Abstract: A method and system for tracing-back single packets based on storing only one record per flow, ‘FlowId’, observed by a router on a given interface and in a given time window ‘Time Period’. This record can be seen as a canonical representation for all packets seen during this window. A malicious packet may be traced back to its origin by identifying the port of arrival based on that packet time of arrival X and the FlowId.

Abstract: Roughly described, a portable, removable memory device also includes a display for rendering images stored in the memory device in standalone mode. The memory device has a standard attachment interface to enable attachment and communication with different kinds of hosts. It also includes at least sufficient intelligence to be able to transform image file formats to satisfy user preferences or the requirements of different hosts. The device can be used as an interchangeable memory card, and also as a simple and easy way of sharing digital images.

Abstract: A method and apparatus for collecting power distribution system data is provided. The method includes communicatively coupling a plurality of node electronic units to a digital network, communicatively coupling at least one central control processing unit (CCPU) to the digital network, executing a data capture software module running on the at least one CCPU wherein the module includes a data capture buffer and a secondary buffer, and activating the data capture module in response to a triggering event. The apparatus includes a plurality of node electronic units, at least one central control processing unit (CCPU), and a data capture software module running on the at least one CCPU wherein the module includes a data capture buffer and a secondary buffer wherein the module is configured to collect data in the data capture buffer and the secondary buffer, and the module is configured to activate in response to a triggering event.

Abstract: A method of monitoring and controlling a power distribution system is provided. The power distribution system includes a plurality of circuit breakers, a plurality of node electronic units, and wherein each associated circuit breaker is electrically coupled with each respective node electronic unit. The system also includes at least one digital network, and at least one central control processing unit (CCPU) wherein each CCPU includes a first power system global information set, and each CCPU is communicatively coupled to the plurality of node electronic units. The method includes transmitting at least one digital message from each node electronic unit to each CCPU over a respective network, determining an operational state of the power distribution system from the digital message, and transmitting at least one multicast message from each CCPU to each node electronic unit such that the circuit breakers are operable from each CCPU.

Abstract: The Time to Live (TTL) field in an IP header is used as a covert channel in a communication system. More particularly the TTL field can be used to selectively mark packets with unique identifiers as they pass through an upstream station on their way to a downstream station. In this way the source of a traffic flow at least within a particular domain can be absolutely identified. This method of performing a traceback operation doesn't utilize additional resources as it relies on functionality which already exists in the system.

Abstract: A system and method of tracing network flows in an autonomous communications system are described. The Autonomous System may be formed of multiple subgroups depending on size and application. Each subgroup contains multiple, interconnected routers which participate in transporting data flow across the Autonomous System (AS). A Director within the AS has a full and complete vision of the network topology. When it is desired to trace a particular flow because of an identified attack, selected routers in key locations—through which that particular flow travels—mark packets with labels which enable the tracing of the path. These labels permit the source of the attack, at least in so far as it travels through the AS, to be identified. If the number of entry (or key) points to the AS is larger than the number of available labels, the AS will be divided into subgroups, the flow is traced from subgroup to subgroup.

Abstract: Systems and methods of mitigating attacks, such as Denial of Service (DoS) attacks, in a communications network are presented. Source addresses of packets received at network devices are monitored in relation to known reliable addresses stored in a decision engine. If the source address, as stored in a source table, is known as being legitimate the packets are placed in a high priority queue for transmission at the highest rate. Packets with an unknown address are placed in a lower priority queue, the source address stored in a different source table, and the packet is serviced at a lower rate. Packets that become known to be legitimate are moved from the unknown table to the table from which high priority queues are serviced. In this way, an attacker that employs spoofing techniques is prevented from overtaxing network resources.

Abstract: A method and apparatus for monitoring a communication network is provided. The network includes a plurality of node electronics units communicatively coupled to at least one central control processing unit through at least one network wherein each network includes a network switch. The method includes coupling a monitoring domain to the network, and receiving at least one of network traffic transmitted on at least one of the monitored links, and network traffic received on at least one of the monitored links through at least one monitoring link. The apparatus includes a plurality of node electronics units communicatively coupled to at least one central control processing unit through at least one network wherein each network includes a network switch, and wherein the apparatus comprises a monitoring domain.

Abstract: Some individuals undergoing GPIIb-IIIa receptor antagonist therapy have an increased incidence of thrombocytopenia. The invention relates to an assay useful for the prediction and diagnosis of GPIIb-IIIa receptor antagonist-induced therapy.

Abstract: A method of monitoring and controlling a power distribution system is provided. The power distribution system includes a plurality of circuit breakers, a plurality of node electronic units, and wherein each associated circuit breaker is electrically coupled with each respective node electronic unit. The system also includes at least one digital network, and at least one central control processing unit (CCPU) wherein each CCPU includes a first power system global information set, and each CCPU is communicatively coupled to the plurality of node electronic units. The method includes transmitting at least one digital message from each node electronic unit to each CCPU over a respective network, determining an operational state of the power distribution system from the digital message, and transmitting at least one multicast message from each CCPU to each node electronic unit such that the circuit breakers are operable from each CCPU.

Abstract: A protection system for a power distribution system is provided. The protection system includes a central computer, a plurality of data modules, and a data network. The data modules are each in communication with a different circuit breaker of the power distribution system. The data network communicates between the central computer and the plurality of data modules. The central computer sends an instruction to the plurality of data modules over the data network to aid in synchronization of sampling of a power condition at the plurality of data modules.

Abstract: A method for operating a power distribution system is provided. The power distribution system includes a plurality of components, and at least one node electronics unit coupled to at least one control processing unit. The method includes associating a unique identifier with at least one component class of the power distribution system, identifying each component based on the identifier, determining a specification associated with each identifier, and operating at least one of the node electronics unit and the control processing unit based on the determined specification.

Abstract: A method and system for determining a configuration of a redundant critical control system is provided. The method includes receiving power distribution system operating characteristic information, using a computer, determining a plurality of alternative configurations of the power distribution system that are consistent with the operating characteristic information and determining efficiency characteristics of each of the alternative configurations, and selecting a configuration from the plurality of alternative configurations. The system includes a computer system configured to receive power distribution system operating characteristic information, determine a plurality of alternative configurations of the power distribution system that are consistent with the operating characteristic information and determine life-cycle cost characteristics of each of the alternative configurations, and select a configuration from the plurality of alternative configurations.

Abstract: A method and apparatus for operating a power distribution system circuit breaker is provided. The circuit breaker includes an associated node electronics unit wherein a node electronics unit redundancy requirement is predetermined. The method includes monitoring electrical system parameters associated with the circuit breaker with the node electronics unit, communicating the electrical system parameters over a digital network to at least one central control processing unit, receiving commands and actions from the at least one central control processing unit over the digital network, determining circuit breaker actuation commands based at least partially on the received commands and actions, and operating the circuit breaker based on the circuit breaker actuation commands.

Abstract: Methods of preventing flooding-type denial-of-service attacks in a computer-based network are described. Connection establishing messages known as SYN packets are matched with connection terminating messages (FIN packets) by using a hash algorithm. The hash algorithm or message digest uses source and destination IP addresses, port numbers, and a secret key as input parameters. The SYN packets and FIN packets are mapped to buckets using the hash algorithm and statistics are maintained for each bucket. A correspondence between SYN packets and FIN packets is maintained to close a security hole.

Abstract: A method and apparatus for collecting power distribution system data is provided. The method includes communicatively coupling a plurality of node electronic units to a digital network, communicatively coupling at least one central control processing unit (CCPU) to the digital network, executing a data capture software module running on the at least one CCPU wherein the module includes a data capture buffer and a secondary buffer, and activating the data capture module in response to a triggering event. The apparatus includes a plurality of node electronic units, at least one central control processing unit (CCPU), and a data capture software module running on the at least one CCPU wherein the module includes a data capture buffer and a secondary buffer wherein the module is configured to collect data in the data capture buffer and the secondary buffer, and the module is configured to activate in response to a triggering event.

Abstract: Methods of detecting TCP SYN flooding attacks at a router located between a LAN and a network such as the Internet are described. The methods rely on a counting arrangement in which SYN and Fin packets are counted on both the LAN side and the network or Internet side of the router during a time interval. Weighting factors are applied to each count, the factor for the LAN side count having the opposite polarity to the factor for the network side count. The absolute values of the sums of the weighting factors of like polarity are equal. An abnormal number of unsuccessful connection attempts are determined based on a parameter calculated using the weighting factors in conjunction with the respective counts.

Abstract: A mechanism for detecting denial of service attacks in a digital communications system is described. A probabilistically determined portion of input packets of a connection are processed using a hash function to determine whether the packets belong to the flow initiated by a TCP SYN packet. The hash function includes a secret key for additional security. The result of the hash function is added to a value which is dependent on the sequence number of a packet being processed.

Abstract: A method for communicating information bundled in digital message packets via a digital network communication system is provided. The digital network communication system a sample source and each packet includes a header and a communication payload area. The method includes sampling the source at a first sample rate, selecting at least one decimation of the samples based on at least one of a plurality of algorithmic data rates and a channel bandwidth, determining a packet rate based on a plurality of algorithmic latency requirements, and transmitting the digital message packet containing decimated data on the digital network.

Abstract: A main unit pumps the transferred liquid actuated by an auxiliary unit for pumping a working liquid. The auxiliary unit comprises a piston provided with an axial drilling (bore) for circulating working liquid between a tank and a compression chamber. The piston further comprises a valve for closing the drilling, the valve housed in the drilling between two ends thereof in permanent communication with the tank and the compression chamber respectively. The valve opens when the pressure of the working liquid in the tank exceeds that of the working liquid in the compression chamber and closes in the opposite situation. The compression chamber is delimited by a flexible diaphragm for pumping transferred liquid. The diaphragm is constantly elastically returned to the first position by a diaphragm spring.