Abstract: Establishing Transport Layer Security/Secure Sockets Layer (TLS/SSL) sessions with destination servers for Internet of Things (IoT) devices is provided. A request is sent to establish a TLS/SSL session with a target destination server in a set of destination servers using destination server information related to a particular IoT device in a plurality of IoT devices. A TLS/SSL session is established with the target destination server corresponding to the particular IoT device. TLS/SSL session credential information is received for the particular IoT device from the target destination server. The TLS/SSL session credential information for the particular IoT device is saved in a session credential information table. The TLS/SSL session is suspended with the target destination server corresponding to the particular IoT device.

Abstract: Selecting a receive side scaling (RSS) key is provided. It is determined whether a defined time interval expired. In response to determining that the defined time interval has expired, it is determined whether one or more keys in a set of randomly generated candidate RSS keys have a higher packet distribution score than an active RSS key. In response to determining that one or more keys in the set of randomly generated candidate RSS keys have a higher packet distribution score than the active RSS key, an RSS key having a highest packet distribution score is selected from the one or more keys in the set of randomly generated candidate RSS keys that have a higher packet distribution score than the active RSS key. The RSS key having the highest packet distribution score is used to distribute incoming network packets across a plurality of processors.

Abstract: Selecting a receive side scaling (RSS) key is provided. It is determined whether a defined time interval expired. In response to determining that the defined time interval has expired, it is determined whether one or more keys in a set of randomly generated candidate RSS keys have a higher packet distribution score than an active RSS key. In response to determining that one or more keys in the set of randomly generated candidate RSS keys have a higher packet distribution score than the active RSS key, an RSS key having a highest packet distribution score is selected from the one or more keys in the set of randomly generated candidate RSS keys that have a higher packet distribution score than the active RSS key. The RSS key having the highest packet distribution score is used to distribute incoming network packets across a plurality of processors.

Abstract: A system and computer program product for preventing abnormal application activity is provided. Packets are retrieved from a packet buffer using packet location information corresponding to information associated with the abnormal application activity in a data processing system. The packets are analyzed to identify content of the network packets causing the abnormal application activity. Network packets containing the content causing the abnormal application activity in the data processing system are blocked.

Abstract: A method for preventing abnormal application activity is provided. Packets are retrieved from a packet buffer using packet location information corresponding to information associated with the abnormal application activity in a data processing system. The packets are analyzed to identify content of the network packets causing the abnormal application activity. Network packets containing the content causing the abnormal application activity in the data processing system are blocked.

Abstract: A system, method and computer program product for detecting distributed denial-of-service (DDoS) attacks is provided. Current aggregated flow information for a defined period of time is analyzed. It is determined whether network flow increased above a defined flow threshold value to a second data processing system connected to a network within the defined period of time based on analyzing the current aggregated flow information. In response to determining that the network flow has increased above the defined flow threshold value to the second data processing system connected to the network within the defined period of time, it is determined that the second data processing system is under a DDoS attack.

Abstract: A processor-implemented method for generating a test suite within a time requirement is provided. The processor-implemented method includes executing a rule selection operation to determine candidate test cases utilizing attributes corresponding to each of the candidate test cases to produce selected test cases. The processor-implemented method includes determining whether an estimated testing execution time of the selected test cases is equal to or less than the time requirement. The processor-implemented method includes generating the test suite based on the selected test cases when the estimated testing execution time is equal to or less than the time requirement.

Abstract: A processor-implemented method for generating a test suite within a time requirement is provided. The processor-implemented method includes executing a rule selection operation to determine candidate test cases utilizing attributes corresponding to each of the candidate test cases to produce selected test cases. The processor-implemented method includes determining whether an estimated testing execution time of the selected test cases is equal to or less than the time requirement. The processor-implemented method includes generating the test suite based on the selected test cases when the estimated testing execution time is equal to or less than the time requirement.

Abstract: Embodiments can provide a computer implemented method in a data processing system comprising a processor and a memory comprising instructions, which are executed by the processor to cause the processor to implement a system for transforming a Channel ID communication, the method comprising: generating, by a SSL/TLS inspector, a secret; receiving, from a client, a Channel ID communication comprising a public key value; deriving, by the SSL/TLS inspector, a random seed value for a private key using the secret and the public key value of the Channel ID communication; generating, by the SSL/TLS inspector, a new private key based upon the random seed value; deriving, by the SSL/TLS inspector, a new public key based upon the new private key; generating, by the SSL/TLS inspector, a transformed Channel ID communication based upon the new private key and the new public key; and forwarding, by the SSL/TLS inspector, the transformed Channel ID communication to a server.

Abstract: A network-based appliance includes a mechanism to provide TLS inspection with session resumption, but without requiring that a session cache be maintained. To this end, the inspector is configured to cause the TLS client to participate in maintaining the session context, in effect on behalf of the TLS inspector. In operation, when the inspector first receives a session ID from the TLS server, the inspector generates and issues to the client a session ticket that includes the original session ID and other session context information. In this manner, the inspector converts the Session ID-based connection to a Session Ticket-based connection. The session ticket is encrypted by the inspector to secure the session information. When the TLS client presents the session ticket to resume the TLS connection, the inspector decrypts the ticket and retrieves the session ID from it directly. The inspector then uses the original session ID to resume the TLS session.

Abstract: A network-based appliance includes a mechanism to provide TLS inspection with session resumption, but without requiring that a session cache be maintained. To this end, the inspector is configured to cause the TLS client to participate in maintaining the session context, in effect on behalf of the TLS inspector. In operation, when the inspector first receives the session ticket from the TLS server, and in lieu of caching it, the inspector generates and issues to the client a composited ticket that includes the original ticket and session context information that contains the session key. The composited ticket is encrypted by the inspector to secure the session information. When the TLS client presents the composited session ticket to resume the TLS connection, the inspector decrypts the ticket and retrieves the session context from it directly. The inspector then uses the original session ticket to resume the TLS session.

Abstract: A system and computer program product for detecting distributed denial-of-service (DDoS) attacks is provided. Current aggregated flow information for a defined period of time is analyzed. It is determined whether network flow increased above a defined flow threshold value to a second data processing system connected to a network within the defined period of time based on analyzing the current aggregated flow information. In response to determining that the network flow has increased above the defined flow threshold value to the second data processing system connected to the network within the defined period of time, it is determined that the second data processing system is under a DDoS attack.

Abstract: A method for detecting distributed denial-of-service (DDoS) attacks is provided. Current aggregated flow information for a defined period of time is analyzed. It is determined whether network flow increased above a defined flow threshold value to a second data processing system connected to a network within the defined period of time based on analyzing the current aggregated flow information. In response to determining that the network flow has increased above the defined flow threshold value to the second data processing system connected to the network within the defined period of time, it is determined that the second data processing system is under a DDoS attack.

Abstract: Embodiments can provide a computer implemented method in a data processing system comprising a processor and a memory comprising instructions, which are executed by the processor to cause the processor to implement a system for transforming a Channel ID communication, the method comprising: generating, by a SSL/TLS inspector, a secret; receiving, from a client, a Channel ID communication comprising a public key value; deriving, by the SSL/TLS inspector, a random seed value for a private key using the secret and the public key value of the Channel ID communication; generating, by the SSL/TLS inspector, a new private key based upon the random seed value; deriving, by the SSL/TLS inspector, a new public key based upon the new private key; generating, by the SSL/TLS inspector, a transformed Channel ID communication based upon the new private key and the new public key; and forwarding, by the SSL/TLS inspector, the transformed Channel ID communication to a server.

Abstract: A mechanism is provided for generating a packet inspection policy for a policy enforcement point in a centralized management environment. Data of a network topology for the policy enforcement point corresponding to a network infrastructure is updated according to metadata of the policy enforcement point, the metadata including a capability of the policy enforcement point. The packet inspection policy for the policy enforcement point is generated according to the data of the network topology and the capability of the policy enforcement point. The packet inspection policy is then deployed to the policy enforcement point.

Abstract: Triggering an event of interest in a mobile device based on communications established with nearby wireless devices can include receiving a challenge of the event of interest; obtaining a corresponding expression of a combination key with reference to the event in response to the challenge; receiving an identified data of the wireless devices in the vicinity of the mobile device; comparing the identified data with the expression to determine if the expression is a true value; and executing the event of interest in response to the true value.

Abstract: An aspect includes a method of receiving a management command in an appliance to configure a network security policy, where the appliance is connected to a network end-point device. The method includes receiving a packet from a security device. Checking is performed to determine whether the packet includes a specific identifier. Upon a determination that the packet received includes a specific identifier, the management command is retrieved from a payload of the packet to configure the appliance.

Abstract: A session of network communications is processed between a client terminal and a server by intercepting a request generated from a network transport unit of the client terminal, generating an intermediate session ID for the client terminal, asking the server to establish a session, receiving a response sent from the server using a server session ID after the session is established, associating the server session ID with the intermediate session ID and sending the response to the network transport unit using the intermediate session ID.

Abstract: A mechanism is provided for generating a packet inspection policy for a policy enforcement point in a centralized management environment. Data of a network topology for the policy enforcement point corresponding to a network infrastructure is updated according to metadata of the policy enforcement point, the metadata including a capability of the policy enforcement point. The packet inspection policy for the policy enforcement point is generated according to the data of the network topology and the capability of the policy enforcement point. The packet inspection policy is then deployed to the policy enforcement point.

Abstract: A mechanism for preventing injection attacks of scripting languages is provided. There is a mechanism of transforming user-input data in a scripting language included. The mechanism comprises a step of tracing a script instruction to separate instruction related variables and user-input related variables; and a step of encoding the user-input related variables into data belonging to safe-character-set area which do not include reserved character, and passing the encoded user-input related variables to a statement of the script instruction.