Abstract: The deterministic packet marking (DPM) method is based on marking packets with the partial address information of ingress interface only. The attack victim is able to recover the complete address(es) information after receiving several packets from a particular attacking host or hosts. The full path is not really essential for the traceback since it can be different for different packets for different reasons.

Abstract: Implementations and techniques for allocating bandwidth in a resilient packet ring network by a P-type controller are generally disclosed.

Abstract: Implementations and techniques for allocating bandwidth in a resilient packet ring network by a PI-type controller are generally disclosed.

Abstract: Techniques for transferring data among nodes on a network are disclosed. Some example methods include a downloader-initiated random linear network coding algorithm. A downloading node may be aware of the chunks of original data held by neighboring nodes, and the downloading node can request linear combinations of chunks from the neighboring nodes that are linearly independent of any linear combinations of chunks already held by the downloading node.

Abstract: Techniques for managing resources in a point-to-multipoint (P2MP) network are disclosed. In some examples, a root station is adapted to transmit and receive network packets and leaf stations are adapted to transmit and receive the network packets from the root station. An electrical control system can be adapted to adjust a control error toward a zero value and adjust an output toward a steady state. The electrical control system may include feedback to control the root station based, at least in part, on the output of the electrical control system.

Abstract: A dynamic upstream bandwidth allocation scheme is disclosed, i.e., limited sharing with traffic prediction (LSTP), to improve the bandwidth efficiency of upstream transmission over PONs. LSTP adopts the PON MAC control messages, and dynamically allocates bandwidth according to the on-line traffic load. The ONU bandwidth requirement includes the already buffered data and a prediction of the incoming data, thus reducing the frame delay and alleviating the data loss. ONUs are served by the OLT in a fixed order in LSTP to facilitate the traffic prediction. Each optical network unit (ONU) classifies its local traffic into three classes with descending priorities: expedited forwarding (EF), assured forwarding (AF), and best effort (BE). Data with higher priority replace data with lower priority when the buffer is full. In order to alleviate uncontrolled delay and unfair drop of the lower priority data, the priority-based scheduling is employed to deliver the buffered data in a particular transmission timeslot.

Abstract: Technologies are generally described for substantially maximizing capacity in a wavelength division multiplexing (WDM) passive optical network (PON). An “achievable rate region” may be defined as a set containing admissible traffic rates of a given WDM PON system such that a volume of an achievable rate region is proportional to a capacity of the network. Deriving the achievable rate region for a particular network, decisions may be made whether incoming traffic rate can or cannot be achieved for that network. Moreover, the achievable rate region may be used to construct a WDM PON utilizing a minimum number of wavelengths, a minimum number of lasers with narrowest tuning ranges, and a minimum number of receivers, thereby reducing a capital expenditure in building the PON system.

Abstract: Techniques for managing resources in a point-to-multipoint (P2MP) network are disclosed. In some examples, a root station is adapted to transmit and receive network packets and leaf stations are adapted to transmit and receive the network packets from the root station. An electrical control system can be adapted to reduce an amount of time for the electrical control system to produce a steady state output and to define a maximum boundary for the output. The electrical control system may include feedback to control the root station based, at least in part, on the output of the electrical control system.

Abstract: Techniques for partitioning and/or combining at least a portion of an optical network tree including one or more array waveguide gratings (“AWGs”) and fibers in wavelength division multiplexing (“WDM”) passive optical networks (“PON”) with cascaded AWGs are disclosed. Example methods include deriving the optimal positions for the AWGs to minimize fiber cost and then determining the arrangement of cascaded AWGs to minimize the total cost of AWGs and fibers. Determining the arrangement of cascaded AWGs may include recursive partitioning followed by recursive combination. An example recursive partition-combination based algorithm for optimizing a tradeoff between the AWG cost and the fiber cost is disclosed.

Abstract: Techniques of scheduling data packets are disclosed. For example, such data packet scheduling techniques may be employed to schedule data packets on wired and/or wireless networks. An example embodiment includes techniques for scheduling voice-over-Internet protocol data packets transmitted between a base station and a subscriber station on a WiMAX network.

Abstract: An exemplary method of controlling communications includes determining a total congestion window size for a router device. An allocation of at least a portion of the determined total congestion window size to allocated at least one mobile station that communicates with the router device over a wireless link is determined based on the determined total congestion window size. The determined allocation is then reported to a source of a communication intended for the at least one mobile station.

Abstract: A method of scheduling tasks for active network measurement includes identifying a first measurement task for measuring a first network parameter and a second measurement task for measuring a second network parameter. It is determined whether there is a conflict between the first measurement task and the second measurement task. A first execution time of the first measurement task and a second execution time of the second measurement task are also determined. A task schedule is generated based at least in part on the first execution time, the second execution time, and whether there is the conflict between the first measurement task and the second measurement task. The task schedule is further generated based at least in part on a color graph.

Abstract: A technique to mitigate low rate Denial-of-Service (DoS) attacks at routers in the Internet is described. In phase 1, necessary flow information from the packets traversing through the router is stored in fast memory; and in phase 2, stored flow information is periodically moved to slow memory from the fast memory for further analysis. The system detects a sudden increase in the traffic load of expired flows within a short period. In a network without low rate DoS attacks, the traffic load of all the expired flows is less than certain thresholds which are derived from real Internet traffic analysis. The system can also include a filtering solution to drop attack packets. The filtering scheme treats the long-lived flows in the Internet preferentially, and drops the attack traffic by monitoring the queue length if the queue length exceeds a threshold percent of the queue limit.

Abstract: A low rate DoS attack detection algorithm is used, which relies on a characteristic of the low rate DoS attack in introducing high rate traffic for short periods, and then uses a proactive test based differentiation technique to filter the attack packets. The proactive test defends against DDoS attacks and low rate DoS attacks which tend to ignore the normal operation of network protocols, but it also differentiates legitimate traffic from low rate DoS attack traffic instigated by botnets. It leverages on the conformity of legitimate flows, which obey the network protocols. It also differentiates legitimate connections by checking their responses to the proactive tests which include puzzles for distinguishing botnets from human users.

Abstract: A method including identifying at least two subsets of pixels within a block of an image; forming a plurality of pixel groups from the at least two subsets of pixels, each pixel group having at least one pixel from a first of the at least two subsets and at least one pixel from a second of the at least two subsets; producing a plurality of difference values, each pixel group providing one of said difference values, each difference value being based on differences between pixel values of pixels within one of the pixel groups; and modifying pixel values of pixels in less than all of the at least two subsets, thereby embedding a bit value into the block.

Abstract: Methods and apparatus are provided for encoding a pixel domain image with hidden data by modifying the histogram of the pixel domain image to make space for such hidden data.

Abstract: Embodiments are directed to an Autonomous System-based Edge Marking (ASEM) for Internet Protocol (IP) traceback. In particular, the embodiments are a system and a method for IP traceback that receives one or more packets at routers; inscribes packets only at marking routers with autonomous system (AS) level and marking information; and forwards the marked packets to edge routers and other routers for verification. Additionally the packets are marked based on a probability measure and Border Gateway Protocol (BGP) routing table information is the AS level information used for marking and verification.

Abstract: Embodiments are directed toward a method for Behavior-based Traffic Differentiation (BTD) that initially receives incoming packets and performs traffic classification to determine the protocol of the incoming packets. In addition, BTD performs bandwidth division/allocation to further support traffic classification amongst non-TCP traffic such as UDP and ICMP. For TCP traffic, the method for BTD determines whether a TCP connection has been established and performs at least one of rate limiting, waiting time reduction for half-open connections, and incrementing backlog queue size when the TCP connection has not been established. If the TCP connection has been established successfully, the method for BTD further includes proactive tests for traffic differentiation which identify normal traffic, which is admitted, and attack traffic, which is dropped.

Abstract: Sharing a resource may include the use of label values associated with information units presented to the resource. The label values may be determined based on, for example, arrival rates and/or committed flow rates. Criteria may be applied to label values to determine if the associated information units may be dropped.

Abstract: A dynamic upstream bandwidth allocation scheme is disclosed, i.e., limited sharing with traffic prediction (LSTP), to improve the bandwidth efficiency of upstream transmission over PONs. LSTP adopts the PON MAC control messages, and dynamically allocates bandwidth according to the on-line traffic load. The ONU bandwidth requirement includes the already buffered data and a prediction of the incoming data, thus reducing the frame delay and alleviating the data loss. ONUs are served by the OLT in a fixed order in LSTP to facilitate the traffic prediction. Each optical network unit (ONU) classifies its local traffic into three classes with descending priorities: expedited forwarding (EF), assured forwarding (AF), and best effort (BE). Data with higher priority replace data with lower priority when the buffer is full. In order to alleviate uncontrolled delay and unfair drop of the lower priority data, the priority-based scheduling is employed to deliver the buffered data in a particular transmission timeslot.