Abstract: Embodiments include method, systems and computer program products for identifying unusual activity in an IT system based on user configurable message anomaly scoring. Aspects include receiving a message stream for the IT system and selecting a plurality of messages from the message stream that correspond to an interval. Aspects also include determining a message anomaly score for each of the plurality of the messages, wherein the message anomaly score for each of the plurality of the messages is determined to be one of a default message anomaly score and a custom message anomaly score and calculating an interval anomaly score for the interval by adding the message anomaly score for each of the plurality of the messages. Aspects further include identifying a priority level of the interval by comparing the interval anomaly score to one or more thresholds.

Abstract: A network interface device includes a memory and a processor operable to receive a malicious packet marker, store the malicious packet marker to the memory, monitor network data packets flowing in the network interface device, determine that a packet matches the malicious packet marker, and store log information from the packet to the memory.

Abstract: According to one embodiment, a method in a computing device for responding to a determination that a verification with a user is desired responsive to detection of activity indicative of a possible insider threat is described. The method includes selecting a target role and a target user for the verification based on an activity context and an enterprise context repository, the selecting including selecting the target role from a plurality of target roles based on the activity context and optionally the enterprise context repository and selecting a target user in the selected target role based on the enterprise context repository. The method further includes causing a verification request to be sent to the selected target user; and generating an alert when a verification result indicates that the activity is indicative of the possible insider threat.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for network monitoring, user account compromise determination, and user behavior database system. The system monitors network actions of user accounts including user account access across multitudes of network accessible systems, determines user account transitions, and determines different types of high-risk user behavior indicative of compromise. Network actions can be obtained from generated information by the network accessible systems, and correlated across additional data sets including contextual ones. User interfaces are generated describing network actions of user accounts, and are configured for user interaction, which cause generation of updated user interfaces and access to electronic data sources to determine information relevant to the user interaction.

Abstract: Technologies for distributed detection of security anomalies include a computing device to establish a trusted relationship with a security server. The computing device reads one or more packets of at least one of an inter-virtual network function network or an inter-virtual network function component network in response to establishing the trusted relationship and performs a security threat assessment of the one or more packets. The computing device transmits the security threat assessment to the security server.

Abstract: A method and proxy device for detecting bypass vulnerabilities in a cloud-computing platform are provided. The method includes identifying an access attempt by a client device to a cloud-based application hosted in the cloud-computing platform; identifying login information corresponding to the identified access attempt; requesting authenticated login information from a central authentication system; correlating the login information corresponding to the access attempt with the authenticated login information; determining, based on the correlation, whether a bypass vulnerability exists; and generating a bypass event when it is determined that the bypass vulnerability has been exploited wherein the bypass event indicates that the access attempt to the cloud-based application has not been properly authenticated.

Abstract: The invention relates to a method for detecting vulnerabilities in a virtual production server of a virtual or cloud computer system, said system comprising one or more virtual servers. The invention comprises the following steps: a system for analyzing vulnerabilities in the virtual production servers is provided; the system for analyzing vulnerabilities connects to the virtual or cloud computer system; the system for analyzing vulnerabilities requests the cloning of the virtual production server in order to obtain a clone or a disk copy of the virtual production server; the clone or the disk copy is created in the virtual or cloud computer system; the system for analyzing vulnerabilities connects to the clone or to the disk copy; the system for analyzing vulnerabilities analyzes the vulnerabilities of the clone or of the disk copy; the clone or the disk copy is erased; a report analyzing the vulnerabilities of the clone or of the disk copy is generated.

Abstract: Tools, strategies, and techniques are provided for evaluating the identities of different entities to protect individual consumers, business enterprises, and other organizations from identity theft and fraud. Risks associated with various entities can be analyzed and assessed based on analysis of social network data, professional network data, or other networking connections, among other data sources. In various embodiments, the risk assessment may include calculating an authenticity score based on the collected network data.

Abstract: A device may receive usage information, associated with a group of client networks, including particular usage information associated with a particular client network. The device may receive threat information, associated with the group of client networks, including particular threat information associated with the particular client network. The device may determine a baseline based on the usage information. The device may determine a normalization function, associated with the particular client network, based on the baseline and the particular usage information. The device may determine normalized threat information, associated with the particular client network, based on the normalization function and the particular threat information. The device may determine overall normalized threat information associated with the group of client networks. The device may compare the normalized threat information and the overall normalized threat information.

Abstract: A method comprising: receiving an identification of the target assets at risk of being attacked and of the technology layers of the organization, wherein each of the target assets may instantiate in multiple ones of the technology layers; constructing multiple attack vectors for each of at least a portion of said target assets, by determining for each attack vector three target dimensions, each of a category of: method of achieving a malicious objective, method of attack enablement and method of initial penetration; and estimating the security risk of each of said multiple attack vectors, wherein the estimating of the security risk of an attack vector of said multiple attack vectors is based on probabilities of success of the combinations of a technology layer and an attack method characterizing each of the target dimensions of the attack vector.

Abstract: A system for securing electronic devices includes a processor, a storage medium communicatively coupled to the processor, and a secured storage communicatively coupled to the client. The system further includes a client application including computer-executable instructions on the medium. The instructions are readable by the processor. The application is configured to manage a trusted image of software of a client in a secured storage and, upon a signal indicating malware on the client, restore the trusted image to the client independent of an operating system and user processes of the client.

Abstract: A DNS server DDoS attack mitigation system is provided, comprising a DNS cache module. A DNS query or UDP data packet from an originating source intended for a DNS server is to be diverted to the DNS cache module. The DNS cache module validates the DNS query or UDP data packet and discard it if it is malformed. The DNS cache module then extracts from the DNS query or UDP data packet a domain name and virtual IP address (VIP) of the requested destination resource, and source IP (SIP). Using the domain name, VIP, and SIP to find and retrieve from its cache the matching DNS record and respond with a response message according the matched DNS record type. If a match is not found, the DNS query or UDP data packet is dropped, dropped and responded to with a customizable message, or forwarded to the DNS server.

Abstract: Disclosed are methods, circuits, systems and functionally associated computer executable code for systems and functionally associated computer executable code for detecting and mitigating a denial of service attack on or through a radio access network. According to some embodiments, there may be provided a radio access network with one or more radio access points to wirelessly engage in communication with one or more wireless communication devices, a Malicious Packet Detector (MPD) communicatively coupled to one or more radio access points and configured to detect one or more malicious packets transmitted to said radio access network by the one or more wireless communication devices, and a controller functionally associated with the MPD and configured to alter network operation so as to mitigate malicious packet flow from the one or more malicious packet transmitting wireless communication devices.

Abstract: As disclosed herein a method, executed by a computer, includes detecting, by an intrusion prevention system, intruder network traffic addressed to a computing device, creating a decoy virtual machine, and redirecting the intruder network traffic to the decoy virtual machine. The method further includes determining one or more attack characteristics of the intruder network traffic, and generating a new intruder signature corresponding to the attack characteristics. The method further includes validating the new intruder signature, and providing the new intruder signature to the intrusion prevention system. A computer system and computer program product corresponding to the above method are also disclosed herein.

Abstract: A method and system are provided that, in turn, provide a secure policy audit in a shared enforcement environment. The method includes providing an auditing component in a software defined network. The method further includes receiving, by the auditing component, a first auditing event from a first component in the software defined network and a related auditing event from a second component in the software defined network. The method also includes analyzing, by the auditing component, the first auditing event and the related auditing event against an enforcement of an access policy criteria for the software defined network. The access policy criteria requires auditing events from at least two enforcement points in the software defined network. The first and second component form the at least two enforcement points. The method additionally includes determining, by the auditing component, one of a compliance and a non-compliance with the access policy criteria.

Abstract: In accordance with a security policy regarding a setting value of an information processing apparatus, restriction information indicating whether to restrict modification of the setting value of information processing apparatus stored in a first storage unit is generated and stored in a second storage unit different to the first storage unit. Based on the restriction information stored in the second storage unit, modification of the setting value of the information processing apparatus is restricted.

Abstract: An information management apparatus includes: a policy table, in which a function, the function being necessary to provide a client device with security, and security setting values of the function, the security setting values being defined depending on an interface specific to the client device, are recorded such that the function is associated with one of the security setting values for each of levels of the security; a client-communication processing unit configured to perform communication with the client device; a server-communication processing unit configured to communicate with a server, the server issuing a change request requesting for changing a record in the policy table; and a policy-information management unit configured to change the record in the policy table in accordance with the change request.

Abstract: A method, non-transitory computer readable medium, and policy rating server device that receives a request from a client computing device for one or more privacy ratings. The request identifies at least one application, such as an application installed on the client computing device for example. A policy associated with the identified application is obtained. The obtained policy is analyzed to identify a plurality of key words or phrases associated with use by the at least one application of functionality of, or personal information stored on, the client computing device. One or more privacy ratings are generated based on numerical values assigned to each of the identified key words or phrases. The generated one or more privacy ratings are output to the client computing device in response to the request.

Abstract: A system and method for adaptively securing a protected entity against cyber-threats. The method includes: activating a security application configured to handle a cyber-threat; receiving a plurality of feeds during a runtime of the security application; analyzing the plurality of received feeds to determine if the security application is required to be re-programmed to perform an optimized action to efficiently protect against the cyber-threat; and re-programming, during the runtime, the security application, when it is determined that the security application requires performance of the optimized action.

Abstract: Systems and methods for software defined behavioral DDoS attack mitigation are provided. According to one embodiment, a method is provided for controlling multiple distributed denial of service (DDoS) mitigation appliances. A DDoS attack mitigation central controller configures attack mitigation policies for the DDoS attack mitigation appliances. The DDoS attack mitigation policies are sent to the DDoS attack mitigation appliances through a network connecting the DDoS attack mitigation central controller and the DDoS attack mitigation appliances.

Abstract: A security information update system includes a service providing server and information processing devices, the service providing server including: an authentication information memory that stores a pair of security information and identification information; and a service providing unit that provides a service to the information processing device, and the information processing devices including: a policy acquisition unit that acquires a security policy; a security information memory that stores security information; a process executing unit that transmits a pair of the same identification information and security information to the service providing server and receives a service; an authentication information acquisition unit that acquires security information after update; an update unit that updates security information with the acquired security information after the update date and time; and a prohibition unit that prohibits execution of a process of receiving a service after the update date and time u

Abstract: Disclosed are various embodiments for generating network pages for customers that include customer-generated page portions. A request for a network page is obtained from a client. The network page is associated with a network site hosted on behalf of a first party by a second party. A portion of the network page is obtained from a service operated by the party in response to the request. The network page, which includes the portion, is generated in response to the request. The generated network page is sent to the client in response to the request.

Abstract: A method for providing an administration policy to a user device comprising a plurality of applications, the method comprising centrally generating the administration policy to be implemented in the user device, the administration policy comprising at least one of an application administration policy to be used by at least one of the plurality of applications and a client administration policy for the user device; and providing the generated policy to the user device.

Abstract: A call server for optimizing the use of the resources in a media gateway of a core network, this call server being configured to receive a session setup request message decide to accept or to reject the session setup request as a function of the load of a gateway controlled by this call server retrieve an internal priority value assigned to an incoming SIP trunk linked to this core network and carrying this session setup request message and decide to accept or to reject the session setup request also as a function of the internal priority value assigned to an incoming SIP trunk carrying this session setup request message.

Abstract: This application provides a call method, a call apparatus, a VOIP server, and a call system. The call method includes: receiving, by a VOIP server, a first call request that is forwarded by a first VOIP gateway and that includes a local identifier; acquiring, by the VOIP server according to a prestored association relationship, a destination identifier that corresponds to the local identifier; searching, by the VOIP server, for a visited location GMSC to which the destination identifier belongs; and sending, by the VOIP server, a second call request including the destination identifier to the visited location GMSC, so that the visited location GMSC calls the destination identifier.

Abstract: Technologies for casting digital media content include a source computing device communicatively coupled to a destination computing device. The source computing device is configured to transmit a set of identifiers of the source computing device to the destination computing device and receive a set of identifiers of the destination computing device from the destination computing device. Each set of identifiers includes a version (e.g., hardware or software) associated with the respective computing device and a unique identifier of the respective computing device. The source computing device is additionally configured to determine a subset of casting session parameters from a set of casting session parameters based on the one or more capabilities of the destination computing device which are usable by the destination computing device to establish a casting session and stream digital media content in accordance with the subset of casting session parameters. Other embodiments are described and claimed.

Abstract: Method, server, network node and multimedia User Equipment, UE, for controlling communication session establishment (10) in a multimedia over Internet Protocol, IP, based communications network with a plurality of multimedia UEs registered in the communications network with a same subscriber. In a communications handling server of the network, in reply to the receipt (12) of a request (11) for establishing a communication session with at least one UE of the plurality of UEs, an adapted request (13) is provided, based on which provisional response(s) and which final response(s) the UE of the plurality of UEs may provide, in response to the request (11) for establishing the communication session. The adapted request is forwarded (14) in the communications network, and a receiving UE processes the adapted request for establishing or not establishing the communication session (15).

Abstract: A control system includes a session controller to establish a communications session between a first communications terminal and communications terminals differing from the first communications terminal.

Abstract: A system and method that allows mobile device applications to receive changes in registration status from application services that are accessed via an Internet Protocol Multimedia Subsystem (IMS). Applications on a mobile device subscribe to receive notifications of changes in registration status for requested services. When a change to the registration status of a service occurs, a notification message is transmitted to the application on the mobile device. Notifications of changes in status are thereby received by each application on a per-application-service basis. In some embodiments, when a request to register with an application service fails, the corresponding notification message includes a reason for the failure. In some embodiments, notification messages are originated by a registration manager that operates in the IMS and transmitted to an IMS client operating on a mobile device.

Abstract: A communication session is established between a first communication device and a second communication device. The communication session comprises a first dialog between an application server and the first communication device. The first communication device uses a first network address in the first dialog. In response to an event, such as a first network interface failing, a SIP INVITE with replaces header message is received by the application server with a second address of the first communication device. In response to receiving the SIP INVITE with replaces header message from the first communication device with a second address of the first communication device, the first dialog between the application server and the first device is reestablished using the second network address.

Abstract: An audio mixer for mixing audio signals from a plurality of participants, including audio signals of different sample rates; the audio mixer comprising: a plurality of mixing arrangements, each mixing arrangement for a given one of said sample rates; each mixing arrangement comprising: a pre-mixer configured to mix audio signals having the given sample rate; one or more resamplers, each resampler configured to convert pre-mixed audio signals from other mixing arrangements into a signal of the given sample rate; and a post-mixer configured to mix the output of the pre-mixer with the output of each resampler to produce an output at the given sample rate; the audio mixer further comprising a subtractor configured to subtract the participant's input audio signal from the post-mixed output.

Abstract: Disclosed is a transmission terminal for use in transmission of content data in response to a start request for starting the transmission of the content data from an external terminal. The transmission terminal includes a memory and one or more processors programmed to execute a process including determining whether the transmission terminal is coupled to a predetermined external apparatus, and transmitting a response to the start request, when the transmission terminal is determined to be coupled to the predetermined external apparatus.

Abstract: Access to a user profile of a user device at a location may be provided to a destination device upon detecting that the location is within a proximity of a destination location. An expiring token may be generated, associated with the user profile, and communicated to the second device. Access to the user profile provided to the destination device may be terminated upon an expiration of the expiring token.

Abstract: A collaboration system may include a first computing device that may communicate with at least one other computing device via a computing network. The computing network may communicatively couple to a number of computing devices and the first computing device may receive inspection data acquired by one or more non-destructive testing (NDT) devices. After receiving the inspection data, the first computing device may determine at least one of a workflow for analyzing the inspection data based on the inspection data, a layout configured to display the inspection data, or a set of tools configured to analyze the inspection data. The first computing device may then implement the workflow, display the inspection data according to the layout, and/or display the set of tools. The workflow may include one or more processes that may be used to analyze the inspection data.

Abstract: Technologies for end of frame marking and detection in streaming digital media content include a source computing device communicatively coupled to a destination computing device. The source computing device is configured to encode a frame of digital media content and insert an end of frame marker into a transport stream header of a network packet that includes an encoded payload corresponding to a chunk of data of the frame of digital media content. The destination computing device is configured to de-packetize received network packets and parse the transport stream headers of the received network packets to determine whether the network packet corresponds to an end of frame of the frame of digital media content. The destination computing device is further configured to transmit the encoded payloads of the received network packets to a decoder in response to a determination that the end of frame network packet has been received. Other embodiments are described and claimed.

Abstract: Disclosed is a method and a system for presenting content captured by a plurality of electronic devices. The method may include presenting, at a client electronic device, a user interface configured to receive one or more of a plurality of device indicators corresponding to the plurality of electronic devices and a content indicator corresponding to the plurality of content captured by the plurality of electronic devices. Further, the method may include receiving, at a server, one or more of the plurality of device indicators and the content indicator. Additionally, the method may include identifying the plurality of content based on one or more of the plurality of device indicators and the content indicator. Furthermore, the method may include transmitting the plurality of content to the client electronic device. Accordingly, the client electronic device may be configured for presenting the plurality of content.

Abstract: Embodiments of the present disclosure disclose a video playing method and device. The method comprises the following steps: a player in a playing page obtains a storage address of a target video when the playing page is loaded; a playing component for the target video is determined by analyzing the storage address; a data packet of the target video is obtained according to the storage address; the playing component is used to process the obtained data packet to generate buffered data; the target video is played according to the buffered data if a playing command is detected after the completion of loading the playing page.

Abstract: Systems and methods can use client-side video buffer occupancy for enhanced quality of experience in a communication network. The systems and methods provided herein can drive changes in the communication system using control responses. Example control responses include responses for scheduling of packets under capacity constrained conditions. An access node, such as a base station, may transmit video from a server to a client in a user device. The access node can estimate client-side video buffer occupancy and predict video playback stalls. The client-side video buffer occupancy can be estimated by emulating behavior of the client. The buffer occupancy can be used to enhance quality of experience for the user. For example, when the buffer occupancy is low, the access node may increase scheduling priority of packets conveying the video.

Abstract: A media delivery scheme distributes a stream of media files to a group of users while allowing individual users to request specific media files. In one embodiment, a media server maintains a playlist of media files to broadcast, and requests for media must satisfy certain restrictive criteria to be added to the playlist. In another aspect of a preferred embodiment, the media server schedules requested media so as to comply with provisions of the DMCA.

Abstract: Systems and methods of controlling transmissions of a media stream are provided. In one exemplary embodiment, a method performed by a media client for controlling a transmission of a media stream from a media server to the media client may include obtaining a media description of the media stream. The media description may indicate an initial stream element of the consecutive stream elements. Further, the method may include sending a request for the initial stream element. In addition, the method may include requesting, towards a control entity for a session, an establishment of the session or a modification of the session, for associating the media stream with the session. After sending the request for the initial stream element, the method may include receiving a result of the session establishment or session modification request.

Abstract: Technologies are described for providing a two-way interactive streaming media experience. For example, streaming media comprising streaming video can be received along with overlay control data and a web overlay. The web overlay can be composited on top of the streaming video according to timing information in the overlay control data. Users can interact with the web overlay (e.g., select buttons or perform other actions). Indications of user interactions can be provided to a server environment and updated streaming media, new web overlays, and/or new web content can be received as a result.

Abstract: A method for downloading multimedia files and an electronic device are provided. The method includes: obtaining first bandwidth information of a first electronic device; calculating a first times point according to the first bandwidth information; sending a first download request to the first electronic device to request downloading a first multimedia streaming prior to the first time point in the multimedia file; and sending a second download request to a second electronic device to request downloading a second multimedia streaming posterior to the first time point in the multimedia file.

Abstract: Disclosed is a method, performed by a client, of scheduling reception of media contents, the method including determining a plurality of network connections enabling the reception of the media contents between the client and a server, predicting a buffering timing at which segments of the media contents received in a unit of a buffer size of the client are received through some of the determined plurality of network connections, generating scheduling information for allocating the segments of the media contents to be allocated to the some network connections to each of the plurality of network connections at the predicted buffering timing, and transmitting the generated scheduling information to the server.

Abstract: An electronic device screencasts media content. The screencasting includes selecting a media content layers to include in an encoded stream. An output layer is created by capturing the selected media content layers without capturing unselected layers (although these unselected layers may still be presented locally by the electronic device). The output layer is encoded into a format compatible with a media hosting service to create the encoded stream, which is transmitted to the media hosting service for presentation at a remote device.

Abstract: Systems and methods for performing bit rate encoding are described. One of the methods includes receiving data indicating a change in a first connection speed that is associated with a first network. The change generates a second connection speed. The method further includes determining whether a media file is being downloaded. The method also includes determining that a current segment of the media file is being downloaded. The current segment is downloaded at a first bit rate and the first bit rate is associated with the first connection speed. The method includes determining whether the media file includes a remaining segment to be downloaded. The current segment precedes the remaining segment. The method includes identifying a second bit rate based on the second connection speed, receiving the remaining segment at the second bit rate, and stitching the remaining segment with the current segment.

Abstract: Concepts and technologies disclosed herein are directed to real-time video delivery for connected home (“CH”) applications. According to one aspect of the concepts and technologies, a CH controller (“CHC”) can receive a request for delivery of a video stream captured by a CH video camera to a user device. The CHC can determine availability of a wireline communications link to a wireline network and availability of a wireless communications link to a wireless network over which to deliver the video stream to the user device. In response to determining that the wireline communications link and the wireless communications link are available, the CHC can obtain a wireline performance measurement for the wireline communications link, obtain a wireless performance measurement for the wireline communications link, compare the wireline performance measurement and the wireless performance measurement, and select either the wireline communications link or the wireless communications link based upon the comparison.

Abstract: A method executable in a wireless device, comprising a MBMS client and a non-MBMS client, for reporting QoE from the wireless device to a second network node of a wireless network, is suggested. The method comprise: receiving, from a first network node, a message indicating that QoE reporting from the MBMS client shall be coordinated with QoE reporting from the non-MBMS client; determining, by the MBMS client, whether or not the MBMS client is to establish coordinated QoE reports to the second network node; coordinating, between the MBMS client and the non-MBMS client, a coordinated QoE reporting configuration, at least partly on the basis of the result of said determining; determining, by the non-MBMS client, on the basis of content of said configuration, whether or not the non-MBMS client is to establish coordinated QoE reports to the second network node, and transmitting any established, coordinated QoE report to the second network node.

Abstract: Access nodes and methods adjust a bit rate of a data stream in a communication network. The access nodes and methods have a packet inspection unit configured to inspect one or more of the data packets to determine that the data stream includes video data. A congestion unit is coupled to the packet inspection unit and is configured to determine a level of congestion in the communication network, the level of congestion associated with a capacity of the wireless channel, the level of congestion capable of varying over time, and the capacity of the wireless channel capable of varying with the level of congestion. A video scaling unit is configured to adjust the bit rate of the data stream responsive to the packet inspection unit and the congestion unit.

Abstract: Different representations are associated with an instance of media content, and a representation can include multiple portions of media content. A respective quality value and bitrate can be associated with each of the portions. Information about the instance of content, including bitrate and quality information, can be accessed by and/or sent to a client. The quality information indicates the availability of measures of quality (e.g., quality values) and where those quality values reside or how they can be retrieved. The client can use quality as well as bitrate to make more intelligent decisions while streaming the content. For example, while the content is being downloaded over a network, the client can adapt to changes in available network bandwidth by selecting one portion of the instance of media content over another based not just on its bitrate but also based on its quality value.

Abstract: An Internet information retrieval system, including a user interface, for defining specific information of interest, being information which is more specific than keywords and keywords with relations between them, a schedule for carrying out an Internet information retrieval, and alerting destination, a facility for retrieving Web content that might include the specific information of interest, wherein the presence of the specific information of interest, for being retrieved by the facility includes: presence of at least two different events, each retrieved from a different source of information, and at least one logic relation between the at least two retrieved different events, thereby the alert executed upon the presence of the specific information allows looking forward to a new event, estimated, by other than the Internet information retrieval system, to be consequent to the at least two different events.