Abstract: Methods and systems for improving efficiency of direct cache access (DCA) are provided. According to one embodiment, a set of DCA control settings are defined by a network interface controller (NIC) of a network security device for each of multiple I/O device queues. The control settings specify portions of network packets that are to be copied to a cache of the corresponding CPU. A packet is received by the NIC. The packet is parsed to identify boundaries of portions of the packet and is queued onto an I/O device queue. The packet is then transferred from the I/O device queue to a host memory of the network security device and the specified portions are concurrently copied to the cache of the corresponding CPU based on the control setting associated with the I/O device queue.

Abstract: Described is a system for detecting attacks on mobile networks. The system includes the relevant hardware and components to perform a variety of operations including continuously measuring time-varying signals at each node in a network. The system determines network flux on the time-varying signals of all nodes in the network and detects a network attack if the network flux exceeds a predetermined threshold. Further, a reactive protocol is initiated if the network flux exceeds the predetermined threshold.

Abstract: Described is a system for detecting attacks on networks. A hierarchical representation of activity of a communication network is used to detect and predict sources of misinformation in the communication network. The hierarchical representation includes temporal patterns of communication between at least one pair of nodes, each temporal pattern representing a motif, having a size, in the hierarchical representation. Changes in motifs provide a signal for a misinformation attack.

Abstract: Described is a system for detecting attacks of misinformation on communication networks. Network controllability metrics on a graphical representation of a communication network are computed. Changes in the network controllability metrics are detected, and attack of misinformation on the communication network are detected based on the detected changes in the network controllability metrics.

Abstract: From a record of a packet in a Domain Name System (DNS) communication between a DNS client and a DNS server, an input feature is constructed. Using the packet, a metadata item supporting the input feature is computed. Using a processor and a memory to execute a trained cognitive classification model, and by supplying the input feature and the supporting metadata item as inputs to the cognitive classification model, a transmission of the packet is classified as malicious use of DNS tunneling between the DNS client and the DNS server. From the cognitive classification model, a classification of the packet as malicious, and a confidence value in the malicious classification are output. By generating a notification, the DNS client is caused to cease the malicious use of the DNS tunneling.

Abstract: The present disclosure is related to devices, systems, and methods for preemptive alerts in a connected environment.

Abstract: Examples relate to distributed anomaly management. In one example, a computing device may: receive real-time anomaly data for a first set of client devices, wherein the received anomaly data includes: anomalous network behavior data received from a network intrusion detection system (NICKS) monitoring network traffic behavior, anomalous host event data received from a host intrusion detection system (HIDS) monitoring host events originating from client devices in the first set, and anomalous process activity data received from a trace intrusion detection system (TIDS) monitoring process activity performed by client devices in the first set; for each client device in the first set of client devices for which anomaly data is received, associate the received anomaly data with the client device; and determine, for a particular client device, a measure of risk, wherein the measure of risk is dynamically adjusted based on the received real-time anomaly data.

Abstract: Defending against malicious electronic messages by analyzing electronic messages sent via a computer network to identify predefined risk elements found within the electronic messages, detecting attempts to perform computer-mediated actions that are associated with the electronic messages, identifying a potential security risk associated with the electronic messages and the computer-mediated actions, and performing a predefined preventive security action responsive to identifying the potential security risk.

Abstract: Systems and methods are provided for detecting and mitigating a sleep deprivation attack (SDA). A method for detection of the SDA includes one of tracking power consumption rate of a device, incoming request signals received by the device, or an activity duration of one or more physical interfaces of the device. A system for mitigation of the SDA includes the device to be protected from the SDA, a counter to count request signals received by the device from another device, a counter attack circuit to pose one or more security challenges by sending a request message to the other device once a counted number of request signals exceeds a pre-determined number, and a control circuit to terminate connection with the other device if an expected reply based on the request message is not received from the other device within a pre-determined time duration.

Abstract: A method for defending a DHCP attack is provided. The method includes monitoring packets transmitted by a client terminal coupled to a target port, and determining, in IP addresses allocated for the client terminal coupled to the target port, the number of the IP addresses generating no packet traffic in a preset first time. And the method further includes if the number of the IP addresses generating no packet traffic reaches a preset first threshold, determining that the client terminal coupled to the target port has risk of attacking, and restricting DHCP service of the target port. A device for defending a DHCP attack is also provided.

Abstract: The present disclosure provides a method and system for detecting a malicious behavior, an apparatus and a computer storage medium. In one aspect, in embodiments of the present disclosure, an internet protocol IP address corresponding to a Uniform Resource Locator URL accessed by a client is acquired as an IP address to be detected; therefore, malicious behavior detection is performed for the IP address to be detected, to obtain a detection result. Hence, technical solutions provided by embodiments of the present disclosure use the IP address to implement malicious behavior detection to solve the problem in the prior art that the attacker eludes the detection of the malicious behaviors by means of constantly changing a domain name or updating content of the malicious files, and can improve a successful detection rate of the malicious behavior.

Abstract: A system can monitor the server for indications of an attack and adjusts server settings accordingly. In response, the system can increase server tolerance in a systematic way to deal with DDoS by adjusting server settings appropriately. Conversely, when the server is not under attack, the settings can be adjusted to those for standard operations (e.g., adjusted downward), as they are more optimal for normal, non-attack operations.

Abstract: A method, an apparatus, and a computer program for detecting network anomaly in a distributed software defined networking (SDN) environment. The method includes collecting a control message from a distributed SDN controller and generating network characteristic information using the control message. The network characteristic information includes statistic information or event information included in the control message, new calculation information calculated using the statistic information or the event information, and network stateful information. The method, the apparatus, and the computer program for detecting network anomaly have high utilization, scalability, availability, and distribution properties to a user by supporting a variety of functions for detecting network anomaly in the SDN environment and providing a high-level API to the user.

Abstract: A method of identifying a node of a plurality of nodes in an in-vehicle communications network that transmitted a waveform propagating in the network, comprising providing a library of fingerprints having a unique library fingerprint for waveforms transmitted by each node and comparing a fingerprint generated for the propagating voltage waveform with library fingerprints to determine which node transmitted the waveform.

Abstract: The embodiments described in this disclosure may be adapted to detect and mitigate tainted content in network communications across client-server boundaries using a pair of complementary taint engines at both ends of the network. Methods, systems and computer readable storage media are adapted to receive request from a web application of a client system and generate standard responses. The header of the request can include a request taint value that can be evaluated to determine whether the request is a standard network transfer protocol request (e.g., HTTP request) or a multipart network transfer protocol request (e.g., a CTTP request). If the request is a multipart network transfer protocol request, a multipart network transfer protocol response can be constructing based on the generated standard network transfer protocol response, and client systems can be configured to detect tainted content based on the multipart network transfer protocol response.

Abstract: A method and system for conducting simulated phishing attacks. This may include identifying a target device from a list, such as a corporate directory, and sending a message to the device with a link to a website. On the website, the user may be directed to or enrolled in a network security course, or may be directed to install an app, which may then be used to gather data or further conduct simulated phishing attacks on other devices on a network.

Abstract: Techniques are described for wireless communication. A method for wireless communication at a user equipment (UE) includes transmitting, to a wireless communication device, an indicator of current values of time and location obtained by the UE; receiving, from the wireless communication device, measurement data acquired at the wireless communication device and an acknowledgement of the indicator of the current values of time and location; and forwarding the measurement data and the acknowledgement of the indicator of the current values of time and location to a data collector. A method for wireless communication at a wireless communication device includes receiving, from a UE, an indicator of current values of time and location; and transmitting, to the UE, measurement data and an acknowledgement of the indicator of the current values of time and location.

Abstract: A method for managing network vulnerabilities may include obtaining image data regarding a software container located on a network element. The image data may describe a software image used to generate the software container. The method may further include determining, using the image data, a software vulnerability of the software image. The method may further include assigning the software vulnerability to a filesystem key. The method may further include generating, using the software vulnerability and the filesystem key, a vulnerability map of a network. The vulnerability map may describe various software vulnerabilities arranged according to various filesystem keys used on the network. The filesystem key may identify data of the software container within a filesystem on the network element.

Abstract: A malware detection system based on stored data that analyzes an electronic message for threats by comparing it to previously received messages in a message archive or to a contacts list. Threat protection rules may be generated dynamically based on the message and contacts history. A message that appears suspicious may be blocked, or the system may insert warnings to the receiver not to provide personal information without verifying the message. Threat checks may look for unknown senders, senders with identities that are similar to but not identical to previous senders or to known contacts, or senders that were added only recently as contacts. Links embedded in messages may be checked by comparing them to links previously received or to domain names of known contacts. The system may flag messages as potential threats if they contradict previous messages, or if they appear unusual compared to the patterns of previous messages.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for determining a network security threat response. A data structure that represents communication events between computing devices of two or more network domains is received. The data structure is analyzed and a threat scenario that is based on a chain of communication events that indicates a potential attack path is determined. The chain of communication events include a sequence of communication events between computing devices proceeding from an originating computing device to a destination computing device, wherein the originating computing device and the destination computing device exist on different network domains. Attack pattern data, for the threat scenario and from a threat intelligence data source, that is associated with communications between computing devices that occurred during one or more prior attacks is received.

Abstract: Systems, methods, and apparatus for identifying anomalous behavior are provided. For example, a method may include receiving raw data, generating a behavior profile for the entity based on the raw data, receiving comparison data, determining whether the comparison data deviates from a pattern of behavior defined in the behavior profile, and identifying the comparison data as anomalous behavior when the comparison data deviates from the pattern of behavior. In one embodiment, the raw data includes recorded activity for the entity. In one embodiment, the behavior profile defines a pattern of behavior for the entity. In one embodiment, a countermeasure is performed upon identifying anomalous behavior. The countermeasure may include at least one of revoking the entity's credentials, denying the entity access to a resource, shutting down access to a port, and denying access to the entity. The method may further include providing a report of the anomalous behavior.

Abstract: In an embodiment, a method comprises intercepting a first set of instructions from a server computer that define one or more objects and one or more original operations that are based, at least in part, on the one or more objects; modifying the first set of instructions by adding one or more supervisor operations that are based, at least in part, on the one or more objects; transforming the one or more original operations to produce one or more transformed operations that are based, at least in part, on the one or more supervisor operations; rendering a second set of instructions which define the one or more supervisor operations and the one or more transformed operations; sending the second set of instructions to a remote client computer.

Abstract: Methods, systems, and computer-readable mediums are described herein to provide context-aware knowledge systems and methods for deploying deception mechanisms. In some examples, a deception profiler can be used to intelligently deploy the deception mechanisms for a network. For example, a method can include identifying a network for which to deploy one or more deception mechanisms. In such an example, a deception mechanism can emulate one or more characteristics of a machine on the network. The method can further include determining one or more asset densities and a summary statistic. An asset density can be associated with a number of assets connected to the network. The summary statistic can be associated with a number of historical attacks on the network.

Abstract: A system reports credentials on nodes of a network. Nodes are assigned to security silos. If a credential reported from a node is found to match a credential found on a node outside of its security silo or be for authentication with a node outside the its security an alert is generated, unless proper precautions are generated. Credentials may be reported as one-way hashes of credentials. Security silos may be automatically generated to segregate at-risk nodes from critical servers based on the presence or use of email clients and browsers. Precautions that may be used to suppress alerts, such as using KERBEROS TGT.

Abstract: A novel method for managing firewall configuration of a software defined data center is provided. Such a firewall configuration is divided into multiple sections that each contains a set of firewall rules. Each tenant of the software defined data center has a corresponding set of sections in the firewall configuration. The method allows each tenant to independently access and update/manage its own corresponding set of sections. Multiple tenants or users are allowed to make changes to the firewall configuration simultaneously.

Abstract: A method for monitoring the supply of authentication certificates to service nodes of a high-performance computer, includes a first step of defining for each service node an assembly of at least one authentication certificate, and then integrating each assembly defined for a service node into a configuration file associated with an identifier of the service node; a second step in which each service node transmits to a predefined server a start-up request intended for recovering the identifier thereof and a control file containing the assembly included in the associated configuration file; and a third step in which each service node extracts from the recovered control file the assembly contained therein in order to store each authentication certificate contained therein in an associated location in a corresponding storage area.

Abstract: The present invention relates to methods for modulating the activity of one or more Vps10p-domain receptors selected from the group consisting of Sortilin, SorLA, SorCS1, SorCS2 and SorCS3, in an animal and methods for preparation of a medicament for the treatment of abnormal plasma lipid concentrations and associated diseases and/or disorders. The modulation is carried out by inhibiting or promoting the binding of ligands to the Vps10p-domain receptor. In vitro and in vivo methods for screening for agents capable of modulation of said Vps10p-domain receptor activity are also provided. The invention furthermore relates to methods of altering expression of said receptors in vivo.

Abstract: To verify compliance with a data access policy, a query result including data specified by a requesting entity and a representation of a data access policy is received from a database. Based on the representation of the data access policy included in the query result, it is verified whether the requesting entity is permitted to access the data included in the query result. Transmission of the data included in the query result to the requesting entity is controlled responsive to the verification. Related methods, systems, and computer program products are also discussed.

Abstract: Methods and systems for performing load balancing and session persistence in IP (e.g., IPv6) networks are described herein. Some aspects relate to a destination options extension header that may be used to store load balancing session persistence option (LBSPO) data, including a client identifier and a server identifier for each of a client and a server. A load balancer for a server farm can perform session persistence and load balancing based on the LBSPO information. The server can include its own address in the LBSPO data when responding to an initial request from a client. The client device may then address subsequent packets to the server selected for that session, thereby bypassing the load balancer after the session is established, thereby freeing the load balancer to handle other requests. The LBSPO information may remain unchanged for the duration of the session.

Abstract: The present application provides a network connection establishment method, a terminal device, and a node device, and relates to the self-organizing network field. The method comprises: determining at least one performance parameter of a node device in a self-organizing network; and determining, according to at least the at least one performance parameter, whether to establish a network connection with the node device. According to the method, the terminal device, and the node device, whether to establish a network connection with a node device in a self-organizing network may be determined according to at least one performance parameter of the node device, which can thereby improve overall performance of the self-organizing network, and effectively avoid a problem that some node devices become a network bottleneck.

Abstract: An inquiry for information recommendation sent by a terminal is received; the inquiry for information recommendation may include an account identification of a target communication account; it is determined whether account information corresponding to the account identification of the target communication account includes a pre-set keyword to disable recommendation; if the account information includes the pre-set keyword to disable recommendation, a notification to disable recommendation is sent to the terminal, such that the terminal disables, while communication information is being input in a communication window corresponding to the target communication account, a pop-up of recommended information corresponding to the input communication information in the communication window, improving efficiency in information acquisition.

Abstract: In a method for setting up a communication link between a first telephony terminal (PA) and a second telephony terminal (PB) in a communication network which transports data packets, in particular on the Internet, with the aid of at least one signalling Server (SA, SB), in particular with the aid of an SIP Server, the first telephony terminal informs a first signalling Server that a call is intended to be made to the second telephony terminal. The first signalling Server which has been informed or a second signalling Server which has been informed by this first signalling Server recognizes that the call is intended to be made with a particular quality of Service and sets up a communication link between the first telephony terminal and the second telephony terminal, which link corresponds to this quality of Service.

Abstract: An electronic device is provided comprising a processor, a memory coupled to the processor, and a communications module saved in the memory and an application saved in the memory. The communications module configures the processor to generate a first transmission sequence number associated with a transport message to be sent to a remote device, include the first transmission sequence number in the transport message, and send the transport message to the remote device.

Abstract: A content editing method and apparatus for efficiently editing of content by allowing one user who edits the content to confirm a region of the content edited by another user. The content editing method includes displaying a content select interface used by the first electronic device to select content stored in a server; displaying a content edit interface used to edit the content if the content is selected through the displayed content select interface; and displaying an object informing a redundant access to the selected content when a second electronic device attempts to edit a part of the selected content that is being edited by the first electronic device through the content edit interface.

Abstract: A method for reducing bandwidth needed for streaming media content. The method includes identifying, by the streaming media server, a subset of a plurality of media content items having a portion of media data in common and extracting, by the streaming media server, the common portion from a first media content item of the subset; generating, by the streaming media server, a common media package comprising the extracted common portion, providing, by the streaming media server to a client media device, the common media package, and receiving, by the streaming media server from the client media device, a request for an item of content. The method also includes selecting an item of content from the subset; and transmitting, by the streaming media server to the client media device, an identification of the common media package and an identification of a chunk of the selected item of content subsequent to the common portion.

Abstract: A system and method are provided for use with streaming blocks of data, each of the streaming blocks of data including a number bits of data. The system includes a first compressor and a second compressor. The first compressor can receive and store a number n blocks of the streaming blocks of data, can receive and store a block of data to be compressed of the streaming blocks of data, can compress consecutive bits within the block of data to be compressed based on the n blocks of the streaming blocks of data, can output a match descriptor and a literal segment. The match descriptor is based on the compressed consecutive bits. The literal segment is based on a remainder of the number of bits of the data to be compressed not including the consecutive bits. The second compressor can compress the literal segment and can output a compressed data block including the match descriptor and a compressed string of data based on the compressed literal segment.

Abstract: In one embodiment, one or more computer systems of a social-networking system receive an input video associated with a first user of an online social networking system. The computer systems receive, from a client system of a second user of the online social networking system, a request to view content associated with the first user. The computer systems generate one or more output videos based on the input video. The computer systems select one of the one or more output videos. The computer systems provide, for display on the client system, the selected output video together with the requested content.

Abstract: In one example, a method for low-latency multimedia stream reception and output in a receiving device is described. Data packets may be extracted from a multimedia stream received over a network. The sequence of independently decodable units associated with the multimedia stream may be decoded. Each independently decodable unit may include one or more data packets. The sequence of decoded units may be stored in an output buffer. Further, flow of the decoded units from the output buffer to an output device may be controlled based on one of (a) a latency associated with the decoded units and (b) a rate of reception of the decoded units by the output buffer and a rate at which the output device is operating. The decoded units may be rendered on the output device.

Abstract: A method for wirelessly transmitting audio signals based on the Bluetooth protocol from a Bluetooth audio source to a computer device (audio sink). An audio signal is converted in the Bluetooth audio source into an audio data packet. The audio data packets are converted into L2CAP data packets in the Bluetooth audio source based on a protocol with access to the L2CAP layer, and wirelessly transmitted. The Bluetooth audio source suppresses renewed transmission of L2CAP data packets which were erroneous or which were not received by the sink. Real-time transmission or reproduction of the audio stream or the audio signal can thus be effected. The audio stream or an audio signal on the L2CAP layer may be transmitted with a reduced repetition rate in respect of erroneous data packets. Access to RFCOMM or another data transport protocol with access to the L2CAP layer can be provided from the application layer.

Abstract: A method comprising by one or more computing systems of a virtual-room networking system, receiving, from a client computing device, a request to access a remote client; by the one or more computing systems of the virtual-room networking system, capturing, from the remote client, content to be presented to one or more client computing devices; by the one or more computing systems of the virtual-room networking system, encoding the captured content to be presented to the one or more client computing devices, wherein the encoding processes and converts the captured content in a format to be presented to the one or more computing devices; by the one or more computing systems of the virtual-room networking system, transmitting the encoded captured content to the one or more client computing systems.

Abstract: A method for buffer load management in a communication device includes storing in a first buffer of the communication device, multimedia data comprised in data packets, determining an indication of the input rate at that first buffer and adding the indication to a second buffer containing information on the input rate over time, performing an autocorrelation on a signal comprising said information on the input rate over time, finding peaks in the autocorrelation and identifying a peak in a period to perform for the peak, a crosscorrelation of the signal comprising the information on the input rate over time with a periodic signal with given phase, selecting a part of the information on the input rate stored in the second buffer, using a reference signal, determining a target latency for the first buffer, and applying the target latency to the first buffer.

Abstract: A system for intermediated communication between applications running on the same computer is presented. The system routes communication between a first application and a second application through a data broker on a remote server to avoid direct communication between the applications. The first application may be a desktop application, such as a word processing application, that has an add-in installed to facilitate communication through the data broker. The second application may be a web browser that includes a web client implemented using standard functionality of the web browser, without an application-specific plug-in. The data broker operates on a remote server to receive and direct communication between the applications. By eliminating direct communication between the applications, the data broker improves system security and reliability by utilizing communication protocols and capabilities already existing within the computer.

Abstract: A system, a machine-readable storage medium storing instructions, and a computer-implemented method are described herein are directed to a Course Ingestion Engine (hereinafter “C.I. Engine”) that extracts a least a portion of a word present in a course description of an online course. The C.I. Engine determines, based on the at least one extracted portion of the word, at least one skill defined in a social networking service that can be acquired from content of the online course. The C.I. Engine recommends the online course to a target member account of the social networking service.

Abstract: This disclosure is directed to monitoring events generated by a social networking service and determining whether the generated events signify a company milestone for an organizational member. The events may be generated by members of the social networking service or by external websites being monitored by the social networking service. The social networking service further conducts various types of processing on content associated with one or more of the events to determine the quality, tone, and relevancy of the monitored events. This processing may depend on whether the event was generated by a member of the social networking service or by an external website. The social networking service then correlates the various monitored events with organizational members of the social networking service. After a predetermined time period or a predetermined number of events, the social networking service then attempts to identify a company milestone that best matches the events.

Abstract: Techniques are described herein that are capable of implementing a context-aware digital personal assistant (DPA) that supports multiple accounts and/or facilitating interaction among digital personal assistants. For example, a user may be signed-in with accounts of a DPA. Content from content streams associated with the respective accounts may be selectively combined based on at least the user's context. In another example, users who are signed-in with accounts of a DPA may share a user experience provided by the DPA. Content from content streams associated with the respective accounts may be selectively combined based on at least one or more of the users' context. In yet another example, a first DPA associated with a first user may be caused to perform an operation on behalf of a second DPA associated with a second user or to delegate the operation to the second DPA.

Abstract: The present technology monitors a web application provided by one or more services. A service may be provided by applications. The monitoring system provides end-to-end business transaction visibility, identifies performance issues quickly and has dynamical scaling capability across monitored systems including cloud systems, virtual systems and physical infrastructures. In instances, a request may be received from a remote application. The request may be associated with a distributed transaction. Data associated with the request may be detected. A distributed transaction identifier may be generated for a distributed transaction based on the data associated with the request.

Abstract: The systems, apparatus, methods, and computer program products described herein allow a user to find published content that may be about the user on a social network by analyzing the user's profile information and social contact information to generate terms, face recognition data, contacts and other data, searching the contacts based on the generated terms, face recognition data, and other data and identifying content that may be about the user.

Abstract: A CCN network node use reputation values for one or more interfaces to determine how to forward an Interest. During operation, the network node can receive an Interest or Content Object via a network interface, determines one or more candidate outbound faces for forwarding the Interest by performing a longest-prefix-matching lookup in a forwarding information base (FIB) using the Interest's name or name prefix as input. A respective FIB entry maps a name prefix to a forwarding rule that includes a corresponding outbound face for the name prefix. The node can determine a reputation value for each of the candidate outbound faces based on reputation information stored in association with the Interest's name or name prefix, and selects a candidate outbound face with a reputation value exceeding a first predetermined threshold. The node can then forward the received Interest via the selected outbound face.

Abstract: A computer-implemented method for automatically registering an application with an enterprise system. The method includes, obtaining the application associated with the enterprise system, wherein the application is pre-configured for subsequent registration with the enterprise system such that the registration establishes a trust relationship between the application and the enterprise system. The method further includes installing the application on a host device, and in conjunction with installing the application, automatically requesting the registration of the application with the enterprise system.

Abstract: An approach for collaboration is provided. An approach includes linking a first user device to a first collaboration screen of a work environment and a second user device to a second collaboration screen of the work environment. The approach also includes displaying data associated with the first user device on the first collaboration screen. The approach further includes detecting manipulation of the data at the first collaboration screen. The approach additionally includes displaying a copy of the data on the second collaboration screen based on the detecting.