Abstract: Systems, methods, and non-transitory computer-readable storage media for synchronizing timestamps of a sensor report to the clock of a device. In one embodiment, the device receives a report from a sensor of a node. The report can include a network activity of the node captured by the sensor and a first timestamp relative to the clock of the node. The device can then determine a second timestamp relative to the clock of the collector indicating receipt of the report by the device and from the sensor at the node. The device can also determine a delta between the first timestamp and the second timestamp, and a communication latency associated with a communication channel between the device and the sensor. Next, the device can adjust the delta based on the communication latency, and generate a third timestamp based on the adjusted delta.

Abstract: Systems, methods, and computer-readable media for hierarchichal sharding of flows from sensors to collectors. A first collector can receive a first portion of a network flow from a first capturing agent and determine that a second portion of the network flow was not received from the first capturing agent. The first collector can then send the first portion of the network flow to a second collector. A third collector can receive the second portion of the network flow from a second capturing agent and determine that the third collector did not receive the first portion of the network flow. The third collector can then send the second portion of the network flow to the second collector. The second collector can then aggregate the first portion and second portion of the network flow to yield the entire portion of the network flow.

Abstract: Managing a network environment to identify spoofed packets is disclosed. A method includes analyzing, via a first capture agent, packets processed by a first environment in a network associated with a first host, and analyzing, via a second capture agent, packets processed by a second environment in the network associated with a second host. The method includes collecting the first data and the second data at a collector and generating a topological map of the network and a history of network activity associated with the first environment and the second environment. The method includes extracting network data from a packet and comparing the extracted network data with stored network data in the database. When the comparison indicates that the extracted network data does not match the stored network data (i.e., the reported source does not match an expected source for the packet), determining that the packet is a spoofed packet.

Abstract: A method includes capturing first data associated with a first packet flow originating from a first host using a first capture agent deployed at the first host to yield first flow data, capturing second data associated with a second packet flow originating from the first host from a second capture agent deployed outside of the first host to yield second flow data and comparing the first flow data and the second flow data to yield a difference. When the difference is above a threshold value, the method includes determining that a hidden process exists and corrective action can be taken.

Abstract: An example method includes calculating latency bounds for communications from two sensors to a collector (i.e., maximum and minimum latencies). After the collector receives an event report from the first sensor and an event report form the second sensor, the collector can determine, using the latency bounds, whether one event likely preceded the other.

Abstract: A method includes analyzing, via a first capturing agent, packets processed in a first environment associated with a first host to yield first data. The method includes analyzing, via a second capturing agent, packets processed by a second environment associated with a second host to yield second data, collecting the first data and the second data at a collector to yield aggregated data, transmitting the aggregated data to an analysis engine which analyzes the aggregated data to yield an analysis. Based on the analysis, the method includes identifying first packet loss at the first environment and second packet loss at the second environment.

Abstract: Systems, methods, and computer-readable media for collector high availability. In some embodiments, a system receives, from a first collector device, a first data report generated by a capturing agent deployed on a host system in a network. The system can also receive, from a second collector device, a second data report generated by the capturing agent deployed on the host system. The first and second data reports can include traffic data captured at the host system by the capturing agent during a period of time. The system can determine that the first data report and the second data report are both associated with the capturing agent, and identify duplicate data contained in the first data report and the second data report. The system can then deduplicate the first and second data reports to yield a deduplicated data report.

Abstract: The technologies described herein identify multiple electronic devices belonging to the same group. A computer system receives, from network accessing applications of a plurality of electronic devices, internet protocol (IP) trajectory information about the network accessing applications via a network. The IP trajectory information includes a user identifier, a list of IP addresses associated with each of the network accessing applications, and timestamps specifying times each of the network accessing applications accesses the network. The computer system identifies and removes commercial IP addresses from the list of IP addresses, analyzes IP trajectory information to retrieve a most commonly used IP address for each of the network accessing applications during a certain period, and determines that different network accessing applications belong to the same group if the most commonly used IP addresses for the different network accessing applications are the same.

Abstract: Methods and apparatus for managing file distribution between publishing and subscribing devices are provided. At a transporter system, a publish request for publishing a version of the dataset is received from a publisher device, wherein the publish request has a predefined format that includes an identity of the dataset, an identity of the version of the dataset, and an identity of a location for the version of the dataset. The transporter system updates a registry to associate the dataset with the identity of the dataset, version, and location, and the transporter system automatically publishes the dataset to any subscribers devices that have previously sent subscribe requests for such dataset to the transporter system.

Abstract: A method and system for enabling the display of user selected content-portions of internet documents that have been selected by users of a content-portion selection service are disclosed. Accordingly, a content-portion selection service includes a web portal with a web page providing users with a snippet of code, which, when inserted into an internet document, causes the internet document to display selected content-portions from the content-portion selection service. The snippet of code can be configured to query the content-portion selection service for selected content-portions that were made by certain users, or, selection content-portions made on documents from certain domains, and so forth. The code associated with the user interface object displaying the selected content-portions can be configured to periodically query the content-portion selection service to retrieve up-to-date content-portion selections, thereby dynamically changing the content-portions appearing on a web page or internet document.

Abstract: A method and user interface object for invoking a content selection service to operate with a web page are disclosed. Consistent with one embodiment of the invention, a content selection web portal associated with a content selection service provides a web page for selecting one or more user interface objects to be added to a content provider's web page. Each user interface object is displayed with its associated snippet of code, making it simple for a web author to copy and paste the code into his or her own web page. Once embedded in a web page, the code snippet displays a user interface object (e.g., button) on the web page, and when pressed or selected, invokes a content selection service. Alternatively, the content selection service may be automatically invoked without requiring the selection of a button.

Abstract: A marketplace diagnostics framework for analyzing and managing online marketplaces.

Abstract: Methods and apparatus for executing an application are disclosed. In accordance with one embodiment, a request is received. One or more of a plurality of module types are instantiated such that a plurality of module objects are generated. A query plan linking the plurality of module objects is executed such that a response to the request is generated. The response is then returned.

Abstract: A marketplace diagnostics framework for analyzing and managing online marketplaces.

Abstract: The various embodiments herein disclose a method and system for enabling users to make assertions of suitability and have other users evaluate those assertions. According to an embodiment of the present invention, the method comprises steps of receiving an application along with a guarantee from an applicant. Herein, the application corresponds to one or more requirements; authenticating, by a guarantee verification module, the guarantee received from the applicant; evaluating, by an evaluation module, the suitability of the application with respect to the requirement; and deducting, by a deduction module, portion of the guarantee received from the applicant, if the application matches requirement, otherwise rejecting the application along with forfeiting the guarantee.

Abstract: A method and user interface object for invoking a user assertion service to operate with a web page are disclosed. Consistent with one embodiment of the invention, a web portal hosting a user assertion service enables an evaluator to include a user interface element on his requirement posting. An applicant can interact with the user interface object to assert his suitability for the requirement, by including a guarantee, and the evaluator can determine the suitability of the applicant's assertion. Consistent with one embodiment of the invention, a web portal enabling the user assertion service provides one or more web pages for configuring one or more user interface objects to be added respective to one or more requirements. Each user interface object is displayed with its associated snippet of code, making it simple for a web author to copy and paste the code into any web page, or internet connected application that he is creating or modifying.

Abstract: The present disclosure provides a system and method for suggesting a bidding keyword to an advertiser. The system includes a non-transitory processor-readable storage medium comprising a set of instructions for suggesting a bidding keyword to an advertiser; and a processor in communication with the storage medium. The processor is configured to execute the set of instruction to receive an advertisement creative from an advertiser; determine, based on the advertisement creative without using an externally input seed keyword, a recommended bidding keyword associated with the advertisement creative; and return the recommended keyword for online advertisement bidding.

Abstract: Methods and systems are provided that can include value-based quasi-proportional allocation of combinations of online content items, such as online advertisements, for potential serving on Web pages. Combinations may be assembled and valued. A highest valued or otherwise qualified subset of combinations may be identified for serving. Combinations of the highest valued subset may be allocated for serving, and served, in accordance with a value-based quasi-proportional allocation scheme.

Abstract: A method and system for enabling a user to selectively make one or more highlights on one or more objects in a currently displayed internet document in a web browser are disclosed. The highlighting functionality is enabled for the user without requiring the user to download and/or install custom software. Furthermore, it is not necessary for the user to register with the highlighting service providing the functionality. The user-generated highlights are persistent in the sense that they remain associated with, and are displayed on, the internet document during subsequent browsing sessions by the user or other users.

Abstract: A system and method automatically transforms preexisting advertising creatives adapted for a first content service environment into advertising creatives for a second content service environment. The transformed advertising creative are then suitable for initiating a new advertising campaign. In one example, the system transforms advertising creatives from search advertisements and display advertisements into creatives for a stream advertising campaign. Stream advertisements may then be placed into a stream of content displayed on a user device. The transformed advertising creatives may be included in a proposal to a prospective advertiser. The advertiser then can choose to accept the proposal. The process of creating new advertising creatives for the proposal to the advertiser is simplified, automated and made more efficient.