Abstract: A method of detecting a compromised machine on a network. The method receives an email message from a machine on the network and classifies it as either spam or non-spam. A probability ratio is then updated, according to whether the message was spam or non-spam, by applying a sequential probability ratio test. If the probability ratio is greater than or equal to a first threshold, then the machine is compromised. If the probability ratio is less than or equal to a second threshold, then the machine is normal. The operations of receiving a message, classifying the message, updating the probability ratio, and indicating the machine is normal or compromised until the probability ratio is greater than or equal to the first threshold are repeated for a plurality of messages. Such repeated operations are performed on each of the messages one at a time, as each of the messages is received.

Abstract: A method of detecting a compromised machine on a network. The method receives an email message from a machine on the network and classifies it as either spam or non-spam. A probability ratio is then updated, according to whether the message was spam or non-spam, by applying a sequential probability ratio test. If the probability ratio is greater than or equal to a first threshold, then the machine is compromised. If the probability ratio is less than or equal to a second threshold, then the machine is normal. The operations of receiving a message, classifying the message, updating the probability ratio, and indicating the machine is normal or compromised until the probability ratio is greater than or equal to the first threshold are repeated for a plurality of messages. Such repeated operations are performed on each of the messages one at a time, as each of the messages is received.

Abstract: A method of detecting a compromised machine on a network. The method receives an email message from a machine on the network and classifies it as either spam or non-spam. A probability ratio is then updated, according to whether the message was spam or non-spam, by applying a sequential probability ratio test. If the probability ratio is greater than or equal to a first threshold, then the machine is compromised. If the probability ratio is less than or equal to a second threshold, then the machine is normal. The operations of receiving a message, classifying the message, updating the probability ratio, and indicating the machine is normal or compromised until the probability ratio is greater than or equal to the first threshold are repeated for a plurality of messages. Such repeated operations are performed on each of the messages one at a time, as each of the messages is received.

Abstract: A method of detecting a compromised machine on a network. The method receives an email message from a machine on the network and classifies it as either spam or non-spam. A probability ratio is then updated, according to whether the message was spam or non-spam, by applying a sequential probability ratio test. If the probability ratio is greater than or equal to a first threshold, then the machine is compromised. If the probability ratio is less than or equal to a second threshold, then the machine is normal. The operations of receiving a message, classifying the message, updating the probability ratio, and indicating the machine is normal or compromised until the probability ratio is greater than or equal to the first threshold are repeated for a plurality of messages. Such repeated operations are performed on each of the messages one at a time, as each of the messages is received.

Abstract: A method of detecting a compromised machine on a network. The method receives an email message from a machine on the network and classifies it as either spam or non-spam. A probability ratio is then updated, according to whether the message was spam or non-spam, by applying a sequential probability ratio test. If the probability ratio is greater than or equal to a first threshold, then the machine is compromised. If the probability ratio is less than or equal to a second threshold, then the machine is normal. The operations of receiving a message, classifying the message, updating the probability ratio, and indicating the machine is normal or compromised until the probability ratio is greater than or equal to the first threshold are repeated for a plurality of messages. Such repeated operations are performed on each of the messages one at a time, as each of the messages is received.

Abstract: A method of detecting a compromised machine on a network. The method receives an email message from a machine on the network and classifies it as either spam or non-spam. A probability ratio is then updated, according to whether the message was spam or non-spam, by applying a sequential probability ratio test. If the probability ratio is greater than or equal to a first threshold, then the machine is compromised. If the probability ratio is less than or equal to a second threshold, then the machine is normal. The operations of receiving a message, classifying the message, updating the probability ratio, and indicating the machine is normal or compromised until the probability ratio is greater than or equal to the first threshold are repeated for a plurality of messages. Such repeated operations are performed on each of the messages one at a time, as each of the messages is received.

Abstract: A scheduler for use in a computer network system which provides an order 1 level of complexity, while maintaining proportional fairness and a constant normalized worst-case fair index to create short term and long-term fairness among backlogged flows. The scheduler utilizes an intra-class scheduling algorithm to obtain the benefits of a round robin scheduler and an inter-class scheduling algorithm to obtain the benefits of timestamp based scheduler.

Abstract: A method and apparatus for allocating bandwidth within a network domain. A centralized bandwidth broker maintains a link-level database including detailed flow data for individual links in a network domain and a path-level database including summarized flow data for individual paths in the network domain. The bandwidth broker determines bandwidth allocations at a path-level by allocating discrete amounts of bandwidth, termed quotas, based on flow requests. If a flow request cannot be satisfied by allocating quotas, then the bandwidth broker uses the link-level database to recover bandwidth from unused bandwidth by other paths on the same link in order to satisfy the flow request. In another embodiment of a bandwidth broker, the centralized bandwidth broker is replaced by a distributed bandwidth broker including a central bandwidth broker and one or more edge bandwidth brokers. An edge bandwidth broker conducts path-level allocations and requests or releases quotas from and to the central bandwidth broker.

Abstract: A scheduler for use in a computer network system which provides an order 1 level of complexity, while maintaining proportional fairness and a constant normalized worst-case fair index to create short term and long-term fairness among backlogged flows. The scheduler utilizes an intra-class scheduling algorithm to obtain the benefits of a round robin scheduler and an inter-class scheduling algorithm to obtain the benefits of timestamp based scheduler.

Abstract: A method and apparatus for allocating bandwidth within a network domain. A centralized bandwidth broker maintains a link-level database including detailed flow data for individual links in a network domain and a path-level database including summarized flow data for individual paths in the network domain. The bandwidth broker determines bandwidth allocations at a path-level by allocating discrete amounts of bandwidth, termed quotas, based on flow requests. If a flow request cannot be satisfied by allocating quotas, then the bandwidth broker uses the link-level database to recover bandwidth from unused bandwidth by other paths on the same link in order to satisfy the flow request. In another embodiment of a bandwidth broker, the centralized bandwidth broker is replaced by a distributed bandwidth broker including a central bandwidth broker and one or more edge bandwidth brokers. An edge bandwidth broker conducts path-level allocations and requests or releases quotas from and to the central bandwidth broker.