Abstract: An anomalous behavior detector has been designed to detect novel behavioral changes of devices based on network traffic data that likely correlate to anomalous behaviors. The anomalous behavior detector uses the local outlier factor (LOF) algorithm with novelty detection. After initial semi-supervised training with a single class training dataset representing stable device behaviors, the obtained model continues learning frontiers that delimit subspaces of inlier observations with live network traffic data. Instead of traffic variables being used as features, the features that form feature vectors are similarities of network traffic variable values across time intervals. A feature vector for the anomalous behavior detector represents stability or similarity of network traffic variables that have been chosen as device identifiers and behavioral indicators.

Abstract: An anomalous behavior detector has been designed to detect novel behavioral changes of devices based on network traffic data that likely correlate to anomalous behaviors. The anomalous behavior detector uses the local outlier factor (LOF) algorithm with novelty detection. After initial semi-supervised training with a single class training dataset representing stable device behaviors, the obtained model continues learning frontiers that delimit subspaces of inlier observations with live network traffic data. Instead of traffic variables being used as features, the features that form feature vectors are similarities of network traffic variable values across time intervals. A feature vector for the anomalous behavior detector represents stability or similarity of network traffic variables that have been chosen as device identifiers and behavioral indicators.

Abstract: Techniques for performing Internet of Things (IoT) device identification are disclosed. Information associated with a network communication of an IoT device is received. A determination of one or more confidence scores that represent how well the received information matches respective one or more network behavior pattern identifiers is made. A determination is made that each one of the one or more determined confidence scores is below a threshold. In response to determining that each of the one or more determined confidence scores is below the threshold, a two-part classification process is performed, where a first portion includes an inline classification, and a second portion includes a subsequent verification of the inline classification. A result of the classification process is provided to a security appliance configured to apply a policy to the IoT device.

Abstract: An anomalous behavior detector has been designed to detect novel behavioral changes of devices based on network traffic data that likely correlate to anomalous behaviors. The anomalous behavior detector uses the local outlier factor (LOF) algorithm with novelty detection. After initial semi-supervised training with a single class training dataset representing stable device behaviors, the obtained model continues learning frontiers that delimit subspaces of inlier observations with live network traffic data. Instead of traffic variables being used as features, the features that form feature vectors are similarities of network traffic variable values across time intervals. A feature vector for the anomalous behavior detector represents stability or similarity of network traffic variables that have been chosen as device identifiers and behavioral indicators.

Abstract: Identifying Internet of Things (IoT) devices with packet flow behavior including by using machine learning models is disclosed. Information associated with a network communication of an IoT device is received. A determination of whether the IoT device has previously been classified is made. In response to determining that the IoT device has not previously been classified, a determination is made that a probability match for the IoT device against a behavior signature exceeds a threshold. The behavior signature includes at least one time series feature for an application used by the IoT device. Based at least in part on the probability match, a classification of the IoT device is provided to a security appliance configured to apply a policy to the IoT device.

Abstract: Techniques for grouping and labeling Internet of Things (IoT) devices are disclosed. A first set of raw events associated with a first IoT device is identified, including a transmission made by the first IoT device. A communication manner of the first IoT device is determined, based at least in part on a communication manner of the first IoT device. The first set of raw events over the first time period is examined to generate one or more formatted events of the first IoT device. The formatted events are used to extract a set of features. Similar processing is performed with respect to a second IoT device. A context-based IoT device grouping model is generated based on at least one of: (1) the features extracted for the first IoT device or (2) the features extracted for the second IoT device. The model is applied to determine that a third IoT device belongs to a particular group. A deviation by the third IoT device from group behavior is detected and an alert is generated in response.

Abstract: Techniques for grouping and labeling Internet of Things (IoT) devices are disclosed. A set of raw events associated with a first IoT device is identified. A context of the first IoT device is identified, and used to enrich at least some of the raw events. At least some of the raw events are aggregated. A context-based IoT device grouping model is generated based at least in part on the aggregated events and events associated with a second IoT device in operation. The model is applied to determine that a third IoT device belongs to a particular group. A deviation by the third IoT device from group behavior is detected and an alert is generated in response.

Abstract: Techniques for grouping and labeling Internet of Things (IoT) devices are disclosed. A set of raw events associated with a first IoT device is identified. A context of the first IoT device is identified, and used to enrich at least some of the raw events. At least some of the raw events are aggregated. A context-based IoT device grouping model is generated based at least in part on the aggregated events and events associated with a second IoT device in operation. The model is applied to determine that a third IoT device belongs to a particular group. A deviation by the third IoT device from group behavior is detected and an alert is generated in response.

Abstract: The invention provides a molten Al—Si alloy corrosion resistant composite coating and a preparation method and application thereof. The composite coating layer comprises an aluminized layer and a TiO2 film layer from a surface of a substrate to the outside in sequence. The preparation method of the coating layer comprises the following steps: (step S1) making a surface treatment to an Fe-based alloy, and then aluminizing with a solid powder penetrant; (step S2) sand-blasting the aluminized Fe-based alloy; (step S3) washing and drying the Fe-based alloy which has been sand-blasted; and (step S4) depositing the TiO2 film layer on a surface of the dried aluminized Fe-based alloy by using an atom layer vapor deposition. The application of the molten Al—Si alloy corrosion resistant composite coating is used for a solar thermal power generation heat exchange tube.

Abstract: Techniques for performing Internet of Things (IoT) device identification are disclosed. Information associated with a network communication of an IoT device is received. A determination of one or more confidence scores that represent how well the received information matches respective one or more network behavior pattern identifiers is made. A determination is made that each one of the one or more determined confidence scores is below a threshold. In response to determining that each of the one or more determined confidence scores is below the threshold, a two-part classification process is performed, where a first portion includes an inline classification, and a second portion includes a subsequent verification of the inline classification. A result of the classification process is provided to a security appliance configured to apply a policy to the IoT device.

Abstract: Techniques for grouping and labeling Internet of Things (IoT) devices are disclosed. A set of raw events associated with a first IoT device is identified. A context of the first IoT device is identified, and used to enrich at least some of the raw events. At least some of the raw events are aggregated. A context-based IoT device grouping model is generated based at least in part on the aggregated events and events associated with a second IoT device in operation. The model is applied to determine that a third IoT device belongs to a particular group. A deviation by the third IoT device from group behavior is detected and an alert is generated in response.

Abstract: Techniques for performing Internet of Things (IoT) device identification are disclosed. Information associated with a network communication of an IoT device is received. A determination of whether the IoT device has been classified has been made. In response to determining that the IoT device has not been classified, a two-part classification process is performed, where a first portion includes an inline classification, and a second portion includes a subsequent verification of the inline classification. A result of the classification process is provided to a security appliance configured to apply a policy to the IoT device.

Abstract: Techniques for grouping and labeling Internet of Things (IoT) devices are disclosed. In accordance with an aspect of the invention, there is provided a computer program product configured to be operable to perform the techniques described in this paper to enable grouping and labeling of IoT devices. As devices are grouped and labeled, and behavior is matched to or deviates from known or expected behavior, the network can be more readily understood and alerts can be more timely and appropriate.

Abstract: The invention discloses a molten Al—Si alloy corrosion resistant composite coating and a preparation method and application thereof. The composite coating layer comprises an aluminized layer and a TiO2 thin film layer from the surface of a basal body to the external in sequence. The preparation method of the coating layer comprises the following steps: (S1) the surface of a Fe-based alloy is treated; and then, a solid powder permeating agent is adopted to permeate aluminum; (S2) sand-blasting the aluminized Fe-based alloy; (S3) the Fe-based alloy is washed and dried after sand blasting; and (S4) a TiO2 thin film layer is deposited on the surface of the dried aluminized Fe-based alloy by adopting an atomic layer vapor deposition method.

Abstract: Techniques for grouping and labeling Internet of Things (IoT) devices are disclosed. In accordance with an aspect of the invention, there is provided a computer program product configured to be operable to perform the techniques described in this paper to enable grouping and labeling of IoT devices. As devices are grouped and labeled, and behavior is matched to or deviates from known or expected behavior, the network can be more readily understood and alerts can be more timely and appropriate.

Abstract: A method in a wireless communications network including receiving (310) a network connection request from a subscriber device having an invalid subscriber identity, connecting (340) the subscriber device, from which the network connection request was received, to the wireless communications network for limited purposes only upon determining (320) that the subscriber device has in invalid subscriber identity in the absence of a limited network connection indicator in the network connection request. In some embodiments, a limited attach message indicates that the attach request is for limited purposes.

Abstract: GPS assistance message and data issue identifiers for transmission to GPS enabled mobile stations in cellular communications networks and methods therefore. The GPS data issue identifiers indicate whether GPS data, for example corresponding ephemeris and almanac data, stored at the mobile station requires updating. In the exemplary 3rd generation (W-CDMA/UMTS) architecture, the GPS assistance message is a System Information Block (SIB), and the GPS ephemeris data identifier and corresponding satellite identifier is encoded in a value tag included in a Master Information Block (MIB).

Abstract: An assisted global positioning satellite (Assisted GPS) system has a GPS reference network node (260) that collects GPS satellite broadcast messages and prepares separate GPS assistance messages to be modulated by a base transceiver station (BTS) (202) on a cellular carrier signal (201) and sent to single or multiple handset (204). In a first preferred embodiment, instead of the handset (204) receiving standard ephemeris and clock correction data elements in a GPS assistance message, a compressed GPS assistance message containing XYZ information contains a GPS satellite's coordinate position modified according to the satellite clock correction. In a second preferred embodiment, there is a first type of compressed GPS assistance message containing subframe 1, 2, 3 data of a GPS satellite broadcast message and a second type of compressed GPS assistance message containing subframe 4, 5 data of a GPS satellite broadcast message.

Abstract: A wireless mobile terminal (10) and method for utilizing digital broadcast content records (204) selected digital broadcast content as received, for example, by a digital broadcast receiver (16) and provides editing of the selected digital broadcast content based on digital rights management data to generate customized clips of information. The selected digital broadcast content is edited (206) to produce mobile terminal edited digital broadcast content that may be, for example, distributed (208) by the mobile terminal to a plurality of peer devices. A broadcast content editor (24) allows for the editing of clips of content wherein the edited clips are then stored in memory as recorded clips for distribution by the mobile terminal. In another embodiment, a network element is remotely controlled by the mobile terminal to effect editing through the mobile terminal at the network element.

Abstract: A method and apparatus method of filtering packet data for an anonymous user device in a packet data network communication system includes a first step of initiating a call from an anonymous user device on a home network. A next step includes assigning an interim identity and interim IP address to the user device. A next step includes determining a level of service access of the data packets from the user device. A next step includes mapping the level of service access of the user device to the IP address. A next step includes defining permissible routing identities per the level of service access. A next step includes routing the data packets of the call along with the associated IP address to only those location addresses from the defining step.