Abstract: A method for detecting intrusions that employ messages of two or more protocols is disclosed. Such intrusions might occur in Voice over Internet Protocol (VoIP) systems, as well as in systems in which two or more protocols support some service other than VoIP. In the illustrative embodiment of the present invention, a stateful intrusion-detection system is capable of employing rules that have cross-protocol pre-conditions. The illustrative embodiment can use such rules to recognize a variety of VoIP-based intrusion attempts, such as call hijacking, BYE attacks, etc. In addition, the illustrative embodiment is capable of using such rules to recognize other kinds of intrusion attempts in which two or more protocols support a service other than VoIP. The illustrative embodiment also comprises a stateful firewall that is capable of employing rules with cross-protocol pre-conditions.

Abstract: A system and method to distribute computation for an exchange in which advertisers buy online advertising space from publishers. The exchange maintains submarkets, each containing a subset of the ad calls supplied by publishers and a subset of the offers and budgets representing demand from advertisers. Portfolio optimization techniques allocate the supply of ad calls from publishers over the submarkets, with the goal of maximizing profits for publishers while limiting the volatility of those profits. Portfolio optimization techniques allocate the demand from advertisers over the submarkets, with the goal of maximizing return on investment for advertisers. The exchange re-allocates supply and demand over submarkets periodically. Also, periodically, the most effective submarkets are replicated and the least effective submarkets are eliminated.

Abstract: Methods, systems, and apparatuses are provided for selecting advertisements in an advertisement auction. A plurality of bids for an advertisement placement is received. An average expected payout for each bid of the plurality of bids is calculated to determine a plurality of average expected payouts. A plurality of possible allocations of the advertisements is determined. An expected revenue value for each of the possible allocations is calculated based on the calculated average expected payouts to generate a plurality of expected revenue values. A risk value is calculated for each of the possible allocations to generate a plurality of risk values. A bid of the plurality of bids is enabled to be selected based on the calculated expected revenue values and risk values.

Abstract: Communication between a first issue tracking system and a second issue tracking system is provided. An integration platform is configured to translate an issue tracking ticket from a form recognizable by the first issue tracking system, which can be a component of a customer network, into a form recognizable by the second issue tracking system, which can be a component of a service provider network. A gateway server is provided to control communications between the integration platform and the issue tracking system of the service provider network.

Abstract: An apparatus and method for detecting potentially-improper call behavior (e.g., SPIT, etc.) are disclosed. The illustrative embodiment of the present invention is based on finite-state machines (FSMs) that represent the legal states and state transitions of a communications protocol at a node during a Voice over Internet Protocol (VoIP) call. In accordance with the illustrative embodiment, a library of FSM execution profiles associated with improper call behavior is maintained. When there is a match between the behavior of a finite-state machine during a call and an execution profile in the library, an alert is generated.

Abstract: An apparatus and method for detecting potentially-improper call behavior (e.g., SPIT, etc.) are disclosed. The illustrative embodiment of the present invention is based on finite-state machines (FSMs) that represent the legal states and state transitions of communications protocols at nodes during Voice over Internet Protocol (VoIP) calls. In accordance with the illustrative embodiment, a library of FSM execution profiles associated with improper call behavior and a set of rules (or rule base) associated with improper FSM behavior over one or more calls are maintained. When the behavior of one or more finite-state machines during one or more calls matches either an execution profile in the library or a rule in the rule base, an alert is generated.

Abstract: A method is disclosed that enables the screening of unwanted telephone calls, such as voice or video calls, for one or more called parties. In accordance with the illustrative embodiment of the present invention, an anti-SPAM system receives signaling information for one or more telephone calls made to one or more called parties by a calling party. Although the calling party can be a human caller, in a SPAM-over-Internet-Telephony context the calling party can alternatively be a server or other network element that originates SPAM voice calls for advertising purposes; both possibilities are accounted for in the illustrative embodiment. The anti-SPAM system then observes the behavior of the called party or parties that is exhibited in response to receiving the telephone calls. Based on the observed behavior, the anti-SPAM system then updates one or more rules for handling future telephone calls made to the protected called parties.

Abstract: An apparatus and method are disclosed for detecting intrusions in Voice over Internet Protocol systems without an attack signature database. The illustrative embodiment is based on two observations: (1) various VoIP-related protocols are simple enough to be represented by a finite-state machine (FSM) of compact size, thereby avoiding the disadvantages inherent in signature-based intrusion-detection systems.; and (2) there exist intrusions that might not be detectable locally by the individual finite-state machines (FSMs) but that can be detected with a global (or distributed) view of all the FSMs. The illustrative embodiment maintains a FSM for each session/node/protocol combination representing the allowed (or “legal”) states and state transitions for the protocol at that node in that session, as well as a “global” FSM for the entire session that enforces constraints on the individual FSMs and is capable of detecting intrusions that elude the individual FSMs.

Abstract: An apparatus and method are disclosed for detecting intrusions in Voice over Internet Protocol systems, without the use of an attack signature database. In particular, the illustrative embodiment is based on the observation that some VoIP-related protocols (e.g., the Session Initiation Protocol [SIP], etc.) are simple enough to be represented by a finite-state machine (FSM) of compact size. A finite-state machine is maintained for each session/node/protocol combination, and any illegal state or state transition—which might be the result of a malicious attack—is flagged as a potential intrusion.

Abstract: A method and system for controlling the bandwidths of data traffic over virtual private networks are provided. The method includes classifying the data traffic for the virtual private network into different flows, monitoring a current bandwidth usage by at least one of the flows, comparing the current bandwidth usage with a predetermined threshold for the flow, and performing a bandwidth control operation for the flow if the current bandwidth usage exceeds the predetermined threshold for that flow.

Abstract: A technique is disclosed that enables the run-time behavior of a data-processing system to be analyzed and, in many cases, to be predicted. In particular, the illustrative embodiment of the present invention comprises i) transforming the messages that constitute an unstructured log into a numerical series and ii) applying a time-series analysis on the resultant series for the purpose of pattern detection. Indeed, it is recognized in the illustrative embodiment that the problem really is to detect patterns that depict aspects of system behavior, regardless of the textual content of the individual log messages. In other words, by analyzing the totality of the messages in the log or logs—as opposed to looking for pre-defined patterns of the individual messages—system behavior can be mapped and understood. The mapping helps in characterizing the system for the purposes of predicting failure, determining the time required to reach stability during failure recovery, and so forth.

Abstract: A method for detecting intrusions that employ messages of two or more protocols is disclosed. Such intrusions might occur in Voice over Internet Protocol (VoIP) systems, as well as in systems in which two or more protocols support some service other than VoIP. In the illustrative embodiment of the present invention, a stateful intrusion-detection system is capable of employing rules that have cross-protocol pre-conditions. The illustrative embodiment can use such rules to recognize a variety of VoIP-based intrusion attempts, such as call hijacking, BYE attacks, etc. In addition, the illustrative embodiment is capable of using such rules to recognize other kinds of intrusion attempts in which two or more protocols support a service other than VoIP. The illustrative embodiment also comprises a stateful firewall that is capable of employing rules with cross-protocol pre-conditions.

Abstract: A method for detecting intrusions that employ messages of two or more protocols is disclosed. Such intrusions might occur in Voice over Internet Protocol (VoIP) systems, as well as in systems in which two or more protocols support some service other than VoIP. In the illustrative embodiment of the present invention, a stateful intrusion-detection system is capable of employing rules that have cross-protocol pre-conditions. The illustrative embodiment can use such rules to recognize a variety of VoIP-based intrusion attempts, such as call hijacking, BYE attacks, etc. In addition, the illustrative embodiment is capable of using such rules to recognize other kinds of intrusion attempts in which two or more protocols support a service other than VoIP. The illustrative embodiment also comprises a stateful firewall that is capable of employing rules with cross-protocol pre-conditions.

Abstract: A method is disclosed that enables the transmission of a digital message along with a corresponding media information signal, such as audio or video. A telecommunications device that is processing the information signal from its user, such as a speech signal, encodes the information signal by using a model-based compression coder. One such device is a telecommunications endpoint. Then, based on an evaluation of the perceptual significance of each encoded bit, or on some other meaningful characteristic of the signal, the endpoint's processor: (i) determines which encoded bits can be overwritten; and (ii) intersperses the digital message bits throughout the encoded signal in place of the overwritten bits. The endpoint then transmits those digital message bits as part of the encoded information signal. In this way, no additional bits are appended to the packet to be transmitted, thereby addressing the issue of compatibility with existing protocols and firewalls.

Abstract: A method is disclosed that enables the transmission of a digital message along with a corresponding information signal, such as audio or video. The supplemental information contained in digital messages can be used for a variety of purposes, such as enabling or enhancing packet authentication. In particular, a telecommunications device that is processing an information signal from its user, such as a speech signal, encrypts the information signal by performing a bitwise exclusive-or of an encryption key stream with the information signal stream. The device, such as a telecommunications endpoint, then intersperses the bits of the digital message throughout the encrypted signal in place of those bits overwritten, in a process referred to as “watermarking.” The endpoint then transmits the interspersed digital message bits as part of a composite signal that also comprises the encrypted information bits. No additional bits are appended to the packet to be transmitted, thereby addressing compatibility issues.

Abstract: A wireless local area network (LAN), and a method of operating the same, prevents unauthorized users from accessing the wireless LAN. A signal strength of a station attempting to access the wireless LAN is measured. If the signal strength is less than a predetermined threshold value, the system concludes that the station is outside of an authorized geographical area. Such a station attempting to establish a connection is characterized as an unauthorized station, and access to the wireless LAN is denied. The system may also periodically verify that authorized stations remain within the authorized geographical area. A station that has moved outside of the authorized geographical area can be notified or denied further access to the wireless LAN.

Abstract: In one aspect, an interface adapted to transfer data between a host processor and an external coprocessor is provided. The interface may be adapted to operate in a plurality of write modes, wherein in a first write mode the write operation is transferred across the interface in two clock cycles and in a second write mode the write operation is transferred across the interface in a single clock cycle. In another aspect, the interface is adapted to perform a first read operation initiated by the host processor and a second read operation initiated by the external coprocessor. In another aspect, the interface includes a plurality of buffers to store read and write operations and a plurality of clock gates to selectively gate of clock signals provided to the plurality of buffers to synchronize transfer of data into and out of the buffers.

Abstract: A method is disclosed that enables mitigating at least some of the problems caused by a packet attack. When a first Internet Protocol (IP)-capable device is subjected to a packet attack, it indicates periodically to a second IP-capable device that certain communications with the first device are to be suspended. The periodic transmitting of the indication is performed at a slower rate than the keep-alive mechanism that is normally used to detect loss of connectivity. When the second device receives the transmitted indication, it refrains from transmitting keep-alive messages to the first device for a predetermined interval. Meanwhile, the first device also refrains from transmitting keep-alive messages to the second device for a similar interval. In transmitting the suspend indication, the illustrative embodiment seeks to prevent pairs of communicating devices that are experiencing packet attacks from continuing their operation under the erroneous assumption that each device is unavailable.

Abstract: A method is disclosed that enables the avoidance of a processor overload of a telecommunications endpoint device that is susceptible to traffic floods. An enhanced network switch sets the speed on one of its data ports as a specific function of the speeds of the devices that are connected to one or more of its other data ports. This behavior is different from that of network switches in the prior art, in which the data rate of a port in the prior art is auto-negotiated to the highest speed that can be supported by the network elements at either end of the port's connection, regardless of the other devices present. By considering the specific devices that are connected, the enhanced network switch is able to limit the amount of traffic that is directed by an upstream device, such as a router, towards a device with limited processor capability, such as a packet-based phone.

Abstract: A method is disclosed that enables the implementation of an embedded firewall at a telecommunications endpoint. In particular, the illustrative embodiment of the present invention addresses the relationship between the application, firewall engine, and packet-classification rules database that are all resident at the endpoint. In the variations of the illustrative embodiment that are described herein, the application: (i) directly communicates with the co-resident firewall engine such as through local message passing, (ii) shares memory with the firewall engine, and (iii) makes socket calls to the operating system that are intercepted by a middleware layer that subsequently modifies the rules database, depending on the socket call. The common thread to these techniques is that the application, firewall engine, and rules database are co-resident at the endpoint, which is advantageous in the implementation of the embedded firewall.