Abstract: The concepts and technologies disclosed herein are directed to a network-assisted Raft consensus protocol, referred to herein as “NetRaft.” According to one aspect of the concepts and technologies disclosed herein, a system can include a plurality of servers operating in a server cluster, and a plurality of P4 switches corresponding to the plurality of servers. Each server of the plurality of servers can include a back-end that executes a complete Raft algorithm to perform leader election, log replication, and log commitment of a Raft consensus algorithm. Each P4 switch of the plurality of P4 switches can include a front-end that executes a partial Raft algorithm to perform the log replication and the log commitment of the Raft consensus algorithm. The back-end can maintain a complete state for responding to requests that cannot be fulfilled by the front-end. The requests can include read requests and/or write requests.

Abstract: The concepts and technologies disclosed herein are directed to parallelism for virtual network functions (“VNFs”) in service function chains (“SFCs”). According to one aspect, a packet processing system can receive instructions to process, in parallel, at least a portion of a plurality of data packets associated with an SFC including a plurality of VNFs. The system can create a copy of at least the portion of the data packets. The system can send the copy of at least the portion of the data packets to at least two VNFs. The at least two VNFs can process, in parallel, the copy of at least the portion of the data packets. The system can receive, from the at least two VNFs, processed packets including the copy of at least the portion of the data packets and processed, in parallel, by the at least two VNFs. The system can combine the processed packets.

Abstract: The concepts and technologies disclosed herein are directed to parallelism for virtual network functions (“VNFs”) in service function chains (“SFCs”). According to one aspect, a packet processing system can receive instructions to process, in parallel, at least a portion of a plurality of data packets associated with an SFC including a plurality of VNFs. The system can create a copy of at least the portion of the data packets. The system can send the copy of at least the portion of the data packets to at least two VNFs. The at least two VNFs can process, in parallel, the copy of at least the portion of the data packets. The system can receive, from the at least two VNFs, processed packets including the copy of at least the portion of the data packets and processed, in parallel, by the at least two VNFs. The system can combine the processed packets.

Abstract: The concepts and technologies disclosed herein are directed to parallelism for virtual network functions (“VNFs”) in service function chains (“SFCs”). According to one aspect, a packet processing system can receive instructions to process, in parallel, at least a portion of a plurality of data packets associated with a SFC including a plurality of VNFs. The system can create a copy of at least the portion of the data packets. The system can send the copy of at least the portion of the data packets to at least two VNFs. The at least two VNFs can process, in parallel, the copy of at least the portion of the data packets. The system can receive, from the at least two VNFs, processed packets including the copy of at least the portion of the data packets and processed, in parallel, by the at least two VNFs. The system can combine the processed packets.

Abstract: A method for detecting malicious HTTP redirections. The method includes obtaining, based on a single client IP address, HTTP flows triggered by visiting a website, extracting a sequence of URLs where a downstream URL is extracted from a child HTTP request that is triggered by a parent HTTP request containing an immediate upstream URL, analyzing the URL sequence to generate a statistical feature, and classifying, based on the statistical feature, the HTTP flows as containing at least one malicious HTTP redirection triggered by visiting the website.

Abstract: A method for detecting malicious HTTP redirections. The method includes obtaining, based on a single client IP address, HTTP flows triggered by visiting a website, extracting a sequence of URLs where a downstream URL is extracted from a child HTTP request that is triggered by a parent HTTP request containing an immediate upstream URL, analyzing the URL sequence to generate a statistical feature, and classifying, based on the statistical feature, the HTTP flows as containing at least one malicious HTTP redirection triggered by visiting the website.

Abstract: A method for detecting malicious HTTP redirections. The method includes obtaining, based on a single client IP address, HTTP flows triggered by visiting a website, extracting a sequence of URLs where a downstream URL is extracted from a child HTTP request that is triggered by a parent HTTP request containing an immediate upstream URL, analyzing the URL sequence to generate a statistical feature, and classifying, based on the statistical feature, the HTTP flows as containing at least one malicious HTTP redirection triggered by visiting the website.

Abstract: The invention relates to a preparation method of a polymeric phase-change material, comprising: using 1, 2 or 3 of (meth)acrylate poly(ethylene glycol) n-alkyl ether ester as a raw material, wherein the (meth)acrylate poly(ethylene glycol) n-alkyl ether ester has a structural general formula of CH2?C(CH3)—COO(CH2CH2O)mCnH2n+1 or CH2?CH—COO(CH2CH2O)mCnH2n+1, m=1 to 100, and n=10 to 50; washing the raw material with a solution of sodium hydroxide, potassium hydroxide, sodium carbonate or potassium carbonate having a mass percentage of 1% to 10% to remove a polymerization inhibitor, and subjecting reduced-pressure distillation, and then to a polymerization reaction by adopting one of the following process; 1. polymerization reaction initiated by irradiation; 2. polymerization reaction initiated by an initiator; 3.

Abstract: A method for detecting a malicious node in a network. The method includes obtaining a plurality of failed domain name service (DNS) queries from the network, wherein each of the plurality of failed DNS queries is initiated from a client node of the network and comprises an effective second-level domain (eSLD) name, generating, by a computer processor and using a pre-determined clustering algorithm, a cluster from a plurality of eSLD names comprising the eSLD name of each of the plurality of failed DNS queries, wherein the cluster comprises a portion of the plurality of eSLD names that is selected based on the pre-determined clustering algorithm, determining, by the computer processor and using a pre-determined formula, a score representing statistical characteristics of the cluster, and assigning, in response to the score meeting a pre-determined criterion, a malicious status to the client node.

Abstract: The invention relates to a preparation method of a polymeric phase-change material, comprising: using 1, 2 or 3 of (meth)acrylate poly(ethylene glycol) n-alkyl ether ester as a raw material, wherein the (meth)acrylate poly(ethylene glycol) n-alkyl ether ester has a structural general formula of CH2?C(CH3)—COO(CH2O)mCnH2+1 or CH2?CH—COO(CH2CH2O)mCnH2+1, m=1 to 100, and n=10 to 50; washing the raw material with a solution of sodium hydroxide, potassium hydroxide, sodium carbonate or potassium carbonate having a mass percentage of 1% to 10% to remove a polymerization inhibitor, and subjecting reduced-pressure distillation, and then to a polymerization reaction by adopting one of the following process; 1. polymerization reaction initiated by irradiation; 2. polymerization reaction initiated by an initiator; 3.

Abstract: In one embodiment, the present disclosure is a method and apparatus for classifying applications using the collective properties of network traffic. In one embodiment, a method for classifying traffic in a communication network includes receiving a traffic activity graph, the traffic activity graph comprising a plurality of nodes interconnected by a plurality of edges, where each of the nodes represents an endpoint associated with the communication network and each of the edges represents traffic between a corresponding pair of the nodes, generating an initial set of inferences as to an application class associated with each of the edges, based on at least one measured statistic related to at least one traffic flow in the communication network, and refining the initial set of inferences based on a spatial distribution of the traffic flows, to produce a final traffic activity graph.

Abstract: A method for profiling user activity in a mobile network, including extracting user identifiers from application sessions identified from a mobile network, analyzing the application sessions to determine session blocks based on shared IP address and a minimum separation time threshold, extracting a traffic marker from the session blocks based on a user identifier, identifying a first portion of the session blocks based on the user identifier, wherein the first portion is associated with first mobile network activities of a user identified by the user identifier, identifying a second portion of the session blocks based on the traffic marker, wherein the second portion is associated with second mobile network activities of the user, and analyzing the first portion and the second portion to determine a measure of a mobile network activity of the user.

Abstract: With the widespread adoption of SIP-based VoIP, understanding the characteristics of SIP traffic behavior is critical to problem diagnosis and security protection of VoIP services. A general methodology is provided for profiling SIP-based VoIP traffic behavior at several levels: SIP server host, server entity (e.g., registrar and call proxy) and individual user levels. Using SIP traffic traces captured in a production VoIP network, the characteristics of SIP-based VoIP traffic behavior in an operational environment is illustrated and the effectiveness of the general profiling methodology is demonstrated. In particular, the profiling methodology identifies anomalies due to performance problems and/or implementation flaws through a case study. The efficacy of the methodology in detecting potential VoIP attacks is also demonstrated through a test-bed experimentation.

Abstract: A system and a method for identifying significant behaviors from network traffic. A probability value is assigned to each cluster in a set of clusters. An uncertainty value is computed indicating a level of variability among the probability values. One or more clusters are removed from the set of clusters until the uncertainty value exceeds a desired uncertainty threshold, and each of the removed clusters is identified as a significant cluster.

Abstract: In one embodiment, the present disclosure is a method and apparatus for classifying applications using the collective properties of network traffic. In one embodiment, a method for classifying traffic in a communication network includes receiving a traffic activity graph, the traffic activity graph comprising a plurality of nodes interconnected by a plurality of edges, where each of the nodes represents an endpoint associated with the communication network and each of the edges represents traffic between a corresponding pair of the nodes, generating an initial set of inferences as to an application class associated with each of the edges, based on at least one measured statistic related to at least one traffic flow in the communication network, and refining the initial set of inferences based on a spatial distribution of the traffic flows, to produce a final traffic activity graph.

Abstract: With the widespread adoption of SIP-based VoIP, understanding the characteristics of SIP traffic behavior is critical to problem diagnosis and security protection of VoIP services. A general methodology is provided for profiling SIP-based VoIP traffic behavior at several levels: SIP server host, server entity (e.g., registrar and call proxy) and individual user levels. Using SIP traffic traces captured in a production VoIP network, the characteristics of SIP-based VoIP traffic behavior in an operational environment is illustrated and the effectiveness of the general profiling methodology is demonstrated. In particular, the profiling methodology identifies anomalies due to performance problems and/or implementation flaws through a case study. The efficacy of the methodology in detecting potential VoIP attacks is also demonstrated through a test bed experimentation.

Abstract: A system and a method for profiling traffic on a computer network. Flows are observed traversing a communication link. Relative uncertainty values are computed for the dimensions of these flows. These relative uncertainty values are used to identify dominant feature values in the various flow dimensions. Flows having these dominant feature values are filtered.

Abstract: Multi-step processes such as intrusions into computer networks are detected from individual activities or events such as communications by identifying anchor points (FIG. 2, 220) that are likely to be part of the process, proceeding from the anchor points to extract other activities as a context of the anchor points, and characterizing the process from the activities in the context. The process may be characterized as sets of context activities.

Abstract: With the widespread adoption of SIP-based VoIP, understanding the characteristics of SIP traffic behavior is critical to problem diagnosis and security protection of VoIP services. A general methodology is provided for profiling SIP-based VoIP traffic behavior at several levels: SIP server host, server entity (e.g., registrar and call proxy) and individual user levels. Using SIP traffic traces captured in a production VoIP network, the characteristics of SIP-based VoIP traffic behavior in an operational environment is illustrated and the effectiveness of the general profiling methodology is demonstrated. In particular, the profiling methodology identifies anomalies due to performance problems and/or implementation flaws through a case study. The efficacy of the methodology in detecting potential VoIP attacks is also demonstrated through a test bed experimentation.

Abstract: A method and apparatus for packet scheduling using a virtual time stamp for a high capacity combined input and output queued switching system. A network employs a virtual time reference system (VTRS) to generate packet virtual time stamps associated with each packet traversing the network. The VTRS includes edge conditioners located at the edge of the network that receive unregulated packet traffic and generate regulated packet traffic for a given flow. The edge conditioners also add a packet virtual time stamp to each incoming packet. Core routers within a network core reference the packet virtual time stamps to schedule packet flow. The core routers also update the packet virtual time stamps using virtual delays. The packet virtual time stamps are removed from the packets when the packets leave the network core through an edge conditioner.