Abstract: Various embodiments of the invention disclosed herein provide techniques for transforming and distributing data in a distributed computing system. New data types are created on-demand by deriving, transforming, and aggregating data from already existing data sources. A data transformation engine identifies a first subscription request received from a first subscriber for a first resource included in a plurality of resources. The data transformation engine determines that the first resource is not available from any publisher included in a plurality of publishers. The data transformation engine generates a transformation rule that transforms a set of second resources available from a set of first publishers included in the plurality of publishers into the first resource. The data transformation engine transforms the set of second resources into the first resource based on the inferred transformation rule. The data transformation engine publishes the first resource to the first subscriber.

Abstract: A parallelized method for authenticating and/or signing a DNS query using DNSSEC is disclosed. The method provides for obtaining, at a validating DNSSEC-aware DNS client, a DNS query for a resource record for a fully qualified domain name (FQDN); segmenting the FQDN into more than one specific sub-FQDN; providing, in parallel, a DNS query for a DNSSEC-related resource record for each of the more than one specific sub-FQDN to a respective authoritative name server or recursive resolver; obtaining, in parallel, the DNSSEC-related resource record for each of the more than one specific sub-FQDN; validating, in parallel, the DNSSEC-related resource record for each of the more than one specific sub-FQDN; combining each of the DNSSEC-related resource record for each of the more than one specific sub-FQDN; and verifying a chain-of-trust of the DNSSEC-related resource records.

Abstract: A publish-subscribe network includes a network infrastructure configured to support the exchange of data. An intrusion detection system is coupled to the network infrastructure and configured to process signals received from that infrastructure in order to detect malicious attacks on the network infrastructure. The intrusion detection system includes an evaluator that generates a set of indicators based on the received signals. The evaluator models these indicators as stochastic processes, and then predicts an attack probability for each indicator based on a predicted future state of each such indicator. The evaluator combines the various attack probabilities and determines an overall attack level for the network infrastructure. Based on the attack level, the intrusion detection system dispatches a specific handler to prevent or mitigate attacks.

Abstract: A method determines the level of physical demand required of an individual to face a given path, especially a bicycle-touring route. The method includes the steps of determining a physical profile of the individual, i.e. his/her ability to sustain a given effort during physical activity, determining the degree of difficulty of the path and comparing the physical profile with the degree of difficulty to determine the level of physical demand required of the individual. The method can be advantageously carried out by a program installed on a server with a Web interface, or by an application for a smart phone, a tablet or a PC.

Abstract: A parallelized method for authenticating and/or signing a DNS query using DNSSEC is disclosed. The method comprises obtaining, at a validating DNSSEC-aware DNS client, a DNS query for a resource record for a fully qualified domain name (FQDN); segmenting the FQDN into more than one specific sub-FQDN; providing, in parallel, a DNS query for a DNSSEC-related resource record for each of the more than one specific sub-FQDN to a respective authoritative name server or recursive resolver; obtaining, in parallel, the DNSSEC-related resource record for each of the more than one specific sub-FQDN; validating, in parallel, the DNSSEC-related resource record for each of the more than one specific sub-FQDN; combining each of the DNSSEC-related resource record for each of the more than one specific sub-FQDN; and verifying a chain-of-trust of the DNSSEC-related resource records.

Abstract: Various embodiments of the invention disclosed herein provide techniques for transforming and distributing data in a distributed computing system. New data types are created on-demand by deriving, transforming, and aggregating data from already existing data sources. A data transformation engine identifies a first subscription request received from a first subscriber for a first resource included in a plurality of resources. The data transformation engine determines that the first resource is not available from any publisher included in a plurality of publishers. The data transformation engine generates a transformation rule that transforms a set of second resources available from a set of first publishers included in the plurality of publishers into the first resource. The data transformation engine transforms the set of second resources into the first resource based on the inferred transformation rule. The data transformation engine publishes the first resource to the first subscriber.

Abstract: One embodiment of the invention disclosed herein provides techniques for managing data access in a distributed computing system. A site engine detects a first subscription request from a first subscriber for a first data object included in a plurality of data objects. The site engine determines whether the first data object is locally available within a first site that is included in a plurality of sites and associated with the first subscriber. If the first data object is locally available within the first site, then the site engine services the first subscription request locally within the first site. If the first data object is not locally available within the first site, then the site engine establishes a peer-to-peer relationship with a second site that is included in the plurality of sites for accessing the first data object via the second site.

Abstract: A publish-subscribe network includes a network infrastructure configured to support the exchange of data. An intrusion detection system is coupled to the network infrastructure and configured to process signals received from that infrastructure in order to detect malicious attacks on the network infrastructure. The intrusion detection system includes an evaluator that generates a set of indicators based on the received signals. The evaluator models these indicators as stochastic processes, and then predicts an attack probability for each indicator based on a predicted future state of each such indicator. The evaluator combines the various attack probabilities and determines an overall attack level for the network infrastructure. Based on the attack level, the intrusion detection system dispatches a specific handler to prevent or mitigate attacks.

Abstract: Methods, apparatus, systems, and computer-readable media for detecting denial-of-service (“DoS”) attacks include analyzing signals between a publisher and a plurality of subscribers; determining a probability that the signals are a DoS attack based on sampled variables; driving, via the processor, a probabilistic finite state machine having a plurality of states in which state transitions are based on computed probability; performing preventative processing based on state transitions determined by the probability exceeding at least a first threshold in the probabilistic finite state machine; and performing mitigating processing based on state transitions determined by the probability exceeding an alert threshold in the probabilistic finite state machine.