffic to the first node, and communicating, by the first node of the node cluster, the traffic to a local area network (LAN). The method also includes receiving, by the first node of the node cluster, return traffic from a second node of the node cluster and detecting, by the first node of the node cluster, a diversion of the return traffic. The method further includes relinquishing, by the first node of the node cluster, the flow ownership and assigning, by the first node of the node cluster, the flow ownership to the second node of the node cluster.

Abstract: In one embodiment, a method includes receiving, by a first node of a node cluster in a software-defined wide area network (SD-WAN), traffic from a wide area network (WAN), assigning, by the first node of the node cluster, flow ownership of the traffic to the first node, and communicating, by the first node of the node cluster, the traffic to a local area network (LAN). The method also includes receiving, by the first node of the node cluster, return traffic from a second node of the node cluster and detecting, by the first node of the node cluster, a diversion of the return traffic. The method further includes relinquishing, by the first node of the node cluster, the flow ownership and assigning, by the first node of the node cluster, the flow ownership to the second node of the node cluster.

Abstract: In one embodiment, a network controller for a computer network receives details of a provisioned device and policy requirements for the provisioned device. The network controller may then determine, based on the details and policy requirements for the provisioned device, a plurality of network devices that the provisioned device is configured to communicate through, and may then translate the details and policy requirements for the provisioned device into a plurality of network-device-specific policies, each respective network-device-specific policy corresponding to one of the plurality of network devices that the provisioned device is configured to communicate through. As such, the network controller may then transmit a respective network-device-specific policy of the plurality of network-device-specific policies to the plurality of network devices that the provisioned device is configured to communicate through.

Abstract: In one embodiment, an authorized signing authority server receives an authenticity request from a security registrar to vouch for authenticity of a particular device. Based on receiving the authenticity request, the authorized signing authority server may then determine an authenticity state of the particular device, and may also request a device provisioning file for the particular device from a device provisioning server, the device provisioning file defining one or more network security policies for the particular device. Upon receiving the device provisioning file from the device provisioning server, the authorized signing authority server may then return the authenticity state and the device provisioning file for the particular device to the security registrar, causing the security registrar to complete authentication of the particular device based on the authenticity state and the device provisioning file.

Abstract: In one embodiment, an authorized signing authority server receives an authenticity request from a security registrar to vouch for authenticity of a particular device. Based on receiving the authenticity request, the authorized signing authority server may then determine an authenticity state of the particular device, and may also request a device provisioning file for the particular device from a device provisioning server, the device provisioning file defining one or more network security policies for the particular device. Upon receiving the device provisioning file from the device provisioning server, the authorized signing authority server may then return the authenticity state and the device provisioning file for the particular device to the security registrar, causing the security registrar to complete authentication of the particular device based on the authenticity state and the device provisioning file.

Abstract: In one embodiment, a network controller for a computer network receives details of a provisioned device and policy requirements for the provisioned device. The network controller may then determine, based on the details and policy requirements for the provisioned device, a plurality of network devices that the provisioned device is configured to communicate through, and may then translate the details and policy requirements for the provisioned device into a plurality of network-device-specific policies, each respective network-device-specific policy corresponding to one of the plurality of network devices that the provisioned device is configured to communicate through. As such, the network controller may then transmit a respective network-device-specific policy of the plurality of network-device-specific policies to the plurality of network devices that the provisioned device is configured to communicate through.