Abstract: A pluggable transceiver receives, from a client, a first message that indicates a first source IP address as being an IP address of a client, a first destination IP address as being an IP address of the pluggable transceiver, a first source port as being a port of the client, and a first destination port as being a port of the pluggable transceiver. The pluggable transceiver updates the first message to indicate the first source IP address as being the IP address of the pluggable transceiver, the first destination IP address as being an IP address of a server, and the first destination port as being a port of the server. The pluggable transceiver sends the updated first message to the server.

Abstract: Disclosed herein are systems and methods of executing scanning software, such an executable software program or script (e.g., PowerShell script), by a computing device of an enterprise, such as a security server, may instruct the computing device to search all or a subset of computing devices in an enterprise network. The scanning software may identify PowerShell scripts containing particular malware attributes, according to a malicious-code dataset. The computing system executing the scanning software may scan through the identified PowerShell scripts to identify particular strings, values, or code-portions, and take a remedial action according to the scanning software programming.

Abstract: An illustrative method includes receiving, by a container storage interface (CSI) filter driver executing on a node of a cluster managed by a container orchestrator, a request to deploy a containerized application; selecting, by the CSI filter driver based on one or more attributes of the containerized application, a storage system from a plurality of storage systems attached to a plurality of clusters managed by the container orchestrator; and transmitting, by the CSI filter driver, a command to a CSI driver executing on a node of a cluster to which the storage system is attached, the cluster included in the plurality of clusters, the command configured to direct the CSI driver to provision a volume on the storage system for use with the containerized application.

Abstract: A data synchronization method and apparatus, and a device and a storage medium are disclosed.

Abstract: Techniques for providing, to a resource on a private network of a service provider, access to a resource on a private network of a customer. Service to customer (S2C) resources deployed on a cloud infrastructure to facilitate the access. Whereas IP address ranges may overlap between private networks and/or private IP addresses may be used in one or more of the private networks, the S2C resources enable the data exchange between the private networks. For example, the S2C resources translate between IP addresses such that data within each private network uses IP addresses that can be properly processed by the private network.

Abstract: Systems and methods are disclosed to perform gradient exchange among processing nodes configured as a hyper-rectangle network of N-dimensions. Each processing node can operate as a collective parameter server node capable to perform collective compute operations. For each dimension in a sequence of dimensions, all processing nodes on a same edge can perform a scatter-reduce operation using respective collective parameter serving engines. The amount of data reduced in each dimension is an inverse of a number of processing nodes in that dimension. After the scatter-reduce operation is performed for all the dimensions, all processing nodes on the same edge can perform an all-gather operation for each dimension in a reverse sequence of dimensions.

Abstract: Implementations of the present disclosure relate to communication simulation between an access point and an electronic device. A method comprises obtaining a MAC protocol data unit (MPDU) for simulating a communication between an access point and an electronic device, and configuring a receiver address and a transmitter address of the MPDU. The method further comprises updating a header of the MPDU based on the configured receiver address and the configured transmitter address, and transmitting the MPDU according to the updated header. With these implementations, communications between the AP and the electronic device can be simulated by the AP.

Abstract: A set of Internet Protocol (IP) addresses is received wherein each IP address is associated with a corresponding set of features. For an IP address in the set, the IP address is evaluated based at least in part on a set of inclusion criteria. For the IP address in the set, a likelihood that the IP address is residential or non-residential is generated based at least in part on the corresponding set of features and the evaluation of the IP address based at least in part on the set of inclusion criteria. For the IP address in the set, a training sample is generated that includes the IP address, at least some of the corresponding set of features, and a label. A labeled training data set is output that includes the training sample, where an IP address classifier is trained using the labeled training data set.

Abstract: Aspects of the disclosure relate to providing secure shortened URLs in character-limited messages. A computing platform may receive one or more character-limited messages sent to a user device. The computing platform may detect a URL within the one or more character-limited messages for replacement and generate a shortened URL corresponding to the detected URL, wherein a domain of the shortened URL is hosted by the message security system. The computing platform may then modify the one or more character-limited messages by replacing the URL with the shortened URL, and then cause transmission of the modified one or more character-limited messages to the user device. Next, the computing platform may receive, from the user device, a request to access the shortened URL, and redirect the user device to the detected URL corresponding to the shortened URL.

Abstract: Examples to determine media impressions using distributed demographic information are disclosed. An example system includes programmable circuitry to log, at a first Internet domain, a first record for a first website visit by a first client device to a website at a second Internet domain, the first record based on a hypertext transfer protocol (HTTP) request, the first record to include a timestamp, a uniform resource locator (URL), and a user identifier, the timestamp to represent a time of the first website visit, the URL corresponding to the website at the second Internet domain, and weight impression data in a report, the impression data associated with the first record and with second records, the second records corresponding to second website visits to the website via second client devices, the weighting of the impression data based on demographic distributions of audience members corresponding to the first and second records.

Abstract: A relay node may detect conflicts regarding media access control (MAC) addresses. A source node may send a request to the relay node. The request may be a request to establish communications with a target node. The source may send, to the relay node, an indication of the MAC address of the source node. The source node may receive a reject message from the relay node. The reject message may comprise an indication of a conflict associated with the MAC address of the source node.

Abstract: The present disclosure proposes network elements, methods at the network elements for facilitating reuse of IP address, a telecommunications system comprising the network elements. The method at a first network element for facilitating reuse of an IP address at multiple UEs comprising a first UE comprises: transmitting, to a second network element, a first request message associated with the first UE, the first request message comprising the IP address and a first indicator which, in conjunction with the IP address, uniquely identifies the first UE.

Abstract: The disclosure describes methods and arrangements for caching encrypted content. Embodiments of the described inventions make use of a middle box to serve encrypted content rather than requiring a server to answer each request for content with a separate and distinct response, thereby allowing a network to operate effectively and efficiently even when serving encrypted content that looks different each time it is requested.

Abstract: Systems and methods are provided for distributing a domain name service (DNS) response cache in a DNS resolving system on a network. The systems and methods described herein may improve response times for client queries and also protect the DNS resolving system from DNS related cyber attacks.

Abstract: Various aspects of the present disclosure generally relate to wireless communication. In some aspects, a user equipment (UE) may determine that one or more communications with a base station are to be transmitted or received via a relay UE. The one or more communications may include at least one of hybrid automatic repeat request feedback, a retransmission, or a control communication. The UE may transmit or receive the one or more communications via the relay UE. Numerous other aspects are provided.

Abstract: Systems and methods are provided for facilitating a discreet connection between a user and a service. A system includes a service for a user to connect to without any detectable direct contact with the service. A first reverse proxy connection is configured to receive a connection from the user to set up the discreet connection, where an invitation indicating a mechanism for accessing the first reverse proxy connection is provided to the user. Access credentials are transmitted to the user over the first reverse proxy connection, the access credentials including an address for accessing a second reverse proxy connection, the first reverse proxy connection being deleted following delivery of the access credentials. The second reverse proxy connection facilitates the discreet connection between the user and the service without any detectable direct contact with the service.

Abstract: The present disclosure is directed toward systems, methods, and non-transitory computer readable media for generating contextual hubs for organizing and presenting web-accessible content from third-party sources. In particular, the systems described herein can organize and manage within a contextual hub. For instance, the disclosed systems may perform actions on tabs based on analyzing usage signals associated with the tabs. Furthermore, the disclosed systems can organize contextually related content within contextual hubs. The disclosed systems may also facilitate collaboration between users within a contextual hub by synchronizing interactions with content within a contextual hub.

Abstract: A network device may receive a border gateway protocol (BGP) flow specification route associated with creation of an overlay network slice in a network, and may create a new routing instance based on the BGP flow specification route. The network device may associate interfaces defined by the BGP flow specification route with virtual private network (VPN) members, and may determine VPN parameters based on the BGP flow specification route. The network device may advertise the VPN parameters within the network to cause the network to generate the overlay network slice.

Abstract: This application relates to a distributed software-defined network (“DSDN”) for dynamically configuring and managing a wireless communication network. A plurality of DSDN nodes are connected to each other via a plurality of communication paths. Each communication path directly connects two DSDN nodes. Each DSDN node can provide DSDN configurations across diverse and disparate networks by normalizing its data plane network traffic through translation and packet encapsulation. Furthermore, the DSDN node can provide an architecture tolerant of network interruptions and network system fluctuations. For example, in the case of any one of the DSDN node's network interruptions from other DSDN nodes, the DSDN can provide network reconfiguration using network configuration rules stored in a control plane of each DSDN node.

Abstract: Presented herein are techniques to facilitate providing slice attribute information to a user equipment (UE) for one or more slice types with which the user equipment is allowed to establish one or more session(s). In one example, a method may include obtaining, by a network element, a registration request for connection of a UE to a mobile network; performing an authentication for connection of the UE to the mobile network; and upon successful authentication, providing, by the network element, a registration response to the UE, wherein the registration response identifies one or more network slice types with which the UE is authorized to establish a session and the registration response identifies one of: attribute information for each of the one or more network slice types or network location information from which attribute information for each of the one or more network slice types is to be obtained.

Abstract: A request is received to perform an action for a domain of a name service, wherein the name service is implemented using at least a first blockchain network and a second blockchain network different from the first blockchain network. A determination is made whether the domain is managed on the first blockchain network or the second blockchain network including by using a domain registry of the second blockchain network. The action for the domain is caused to be performed based on the determination of whether the domain is currently managed on the first blockchain network or the second blockchain network.

Abstract: Described herein are methods and systems for improved domain name resolution/routing. Routing data associated with domain names (e.g., websites) may be cached by a Domain Name System (DNS) based on historical domain name queries. The historical domain name queries may be analyzed to determine a ranking (e.g., popularity) for the domain names at multiple time intervals throughout a day, week, etc. Routing data for the highest ranked domain names during one or more time intervals may be cached for a period(s) of time corresponding to the one or more time intervals (e.g., times during which those domain names are most popular).

Abstract: Methods, systems, and computer-readable storage media for requesting, from a domain name system (DNS) server within an enterprise network, an IP address for a DNS name associated with a computing device, receiving the IP address, storing the IP address in a speculative DNS cache, the speculative DNS cache being operable to store IP addresses for a set of DNS names including the DNS name, providing, by the speculative DNS cache, a refresh period for the IP address, and determining that the refresh period of the IP address has tolled, and in response, refreshing the IP address in the speculative DNS cache.

Abstract: Disclosed are methods, systems and non-transitory computer readable memory for container image or host deduplication in vulnerability management systems. For instance, a method may include: obtaining source data from at least one source, wherein the source data includes a plurality of assets and/or findings; extracting data bits for each asset or finding from the source data; determining a first asset or finding concerns a first container image or first host based on the data bits for the first asset or finding; in response to determining the first asset or finding concerns the first container image or first host, obtaining a container image dataset or a search structure; determining whether the data bits match any of the plurality of sets of values of the container image dataset or the search structure; and, based on a match result, generating or updating records for the first container image or the first host.

Abstract: Provided are methods and systems for data distribution over a network. A device can capture content. The device can be configured to publish the content so that other devices in a network can access the content. The publishing device can indicate to other devices on the network that the content is available for use. In response, the publishing device can receive requests for the content from the other devices. When sending a request, a requesting device can include viewing parameters that indicate capabilities of the requesting device. The publishing device can create one or more data layers that comprise the content based on the viewing parameters of requesting devices. The publishing device can also determine a transmission path to the various requesting devices and transmit the one or more data layers along the transmission path.

Abstract: Disclosed are methods, systems and non-transitory computer readable memory for container image or host deduplication in vulnerability management systems. For instance, a method may include: obtaining source data from at least one source, wherein the source data includes a plurality of assets and/or findings; extracting data bits for each asset or finding from the source data; determining a first asset or finding concerns a first container image or first host based on the data bits for the first asset or finding; in response to determining the first asset or finding concerns the first container image or first host, obtaining a container image dataset or a search structure; determining whether the data bits match any of the plurality of sets of values of the container image dataset or the search structure; and, based on a match result, generating or updating records for the first container image or the first host.

Abstract: An example system includes: a set of sensors, each sensor having a programmable address; a set of microcontrollers, each microcontroller paired with one sensor from the set of sensors; a controller configured to: enable an operational state of the set of sensors to uniquely address each sensor in the set of sensors by sequentially, for each microcontroller in the set of microcontrollers, causing the microcontroller to activate the sensor paired with the microcontroller and assigning a unique address to the activated sensor; scan the set of sensors using the unique address of each sensor to obtain data detected by the sensor.

Abstract: A system and method for performing a secure data transfer between computing devices comprise registering a resource-constrained computing device with a cloud-based computer. A client computing device generates session state information regarding the client computing device in an electronic communication exchange with at least one remote computing device. An identifier provides a location of the session state information stored at a cloud-based computer. A machine-readable code associated with the identifier is displayed for querying the cloud for the stored session state information. The resource-constrained computing device uses the machine-readable code to retrieve the session state information. The resource-constrained computing device uses the session state information to join the electronic communication exchange.

Abstract: Systems, methods, and apparatuses are described for verification of wireless network connection. A wireless local area network may comprise a client device and a gateway. A data connection, within the wireless local area network, between the client device and the gateway may be verified based on gateway identifiers provided to the client device via data communication channels internal and external the wireless local area network.

Abstract: The described technology is generally directed towards network slicing for private cellular networks (PCNs). Network slicing can be leveraged as described herein to meet security requirements and/or other policies applicable to PCNs. Network slices implemented according to this disclosure can comprise a private network slice, a public network slice, and a public safety network slice. User equipment can be provisioned with slice identifiers for the network slices, and applications at the user equipment can specify an appropriate slice identifier for their network communications. Network equipment can be configured to route application traffic to a specified slice and to allocate network resources according to the specified slice, as well as to implement security and other policies according to the specified slice.

Abstract: The present disclosure provides a message forwarding method and apparatus, a domain name address query method and apparatus, a network address translation device, and a computer-readable medium.

Abstract: Embodiments herein provide a method for generating multiple IP addresses in a wireless network by a system (100). The method includes receiving user request to generate multiple IP addresses of at least one network element. Further, the method includes retrieving the IP address template corresponding to the at least one network element from a database (120) based on the user request, wherein the IP address template comprises a plurality of network parameters corresponding to positionally encoded bits of an IP schema. Further, the method includes generating the multiple IP addresses of the at least one network element based on the set of user defined labels, the count of the multiple of IP addresses of the at least one network element, the IP address template and the IP schema. Further, the method includes displaying the generated multiple IP addresses of the at least one network element.

Abstract: Embodiments of the present disclosure provide a method, system and device for content delivery network (CDN) scheduling, and a storage medium. The method includes: acquiring CDN data in real time from a CDN node device to generate a CDN index system; acquiring metropolitan area network, MAN, data in real time from a MAN to generate a MAN index system; generating a CDN node load intelligent image based on the CDN index system, and generating an intra-region scheduling algorithm through artificial intelligence, AI, training and algorithm optimization; generating a CDN region load intelligent image based on the CDN index system and the MAN index system, and generating an inter-region scheduling algorithm through the AI training and the algorithm optimization; and determining a CDN scheduling policy according to the intra-region scheduling algorithm and the inter-region scheduling algorithm, and executing the CDN scheduling policy.

Abstract: This disclosure describes a container management tool of a container management service of a service provider network that operates a first container in a network mode associated with a software generated namespace generated by the container management tool. The container management tool determines a location of the software generated namespace and adds a link to a desired, e.g., existing application network namespace to the software generated namespace. The container management tool, using an application namespace creation script, generates a name for the desired application network namespace. The service provider network executes one or more first applications in the first container, wherein executing the one or more first applications in the first container comprises the first container accessing the software generated namespace and following the link to the desired application network namespace.

Abstract: Systems, methods, and software are included herein to manage domain name system (DNS) requests to DNS servers. In one implementation, a computing device joins a local network and identifies a connection to a first DNS server associated with the local network. The computing device further implements first DNS rules based on the connection to the first server and monitors when a second DNS server is available using the local network. When the second DNS server becomes available, the computing device implements second DNS rules in place of the first DNS rules, wherein the second DNS rules direct DNS requests to the second DNS server in place of the first DNS server.

Abstract: A packet-filtering system described herein may be configured to filter packets with encrypted hostnames in accordance with one or packet-filtering rules. The packet-filtering system may resolve a plaintext hostname from ciphertext comprising an encrypted Server Name Indication (eSNI) value. The packet-filtering system may resolve the plaintext hostname using a plurality of techniques. Once the plaintext hostname is resolved, the packet-filtering system may then use the plaintext hostname to determine whether the packets are associated with one or more threat indicators. If the packet-filtering system determines that the packets are associated with one or more threat indicators, the packet-filtering system may apply a packet filtering operation associated with the packet-filtering rules to the packets.

Abstract: A system and method for accessing data to meet disparate security, integrity, and latency requirements includes multiple databases instantiated in the system with different performance attributes. The system receives a data access request from a client application. The system determines one or more data access requirements associated with the data access request and identify a database or set of databases that conform to those requirements. The system then submits the data access request to the identified databases and returns the result to the client application. The system may determine a data integrity threshold for the data access request, and submit the data access request to two or more databases simultaneously.

Abstract: Examples described herein include systems and methods for dynamically determining a server for enrollment with a management system. An example method can include receiving user input at an application executing on a user device, such as a portal application that provides access to and authentication for other applications through a catalogue of application icons. If the user input includes a first URL but that URL produces an error when used in conjunction with extensions associated with a management server, the application can automatically use extensions associated with an application-support server. The application can then retrieve a second URL from the application-support server and use it for performing enrollment steps at the management server. The enrollment steps can include authenticating the user at an identity service and determining the user's group ID for enrollment, for example.

Abstract: Disclosed herein are system, method, apparatus, and computer program product embodiments for dynamic mitigation of CGN IPv4 address provisioning for network gateways when adverse conditions are in effect. A network gateway may be provisioned with a shared WAN IP address from a pool of IP addresses designated for Carrier Grade Network Address Translation (CGN) and configured to detect the occurrence of an adverse condition for a connection provisioned the shared WAN IP address. Upon detecting an adverse condition, the network gateway may send a request for a new IP address to a DHCP server configured to recognize flags indicating an adverse condition. The DHCP server may then provision the gateway with a new public IP address.

Abstract: A document tracking method, a gateway device, and a server, where the gateway device intercepts a first data flow from a first terminal device in an internal network to a second terminal device in an external network, inserts a first Uniform Resource Locator (URL) into a first document in the first data flow to obtain a second data flow that includes a second document, and sends the second data flow to the second terminal device.

Abstract: Systems and methods for securely and remotely storing data in a remote, distributed redundant array of independent drives (RAID) is provided. RAID storage is accomplished through a series of mapped drives, non-routable Internet protocol (IP) addresses, and routable IP addresses. In addition, authorization to access a RAID controller, network address translation (NAT) system, and domain name system (DNS) system may all be separated, increasing security and allowing storage to be securely distributed among a variety of dispersed storage locations.

Abstract: Systems, devices, and methods related to a Deep Learning Accelerator and memory are described. For example, an integrated circuit device may be configured to execute instructions with matrix operands and configured with random access memory. A computing device running a compiler can interact and/or probe an integrated circuit device to identify hardware characteristics of the integrated circuit device in performing matrix computations. The compiler can generate and optimize a result of compilation from a description of an artificial neural network based at least in part on the hardware characteristics of the integrated circuit device. The result of compilation can include first data representative of parameters of the artificial neural network and second data representative of instructions executable by the integrated circuit device to generate an output of the artificial neural network based on the first data and an input to the artificial neural network.

Abstract: Telemetry monitoring of BGP prefixes in a network topology. A method includes receiving a route for a network topology and determining whether the route corresponds with an existing route stored on a route store. The method includes determining whether any network routing paths have been modified between the existing route and the route in response to determining the route corresponds with the existing route. The method includes generating a path configuration key for each of the at least one network routing path in response to determining at least one network routing path was modified between the existing route and the route.

Abstract: Systems and methods include receiving data associated with monitoring network communication traffic associated with a plurality of network devices; analyzing network communication flows of the plurality of network devices to group similar network devices together; analyzing patterns, frequency, relevance, and origination of words in the network communication traffic to auto-label the plurality of network devices; and assigning one or more words to any of a given network device and a group of similar network devices.

Abstract: A method including retrieving, by a device associated with a virtual private network (VPN) server from a read-only device, an initial operating system associated with the VPN server providing VPN services; transmitting, by the device based at least in part on executing the initial operating system, a first request to an infrastructure device for a VPN operating system to enable the VPN server to provide the VPN services; receiving, by the device from the infrastructure device based at least in part on transmitting the request, the VPN operating system; and executing, by the device, the VPN operating system to provide the VPN services is disclosed. Various other aspects are contemplated.

Abstract: A method, a system and a computer program manage a single sign on (SSO) session by an identity provider for a plurality of services. The method includes managing, by an identity provider, information on the SSO session via a cookie based protocol, and persisting a list of services of relying parties participating in same SSO session information in one session cookie and a plurality of temporary state cookies with randomly generated names. Whereby the list of session services are represented with a bit mask representation within the cookies and, whereby the plurality of temporary state cookies can be consolidated into one state cookie.

Abstract: This application relates to message sending and receiving methods and apparatuses, and a communication system. A control plane CP device in a communication system in which a CP and a user plane UP are separated generates a first message, where the first message includes route information and a control indication for the route information, and the route information is associated with a UP device. The CP device sends the first message to the UP device, so that the UP device updates the route information based on the control indication, where the first message is a packet forwarding control protocol PFCP message. Based on the technical solutions provided herein, interaction on routing control between the CP device and the UP device in a communication system architecture in which a CP and a UP are separated may be implemented.

Abstract: A system designed for increasing network communication speed for users, while lowering network congestion for content owners and ISPs. The system employs network elements including an acceleration server, clients, agents, and peers, where communication requests generated by applications are intercepted by the client on the same machine. The IP address of the server in the communication request is transmitted to the acceleration server, which provides a list of agents to use for this IP address. The communication request is sent to the agents. One or more of the agents respond with a list of peers that have previously seen some or all of the content which is the response to this request (after checking whether this data is still valid).

Abstract: A system comprising: at least one hardware processor; and a non-transitory computer-readable storage medium having stored thereon program instructions, the program instructions executable by the at least one hardware processor to: receive, by a routing hub in a computer network, from an origin node, a communication intended to a destination node, wherein said communication is encrypted with a one-time pad (OTP) associated with said origin node, apply, by said routing hub, to said communication, a customized OTP configured to simultaneously (i) encrypt said communication with said OTP associated with said destination node, and (ii) decrypt said communication with said OTP associated with said origin node, and deliver said communication to said destination node for decrypting said communication with said OTP associated with said destination node.

Abstract: The present application describes a system and method for passively collecting DNS traffic data as that data is passed between a recursive DNS resolver and an authoritative DNS server. The information contained in the collected DNS traffic data is used to generate a virtual authoritative DNS server, or a zone associated with the authoritative DNS server, when it is determined that the authoritative DNS server has been compromised.