Abstract: Disclosed are compounds of formula (I) (formula I), as antiviral agents, antineoplastic agents, pharmaceutical compositions comprising such compounds, and a method of use of these compounds, wherein X and Y are independently CH or N, o is 0, 1 or 2, and E is absent or is (CR13R14)m, NH, or S, F is absent or is (CR15R16)n, C=O, or —SO2—, G is absent or is (CR17 CR18)r, H is absent or is C?O, or —SO2- and R1, Ar1, Ar2 are as defined in the specification. These compounds are antiviral agents and are contemplated in the treatment of viral infections, for example, hepatitis C, or are antineoplastic agents.

Abstract: The present principles are directed to identifying and classifying web traffic inside encrypted network tunnels. A method includes analyzing network traffic of unencrypted data packets to detect packet traffic, timing, and size patterns. The detected packet, timing, and size traffic patterns are correlated to at least a packet destination and a packet source of the unencrypted data packets to create at least one of a training corpus and a model built from the training corpus. The at least one of the corpus and model is stored in a memory device. Packet traffic, timing, and size patterns of encrypted data packets are observed. The observed packet traffic, timing, and size patterns of the encrypted data packets are compared to at least one of the training corpus and the model to classify the encrypted data packets with respect to at least one of a predicted network host and predicted path information.

Abstract: A method of detecting exploit kits includes receiving, at an input port of a computer, indication of HTTP (Hypertext Transfer Protocol) traffic. The HTTP traffic is clustered into a web session tree according to a client IP (Internet Protocol. A client tree structure of the web session tree is generated. The client tree structure is compared with tree structures of exploit kit samples.

Abstract: A method of detecting exploit kits includes receiving, at an input port of a computer, indication of HTTP (Hypertext Transfer Protocol) traffic. The HTTP traffic is clustered into a web session tree according to a client IP (Internet Protocol. A client tree structure of the web session tree is generated. The client tree structure is compared with tree structures of exploit kit samples.

Abstract: A method of detecting exploit kits includes receiving, at an input port of a computer, indication of HTTP (Hypertext Transfer Protocol) traffic. The HTTP traffic is clustered into a web session tree according to a client IP (Internet Protocol. A client tree structure of the web session tree is generated. The client tree structure is compared with tree structures of exploit kit samples.

Abstract: A distributed feature collection and correlation engine is provided, Feature extraction comprises obtaining one or more data records; extracting information from the one or more data records based on domain knowledge; transforming the extracted information into a key/value pair comprised of a key K and a value V, wherein the key comprises a feature identifier; and storing the key/value pair in a feature store database if the key/value pair does not already exist in the feature store database using a de-duplication mechanism. Features extracted from data records can be queried by obtaining a feature store database comprised of the extracted features stored as a key/value pair comprised of a key K and a value V, wherein the key comprises a feature identifier; receiving a query comprised of at least one query key; retrieving values from the feature store database that match the query key; and returning one or more retrieved key/value pairs.

Abstract: The present principles are directed to identifying and classifying web traffic inside encrypted network tunnels. A method includes analyzing network traffic of unencrypted data packets to detect packet traffic, timing, and size patterns. The detected packet, timing, and size traffic patterns are correlated to at least a packet destination and a packet source of the unencrypted data packets to create at least one of a training corpus and a model built from the training corpus. The at least one of the corpus and model is stored in a memory device. Packet traffic, timing, and size patterns of encrypted data packets are observed. The observed packet traffic, timing, and size patterns of the encrypted data packets are compared to at least one of the training corpus and the model to classify the encrypted data packets with respect to at least one of a predicted network host and predicted path information.

Abstract: A distributed feature collection and correlation engine is provided, Feature extraction comprises obtaining one or more data records; extracting information from the one or more data records based on domain knowledge; transforming the extracted information into a key/value pair comprised of a key K and a value V, wherein the key comprises a feature identifier; and storing the key/value pair in a feature store database if the key/value pair does not already exist in the feature store database using a de-duplication mechanism. Features extracted from data records can be queried by obtaining a feature store database comprised of the extracted features stored as a key/value pair comprised of a key K and a value V, wherein the key comprises a feature identifier; receiving a query comprised of at least one query key; retrieving values from the feature store database that match the query key; and returning one or more retrieved key/value pairs.

Abstract: A method of preparing highlight data for communication to a member of a social networking system in conjunction with a network update is disclosed. An offline component is used to repeatedly generate a list of highlights for each of a number of most actively-connected connections of a member of a social network system and store the highlights in a key store. An online component is used to receive a call from a client requesting a network update for the member and attach the generated list of highlights to a response to the request.

Abstract: A method of processing engagement event data of a social network system is disclosed. A plurality of engagement events pertaining to a subset of a plurality of members of a social network is detected. A subset of the plurality of engagement events is selected based on a measure of an importance measure transgressing an importance threshold. A relationship insight is determined for each of the subset of the plurality of engagement events based on data items pertaining to the additional member and data items pertaining to each of the subset of the plurality of engagement events. Information pertaining to the subset of the plurality of engagement events and the relationship insight for each of the subset of the plurality of engagement events is communicated for presentation in a user interface of a device of the additional member.

Abstract: Techniques for presenting a personalized member profile page to a viewer are described. A highlight module can receive a request to view a profile page of a member in a social network. The highlight module can access viewer data of a viewer associated with the request, and access member data of the member. Additionally, the highlight module can determine a plurality of member attributes relevant to the viewer based on the viewer data, the plurality of member attributes being derived from the member data. Furthermore, the highlight module can calculate an overall score for a member attribute in the plurality of member attributes based on the viewer data and the member data. Subsequently, a profile generation module can cause a presentation, on a display of a device, of the member attribute on the profile page, when the overall score of the member attribute is higher than a predetermined threshold value.

Abstract: The present invention is a power meter with auto switching control. It comprises a power measurement unit where the power and energy data can be display either locally as well as remotely through wireless communications, an electrical receptacle, plug or strip connecting power to electrically powered equipment or devices; a switch with open and close states to control power off and on; a combination of buttons for manual controls and settings; embedded or externally connected sensors to provide signal input, for example but not limited to, occupancy sensors and infrared sensors; a processing unit to automatically control the power on/off according to the measured power, sensor signals, user input, schedules and control strategies; and storage units to hold these control strategies and algorithms and save data.

Abstract: The disclosure discloses a calculation method and apparatus for a user retention ratio. The calculation method for a user retention ratio includes that: the number of first users in a first time period is acquired, the first users being users who have access to a target application for the first time; the number of second users in a second time period is acquired, the second users being users who have access to the target application not for the first time, and the second time period being a time period after the first time period; and a first number is compared with a second number to obtain a user retention ratio, the first number being the number of the first users in the first time period, and the second number being the number of the second users in the second time period.

Abstract: Identifying malicious servers is provided. Malicious edges between server vertices corresponding to visible servers and invisible servers involved in network traffic redirection chains are determined based on determined graph-based features within a bipartite graph corresponding to invisible server vertices involved in the network traffic redirection chains and determined distance-based features corresponding to the invisible server vertices involved in the network traffic redirection chains. Malicious server vertices are identified in the bipartite graph based on the determined malicious edges between the server vertices corresponding to the visible servers and invisible servers involved in the network traffic redirection chains. Access by client devices is blocked to malicious servers corresponding to the identified malicious server vertices in the bipartite graph.

Abstract: Identifying malicious servers is provided. Malicious edges between server vertices corresponding to visible servers and invisible servers involved in network traffic redirection chains are determined based on determined graph-based features within a bipartite graph corresponding to invisible server vertices involved in the network traffic redirection chains and determined distance-based features corresponding to the invisible server vertices involved in the network traffic redirection chains. Malicious server vertices are identified in the bipartite graph based on the determined malicious edges between the server vertices corresponding to the visible servers and invisible servers involved in the network traffic redirection chains. Access by client devices is blocked to malicious servers corresponding to the identified malicious server vertices in the bipartite graph.

Abstract: A method includes collecting system calls and call parameters invoked by monitored applications for target computer systems. The system calls and call parameters are received from operating system kernels on the plurality of target computer systems. Sequences of systems calls and call parameters of the monitored applications are correlated among different target computer systems to deduce malicious activities. Remedial action(s) are performed in response to malicious activities being deduced as being malicious by the correlating. Another method includes determining that network activity at a specific time is deemed to be suspicious. Using IP addresses involved in the suspicious network activity, computer system(s) are determined that are sources of the suspicious network activity. Based on the specific time and the determined computer system(s), application(s) are determined that are executing on the determined computer system(s) that are causing the suspicious network activity.

Abstract: The present invention discloses a replacing mechanism for rubbing rollers in rubbing equipment, comprising a stage, an exchange placement platform, an exchange unit, and a connecting device for connecting the exchange placement platform and a rubbing platform in the rubbing equipment, and the stage is provided with placement grooves arranged in parallel, the number of which is larger than that of the rubbing rollers in the rubbing equipment, and in a rubbing roller replacing position, a first pressing device and/or a second pressing device of the rubbing equipment takes down worn rubbing rollers from the rubbing equipment and puts the worn rubbing rollers into vacant placement grooves in the stage, or takes out new rubbing rollers from the placement grooves and installing the new rubbing rollers on the rubbing equipment.

Abstract: A communication method for a smart home controller which may include a smart home controller, which establishes a network connection with household appliances. The smart home controller receives a data packet sent by a household appliance. The smart home controller may determine the protocol type of the communication protocol supported by the household appliance through the protocol identifier. The smart home controller may select, based on the determination result, a protocol analysis program corresponding to the protocol type of the communication protocol from a plurality of protocol analysis programs, and may use the protocol analysis program to analyze the data packet, thereby achieving data transmission with the household appliance. At least one embodiment can realize data transmission between the smart home controller and a plurality of household appliances.

Abstract: A method for detecting beaconing behavior includes preprocessing network records to identify candidate source and destination pairs for detecting beaconing behavior, where each source and destination pair is associated with a specific time interval in a plurality of time intervals forming a time range, the time interval and time range having been predefined. The activity time interval information is converted from the time domain into the frequency domain. Candidate frequencies are determined from the source and destination pairs, as likely candidate frequencies/periodicities of beaconing activities.

Abstract: A method for detecting beaconing behavior includes preprocessing network records to identify candidate source and destination pairs for detecting beaconing behavior, where each source and destination pair is associated with a specific time interval in a plurality of time intervals forming a time range, the time interval and time range having been predefined. The activity time interval information is converted from the time domain into the frequency domain. Candidate frequencies are determined from the source and destination pairs, as likely candidate frequencies/periodicities of beaconing activities.