СПОСОБ И СИСТЕМА ПЕРЕДАЧИ ДАННЫХ

Изобретение относится к области передачи данных в энергосистеме и предназначено для более эффективного использования недетерминированных каналов передачи данных, для обмена операционными данными в режиме реального времени между удаленными местами и электростанцией. Канал передачи данных отслеживают на основе регулярного графика сети, то есть с помощью сообщений оценки или пакетов данных, которые переносят операционные данные в режиме реального времени, как полезное содержание. Постоянное определение качества канала, включая в себя выработку соответствующего сигнала тревоги, в случае, когда качество канала будет определено как недостаточное, основано на оценке в приемном узле пакетов данных, постоянно передаваемых приемным узлом. Такие постоянно или повторно передаваемые пакеты данных могут содержать идентичные полезные нагрузки, отражающие текущее состояние, вместо изменения состояния в качестве операционных данных. 2 н. и 8 з.п. ф-лы, 3 ил.

СИСТЕМА ДЛЯ ОБРАБОТКИ ДАННЫХ, ОТНОСЯЩИХСЯ К СОЕДИНЕНИЮ С ПЛАТФОРМОЙ ИНТЕРНЕТ-САЙТА

Изобретение относится к системе для обработки данных, относящихся к соединению с платформой интернет-сайта. Технический результат заключается в повышении точности получаемых данных. Система содержит по меньшей мере два отдельных модуля для обработки данных соединения, распределенных в по меньшей мере две взаимодополняющие группы, причем модули одной группы выполнены с возможностью выполнения подмножества операций, необходимых для осуществления способа обработки данных, относящихся к выполняемому посредством оборудования соединению пользователя с указанной платформой, в том числе идентификации ситуации пользователя. Модули обработки каждой группы принимают данные из модулей обработки другой группы с целью завершения всего способа обработки данных соединения; модуль распределения, принимающий указанные данные соединения и передающий их в модули обработки; Модуль согласования собирает данные из модулей обработки и передающий обработанные данные соединения в указанную платформу и/или в указанное ...

СИСТЕМЫ И СПОСОБЫ АНАЛИЗА СЕТИ И ОБЕСПЕЧЕНИЯ ОТЧЕТОВ

Изобретение относится к области вычислительной техники. Техническим результатом является обеспечение более полного и точного контроля безопасности в сети. Раскрыт реализуемый компьютером способ контроля безопасности в сети, включающий этапы, на которых: собирают, посредством компьютерной системы, данные из множества источников различных типов, причем собранные данные содержат данные сети и данные ресурсов; идентифицируют, посредством компьютерной системы, на основе данных сети, событие сетевого трафика и множество сетевых ресурсов, связанных с этим событием сетевого трафика; идентифицируют, посредством компьютерной системы, на основе данных ресурсов, соединения между множеством сетевых ресурсов, при этом по меньшей мере одну из характеристики соединения между сетевыми ресурсами и характеристики сетевого ресурса идентифицируют на основе, по меньшей мере частично, атрибута, выбранного из собранных данных; в ответ на обнаружение, на основе собранных данных, изменения в атрибуте первого сетевого ...

СПОСОБ И СИСТЕМА УПРАВЛЕНИЯ ДАННЫМИ, АССОЦИИРУЮЩАЯ ПОДСИСТЕМА И МАШИНОЧИТАЕМЫЙ НОСИТЕЛЬ ДАННЫХ

Изобретение относится к области беспроводной связи. Технический результат заключается в обеспечении возможности отслеживать IP-адреса, и анализировать большие наборы данных. Технический результат достигается за счет того, что для управления данными пользователя получают информацию плоскости управления пользователя, извлеченную функциональным объектом управления сеансами. Получают информацию плоскости данных пользователя, извлеченную функциональным объектом плоскости пользователя. Осуществляют ассоциирование и слияние информации плоскости управления пользователя и информации плоскости данных пользователя для генерирования журнала регистрации абонентского трафика. 4 н. и 9 з.п. ф-лы, 8 ил.

ОПРЕДЕЛЕНИЕ ДИАГРАММЫ НАПРАВЛЕННОСТИ ИЗЛУЧЕНИЯ

Изобретение относится к технике связи и предназначено для обеспечения эффективного определения установок параметров антенны, таких как диаграммы направленности излучения. Сетевой узел выполняет способ определения диаграммы направленности излучения, заключающийся в передаче зондирующих сигналов, причем зондирующие сигналы ортогональны опорным сигналам конкретной соты (CRS), переданным сетевым узлом, приеме ответов на зондирующие сигналы от беспроводных устройств, в котором каждый ответ содержит отчет об измерении, основанный на приеме переданных зондирующих сигналов, на каждом беспроводном устройстве и определении диаграммы направленности излучения на основании принятых отчетов об измерениях. 6 н. и 23 з.п. ф-лы, 12 ил.

РАСПРОСТРАНЕНИЕ СВЕДЕНИЙ МАРШРУТИЗАЦИИ ДЛЯ АВТОНОМНЫХ СЕТЕЙ

PDCP И УПРАВЛЕНИЕ ПОТОКОМ ДЛЯ РАЗДЕЛЕННОГО ОДНОНАПРАВЛЕННОГО КАНАЛА

ОТСЛЕЖИВАНИЕ ИСПОЛЬЗОВАНИЯ ДАННЫХ В СООТВЕТСТВИИ СО СХЕМАТИЗИРОВАННЫМ ПЛАНОМ ДАННЫХ

... 1. Система, содержащая:область памяти, соответствующую мобильному вычислительному устройству, причем в этой области памяти хранится схема, представляющая план использования данных, связанный с пользователем, при этом план использования данных описывает пороговые значения, связанные с сетевыми соединениями одного или нескольких устройств пользователя; ипроцессор, запрограммированный:динамически формировать статистику использования данных для пользователя, при этом статистика использования данных представляет сетевые данные, использованные в соответствии с планом использования данных вычислительным устройством;заполнять схему, хранящуюся в области памяти устройства, динамически сформированной статистикой использования данных; иобеспечивать, по меньшей мере, часть заполненной схемы веб-сервису для распространения на другие вычислительные устройства пользователя.2. Система по п. 1, дополнительно содержащая пользовательский интерфейс, при этом процессор дополнительно запрограммирован представлять ...

Vorrichtung und Verfahren zum Sammeln und Analysieren von Kommunikationsdaten

Verfahren zum Sammeln und Analysieren erster Daten auf einer ersten Kommunikationsleitung, enthaltend folgende Verfahrensschritte: (a) die ersten Daten werden von der ersten Kommunikationsleitung empfangen; (b) die empfangenen ersten Daten werden in Pakete aufgeteilt; (c) Pakete werden basierend auf ihrem jeweiligen ersten Charakteristikum jedes Pakets ausgewählt; (d) jedem der ausgewählten Pakete wird ein entsprechender Index zugeordnet; (e) jedes der ausgewählten Pakete wird in einen entsprechenden Datensatz mit seinem entsprechenden Index umgewandelt; (f) die Datensätze werden gespeichert; (g) Speichern einer Zählung für jede einer Vielzahl von aufeinanderfolgenden Zeitperioden, jede Zählung basierend auf einem zweiten Charakteristikum der ausgewählten Pakete, die während eines korrespondierenden der Vielzahl von aufeinanderfolgenden Zeitperioden empfangen wurden.

Parallele Steuerungsvorrichtungen für den Data Link Layer mit Statistikerfassung in einer Netzwerksvermittlungseinrichtung

Media data usage measurement and reporting systems and methods

An audience measurement system for gathering data reflecting usage of media data by a user by means of a user system (104). The user system (104) preprocesses the gathered data into micro-level report objects (111).

Analysing connections in a computer network, receiving checksums of data items in computer networks and determining error correction to data

Analysing a connection between two computers, comprising generating output data indicating performance of the connection, the output data (graph) comprising a first predetermined number of data points (e.g. time period), each data point (time period) having a value selected from a predetermined second number of discrete data values (i.e. values 0-15). Each data point represents a corresponding flow value that is the amount of data passing between the two computers in each predetermined time period. A second embodiment of the invention includes transferring/receiving data from/at a computer from another computer, comprising determining/receiving a checksum of a data item, determining/receiving a plurality of secondary checksums, identifying the data item based upon the checksum and secondary checksums. A third embodiment of the invention includes receiving error correction data associated with received data, receiving secondary data with the received data, processing the data and error correction ...

Providing reports to mobile network operators based on optimisiciency of wireless network traffic and/or battery consumption reduction

Mobile network reporting and usage analytics system and method includes generating a report for a mobile network operator, which may be implemented on a system, including tracking optimisation efficiency for traffic in a wireless network, generating the report to be provided to the network operator based on the optimization efficiency and performing functions related to traffic optimisation and management in the wireless network effectuating in traffic alleviation in the wireless network measured by the optimisation frequency. The optimisation efficiency can include efficiency information associated with different mobile applications and user-related information in a wireless network. A client side proxy on the mobile device tracks optimization efficiency for traffic, and also determines battery consumption data and performs functions related to battery consumption reduction. A server side proxy determines optimization efficiency for wireless network traffic and tracks user-related information ...

Computer networks

Computer networks

Method of generating an improved traffic map and device utilizing such a method

Method and device for generating a traffic map of an area covered by a cellular network comprising a plurality of antennas Aj each managing a traffic TRj and designed to communicate with a plurality of terminals generating events U which are at least partially geolocatable, the covered area being discretized by pixels Pk each associated, using probability, with one antenna of said plurality of antennas Ai. The method comprises, for each antenna Aj, distributing a quantity of traffic TRj managed by the antenna Aj over the pixels Pk, this distribution being weighted for each pixel Pk as a function of the number and distance of the geo-locatable events relative to said pixel Pk. The geo-location of an event can be determined by measuring levels of reception power of the terminal at surrounding antennas (triangulation) or interrogation of GPS data transmitted by the terminal. A global weighting Xk is determined from animportance function f and a utility weighting Ek is determined as a function ...

Protection against malicious attacks

A method and apparatus for protecting a device against a malicious attack such as pharming. DNS traffic between browser 12 in client 1 and DNS server 82 is monitored to provide domain name to IP address pairings for destinations such as the web server 80. Non-DNS traffic, such as HTTP, targeting routable IP addresses is inspected and examined to determine whether it is related to a domain name. If so, the monitored DNS traffic is searched for a matching domain name and in that event the IP addresses relating to the domain names are also checked for a match. If the IP addresses do not match it is determined that a local configuration file 10 such as the hosts file has been used to resolve the domain name. As the integrity of the local file entry is in doubt an alert is triggered which may consist of an email message or a pop-up window etc.

Network discovery and management

WIFI GATEWAY CONTROL AND INTERFACE

A method and system for managing roaming of a mobile equipment

A method and system for managing roaming of a mobile equipment.

WIFI GATEWAY CONTROL AND INTERFACE

WIFI GATEWAY CONTROL AND INTERFACE

GEOINTELLIGENT TRAFFIC ALARM UNIT

PROCEDURE AND SYSTEM FOR MEDIUM-INDEPENDENT HANDOVER USING OAMP MINUTES

SYSTEM AND PROCEDURE FOR THE MEASUREMENT MIDDELWAREANSPRECHZEIT

ADAPTIVE ASSIGNMENT OF UNIQUE WORDS IN A COMMUNICATION SYSTEM

SAFETY CAMERA FOR A NETWORK

Method and system for reconstructing a path taken by undesirable network trafficthrough a computer network from source of the traffic

SYSTEMS AND METHODS FOR NETWORK ANALYSIS AND REPORTING

Among other things, embodiments of the present disclosure can collect and analyze asset and network data from multiple sources, and use such data to present a more complete and accurate representation of the network connections between various systems and software applications and the policies dictating the operation of security controls on a network compared to conventional systems. Fig. 23 WO 2016/036485 PCT/US2015/044865 jAssets (3) PCLAppServerAPP1-1 PCLAppServerAPP1-2 PCLAppServerAPP1-3 TrustZone PCI Appi DB Listening Services (4) incoming Flows (4) Outgoing Flows (4) RDP (TCP 3389) RDP (TCP 3389) RPC (TCP 135) RPC (TCP 135) RPC (TCP 135) DTC (TCP 1024) RPC (TCP 49152)* DTC (TCP 1024) SQL (TCP 1433) LDAP (TCP/UDP 389) SQL (TCP 1433) Kerberos (TCP/UDP 88) Vulnerabilities (21)- Scanned 06/21/14 High -3 Med- 6 Low -12 Security Controls Applied (Select to View) DattaO-ata Data Dt AFirewall HDStlPs Ate Vulneability Ntotn Fas ...

Information reporting method, terminal device, network device, and computer storage medium

Disclosed in the present invention are an information reporting method, a terminal device, a network device, and a computer storage medium, the method comprising: sending a data packet in an uplink; the data packet being a data packet successfully sent and/or to be sent in a direct data transmission performed by the terminal device.

Network operating tool

Methods and system for measuring the round trip time in packet switching telecommunication networks

Integrated customer interface for web based communications network management

Method and apparatus of detecting network activity

Systems and methods for network analysis and reporting

Among other things, embodiments of the present disclosure can collect and analyze asset and network data from multiple sources, and use such data to present a more complete and accurate representation of the network connections between various systems and software applications and the policies dictating the operation of security controls on a network compared to conventional systems.

A system and method for observing and controlling a programmable network using a remote network manager

A system and method for observing and controlling a programmable network via higher layer attributes is disclosed. According to one embodiment, the system includes one or more collectors, a network manager, and a programmable network element. The one or more collectors are configured to receive network traffic data from a plurality of network elements and extract metadata from the network traffic data. The network manager is configured to receive metadata from the one or more collectors. The network manager identifies a network control objective for the network, identifies a programmable parameter of the programmable network element to achieve the network control objective, and programs the programmable network element. The network manager further determines whether the network control objective is met after programming the programmable network element and applies a control loop based on the network control objective to program the programmable network element.

DATA TRANSFER APPLICATION MONITOR AND CONTROLLER

... ²The present invention teaches methods and systems for monitoring and ²controlling bandwidth usage between an internal local area network and an ²external network. By providing controls from inside the external network ²connectivity point, greater detail in bandwidth control is possible. This in ²turn ²leads to less restrictive bandwidth restricting algorithms. Bandwidth ²restricting algorithms include various bandwidth limiting techniques. One ²such technique uses prioritized data transfer limits applied on an ²application, ²process or network interface basis. Another technique uses a configurable ²weighting factor for real-time prioritization of data traffic. Other ²techniques ²incorporate quality of service or model predictive control based bandwidth ²limiting.² ...

MONITORING A COMMUNICATION NETWORK

Methods and systems for monitoring a communication network using machine-learning techniques are disclosed. In some implementations, a forecasted amount of traffic for a communication network is determined using one or more network traffic forecasting models being configured to generate the forecasted amount of traffic based on data indicating one or more previous amounts of traffic for the communication network. A measure of network health is generated based on a measured amount of traffic and the forecasted amount of traffic. Data indicating one or more characteristics of the communication network is processed using one or more machine learning models to generate a predicted measure of network health for a future time period. An indication of the predicted measure of network health for the future time period is provided.

PROGRESSIVE CHARTING

Embodiments of the invention include an apparatus, method, and computer program for progressive charting of network traffic flow data. The method includes, in one example, receiving, at a network traffic analyzer, a query of network traffic flow data over a certain time period. The method further includes modifying the query to produce sub-queries each based on different segments of time within the certain time period, executing at least one of the sub-queries, and incrementally outputting results of each of said executed sub-queries as each of the sub-queries are completed.

CORRELATION OF MEDIA PLANE AND SIGNALING PLANE OF MEDIA SERVICES IN A PACKET-SWITCHED NETWORK

This invention relates to methods for correlating media streams and signaling sessions of services, for example, in a passive monitoring system of a packet-switched network. Furthermore, the invention also relates to an implementation of these methods in hardware and software, and provides a signaling plane probe, a media plane probe and a correlation unit. Moreover, a passive monitoring system comprising one or more of these hardware devices is provided. To correlate media streams and signaling sessions of services, the invention proposes to independently generate correlation keys in a media plane probe for monitored media streams and correlation keys for signaling sessions that are monitored by a signaling plane probe in a fashion that matching correlation keys are generated for a respective service. By identifying reports on the media streams and reports on the signaling session that contain matching correlation keys respectively, the media streams and the signaling streams are correlated ...

METHOD AND SYSTEM FOR MONITORING NETWORK COMMUNICATIONS

A system and method for monitoring network communications are provided. The method comprises capturing one or more packets of data in a networking stack of a computing device. Then, a unique identifier is associated with the computing device that uniquely identifies the computing device. The unique identifier and a sample of the contents of each of the one or more captured packets of data are then stored. The method may further comprise generating hybrid flow data by processing the stored unique identifier and the sample of the contents of each of the one or more captured packets of data. The hybrid data flow comprises the unique identifier, the sample of the contents of each of the one or more captured packets of data, derived network flow data, and derived statistical packet data.

NETWORK LOAD BALANCING FOR MULTI-COMPUTER SERVER

A message dispatch system is provided for a multi-computer server having a number of server computers connected via respective server network links. The message dispatch system, which is connectable to an external telecommunications network, includes a message dispatcher configured to receive external client req uests for the multi-computer server from the external telecommunications network and t o dispatch the client requests to selected server computers via the server network links. The message dispatcher is configured to determine a server to which an external client request is to be dispatched in response to parameters representative of m essage traffic volume on the server network links. Load balancing is performed based on parameters representative of the server network link loading, rather than, or po ssibly in addition to measurements on processor loading. Suitable network loading parameters can be derived by monitoring packets passing from and/or to the individual server computers ...

SPOSOBY AND SYSTEMS FOR DYNAMIC ARBITRAZhASPEKTRA C DOMAShNIMIBAZOVYMISTANTsIYaMI eNodeB

Method and device for automated management of virtualization stream mirror image strategy, and medium

Bandwidth management device, the central management device and bandwidth management method

METHOD FOR CONFIGURATION MANAGEMENT OF A TELECOMMUNICATION NETWORK

L'invention concerne un procédé de configuration d'un réseau de télécommunications localisé dans une zone géographique dans laquelle se trouve au moins un terminal recevant ou transmettant du trafic, le procédé comprenant : - une acquisition d'informations relatives au trafic reçu ou émis par ledit au moins un terminal ; - une estimation, à partir des informations acquises, d'un profil de demande de trafic à venir dans la zone géographique sur une période de temps postérieure à l'acquisition ; - une détermination à partir du profil de demande de trafic estimé, d'une configuration du réseau définissant un profil d'offre le plus proche du profil de demande de trafic ; - une configuration du réseau selon la configuration ainsi déterminée.

DEVICE OF CARTOGRAPHY OF QUALITY OF SERVICE IN A FIXED COMMUNICATION NETWORK, IN PARTICULAR HAS HIGH BANC

METHODS AND SYSTEMS FOR MONITORING COMPUTER SERVERS

NETWORK PERFORMANCE LOGGING TIMING CONTROL METHOD IN A WIRELESS COMMUNICATION SYSTEM AND APAPRATUS THEREOF CAPABLE OF REDUCING BATTERY POWER CONSUMPTION IN A MOBILE APPARATUS BY USING A TIMER

PURPOSE: A network performance logging timing control method in a wireless communication system and apparatus thereof are provided to effectively collect network performance information which is necessary to maintain a network by using a mobile apparatus. CONSTITUTION: A system executes a logging period timer(708). A mobile apparatus enters into an idle mode(710). The mobile apparatus collects network performance data(712). A timing unit senses the complete of the logging period timer(714). The timing unit controls the logging of the network performance information by using the system(716). COPYRIGHT KIPO 2012 ...

SYSTEM AND METHOD FOR MEASURING MIDDLEWARE RESPONSE TIME

System and method for monitoring middleware performance is described herein. A route time for a sample message transmitted along a predetermined network route is determined and at least one queue residency time (120a, 120b, 120c) is determined. The at least one queue residency time (120a, 120b, 120c) reflects an amount of time an actual application message is stored in at least one respective local production queue (110a, 110b, 110c) located along the network route. Middleware response time is calculated according to the route time and the at least one queue residency time (120a, 120b, 120c). © KIPO & WIPO 2007 ...

method and system of delivery means using protocol independent operation, administration and maintenance

Router and information collection method thereof

The present invention provides a router. The router includes a storage device, a communication module and a controller. The storage device is arranged to store a web-page code corresponding to a graphical user interface, wherein the web-page code includes an information collection code. The communication module is arranged to be coupled to a plurality of electronic device. The controller is arranged to enable the communication module to transmit the web-page code to a first electronic device of the electronic devices when receiving a predetermined web-page request from the first electronic device, wherein the information collection code is arranged to collect a environment information of the first electronic device and feedback the environment information to the router.

NETWORK MANAGEMENT

A method of providing a software interface between application programs performing telecommunications functions and an operating system running on at least one node at a site supporting the application programs, and further forming an interface between the application programs and a telecommunications network is provided. The method includes providing a network platform manager operable to remove nodes from service, restore nodes to service, remove applications from service, and restore applications to service, providing a network system integrity manager operable to monitor the nodes and to enable failed nodes to recover, providing a configuration manager operable to interface with a host coupled to the telecom platform, providing a node platform manager operable to provide management functions for a node, providing a service manager operable to start and stop processes at the direction of the node platform manager, and providing a node system integrity manager operable to monitor inter-node ...

SYSTEM AND METHOD FOR IMPROVED WIFI/WIMAX RETAIL INSTALLATION MANAGEMENT

A system for managing wireless internet access. The system includes an interface for receiving incoming requests for wireless internet access from a plurality of subscribers. The subscribers submit requests from a wireless access provider having a plurality of geographic locations at least one request coming from one location and at least a second request coming from a different location. An authentication module authenticates account information from the subscriber. A session manager monitors each of the wireless internet access sessions of each of the subscribers. A data collection and storage module stores said session information. A mediation module supplies usage reports to the wireless access provider based on the session information from each of the subscribers at each of the plurality of locations.

INTEGRATED INTERFACE FOR WEB BASED CUSTOMER CARE AND TROUBLE MANAGEMENT

A system and method for opening and tracking trouble tickets over the public Internet. A customer service management system (40) provides information included within a customer profile record to a Web enabled infrastructure (30) which is accessible by a remote customer workstation (20) having a web browser (14) and Internet access (15). The customer profile information is used to prepopulate data fields in dialogs used to open a trouble ticket. Once a trouble ticket is opened, the customer workstation (20) tracks the existing trouble tickets through a browser based graphical user interface (240). The graphical user interface (240) provides current and historical status reports of the actions taken to resolve a network event and the service organizations responsible for resolving the network event.

METHOD AND APPARATUS FOR PERFORMING SERVICE LEVEL ANALYSIS OF COMMUNICATIONS NETWORK PERFORMANCE METRICS

A data transmission system includes probes (probe A, probe B) connected between end user sites (site A, site B) and a data switching network (12). Each probe is connected to the switching network (12) via an access channel (20, 21, 26 or 27) wherein transmission circuits establish paths between the sites through the access channel (20, 21, 26 or 27) and switching network (12). The probes capture and retransmit data traveling between the sites over respective transmission circuits, and can thereby insert service level anaylsis (SLA) messages into data traffic in order to actively communicate network performance information to other probes. For each transmission circuit, the probes periodically collect measurements related to one or more network performance metrics, including round-trip delay (RTD), data delivery ratio (DDR) and network availability. During each SLA measurement cycle, a sequence of SLA messages is exchanged over each transmission circuit, which messages contain data used ...

METHOD AND SYSTEM FOR REAL-TIME DISTRIBUTED DATA MINING AND ANALYSIS FOR NETWORKS

A data mining and analysis method and system (11, fig. 1) can be implemented in an open architecture and use a multiple-tiered design to collect and analyze data relating to network devices (21, fig. 1) in essentially real-time or near real-time. Analyzer modules (29, fig. 1) are implemented in a distributed, multi-layered manner and process log data in a distributed and hierarchical manner to reduce data transfer needed for reporting. Analyzer modules (29, fig. 1) analyze sequences of numbers and strings generated from software that understands analyzer module commands such as a parser module for such applications as collecting real-time voting information, and analyzing and aggregating real-time number sequence generated by media servers, among other applications.

Method and System for Balancing Storage Data Traffic in Converged Networks

Methods for balancing storage data traffic in a system in which at least one computing device (server) coupled to a converged network accesses at least one storage device coupled (by at least one adapter) to the network, systems configured to perform such methods, and devices configured to implement such methods or for use in such systems. Typically, the system includes servers and adapters, and server agents implemented on the servers and adapter agents implemented on the adapters are configured to detect and respond to imbalances in storage and data traffic in the network, and to redirect the storage data traffic to reduce the imbalances and, thereby to improve the overall network performance (for both data communications and storage traffic). Typically, each agent operates autonomously (except in that an adapter agent may respond to a request or notification from a server agent), and no central computer or manager directs operation of the agents. 1. A system , including:at least one server having at least one server interface, wherein the server is configured to include a server agent and to be coupled to a converged network by the server interface;at least one storage device; andat least one adapter configured to be coupled to the storage device and having at least one adapter interface, wherein the adapter is configured to couple the storage device to the network via the adapter interface, and the adapter is configured to include an adapter agent,wherein the adapter agent is coupled and configured:to monitor data traffic occurring on each said adapter interface of the adapter, and to generate a consumed bandwidth indication for each said adapter interface, where the consumed bandwidth indication for each said adapter interface is indicative of consumed bandwidth of the adapter interface;to generate an available bandwidth indication for each said adapter interface of the adapter, where the available bandwidth indication for each said adapter interface is ...

PROCESSING ANOMALY DATA TO IDENTIFY THREATS TO NETWORK SECURITY

A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected or threat, and to take action promptly.

Traffic Matrix Computation for a Backbone Network Supporting Virtual Private Networks

This invention provides a more effective method for capacity planning and traffic engineering of packet networks that connect Virtual Private Network (VPN) sites. A distributed architecture efficiently computes traffic matrixes that show the number of bytes and/or packets exchanged among provider edge (PE) routers and/or service nodes. Each PE router in a service node is exports flow records to a Flow Record Processor (FRP) in the same location. The FRPs use these records in conjunction with configuration data extracted from the PE routers to compute partial traffic matrixes. The partial traffic matrixes are uploaded to a Matrix Generator to create a total traffic matrix. The total traffic matrix is essential input for capacity planning or traffic engineering tools. 133-. (canceled)34. A method for provisioning service in a network comprising a first service node comprising:receiving a flow record, at the first service node, from a router comprising a fixed-size buffer, the flow record based on a sampling of packets at the router;automatically determining a measurement interval based on a traffic load of the first service node;generating a first partial traffic matrix based on the flow record received from the router during the measurement interval, wherein generating the first partial traffic matrix comprises: estimating a value of a particular matrix element based on stored values of previous partial traffic matrices generated during prior instances of the measurement interval, wherein the particular matrix element corresponds to a traffic load associated with the router; andtransmitting the first partial traffic matrix to a matrix generator node to be combined with a second partial traffic matrix generated by a second service node to form a total traffic matrix.35. The method as in claim 34 , wherein receiving a flow record comprises:receiving an oldest flow record from a plurality of flow records currently in the fixed-size buffer of the router.36. The method as ...

Method and system for improved monitoring, measurement and analysis of communication networks utilizing dynamically and remotely configurable probes

In a method and system, one or more communication devices within a communication network are provided with a dynamically and remotely configurable probe element, implemented at least partially in software and controllable by the network operator via one or more communication links, capable of monitoring, measuring and capturing user interaction data flowing from voice and/or data transactions occurring in the network. User interaction data reflects a user's experience on the network and thus provides valuable raw data usable by the network operator for improving network quality from the user's perspective, especially when received from a statistically significant number of network user devices. Collected user interaction data can include network engineering metric data and/or user profile data.

Method and apparatus for providing real-time communication center reporting data to third-party applications over a data network

A system for providing communication-center statistical data to a third party application over a data network includes an intermediate service point connected to the network between the communication-center environment and the third-party application; a set of application program interfaces for transforming and transmitting communication-center statistical data from the center to the intermediate service point; and a set of application program interfaces for transmitting the communication-center statistical data from the service point to the third-party application. In a preferred embodiment the third-party application accesses the intermediate service point using the network and manipulates one or more services hosted within the service point to configure to receive by subscription statistical data about specific communication-center entities described as objects including real time performance statistics of those entities.

INLINE SECRET SHARING

Embodiments are directed to monitoring communication between computers using network monitoring computers (NMCs). NMCs identify a secure communication session established between two of the computers based on an exchange of handshake information associated with the secure communication session. Key information that corresponds to the secure communication session may be obtained from a key provider such that the key information may be encrypted by the key provider. NMCs may decrypt the key information. NMCs may derive the session key based on the decrypted key information and the handshake information. NMCs may decrypt network packets included in the secure communication session. NMCs may be employed to inspect the one or more decrypted network packets to execute one or more rule-based policies.

AUTOMATED PREEMPTIVE POLYMORPHIC DECEPTION

Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). Anomalous events may be classified based on the monitored network traffic and attack models such that the classification determines that targets of the anomalous events may be currently subject to attacks by entities communicating on the networks. A honeypot trap may be provided in the networks based on the classified events such that the honeypot trap mimics characteristics of the targets. The portions of the network traffic associated with the honeypot trap may be monitored. Characteristics of the attacks may be determined based on the monitored portions of network traffic. Reports that include information based on the characteristics of the attacks may be generated.

SYSTEMS AND METHODS FOR AUTO DISCOVERY OF FILTERS AND PROCESSING ELECTRONIC ACTIVITIES USING THE SAME

The present disclosure relates to systems and methods for filtering electronic activities. Exemplary implementations may include ingesting a first electronic activity; identifying an associated entity; and selecting a first filtering model based on the entity, the first filtering model trained to indicate whether to restrict further processing of ingested electronic activities. The method may further include generating a plurality of structured data tags for the first electronic activity; applying the selected first filtering model to the plurality of structured data tags for the first electronic activity to determine whether the first electronic activity satisfies a first restriction condition; and responsive to the first electronic activity satisfying the first restriction condition, restricting the first electronic activity from further processing; or responsive to the first electronic activity not satisfying the first restriction condition, further processing, by the one or more processors ...

Detecting attacks using passive network monitoring

Embodiments are directed to detecting one or more attacks in a network. One or more network flows may be monitored using one or more network monitoring computers (NMCs). If one or more file write operations are detected based on information included in one or more packets of the one or more network flows, one or more detection rules may be executed to analyze one or more portions of the one or more packets to identify file information that is associated with the one or more file write operations. One or more metrics may be provided based on the one or more detection rules and one or more of the file information, the one or more file write operations, or the like. If one or more metrics exceed one or more threshold values, one or more reports of one or more attacks may be provided.

System and method of determining malicious processes

Systems, methods, and computer-readable media for managing compromised sensors in multi-tiered virtualized environments. A method includes determining a lineage for a process within the network and then evaluating, through knowledge of the lineage, the source of the command that initiated the process. The method includes capturing data from a plurality of capture agents at different layers of a network, each capture agent of the plurality of capture agents configured to observe network activity at a particular location in the network, developing, based on the data, a lineage for a process associated with the network activity and, based on the lineage, identifying an anomaly within the network.

AUTOMATIC TARGET SELECTION

A method of identifying targets for monitoring includes: obtaining a user-defined filter map, the user-defined filter map having one or more filter rules for matching against network traffic when the user-defined filter map is used by a network system to process the network traffic. and determining a set of one or more targets by a processing unit based at least in part on the user-defined filter map, wherein the processing unit comprises a target selection module configured to access a list of available targets from a database, and select the one or more targets from the list of available targets based at least in part on the user-defined filter map.

Reporting Technique for a Telecommunications Network

A technique for configuring the reporting of network elements to a management node in a telecommunications network is described. As to a method aspect of the technique, at least one of the network elements receives a configuration message. The configuration message is indicative of a reporting mode that is based on a probability function. The management data is reported to the management node depending on a condition that includes the probability function.

Extensible Analytics and Recommendation Engine for Network Traffic Data

A method and system for using plug-in analysis modules to analyze network traffic data is disclosed. The network has computing devices coupled to a network traffic appliance that routes data to and from the computing devices. A plug-in network analysis module is installed on a network traffic recommendation engine. The network analysis module is run to obtain selected network traffic data on the network. The selected network traffic data is analyzed via the network analysis module. A recommendation is output based on the selected network traffic data. A policy is adjusted based on the recommendation to improve the efficiency of the network traffic to the computing devices.

Distributing decision making in a centralized flow routing system

Local rules for managing flows devolved from a central controller are received at a switch. The central controller determines a global set of rules for managing flows. The switch receives a packet from a flow from a network and determines whether a metric for the flow satisfies a dynamic condition to trigger a metric report to the central controller. In response to a determination that the metric for the flow at the switch satisfies the dynamic condition to trigger a metric report to the central controller, the switch sends a metric report to the central controller, and the switch then receives an instruction to manage the flow from the central controller. In response to a determination that the metric for the flow at the switch does not satisfy the dynamic condition to trigger the metric report to the central controller, the switch manages the flow using the local rules for managing flows.

Detecting malicious network addresses within a local network

The behavior analysis engine can also detect malicious network addresses that are sent to networked devices in the local network. The network traffic hub identifies network communications that are transmitted through the local network that contain network addresses. The network traffic hub transmits (or sends) the network address to the behavior analysis engine and the behavior analysis engine extracts network address features from the network address. The behavior analysis engine then applies an execution model to the execution features to determine a confidence score for the network address that represents the execution model's certainty that the network address is malicious. The behavior analysis engine uses the confidence score to provide instructions to the network traffic hub as to whether to allow the networked device to receive the network address.

Policy utilization analysis

An example method according to some embodiments includes receiving flow data for a packet traversing a network. The method continues by determining a source endpoint group and a destination endpoint group for the packet. The method continues by determining that a policy was utilized, the policy being applicable to the endpoint group. Finally, the method includes updating utilization data for the policy based on the flow data.

SYSTEM AND METHOD FOR CONTINUOUS IN-LINE MONITORING OF DATA-CENTER TRAFFIC

Disclosed is a method for continuous in-line monitoring of data-centric traffic to guarantee application performance. The method includes, in each switch of a plurality of switches in a network fabric, grouping all packets entering each respective switch of the plurality of switches based on either 5-tuple applications or EPG based applications, collecting performance statistics at every hop in the network fabric across all flows in-line in a flow table maintained in each respective switch and periodically exporting the performance statistics to analysis module.

MIGRATION OF TRAFFIC FLOWS

There is set forth herein obtaining data traffic monitoring data, the data traffic monitoring data being in dependence on monitoring of traffic received by a container of a protected computing environment; obtaining data traffic monitoring data, the data traffic monitoring data being in dependence on monitoring of traffic received by a processing resource of a computing environment; obtaining a state of the processing resource and provisioning a utility processing resource to include the state of the processing resource; and configuring the computing environment to route data traffic to the utility processing resource.

SYSTEMS AND METHODS FOR AUTO DISCOVERY OF FILTERS AND PROCESSING ELECTRONIC ACTIVITIES USING THE SAME

The present disclosure relates to systems and methods for filtering electronic activities. Exemplary implementations may include ingesting a first electronic activity; identifying an associated entity; and selecting a first filtering model based on the entity, the first filtering model trained to indicate whether to restrict further processing of ingested electronic activities. The method may further include generating a plurality of structured data tags for the first electronic activity; applying the selected first filtering model to the plurality of structured data tags for the first electronic activity to determine whether the first electronic activity satisfies a first restriction condition; and responsive to the first electronic activity satisfying the first restriction condition, restricting the first electronic activity from further processing; or responsive to the first electronic activity not satisfying the first restriction condition, further processing, by the one or more processors ...

APPLICATION CENTRIC NETWORK EXPERIENCE MONITORING

A system determines the performance of a network within the context of an application using that network. Network data is collected and correlated with an application that uses the network as well as a distributed transaction implemented by the application. The collected network data is culled, and the remaining data is rolled up into one or more metrics. The metrics, selected network data, and other data are reported in the context of the application that implements part of the distributed transaction. In this manner, specific network performance and architecture data is reported along with application context information.

Telemetry Event Aggregation

In one embodiment a network device includes multiple interfaces including at least one egress interface, which is configured to transmit packets belonging to multiple flows to a packet data network, control circuitry configured to generate event-reporting data-items, each including flow and event-type information about a packet-related event occurring in the network device, a memory, and aggregation circuitry configured to aggregate data of at least some of the event-reporting data-items into aggregated-event-reporting data-items aggregated according to the flow and event-type information of the at least some event-reporting data-items, store the aggregated-event-reporting data-items in the memory, and forward one aggregated-event-reporting data-item of the aggregated-event-reporting data-items to a collector node, and purge the one aggregated-event-reporting dam-item from the memory.

PROVIDING PROCESS DATA TO A DATA RECORDER

A kernel driver on an endpoint uses a process cache to provide a stream of events associated with processes on the endpoint to a data recorder. The process cache can usefully provide related information about processes such as a name, type or path for the process to the data recorder through the kernel driver. Where a tamper protection cache or similarly secured repository is available, this secure information may also be provided to the data recorder for use in threat detection, forensic analysis and so forth.

SYSTEMS AND METHODS FOR MANAGING CLIENT REQUESTS TO ACCESS SERVICES PROVIDED BY A DATA CENTER

Described embodiments provide systems and methods for managing client requests to access services provided by a data center. A method can include identifying, by a first device, metrics of client requests to a service communicated from a plurality of clients via one or more Internet service providers (ISPs) to a data center including a plurality of servers providing the service. The method can include identifying metrics of application programming interface (API) requests communicated between a plurality of microservices of the service responsive to the client requests being forwarded to the plurality of servers. The method can include identifying metrics of responses to the client requests. The method can include displaying a service graph generated to identify, via the metrics, an issue with at least one of the one or more ISPs, the plurality of microservices, or one or more WAN links.

APPARATUS AND METHOD FOR SELECTING A BANDWIDTH PREDICTION SOURCE

Aspects of the subject disclosure may include, for example, obtaining, from a first source of information, a first bandwidth prediction, wherein the first bandwidth prediction is based upon historical bandwidth data that had been provided by a plurality of devices; obtaining, from a second source of information, a second bandwidth prediction, wherein the second bandwidth prediction is based upon network measurements, and wherein the network measurements are other than the historical bandwidth data that had been provided by the plurality of devices; selecting as a source of a future bandwidth prediction one of the first source of information and the second source of information, wherein the selecting is based upon a comparison of each of the first bandwidth prediction and the second bandwidth prediction to an actually obtained bandwidth of the device. Other embodiments are disclosed.

TRANSPORTING DATA OUT OF ISOLATED NETWORK ENVIRONMENTS

The described technology is generally directed towards transporting data out of isolated network environments. According to an embodiment, a system can comprise a processor, and a memory that stores executable instructions that, when executed by the processor, facilitate performance of operations, that include receiving a request string comprising request data related to a request from a first application of a device. The operations further include intercepting a processing of the request string, and based on the intercepting, extracting usage data of a second application of the device encoded in the request string, wherein the usage data is unrelated to the request.

Periodicity detection

Improved techniques involve testing periodicity at a given period based on locations of clicks within a sampling window whose duration is a multiple of the given period. Along these lines, when a testing server receives a click stream from a client machine, the testing server assigns a timestamp to each of the clicks in the click stream. The testing server generates a list of candidate periods at which periodicity of the click stream is to be tested. For each of the candidate periods, the testing server forms a sampling window whose duration is a multiple of that candidate period and tests whether the click stream is periodic based on the locations of the clicks within the sampling window. If indeed the testing server finds that the click stream is periodic at any of the candidate periods, the testing server may send an alert to a security entity to indicate that suspect activity has been identified.

SYSTEMS AND METHODS FOR GENERATING A FILTERED DATA SET

The present disclosure relates to generating a filtered data set. Data from a plurality of systems of record of a plurality of data source providers may be accessed. A master data set generated using the data accessed from the plurality of systems of record may be maintained. Restriction policies including one or more rules for restricting sharing of data may be maintained. A filtered data set may be generated for a data source provider responsive to an application of restriction policies of other data source providers to the master data set. The filtered data set may be provisioned.

Methods and apparatus to determine sources of media presentations

Example apparatus disclosed herein are to obtain, from a network monitor, an address associated with one or more network communications used to convey a media stream to a first input device of a plurality of input devices in communication with a media device, query one or more data structures based on the address to identify a first input source of the media device, the one or more data structures to map respective ones of the plurality of input devices to corresponding ones of a plurality of input sources of the media device, the plurality of input sources including the first input source, obtain a watermark from a meter that is to monitor an output of the media device, and identify the first input source of the media device as associated with media presented by the media device in response to determination that the watermark corresponds to the media stream.

Method and system for user plane traffic characteristics and network security

A method at a network element for monitoring user plane traffic for a user equipment, the method including configuring a set of characteristics and a range of values for each of the set of characteristics for user plane traffic between the user equipment and the network element; monitoring user plane traffic for the user equipment at the network element, the monitoring determining whether at least one characteristic of the user plane traffic falls outside of the configured range of a values, resulting in a characteristic violation; and if the at least one characteristic of the user plane traffic falls outside the configured range of a values, performing an action resulting from the characteristic violation.

Correlation of virtual network traffic across bare metal servers

This disclosure describes techniques that include collecting flow data associated with communications between network devices, and determining, based on the flow data, one or more virtual networks over which the communications are taking place. In one example, this disclosure describes a system configured to perform operations comprising: storing virtual network configuration information associated with a first virtual network and a second virtual network established within a network; collecting underlay flow data associated with communications between a first server and a second server, wherein each of the first server and the second server are implemented as bare metal servers; determining, based on the underlay flow data and the stored virtual network configuration information, that the first server and the second server have communicated over the first virtual network; and generating a user interface.

Prioritizing an issue reported by a user of a wireless telecommunication network

The disclosed system and method obtain a report of an issue reported by a user of the wireless telecommunication network, and historical information associated with the user and the wireless telecommunication network. The historical information includes multiple issues reported by users similar to the user, and multiple user statuses associated with the users similar to the user. The user status among the multiple user statuses includes active and inactive, indicating whether the user is an active member of the telecommunication network or has left the network. The system provides the historical information to an AI model, and obtains from the AI model a priority associated with the issue experienced by the user. The system causes a resolution of the issue based on the priority.

SYSTEM AND METHOD FOR SECURING NETWORKS BASED ON CATEGORICAL FEATURE DISSIMILARITIES

A system and method for detecting deviations from baseline behavior patterns for categorical features. A method includes determining a first discrete probability distribution for a categorical variable based on a first set of network activity data; determining a second discrete probability distribution for a unique observation based on a second set of network activity data; comparing the second discrete probability distribution to the first discrete probability distribution by applying a distance function to the first and second discrete probability distributions, wherein an output of the distance function is a scalar value representing a difference between the first and second discrete probability distributions; determining whether the scalar value is above a threshold; detecting an anomaly with respect to the categorical variable when the scalar value is above the threshold; and determining that a behavior with respect to the categorical variable is normal when the scalar value is not ...

Network monitoring device and connection counting method

A state detection circuit compares a target connection with an immediate previous connection based on an identifier of an incoming packet and detects a post-transitional state of the target connection based on a control flag of the incoming packet and on a pre-transitional state of the target connection detected just before if the target connection is identical with the immediate previous connection; and a connection counting circuit increments or decrements the number of target connections only when the detected post-transitional state indicates a start or end of the target connection.

Securely managing network connections

The disclosure relates generally to methods, systems, and apparatuses for managing network connections. An example method includes receiving one or more messages from a plurality of computing devices connected through a network, the one or more messages indicating actual connections among the plurality of computing devices. The example method further includes comparing, by one or more processors, the actual connections to a list of expected connections indicated by a connections master file that comprises connection information for the plurality of computing devices. The method further includes, responsive to detecting one or more differences between the list of expected connections and the actual connections, providing a notification indicating the one or more differences to a log file or a notification area of a user interface.

Detecting anomalies in a distributed application

Anomalies are detected in a distributed application that runs on a plurality of nodes to execute at least first and second workloads. The method of detecting anomalies includes collecting first network traffic data of the first workload and second network traffic data of the second workload during a first period of execution of the first and second workloads, collecting third network traffic data of the first workload and fourth network traffic data of the second workload during a second period of execution of the first and second workloads, and detecting an anomaly in the distributed application based on a comparison of the third network traffic data against the first network traffic data or a comparison of the fourth network traffic data against the second network traffic data. Anomalies may also be detected by comparing network traffic data of two groups of containers executing the same workload.

RECONSTRUCTING NETWORK ACTIVITY FROM SAMPLED NETWORK DATA USING ARCHETYPAL ANALYSIS

Methods, systems, apparatuses, and computer program products are provided for reconstructing network activity. A network activity monitor is configured to monitor network activity for various network entities. Based on the monitoring, a set of features may be obtained for each network entity. A determination may be made for a number of vertices suitable for describing the sets of features in a multidimensional space. In some implementations, the vertices may define a convex hull in the multidimensional space. Each of the vertices may be assigned a different usage pattern that represents a certain type of network usage types. Reconstructed network activity for a particular network entity may be represented as a weighted combination of the usage patterns. Based on the reconstruction, a network anomaly may be detected, a network may be modified, and/or an alert may be generated.

Method, device and system for monitoring network performance

A method for monitoring network performance includes: sending correspondences between a remote network element and a plurality of IP addresses thereof from a network management device to a local network element; according to the correspondences, calculating performance parameters between the local IP address and the plurality of remote IP addresses respectively, by the local network element; making a statistics of the calculated performance parameters by the local network element. A network element for monitoring network performance, connected with a network management device and a remote network element, includes: a receiving unit, a performance parameter processing unit, a performance parameter statistics unit, and the transmitting unit. A network system for monitoring network performance is further provided. According to embodiments of this invention, the efficient measurement of network performance including IP QoS between each two MGWs of an IP network, RTP stream bandwidths, and the ...

PDCP И УПРАВЛЕНИЕ ПОТОКОМ ДЛЯ РАЗДЕЛЕННОГО ОДНОНАПРАВЛЕННОГО КАНАЛА

Изобретение относится к области связи. Технический результат – создание механизма обратной связи, который помогает сбалансировать поток данных между главной и второй точками сети и гарантирует, что для разделенных однонаправленных каналов главная точка сети не задействует более, чем половину пространства порядковых номеров блоков пакетных данных (PDU) протокола конвергенции пакетных данных (PDCP). Для этого способ содержит отправку одного или более блоков PDCP второму узлу сети на межузловом интерфейсе, причем каждый из одного или более PDU имеет ассоциированный порядковый номер PDCP и ассоциированный порядковый номер, характерный для межузлового интерфейса, причем порядковые номера, характерные для межузловых интерфейсов, присвоенны узлом сети. Способ дополнительно содержит прием обратной связи от второго узла сети. 4 н. и 28 з.п. ф-лы, 9 ил.

СИСТЕМА ДЛЯ ПОДГОТОВКИ СЕТЕВОГО ТРАФИКА ДЛЯ БЫСТРОГО АНАЛИЗА

Изобретение относится к системе и способу для подготовки сетевого трафика для анализа. Технический результат заключается в обеспечении возможности эффективного и быстрого разбиения сетевых потоков на полезную информацию и её анализа. Указанный результат достигается путем разбиения сетевого потока на множество стандартных элементов сетевого потока, которые затем тегируются. Тегированные элементы содержат составные тегированные элементы, при необходимости могут содержать любой тип элемента в соответствии с любым типом стандарта сетевого потока, в том числе, но без ограничения, стандарта IPFIX или Netflow, или могут быть необязательно выведены из таких элементов. 2 н. и 21 з.п. ф-лы, 7 ил., 1 табл.

ОТСЛЕЖИВАНИЕ ИСПОЛЬЗОВАНИЯ ДАННЫХ В СООТВЕТСТВИИ СО СХЕМАТИЗИРОВАННЫМ ПЛАНОМ ДАННЫХ

Изобретение относится к технологиям сетевой связи. Технический результат заключается в повышении безопасности передачи данных в сети. Компьютерная система содержит: область памяти, соответствующую мобильному вычислительному устройству, причем в этой области памяти хранится схема, представляющая план использования данных, связанный с пользователем, при этом план использования данных описывает пороговые значения, связанные с сетевыми соединениями одного или нескольких устройств пользователя; и процессор, запрограммированный: динамически формировать статистику использования данных для пользователя, при этом статистика использования данных представляет сетевые данные, использованные в соответствии с планом использования данных вычислительным устройством; заполнять схему, хранящуюся в области памяти устройства, динамически сформированной статистикой использования данных; и обеспечивать, по меньшей мере, часть заполненной схемы веб-сервису для распространения на другие вычислительные устройства ...

Dynamic mobile application quality-of-service monitor

Technologies are generally described for determining a quality-of-service of mobile applications. In some examples, a process for determining a quality-of-service of a mobile application executing on a mobile device coupled to a network includes collecting, by a mobile monitoring application (MMA), network usage measurements associated with multiple network communication sessions from a first network communication layer, wherein the multiple network communication sessions are conducted via the network and are associated with the mobile device. The process may also include evaluating, by the MMA, the collected network usage measurements to determine application-specific usage data associated with the mobile application, and determining, by the MMA, the quality-of-service of the mobile application based on the application-specific usage data.

Apparatus and method for collecting and analyzing communications data

A method of monitoring data on a first communication line. Data is received from the first communication line ( 402 ) and a plurality of packets ( 406 ) are extracted ( 416 ) from the data. Statistics are then recursively generated ( 408 ), the statistics corresponding to the plurality of packets.

Method, apparatus, and system for determining and maintaining quality of service parameters on a multi-hop network

Disclosure of the present embodiments relate to a method, an apparatus, and a system for determining and maintaining quality of service parameters on a multi-hop network. The method for determining QoS parameters on a multi-hop network includes: in a data transmission process in a transmission path from a user equipment to an evolved NodeB, acquiring statistics of QoS parameters of a relay link in the transmission path; and determining, according to the statistics of the QoS parameters of the relay link and in combination with QoS parameters that need to be maintained in the transmission path and radio interface topology information in the transmission path, QoS parameters that need to be acquired by an access link and the relay link in the transmission path.

Endpoint-to-endpoint communications status monitoring

Communication ability between nodes in a cluster-based computer system is tracked to inform applications executing on the nodes of the existence and quality of the endpoint-to-endpoint communications available between the nodes. Communications between a node and other nodes are tracked, and a database records the communication ability between the node and the other nodes for each link between the nodes. The tracking and recording are repeated at the other nodes. A registration by an application executing at a particular one of the nodes to receive notifications of changes in the communication ability with another node over a particular link (or in general) will cause notification of the application when the link status changes.

Mobile communication system, constituent apparatuses thereof, traffic leveling method and program

A mobile communication system includes a traffic monitoring apparatus arranged between predetermined nodes in a mobile network for monitoring a traffic amount between the nodes; and a traffic control apparatus that outputs control information to the predetermined nodes based on a report from the traffic monitoring apparatus wherein the control information instructs the predetermined nodes to level the traffic amount.

Intrusion detection in communication networks

An intrusion detection arrangement ( 101 ) for communication networks comprising a network activity observer ( 102 ) configured to monitor network traffic by the related traffic elements, such as data packets, thereof and to establish traffic profiles relative to the monitored traffic elements, such as one profile per each monitored traffic element, a misuse detector ( 104 ) configured to determine a first indication of a probability of the profiled traffic representing malicious activity through co-operation with a model repository ( 106 ) comprising at least one model characterizing a known intrusion attack, an anomaly detector ( 108 ) configured to determine, at least logically in parallel with the misuse detector, a second indication of a probability of the profiled traffic representing anomalous activity through cooperation with a model repository ( 110 ) comprising at least one model characterizing legitimate network activity, and a classifier ( 112 ) configured to operate on said first and second indications to generate a classification decision on the nature of the profiled traffic, wherein the applied classification space includes at least one class for legitimate traffic and at least one other class for other traffic such as malicious and/or anomalous traffic. A corresponding method is presented.

System and method for monitoring and altering performance of a packet network

The disclosed embodiments include a system and method for monitoring performance of a packet network. In one embodiment, a method includes determining network performance information of a packet network by monitoring performance information packets that are communicated along network paths of the packet network. The method also includes appending the network performance information gathered at a network node along the network paths to data stored in the performance information packets. The method stores the network performance information collected by monitoring the performance information packets in memory and analyzes the stored network performance information to generate historical network performance information. The method automatically alters network operation in response to current network performance information indicating that the packet network is not operating properly based on the historical network performance information.

SYSTEM AND METHOD FOR GENERATING A REPORT TO A NETWORK OPERATOR BY DISTRIBUTING AGGREGATION OF DATA

System and method for generating a report to a network operator by distributed aggregation of data are disclosed. One embodiment includes determining, by a server-side proxy, optimization efficiency for wireless network traffic; tracking, by the server-side proxy, user-related information in the wireless network; based on the optimization efficiency and/or the user-related information, generating the report to be delivered to the network operator or queried by the network operator. In one embodiment, the server-side proxy performs functions related to traffic optimization and management in the wireless network effectuating in traffic alleviation in the wireless network measured by the optimization efficiency. 1. A method of generating a report to a network operator by distributed aggregation of data , the method , comprising:determining, by a server-side proxy, optimization efficiency for wireless network traffic;tracking, by the server-side proxy, user-related information in the wireless network;based on the optimization efficiency and/or the user-related information, generating the report to be delivered to the network operator or queried by the network operator;wherein, the server-side proxy performs functions related to traffic optimization and management in the wireless network effectuating in traffic alleviation in the wireless network measured by the optimization efficiency.2. The method of claim 1 , wherein claim 1 , the optimization efficiency is determined from one or more of claim 1 , data traffic claim 1 , signaling traffic claim 1 , time connected for connections claim 1 , and battery consumption on mobile devices in the wireless network.3. The method of claim 1 , wherein claim 1 , the optimization efficiency includes information specific to different mobile applications on the mobile device.4. The method of claim 1 , wherein claim 1 , the report depicts the optimization efficiency for data by including a comparison of data traffic and saved data ...

System and method for traffic analysis

A system for traffic analysis which includes an analyzer ( 100 ), a content source ( 200 ) and a user terminal ( 300 ) and an authentication mechanism that allows or rejects the connection of the analyzer in a traffic flow between the content source and the user terminal. The analyzer ( 100 ) includes a storage device ( 110 ) for storing at least parts of the traffic and a questionnaire generator that uses the recorded traffic data to generate a questionnaire ( 120 ) with questions only regarding services and/or content accessed by the user terminal ( 300 ). The Response ( 130 ) may include parameter values that are filled in by a user and/or parameter values that are filled in by the user terminal ( 300 ). Traffic data and response ( 130 ) from multiple user terminals ( 300 ) can be stored for later analysis. Procedures and preferred aspects of the invention are also described.

Method and Device for Measuring System Performance in Real Time

Disclosed are method and device for measuring system performance in real time. The method includes: the foreground receives a real-time measurement task comprising a measurement period parameter constructed by the background according to the concerned service data, with the quantity of the service data being lower than a preset value; the foreground extracts the current data corresponding to the real-time measurement task from a performance measurement cache area according to the measurement period parameter; the foreground acquires the real-time measurement data corresponding to the real-time measurement task according to the current data; and the foreground reports the real-time measurement data to the background. In the present invention, the background sends the concerned service data to the foreground by way of a real-time measurement task, and the foreground merely reports few service data.

Traffic shaping based on request resource usage

A current request for a server to perform work for a user profile can be received and processed at the server. It can be determined whether server usage by the profile exhibits a sufficient trend toward a threshold value to warrant performing traffic shaping for the user profile. If so, then a delay time can be calculated based on, or as a function of, server resources used in processing the current request, and a response to the current request can be delayed by the delay time.

Performance interference model for managing consolidated workloads in qos-aware clouds

The workload profiler and performance interference (WPPI) system uses a test suite of recognized workloads, a resource estimation profiler and influence matrix to characterize un-profiled workloads, and affiliation rules to identify optimal and sub-optimal workload assignments to achieve consumer Quality of Service (QoS) guarantees and/or provider revenue goals. The WPPI system uses a performance interference model to forecast the performance impact to workloads of various consolidation schemes usable to achieve cloud provider and/or cloud consumer goals, and uses the test suite of recognized workloads, the resource estimation profiler and influence matrix, affiliation rules, and performance interference model to perform off-line modeling to determine the initial assignment selections and consolidation strategy to use to deploy the workloads. The WPPI system uses an online consolidation algorithm, the offline models, and online monitoring to determine virtual machine to physical host assignments responsive to real-time conditions to meet cloud provider and/or cloud consumer goals.

Tracking data usage under a schematized data plan

Embodiments provide a schema for representing data usage plans and data usage statistics. The data usage plan describes threshold values associated with network connections of computing devices of the user. A web service dynamically generates data usage statistics for the computing devices to represent data consumed by the computing devices under the data usage plan. The schema is updated with the data usage statistics and distributed to the computing devices for presentation to the user.

Transparent Network Traffic Inspection

Methods and systems are disclosed for providing parties with levels of transparency into filtering functionality of network traffic inspection implementations. Embodiments include receiving a filter change request from a subscriber over a network that defines a modification to a set of filter criteria for filtering network traffic, the filter criteria being stored in association with the subscriber in a filter criteria data store; updating the set of filter criteria in the filter criteria data store as a function of the filter change request; receiving a content dataset relating to the network traffic; identifying the content dataset as being associated with the subscriber; retrieving the set of filter criteria associated with the subscriber from the data store; and filtering the network traffic as a function of the set of filter criteria. Embodiments further provide layers of access for different entities to the filtered traffic. 1. A network monitoring method , comprising:filtering network traffic as a function of a set of filter criteria stored in a filter criteria data store;receiving, with a computer and from an inspection data requester and over a communication network, an inspection data request for requested inspection data stored in an inspection data store associated with at least one subscriber, the inspection data store being accessible via the communication network;determining with the computer, whether the inspection data requester is authorized to access the requested inspection data; andwhen the inspection data requester is authorized to access the requested inspection data, providing, by the computer, the inspection data requester with access to the requested inspection data over the communication network.2. The method of claim 1 , further comprising:receiving authentication data over the communication network,wherein determining whether the inspection data requester is authorized to access the requested inspection data comprises determining, as a ...

TRAFFIC VISIBILITY IN AN OPEN NETWORKING ENVIRONMENT

A method of monitoring network traffic includes accessing a network that includes a controller and a switch device having a flow table, wherein the controller is communicatively coupled to the switch device, and is configured to program a behavior of the switch device through an openflow protocol, and obtaining information regarding the programmed behavior of the switch device, wherein the act of obtaining the information is performed by a network appliance that is communicatively coupled to the network. An apparatus communicatively coupled to a network, includes a processor configured for accessing the network that includes a controller and a switch device having a flow table, wherein the controller is communicatively coupled to the switch device, and is configured to program a behavior of the switch device through an openflow protocol, and obtaining information regarding the programmed behavior of the switch device. 1. A method of monitoring network traffic , comprising:accessing a network that includes a controller and a switch device having a flow table, wherein the controller is communicatively coupled to the switch device, and is configured to program a behavior of the switch device through an openflow protocol; andobtaining information regarding the programmed behavior of the switch device;wherein the act of obtaining the information is performed by a network appliance that is communicatively coupled to the network.2. The method of claim 1 , wherein the act of accessing the network comprises accessing the switch device by the network appliance.3. The method of claim 2 , wherein the act of obtaining the information comprises:transmitting a query from the network appliance to the switch device; andreceiving the information from the switch device.4. The method of claim 3 , wherein the obtained information comprises data in the flow table in the switch device.5. The method of claim 3 , wherein the query is implemented through a SNMP MIB.6. The method of claim 3 , ...

SYSTEM AND METHOD FOR ASSESSING, MANAGING AND RECOVERING FROM EMERGENCIES

A machine-implemented method for enhancing disaster preparedness transforms user-entered data to generate a report which includes a disaster score and suggestions for improving disaster preparedness. The user enters data which is uploaded via the internet to a computer, and then transformed by the computer using a database architecture comprising an application layer configured for interfacing with a user and for allowing the user to input disaster preparedness data; a business logic layer configured for transforming the disaster preparedness data into a preparedness assessment; and a data access layer configured for allowing access to the user-entered and system data. 1. A system for managing emergency incidents , comprising:a user interface having a data entry capability wherein a user enters data in response to a survey; andan internet-based processor configured for receiving data entered by the user and for transforming the data to generate an emergency preparedness report.2. The system of claim 1 , further comprising means for uploading to the processor a plurality of administrator-created disaster scenario surveys.3. The system of claim 2 , wherein the disaster scenario surveys are created based on historical factors.4. The system of claim 2 , wherein the processor is configured to refine the plurality of disaster scenario surveys based on the user entered data.5. The system of claim 2 , wherein the means for uploading the plurality of surveys includes an interne platform.6. The system of claim 1 , wherein the transformation of data is performed by a pre-programmed algorithm executed by the processor.7. The system of claim 1 , wherein the emergency preparedness report comprises information in addition to the user-entered data.8. A data-based architecture for a system for managing emergency incidents claim 1 , comprising:an application layer configured for interfacing with a user and for allowing for the user to input disaster preparedness data;a business logic ...

MISDIRECTED PACKET STATISTICS COLLECTION AND ANALYSIS

There are disclosed methods and apparatus for testing a network. One or more source port units may transmit packets, each packet including a packet group identifier (PGID) that identifies one or more of a plurality of destination port units as expected destinations of the packet. The plurality of destination port units may receive the packets from the network. Each destination port unit may extract the PGID from each received packet, accumulate receive statistics for at least a range of PGID values, and store accumulate receive statistics in a receive statistics memory. Misdirected packet statistics may be reported by retrieving, from the receive statistics memory of at least one destination port unit, receive statistics for at least some PGIDs for which the respective destination port unit is not an expected destination, and aggregating the retrieved receive statistics to generate the misdirected packet statistics. 1. A method of testing a network , comprising:one or more source port units transmitting packets, each packet including a packet group identifier (PGID), the PGID included in each packet identifying one or more of a plurality of destination port units as expected destinations of the packet;the plurality of destination port units receiving the packets from the network, each destination port unit extracting the PGID from each received packet, accumulating receive statistics for at least a range of PGID values, and storing accumulate receive statistics in a receive statistics memory; and retrieving, from the receive statistics memory of at least one destination port unit, receive statistics for at least some PGIDs for which the respective destination port unit is not an expected destination, and', 'aggregating the retrieved receive statistics to generate the misdirected packet statistics., 'reporting misdirected packet statistics by'}2. The method of claim 1 , wherein retrieving receive statistics further comprises:retrieving, at each of the at least one ...

Methods and apparatus to distinguish between parent and child webpage accesses and/or browser tabs in focus

Methods and apparatus to distinguish between parent and child webpage accesses and/or browser tabs in focus are disclosed. An example implementation includes identifying an HTTP request; retrieving Page Info data from a browser; electronically detecting if the Page Info data and the HTTP request identify a same Internet resource; electronically classifying the HTTP request as a parent call when the Page Info data and the HTTP request identify the same Internet resource; and electronically classifying the HTTP request as a child call when the Page Info data and the HTTP request identify different Internet resources.

MANAGEABILITY TOOLS FOR LOSSLESS NETWORKS

Manageability tools are provided for allowing an administrator to have better control over switches in a lossless network of switches. These tools provide the ability to detect slow drain and congestion bottlenecks, detect stuck virtual channels and loss of credits, configure hold times on edge switches to be different from hold times on core switches, and mitigate severe latency bottlenecks. 1. A network switch comprising:a first port adapted to transmit data;a processor; and determine a polling interval is affected by a slow drain bottleneck if there are frames waiting for transmission on the first port and zero transmission credits available to the first port; and', 'determine whether a predetermined threshold number of polling intervals are affected by a slow drain bottleneck in a predetermined, 'a memory coupled to the processor, on which are stored instructions, comprising instructions that when executed cause the processor to2. The network switch of claim 1 , further comprising:a first counter of frames waiting for transmission on the first port; anda second counter of transmission credits available to the first port, and poll the first counter and the second counter during the polling interval; and', 'determine the polling interval is affected by a slow drain bottleneck responsive to a positive value of the first counter and a zero value of the second counter., 'wherein instructions that when executed cause the processor to determine a polling interval is affected by a slow drain bottleneck if there are frames waiting for transmission on the first port and zero transmission credits available to the first port comprise instructions that when executed cause the processor to'}3. The network switch of claim 2 , 'poll the first counter and the second counter a plurality of times during the polling interval, and', 'wherein the instructions that when executed cause the processor to poll the first counter and the second counter during the polling interval comprise ...

METHOD AND SYSTEM FOR MANAGING A DISTRIBUTED NETWORK OF NETWORK MONITORING DEVICES

Network traffic information for nodes of a first logical hierarchy is stored at a monitoring device according to ranks of the nodes within the logical hierarchy as determined by each node's position therein and user preferences. At least some of the network traffic information stored at the network monitoring device may then be reported to another network monitoring device, where it can be aggregated with similar information from other network monitoring devices. Such reporting may occur according to rankings of inter-node communication links between nodes of different logical hierarchies of monitored nodes. 1. A network monitoring system comprising:a plurality of network monitoring devices that monitor network traffic data from a plurality of nodes of a network, each network monitoring device being configured to collect network traffic data from an assigned subset of the nodes in the network, anda central network monitoring device that is configured to receive at least a portion of the network traffic data collected by the network monitoring devices;wherein at least one of the network monitoring devices is configured to select fewer nodes than its assigned subset of nodes for collecting network traffic data, based on a capacity of the network monitoring device and a priority associated with each node of its assigned subset of nodes.2. The network monitoring system of claim 1 , wherein the priority associated with at least one of the nodes is based on a number of network monitoring devices that provide network traffic data associated with this node to the central network monitoring device.3. The network monitoring system of claim 1 , wherein each subset of assigned nodes includes a root node claim 1 , each of the nodes of the subset being hierarchically related to the root node claim 1 , and the priority associated with each node is based on a hierarchical distance of the node from the root node.4. The network monitoring system of claim 1 , wherein each subset of ...

NETWORK APPARATUS, COMMUNICATION SYSTEM, ABNORMAL TRAFFIC DETECTION METHOD, AND PROGRAM

A network apparatus includes a marking unit marking traffic that exceeds a predetermined rate limit, a measuring unit measuring an amount of the marked traffic, and a monitoring unit outputting the measured traffic amount in a period determined based on an expected duration time of abnormal traffic as a detection target. 1. A network apparatus , comprising:a marking unit marking traffic that exceeds a predetermined rate limit;a measuring unit measuring an amount of the marked traffic; anda monitoring unit outputting the measured traffic amount in a period determined based on an expected duration time of abnormal traffic as a detection target.2. The network apparatus according to claim 1 ,wherein the measuring unit measures the traffic amount by using a filter(s) detecting information written in a packet by the marking unit.3. The network apparatus according to claim 1 ,wherein the marking unit marks traffic by rewriting a value in an area in which a known packet header value is set; andwherein the measuring unit performs processing for converting information rewritten by the marking unit into the known value.4. The network apparatus according to claim 1 ,wherein the monitoring unit gives a notification indicating occurrence of an abnormal traffic if the difference between a traffic amount at an arbitrary time point and a traffic amount at a time point prior to the arbitrary time exceeds a predetermined threshold.5. The network apparatus according to claim 1 ,wherein the abnormal traffic as a detection target is a micro-bursting.6. The network apparatus according to claim 1 ,wherein the marking unit comprises a policing processing unit that performs policing.7. A communication system claim 1 , comprising:a first network apparatus; anda second network apparatus;wherein the first network apparatus comprises a marking unit marking traffic that exceeds a predetermined rate limit; andwherein the second network apparatus comprises:a measuring unit measuring an amount of ...

Reporting congestion in access networks to the core network

A network node in a core network is provided information about congestion in an access network coupled to the core network. The information about congestion includes a congestion identifier associated with a bearer that can be sent from an access node in the access network to a network node in the core network. The congestion identifier is associated with a set of bearers. The information about congestion also includes a congestion level indication sent from the access node to the network node. The network node maintains associations between the congestion identifiers and the bearers and can mitigate congestion on one or more bearers in the set of bearers associated with a congestion identifier in response to the congestion level indication.

SYSTEMS AND METHODS FOR FILTERING ELECTRONIC ACTIVITIES BY PARSING CURRENT AND HISTORICAL ELECTRONIC ACTIVITIES

The present disclosure relates to systems and methods for filtering electronic activities. The method includes identifying an electronic activity. The method includes parsing the electronic activity to identify one or more electronic accounts in the electronic activity. The method includes determining, responsive to parsing the electronic activity, that the electronic activity is associated with an electronic account of the one or more electronic accounts. The method includes selecting, based on the electronic account, one or more filtering policies associated with the data source provider to apply to the electronic activity. The method includes determining, by applying the selected one or more filtering policies to the electronic activity, to restrict the electronic activity from further processing based on the electronic activity satisfying at least one of the selected one or more filtering policies. The method includes restricting, the electronic activity from further processing. 1. A method comprising:identifying, by one or more processors, an electronic activity associated with a data source provider;parsing, by the one or more processors, the electronic activity to identify one or more electronic accounts in the electronic activity;determining, by the one or more processors, responsive to parsing the electronic activity, that the electronic activity is associated with an electronic account of the one or more electronic accounts, the electronic account corresponding to the data source provider;selecting, by the one or more processors based on the electronic account, one or more filtering policies associated with the data source provider to apply to the electronic activity, the selected one or more filtering policies including at least one of i) a keyword policy configured to restrict electronic activities including a predetermined keyword; ii) a regex pattern policy configured to restrict electronic activities including one or more character strings that match ...

SYSTEMS AND METHODS FOR SIMULATING ORDERS AND WORKFLOWS IN AN ORDER ENTRY AND MANAGEMENT SYSTEM TO TEST ORDER SCENARIOS

An order entry and order management network is disclosed. Event log data associated with a completed real order and relevant to a scenario is accessed by a computing device. A template is built for the scenario using the event log data. The template is modified as needed based upon predetermined specifications of the scenario. A simulated order is generated by applying the event log data to the template. A simulated workflow is initiated based upon the simulated order. The simulated workflow is a virtualized workflow monitored by the computing device to test the scenario. The computing device monitors network traffic associated with orders. The computing device communicates aspects of the event log data to systems of the order entry and order management network when the computing device identifies network traffic associated with the simulated order in order to process the simulated workflow and test the scenario. 1. A method of simulating workflows for order entry and management , comprising:connecting a computing device in a network flow path between an enterprise service bus (ESB) and a business process management system (BPMS) such that network traffic associated with orders communicated between the BPMS and ESB flows through the computing device; accessing event log data for a previously completed real order from an event log database, the event log data comprising key identification numbers (IDs) and information about one or more tasks associated with the previously completed real order;', 'generating simulated order identifiers for the key IDs of the event log data that differentiate real orders from simulated orders;', 'generating a template using the event log data, the template associated with an order scenario based on the previously completed real order;', 'generating a simulated order by applying the event log data to the template, the simulated order comprising the simulated order identifiers; and', 'executing the simulated order to initiate a simulated ...

SYSTEM AND METHOD FOR DETERMINING A DATA FLOW PATH IN AN OVERLAY NETWORK

This disclosure describes techniques that include receiving underlay flow data from a network having an underlay network and one or more overlay network, storing information identifying, for each underlay data flow, an overlay network, displaying, within a display, a topological map of at least a portion of the underlay network, highlighting a data path through the displayed topological map, the highlighted data path extending through the underlay network from the underlay network source of the respective underlay data flow to the underlay network destination of the respective underlay data flow; receiving a request for metrics associated with the highlighted data path, wherein receiving a request includes receiving, via a graphical user interface, an indication selecting at least a portion of the highlighted data path; and displaying, proximate to the highlighted data path, metrics associated with data traffic through the selected portion of the highlighted data path. 1. A method comprising:receiving underlay flow data from a network having an underlay network and one or more overlay networks, the underlay network including a plurality of network devices, the underlay flow data including information identifying an underlay network source, an underlay network destination, an overlay network source and an overlay network destination for each underlay data flow;storing, in a data store, information identifying, for each underlay data flow, an overlay network and the underlay network source, the underlay network destination, the overlay network source, and the overlay network destination of the respective underlay data flow;displaying, within a display, a topological map of at least a portion of the underlay network;highlighting a data path through the displayed topological map, the highlighted data path extending through the underlay network from the underlay network source of the respective underlay data flow to the underlay network destination of the respective ...

RECORDING OF INTER-APPLICATION DATA FLOW

Mechanism for two portions of an application to communicate so as to facilitate a transition from synchronous to asynchronous communication. In order to prepare for a possible transition, data flow is monitored between the two portions of the application, each portion interacting with a different hardware entity. The data flow between the first portion and the second portion of the application is recorded. If the second hardware entity is not available at the time, the recorded data flow from the first portion may be replayed by the second portion of the application for the benefit of the second hardware entity. If the second portion of the application is to be reassigned to another hardware entity, the target hardware entity may be sent the second portion of the application, as well as the recorded information. This allows the target hardware entity to replay what has happened thus far for context. 1. A computer program product comprising one or more computer-readable storage media having thereon computer-executable instructions that are structured such that , when executed by one or more processors of a computing system , cause the computing system to perform a method for first portion of an application to communicate with a second portion of the application , the method comprising:an act of monitoring data flow between a first portion of an application and a second portion of the application, the first portion of the application interfacing with a first hardware entity, and the second portion of the application interfacing with a second hardware entity; andan act of recording data flow from the first portion of the application to the second portion of the application in a manner that the second portion of the application can replay the recorded data flow.2. The computer program product in accordance with claim 1 , the method further comprising the following if a request is detected from the second portion of the application requests replay of at least a portion ...

METHOD FOR POWER SAVE MODE OPERATION IN WIRELESS LOCAL AREA NETWORK AND APPARATUS FOR THE SAME

A method for a power save mode operation in a wireless local area network (WLAN) system is provided. The method comprising determining a type of a receiving station (STA) indicator on the basis of the number of STAs which are associated with the AP and which intend to transmit buffered traffic; generating a traffic indicator map (TIM) element including information which indicates the receiving STA indicator and the type of the receiving STA indicator, transmitting the TIM element, receiving a poll frame for requesting data frame transmission from one STA among the STAs and transmitting the data frame to the STA. 113-. (canceled)14. A method for indicating a traffic in a wireless local area network , the method comprising:generating, by an access point (AP), a traffic indication map (TIM) element; andtransmitting, by the AP, the TIM element, the indication information indicating a format of the traffic indication field,', 'the traffic indication field indicating whether there are buffered traffics for stations associated with the AP in accordance with the format of the traffic indication field indicated by the indication information., 'wherein the TIM element includes indication information and a traffic indication field,'}15. The method of claim 14 , wherein claim 14 , if the indication information indicates a first format claim 14 , the traffic indication field includes information about an association identifier (AID) identifying a target station for which the AP has buffered traffic.16. The method of claim 15 , wherein claim 15 , if the indication information indicates the first format claim 15 , the traffic indication field does not include information about a station for which the AP does not have buffered traffic.17. The method of claim 15 , further comprising:receiving, by the AP, a power save poll frame for requesting the buffered traffic from the target station.18. The method of claim 14 , wherein claim 14 , if the indication information indicates a second ...

Flow-Based Adaptive Private Network with Multiple WAN-Paths

Systems and techniques are described which improve performance, reliability, and predictability of networks without having costly hardware upgrades or replacement of existing network equipment. An adaptive communication controller provides WAN performance and utilization measurements to another network node over multiple parallel communication paths across disparate asymmetric networks which vary in behavior frequently over time. An egress processor module receives communication path quality reports and tagged path packet data and generates accurate arrival times, send times, sequence numbers and unutilized byte counts for the tagged packets. A control module generates path quality reports describing performance of the multiple parallel communication paths based on the received information and generates heartbeat packets for transmission on the multiple parallel communication paths if no other tagged data has been received in a predetermined period of time to ensure performance is continually monitored. An ingress processor module transmits the generated path quality reports and heartbeat packets. 1. An adaptive communication controller for providing wide area network (WAN) performance and utilization measurements to another network node over multiple parallel communication paths across disparate asymmetric networks which vary in behavior frequently over time , the adaptive communication controller comprising:an egress processor module that receives a first set of communication path quality reports and tagged path packet data from a peer node and generates accurate arrival times, send times, sequence numbers and unutilized byte counts for the tagged packets received from the peer node;a control module that generates a second set of communication path quality reports describing performance of the multiple parallel communication paths based on the first set of communication path quality reports and the tagged path packet data received from the peer node and generates ...

METHODS AND APPARATUS TO IDENTIFY AN INTERNET DOMAIN TO WHICH AN ENCRYPTED NETWORK COMMUNICATION IS TARGETED

Methods, apparatus, systems and articles of manufacture disclosed herein can be used to identify an internet domain to which an encrypted network communication is targeted. A disclosed method includes collecting a plurality of unencrypted communications with a domain name server, and identifying, by executing an instruction with a processor, network traffic patterns associated with the unencrypted communication based on a combination of routing information, internet protocol flow data, and internet transactions associated with the plurality of unencrypted communications with the domain name server. An example disclosed method further includes determining, by executing an instruction with a processor, and based on the network traffic patterns associated with the unencrypted communications, the internet domain to which the encrypted communication is to be delivered. 1. A method to identify an internet domain to which an encrypted network communication is targeted , the method comprising:collecting a plurality of unencrypted communications with a domain name server;identifying, by executing an instruction with a processor, network traffic pattern associated with the unencrypted communication based on a combination of routing information, internet protocol flow data, and internet transactions associated with the plurality of unencrypted communications with the domain name server; anddetermining, by executing an instruction with a processor, and based on the network traffic patterns associated with the unencrypted communications, the internet domain to which the encrypted communication is to be delivered.2. The method of claim 1 , further including based on the plurality of unencrypted communications claim 1 , mapping internet protocol addresses obtained from domain server requests included in the unencrypted communications to domain names obtained from corresponding domain server responses included in the unencrypted communications.3. The method of claim 1 , wherein the ...

FINGERPRINTING APPLICATION TRAFFIC IN A NETWORK

In one embodiment, a device obtains telemetry data regarding a plurality of traffic flows in a network. The device forms a directed graph based on the telemetry data, wherein nodes of the graph represent devices in the network. The device simulates traffic for one or more of the devices by performing random walks starting at a particular node on the directed graph to generate a set of trails, each trail representing a sequence of one or more flows. The device clusters the set of trails to form one or more clusters. The device generates an application fingerprint for an application based on one of the one or more clusters. The device uses the application fingerprint to identify traffic in the network as associated with the application. 1. A method comprising:obtaining, by a device, telemetry data regarding a plurality of traffic flows in a network;forming, by the device, a directed graph based on the telemetry data, wherein nodes of the graph represent devices in the network;simulating, by the device, traffic for one or more of the devices by performing random walks starting at a particular node on the directed graph to generate a set of trails, each trail representing a sequence of one or more flows;clustering, by device, the set of trails to form one or more clusters;generating, by the device, an application fingerprint for an application based on one of the one or more clusters; andusing, by the device, the application fingerprint to identify traffic in the network as associated with the application.2. The method as in claim 1 , wherein simulating traffic for one or more of the devices by performing random walks on the directed graph to generate a set of trails comprises:using a Markov Chain Monte Carlo model to determine a probability of a traffic flow between a current node in the graph and a neighbor node.3. The method as in claim 1 , wherein clustering the set of trails to form one or more clusters comprises:transforming the trails into sequences of terms by ...

ELECTRONIC CONTROL UNIT, NON-TRANSITORY TANGIBLE COMPUTER READABLE MEDIUM, AND ANOMALY DETECTION METHOD

In an anomaly detection by an electronic control unit connected to an other electronic control unit via a communication network, a data frame is received from the other electronic control unit, and a reception interval is calculated between a first data frame and a second data frame received immediately before the first data frame. A determination value for determining whether the data frame is anomalous is updated by adding a predetermined value to the determination value when the reception interval is equal to or less than a threshold value, and the data frame is determined to be anomalous when the determination value exceeds a limit value. 1. An electronic control unit comprising:a reception unit that receives a data frame periodically transmitted from an other electronic control unit;a reception interval calculation unit that calculates a reception interval between a first data frame as the data frame received by the reception unit and a second data frame received by the reception unit immediately before the first data frame;a storage unit that holds a determination value for determining whether the data frame is anomalous;a determination value updating unit that, when the reception interval is equal to or less than a threshold value, updates the determination value by adding a predetermined value to the determination value; andan anomaly determination unit that determines the data frame to be anomalous when the determination value exceeds a limit value,2. The electronic control unit according to claim 1 , wherein:the predetermined value is a difference between the reception interval and the threshold value.3. The electronic control unit according to claim 1 , wherein:when the reception interval is more than the threshold value, the determination value updating unit subtracts the predetermined value from the determination value.4. The electronic control unit according to claim 1 , wherein:when the determination value exceeds the limit value, the anomaly ...

SYSTEMS AND METHODS FOR CONFIGURING A RESOURCE FOR NETWORK TRAFFIC ANALYSIS

The present disclosure is directed to systems and methods of configuring a resource for network traffic analysis. An agent executed by a computing device receives an indication to record a browsing session. The agent records network activity data of the browsing session. The agent generates a data file with the recording. The agent transmits the data file and a request to generate a report to an analytics server. The analytics server receives the request and extracts the network activity data from the data file. The analytics server applies an event processing protocol to the network activity data. The analytics server generates a report and transmits the report to the client device for display. 120.-. (canceled)21. A system to analyze traffic of a computing network , comprising: 'provide network activity data for a browsing session in which the client device accesses at least one of a plurality of webpages provided by a website publisher, the network activity data indicating events triggered by tags comprising tracking code embedded on the at least one of the plurality of webpages provided by the website publisher; and', 'establish a connection over a computing network with an agent executing via a web browser on a client device, the agent configured to, 'a data processing system comprising one or more processors configured to receive, from the agent via the connection over the computing network, the network activity data;', 'identify, responsive to a request to process the network activity data, the events from the network activity data;', 'process, responsive to the request, the events from the network activity data;', 'generate, responsive to the request to process the network activity data for the client device and processing of the events, a report indicating a validity of at least one of the tracking code or the processing of the events, the report generated using the events identified from the network activity data received from the agent on the client ...

INTELLIGENT INTERNET OF EVERYTHING (IoE) EDGE COMPUTIING SYSTEM FOR HIGH RELIABLE INTERNET OF THINGS (IoT) SERVICE

An intelligent Internet of everything (IoE) edge computing system for a high reliable Internet of thins (IoT) service is provided. The intelligent IoE edge computing system for high reliable IoT services according to the present invention provides a modularized intelligent IoT framework for various applications and has a technical feature in that intelligent traffic analysis and prediction is performed. 1. An intelligent Internet of everything (IoE) edge computing system comprising:an edge networking entity configured to provide connectivity to a terminal entity;an intelligent computing entity configured to provide an edge analytics function;an edge gateway entity configured to perform interworking with outside entities; andan edge identity management entity that stores and manages an identity.2. The intelligent IoE edge computing system of claim 1 , wherein the edge networking entity provides the connectivity to the terminal entity by taking into consideration heterogeneous wireless technologies.3. The intelligent IoE edge computing system of claim 1 , wherein the intelligent computing entity provides the edge analytics function provided by an artificial intelligence (AI) service and a big data analytics function.4. The intelligent IoE edge computing system of claim 1 , wherein the edge gateway entity provides an interworking function to outside entities including other intelligent edge computing (IEC) systems and a big data analytics function on cloud computing.5. The intelligent IoE edge computing system of claim 1 , wherein the edge identity management entity manages the identity by mapping the identity to metadata.6. The intelligent IoE edge computing system of claim 1 , wherein the edge networking entity collects raw data from the terminal entity and forwards a collection result to the intelligent computing entity claim 1 , and the intelligent computing entity analyzes aggregation data and forwards analyzed data to a big data analytics server.7. The ...

INTERACTIVE GEOGRAPHIC REPRESENTATION OF NETWORK SECURITY THREATS

A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly. 130-. (canceled)31. A computerized method comprising:receiving event data associated with an organization's network, wherein the event data is comprised of machine data;identifying one or more anomalies automatically determined from the event data;identifying one or more threats to the organization's network, wherein threats are identified from and associated with one or more of the identified anomalies, and each threat is classified as being of a type from a set of types and is associated with a device participating in the threat, and wherein the device is associated with a geographical location;causing display, in a graphical user interface, of identified threats on a geographical map, wherein each threat is depicted at a geographical location on the map corresponding to the location of the associated device; andin response to receiving at least one user input associated with a depicted threat on the map via the graphical user interface, causing display of an identification of the classification of the type of the depicted threat and an identification of each anomaly associated with the depicted threat.32. The method of claim 31 , further comprising:responsive to the user selection of the depicted ...

MEASUREMENT JOB SUSPENSION AND RESUMPTION IN NETWORK FUNCTION VIRTUALIZATION

An element manager (EM) of a virtualized network for a wireless communication system processes a suspend measurement job request received from a network manager (NM). The request is to suspend a measurement job to provide network function (NF) performance measurements related to a virtualized resource (VR). In response to the suspend measurement job request, the EM stops reports reporting measurement result data for the measurement job and determines whether to instruct a virtualized network function manager (VNFM) to delete one or more performance management (PM) jobs used to support the measurement job. The EM then generates a suspend measurement job response to indicate to the NM a result of the request to suspend the measurement job. 1. An apparatus for an element manager (EM) of a mobile network that includes virtualized network functions , the apparatus comprising:one or more interfaces to communicate with a network manager (NM) and a virtualized network function manager (VNFM); and process a suspend measurement job request received through the one or more interfaces from the NM, the suspend measurement job request to suspend a measurement job to provide network function (NF) performance measurements related to a virtualized resource (VR);', 'in response to the suspend measurement job request, stop reporting measurement result data for the measurement job and determine whether to instruct the VNFM to delete one or more performance management (PM) jobs used to support the measurement job; and', 'generate a suspend measurement job response to indicate to the NM a result of the suspend measurement job request to suspend the measurement job., 'a processor to2. The apparatus of claim 1 , wherein the processor is further to:in response to a determination to delete the one or more PM jobs, generate a delete PM job request to send to the VNFM to delete the one or more PM jobs; andprocess a delete PM job response, received from the VNFM, to determine that the one or ...

MANAGEMENT OF BACKGROUND DATA TRAFFIC

In various aspects, a system that comprises detecting a congestion event in a network that transmits a first group of data packets and a second group of data packets, wherein the detecting the congestion event comprises detecting the congestion event has initiated in response to a data packet throughput value of the network having been determined to have decreased below a threshold value; in response to the detecting of the congestion event, determine a transmission rate of the second group of data packets based on a transmission priority of the second group of data packets; determining a data packet dropping rate for the second group of data packets based on the transmission rate of the second group of data packets and a size of the first group of data packets and transmitting the second group of data packets utilizing the transmission rate and the data packet dropping rate. 1. A system , comprising:a processor; and detecting a congestion event in a network via which a first group of data packets and a second group of data packets are transmitted, wherein detecting the congestion event comprises detecting the congestion event in response to a data packet throughput value associated with the network having been determined to have decreased below a threshold value;', 'in response to detecting the congestion event, determining a transmission rate of the second group of data packets based on a transmission priority of the second group of data packets;', 'determining a data packet dropping rate for the second group of data packets based on the transmission rate of the second group of data packets and a size of the first group of data packets;', 'determining a threshold packet dropping rate for the second group of data packets; and', 'transmitting the second group of data packets utilizing the transmission rate, the data packet dropping rate, and the threshold packet dropping rate., 'a memory that stores executable instructions that, when executed by the processor, ...

Side Information for Channel State Information Reporting in Wireless Systems

In MIMO systems employing closed loop link adaptation, channel state information reporting can be enhanced using various types of side information, such as scheduling information indicating constraints on the scheduler related to the generation of downlink MIMO signals. 1. A wireless client device , comprising: receive an inbound Multiple-Input Multiple-Output (MIMO) signal from a wireless network device over a wireless MIMO channel therebetween, the inbound MIMO signal including two or more RF signals; and', 'transmit an outbound signal including channel state information to the wireless network device; and, 'a radio frequency (RF) front end configured to determine side information from the inbound MIMO signal, the side information including scheduling information indicating constraints on the wireless network device related to generation of the inbound MIMO signal; and', 'produce the channel state information regarding the wireless MIMO channel based on at least the side information and the inbound MIMO signal., 'a processing module configured to2. The wireless client device of claim 1 , wherein the scheduling information comprises:an indication that determines one or more modulation and coding scheme (MCS) levels that the wireless network device can select from for subsequent MIMO signals.3. The wireless client device of claim 2 , wherein the scheduling information comprises:another indication as to whether the wireless network device is using a fixed modulation and coding scheme (MCS) or an adaptive MCS, and when the scheduling information indicates that the wireless network device is using an adaptive MCS, the scheduling information further includes an additional indication as to whether the wireless network device is using a corresponding MCS, a conservative MCS or an aggressive MCS with respect to previous channel state information transmitted by the wireless client device to the wireless network device.4. The wireless client device of claim 1 , wherein the ...

Performance Interference Model for Managing Consolidated Workloads In Qos-Aware Clouds

The workload profiler and performance interference (WPPI) system uses a test suite of recognized workloads, a resource estimation profiler and influence matrix to characterize un-profiled workloads, and affiliation rules to identify optimal and sub-optimal workload assignments to achieve consumer Quality of Service (QoS) guarantees and/or provider revenue goals. The WPPI system uses a performance interference model to forecast the performance impact to workloads of various consolidation schemes usable to achieve cloud provider and/or cloud consumer goals, and uses the test suite of recognized workloads, the resource estimation profiler and influence matrix, affiliation rules, and performance interference model to perform modeling to determine the initial assignment selections and consolidation strategy to use to deploy the workloads. The WPPI system uses an online consolidation algorithm, the offline models, and online monitoring to determine virtual machine to physical host assignments responsive to real-time conditions to meet cloud provider and/or cloud consumer goals.

Bit-Rate Extraction for Encrypted Video

A method includes monitoring a media stream that is streamed over a network at a given media bit-rate in a sequence of traffic bursts. Respective data volumes of one or more traffic bursts of the sequence are estimated, and the given media bit-rate is derived from the estimated data volumes. 1. A method , comprising:monitoring a media stream that is streamed over a network at a given media bit-rate in a sequence of traffic bursts;estimating respective data volumes of one or more traffic bursts of the sequence; andderiving the given media bit rate from the estimated data volumes.226-. (canceled) This application claims the benefit of U.S. Provisional Patent Application 62/050,265, filed Sep. 15, 2014, whose disclosure is incorporated herein by reference.The present invention relates generally to communication analysis, and particularly to methods and systems for bit-rate estimation.Adaptive Bit-Rate (ABR) is a multimedia streaming technique, in which multimedia content is encoded in advance at several predefined bit rates and divided into segments. The content is streamed to a client, while adaptively selecting the bit rate to be streamed depending, for example, on the communication channel conditions en-route to the client. ABR can be used over various communication protocols, such as Hyper-Text Transfer Protocol (HTTP) and HTTP-Secure (HTTPS).An embodiment of the present invention that is described herein provides a method including monitoring a media stream that is streamed over a network at a given media bit-rate in a sequence of traffic bursts. Respective data volumes of one or more traffic bursts of the sequence are estimated, and the given media bit-rate is derived from the estimated data volumes.In some embodiments, estimating the data volumes and deriving the given media bit-rate are performed without decoding content of the media stream. In some embodiments, the media stream is encrypted, and estimating the data volumes and deriving the given media bit-rate ...

EDGE NETWORKING DEVICES AND SYSTEMS FOR IDENTIFYING A SOFTWARE APPLICATION

Edge networking router devices and systems for identifying a software application are described herein. One or more embodiments include an edge networking router device for identifying a software application comprising a packet collector to receive packet data in the edge networking router device and an artificial intelligence (AI) model configured to process the packet data received by the packet collector to identify the software application, wherein the artificial intelligence (AI) model is trained using a cloud entity and received from the cloud entity. 1. A thin edge networking router device for identifying a software application , comprising:a packet collector configured to receive packet data; and identify the software application using the received packet data; and', 'calculate a probability that the model correctly identified the software application., 'a model configured to2. The device of claim 1 , wherein the thin edge networking routing device is configured toreceive the model from a cloud entity.3. The device of claim 2 , wherein the thin edge networking routing device is configured torequest a new version of the model in response to the probability that the model correctly identified the software application reaching a threshold.4. The device of claim 3 , wherein the packet collector is configured to transmit the packet data claim 3 , wherein the packet data is used to train the new version of the model.5. The device of claim 1 , wherein the model is configured to use a decision tree to identify the software application.6. The device of claim 1 , wherein the model is configured to use at least one of a source port or a destination port to identify the software application.7. A thin edge networking router device for identifying a software application claim 1 , comprising:a packet collector configured to receive packet data; and identify the software application using the received packet data;', 'generate a command in response to identifying the ...

APPLICATION NETWORK USAGE MANAGEMENT

Disclosed are examples that relate to monitoring network usage by client devices and enforcing compliance rules related thereto. In various examples, a system can intercept a network call in transit from a client application to an operating system of a client device, wherein the network call is configured to cause a content provider to transmit content to the operating system over a carrier network, and wherein the network call is further configured to cause the operating system to transmit the content to the client application; can modify the configuration of the network call such that the network call causes the operating system to transmit the content to the management component; can receive the content from the operating system; can analyze the content for network usage; can create a network usage analysis; and, can provide the content to the client application. 1. A system , comprising:a computing device; and intercept a network call in transit from a client application to an operating system of a client device, wherein the network call is configured to cause a content provider to transmit content to the operating system over a carrier network, and wherein the network call is further configured to cause the operating system to transmit the content to the client application;', 'modify the configuration of the network call such that the network call causes the operating system to transmit the content to the management component;', 'receive the content from the operating system;', 'analyze the content for network usage;', 'create a network usage analysis; and,', 'provide the content to the client application., 'a management component executable by the computing device, wherein the management component, when executed by the computing device, is configured to cause the computing device to at least2. The system of claim 1 , wherein the management component is further configured to cause the computing device to at least:transmit the network usage analysis to a ...

SYSTEMS, METHODS, AND APPARATUS FOR FORWARDING A DATA FLOW

An exemplary network controller may be configured to receive a data flow request from a first node and, in response to the data flow request, send a flow entry to each of the nodes along a data flow path for the data flow. The flow entries may be sent from the last node in the path first and the last entry may be sent to the first node. 1. A method implemented by a software defined network (SDN) controller , the method comprising:receiving, at a first network node, a request for a data flow path through a telecommunications network, the request including information identifying a source node and a destination node;determining, by the first network node, if a flow entry exists for the data flow path;forwarding a data flow from the first network node to a second network node when the flow entry exists in the first network node;sending, by the first network node, a flow page miss to a controller requesting the data flow path for the data flow when the flow entry does not exists in the first network node;determining, by the controller, the data flow path; andsending, by the controller, the determined data flow path to the first network node and the second network node.2. The method of claim 1 , wherein the determined data flow path includes a plurality of network nodes and the controller sends the determined data flow path to each of the plurality of network nodes separately.3. The method of claim 2 , wherein the controller sends the determined data flow path to each of the plurality of network nodes separately by first sending the determined data flow path to each of the plurality of network nodes except the first network node and then to the first network node of the plurality of network nodes last.4. The method of claim 1 , further comprising sending claim 1 , by the first network node claim 1 , a second request for the data flow path in response to a flow not received message from the second network node.5. The method of claim 1 , further comprising determining ...

Identification of Vulnerability to Social Phishing

A computer-implemented method includes generating, by one or more processors, a hyperlink targeting a Uniform Resource Locator (URL), detecting a selection of the generated hyperlink by one or more social entities across one or more social networks, generating a report, wherein the generated report includes analytical details regarding the selection of the generated hyperlink by the one or more social entities, and providing the generated report to a user associated with a protected social entity. 1. A computer-implemented method comprising:generating, by one or more processors, a hyperlink targeting a Uniform Resource Locator (URL);detecting a selection of the generated hyperlink by one or more social entities across one or more social networks;generating a report, wherein the generated report includes analytical details regarding the selection of the generated hyperlink by the one or more social entities; andproviding the generated report to a user associated with a protected social entity.2. The method of further comprising communicating the generated hyperlink to the one or more social entities.3. The method of further comprising scanning data that is maintained on one or more social networks claim 1 , wherein scanning data that is maintained on one or more social networks comprises identifying claim 1 , by one or more processors claim 1 , data that is associated with the one or more social entities.4. The method of wherein scanning data that is maintained on the one or more social networks is performed on a continuous basis claim 3 , without user initiation.5. The method of wherein the selection of the generated hyperlink by one or more social entities is detected during scanning.6. The method of wherein the report indicates a probability of one or more users associated with the protected social entity selecting the generated hyperlink.7. The method of wherein the text of the hyperlink is associated with a hashtag.8. The method of wherein claim 1 , the ...

Traffic analysis system using wireless networking devices

A traffic monitoring system (400) includes a network of geographically distributed sensors (401-403). The sensors (401-403) provide raw or preprocessed data to a processing system (405) based on received long range wireless signals (e.g., 2.4 GHz, 5.8 GHz, or 5.9 GHz spectrum). The processing system (405) can then implement any of various algorithms to calculate traffic parameters taking into account the range of communication between the source and the sensor. The inputs to these algorithms include a first contacts, last contacts, maximum range, minimum range, median of contacts, average of contacts, maximum strength, and combinations thereof.

CROWD-SOURCED CLOUD COMPUTING RESOURCE VALIDATION

Resource provider specifications, characterizing computing resources of computing resource providers, are received. The reachability of each IP address included in the received specification is determined. An agent is deployed that is operable to determine the value of each of a set of metrics in the environment of the host at which the agent is deployed. The agent determines the value of each metric of the set of metrics in the environment of the relevant host, and communicates the determined values to one or more computing devices that validate whether the resources characterized by the communicated values are sufficient to provide the performance characterized by the received specification and that each ISP router complies with a predetermined policy. For each computing resource provider validated and determined to comprise an ISP router compliant with policy, the specified computing resources are added to a pool of resources for cloud computing. 1. A method , comprising: wherein each received specification characterizes computing resources of one of a plurality of computing resource providers, the computing resources having been registered for participation in a cloud computing service, the computing resources comprising at least one host and one Internet Service Provider (ISP) router, and', 'wherein each received specification comprises one or more values for each of a plurality of resource specification parameters including an Internet Protocol (IP) address for each specified host and for each specified Internet Service Provider (ISP) router;, 'receiving, by one or more computing devices, a plurality of resource provider specificationsdetermining, by the one or more computing devices for each received specification, the reachability of each IP address included in the received specification;deploying, by the one or more computing devices and at each host determined to be reachable, an agent operable to determine a value of each of a set of metrics in an ...

MEDIA DATA USAGE MEASUREMENT AND REPORTING SYSTEMS AND METHODS

Methods and apparatus for gathering data for media usage reports for a processing device is disclosed. An example apparatus includes means for gathering first usage data representative of usage of first media on a processing device, the first media being received from an external network source, the first usage data corresponding to at least one of (i) a first media type or (ii) a first user agent associated with the media; means for gathering second usage data representative of usage of second media on the processing device, the second media being received from a source that is local to the processing device, the second usage data corresponding to at least one of (i) a second media type or (ii) a second user agent associated with the media; and means for merging the first usage data and the second usage data into a respective user session to generate session data. 1. An apparatus for gathering data for media usage reports for a processing device , the apparatus comprising:means for gathering first usage data representative of usage of first media on a processing device, the first media being received from an external network source, the first usage data corresponding to at least one of (i) a first media type or (ii) a first user agent associated with the media;means for gathering second usage data representative of usage of second media on the processing device, the second media being received from a source that is local to the processing device, the second usage data corresponding to at least one of (i) a second media type or (ii) a second user agent associated with the media; andmeans for merging the first usage data and the second usage data into a respective user session to generate session data.2. The apparatus of claim 1 , further including means for providing a report of the user session.3. The apparatus of claim 2 , further including means for merging the session data into the report.4. The apparatus of claim 2 , further including means for merging the user ...

Managing network connections based on their endpoints

The disclosure relates generally to methods, systems, and apparatuses for managing network connections. A system for managing network connections includes a storage component, a decoding component, a rule manager component, and a notification component. The storage component is configured to store a list of expected connections for a plurality of networked machines, wherein each connection in the list of expected connections defines a start point and an end point for the connection. The decoding component is configured to decode messages from the plurality of networked machines indicating one or more connections for a corresponding machine. The rule manager component is configured to identify an unexpected presence or absence of a connection on at least one of the plurality of network machines based on the list of expected connections. The notification component is configured to provide a notification or indication of the unexpected presence or absence.

Analytics-driven dynamic network design and configuration

A system and method for dynamically (re)configuring a service network based on profile information obtained from a Big Data Analytics platform. Received dynamic situation profiles relative to network states, subscriber states, etc. may be compared against corresponding characteristic situation profiles. If there is a similarity, a dynamic design change action may be effectuated for changing configuration of at least a part of the service network, e.g., a service chaining mechanism, operating to service user data flows of the subscribers.

Method and an apparatus to perform multi-connection traffic analysis and management

A method and an apparatus to perform multi-connection traffic analysis and management are described. In one embodiment, the method includes analyzing data packets in the first data flow of a client application for a pattern of interest, where the client application communicates data using first and second data flows. In response to the method detecting a pattern of interest in the first data flow, the method identifies the second data flow and identifies a traffic policy for the second data flow. The method applies the identified traffic policy to the second data flow. Other embodiments have been claimed and described.

NETWORK THREAT INDICATOR EXTRACTION AND RESPONSE

A device includes a communication interface and a processor. The communication interface is configured to receive a network threat report. The processor is configured to extract an indicator from the network threat report. The indicator is reported to be associated with a network threat. The processor is also configured to determine, based on the indicator, a confidence score indicating a likelihood that the indicator is associated with malicious activity. The processor is further configured to determine, based on the indicator, an impact score indicating a potential severity of the malicious activity. The processor is further configured to identify, based on the indicator, the confidence score, and the impact score, an action to be performed. The action includes blocking network traffic corresponding to the indicator or monitoring network traffic corresponding to the indicator. The processor is also configured to initiate performance of the action. 1. A device comprising:a communication interface configured to receive a network threat report; and extract an indicator from the network threat report, the indicator reported to be associated with a network threat;', 'determine, based on the indicator, a confidence score indicating a likelihood that the indicator is associated with malicious activity;, 'a processor configured todetermine, based on the indicator, an impact score indicating a potential severity of the malicious activity;identify, based on the indicator, the confidence score, and the impact score, an action to be performed, wherein the action includes blocking network traffic corresponding to the indicator or monitoring network traffic corresponding to the indicator; andinitiate performance of the action.2. The device of claim 1 , wherein the indicator includes an internet protocol (IP) address claim 1 , an e-mail address claim 1 , an e-mail subject claim 1 , a domain name claim 1 , a uniform resource identifier (URI) claim 1 , a uniform resource locator ( ...

Method and apparatus for managing over-the-top video rate

Aspects of the subject disclosure may include, for example, a device including a processing system including a processor and a memory that stores executable instructions that, when executed by the processing system, facilitate performance of operations, including monitoring network traffic to determine a transmission control protocol traffic pattern, determining a target video rate from the transmission control protocol traffic pattern, and modifying an over-the-top video delivery service network according to the target video rate. Other embodiments are disclosed.

MANAGEMENT OF NEAR FIELD COMMUNICATIONS USING A LOW POWER EXPRESS MODE OF AN ELECTRONIC DEVICE

Systems, methods, and computer-readable media for managing near field communications during a low power express mode of an electronic device are provided that may make credentials of a near field communication (“NFC”) component appropriately secure and appropriately accessible while also limiting the power consumption of the NFC component and of other components of the electronic device. 120-. (canceled)21. A method comprising:designating a credential on an electronic device as an initial credential for use in a low power mode of the electronic device;in response to the designating, setting a status of a low power mode flag of a power management unit of the electronic device to a first status; and determining the status of the low power mode flag of the power management unit of the electronic device; and', 'responsive to determining that the status of the low power mode flag is set to the first status, transitioning a near field communication component from operating in a full power mode to operating in a low power mode., 'in response to detecting a low power mode initiation event22. The method of claim 21 , further comprising:responsive to determining that the status of the lower power mode flag is set to a second status, transitioning the near field communication component from operating in the full power mode to operating in an off mode.23. The method of claim 22 , further comprising:undesignating the credential on the electronic device as the initial credential for use in the low power mode of the electronic device;in response to the undesignating, setting the status of the low power mode flag of the power management unit of the electronic device to the second status.24. The method of claim 22 , wherein:the near field communication component is configured to actively communicate data from at least one credential on the electronic device to a remote terminal while the near field communication component is operating in the low power mode; andthe near field ...

SYSTEM AND METHOD FOR MANAGEMENT OF CLOUD-BASED SYSTEMS

System and method for reporting usage of a network infrastructure includes obtaining a map that includes at least one flow-mapping that correlates a flow feature with a service and that correlates a flow feature with an endpoint type, wherein the endpoint types include at least a subscriber type and a service type; at a first computer, receiving flow telemetry of a network infrastructure, the flow telemetry representing at least the destination and source attributes for network traffic in the flow telemetry; categorizing the flow telemetry into at least a subscriber flow category based on the source and destination endpoint types of the traffic; for subscriber flow telemetry of a subscriber, processing the subscriber flow telemetry into at least one flow feature; identifying at least one service to attribute to at least a portion of the subscriber flow telemetry, the service identified through the processed flow feature and a flow-mapping.

Method For Calculating Statistic Data of Traffic Flows in Data Network And Probe Thereof

The disclosure provides a probe and a method for calculating statistic data of traffic flows. The probe comprises at least one link processor (LP) and a correlation processor (CP). Each LP includes two buffers, receives packets from directional traffic flows, generates information of bi-directional traffic flows based on the received packets, stores the generated information in one buffer within a reporting period and, reports the stored information to CP when the reporting period boundary is reached. The information of each bi-directional traffic flow includes the relevant identification information and statistic data. The CP calculates statistic data of a particular group of traffic flows with a predetermined characteristic based on the reported information, and the other buffer stores information of bi-directional traffic flows to be generated within a next reporting period and the stored information is to be reported to the correlation processor when the next reporting period boundary is reached.

Mitigating Reflection-Based Network Attacks

In one embodiment, a network device routes traffic along a network path and receives a performance threshold crossing alert regarding performance of the network path. The network device detects that the performance threshold crossing alert is part of a potential network attack by analyzing, by the device, the performance threshold crossing alert. The network device also provides a notification of the detected network attack. 1. A method , comprising:routing, by a network device, traffic along a network path;receiving, at the network device, a performance threshold crossing alert regarding performance of the network path;detecting that the performance threshold crossing alert is part of a potential network attack by analyzing, by the device, the performance threshold crossing alert; andproviding, by the network device, a notification of the detected network attack.2. The method as in claim 1 , wherein detecting that the performance threshold crossing alert is part of a potential network attack comprises:predicting, by the network device, a probability of receiving the performance threshold crossing alert, wherein the potential network attack is detected based on the predicted probability of receiving the performance threshold crossing alert.3. The method as in claim 1 , wherein the performance threshold crossing alert correspond to an amount of jitter or delays along the network path.4. The method as in claim 1 , further comprising:generating, by the network device, one or more keys and one or more seed values;performing, by the network device, handshaking with a second network device located along the network path by exchanging keys and seed values;receiving, at the network device, a performance threshold crossing alert from the second network device, wherein the alert is digitally signed using a particular key generated using the exchanged seed values; andvalidating, by the network device, the alert received from the second network device using one of the exchanged ...

ROUTER AND INFORMATION-COLLECTION METHOD THEREOF

The present invention provides a router including a storage device, a communication module, and a controller. The storage device stores a web-page code corresponding to a graphical user interface, wherein the web-page code includes an information-gathering code. The controller enables the communication module to transmit the web-page code to the first electronic device coupled in response to a predetermined web-page request received from the first electronic device, wherein the information-gathering code is arranged to collect an environment information sector of the first electronic device and transmit the environment information sector of the first electronic device to the router.

LEAPFROG COMMUNICATIONS IN A TSCH NETWORK

In one embodiment, a network node monitors communications between a sender node and an intermediary receiver node during a set of time slots of a channel hopping schedule. The sender node, intermediary receiver node, and a final destination node for the communications may all be located along a primary communication path in the network. The network node stores a copy of one of the communications sent from the sender node to the intermediary receiver node during a particular time slot in the set of time slots. The network node forwards the copy of the communication to a listener node configured to monitor communications between the intermediary receiver node and another node located along the primary communication path. The intermediary receiver node is also configured to monitor communications between the network node and the listener node. 1. A method , comprising:monitoring, by a network node, communications between a sender node and an intermediary receiver node during a set of time slots of a channel hopping schedule, wherein the sender node, intermediary receiver node, and a destination node for the communications are located along a primary communication path;storing, at the network node, a copy of one of the communications sent from the sender node to the intermediary receiver node during a particular time slot in the set of time slots; andforwarding, by the network node, the copy of the communication to a listener node configured to monitor communications between the intermediary receiver node and another node located along the primary communication path, and wherein the intermediary receiver node is configured to monitor communications between the network node and the listener node.2. The method as in claim 1 , wherein the copy of the communication is forwarded to the listener node based on a determination that the intermediary receiver node has not acknowledged receipt of the communication.3. The method as in claim 1 , wherein the sender node is configured ...

APPARATUS AND METHOD FOR DETECTING ONLINE FAILURE AND SYSTEM

This application provides an apparatus and method for detecting online failure and a system. The apparatus includes: a reading unit configured to read signal to noise ratios of subcarriers from a receiver of a multicarrier optical communication system according to a predetermined monitoring time interval; a judging unit configured to judge whether there exist a first predetermined number of subcarriers of which the signal to noise ratios are less than a first threshold value; a detecting unit configured to monitor a change of distortion of the system when it is judged yes by the judging unit, and determine a cause of degradation of signal to noise ratios according to the change of distortion of the system; and a reporting unit configured to report degradation of signal to noise ratios and/or the cause of degradation of signal to noise ratios. With the apparatus and method and system provided by this application, changes of distortion of the system may be monitored on line, and the changes possibly posing a threat to normal operation of the system may be early alerted, thereby making it possible to perform targeted adjustment in advance. 1. An apparatus for detecting online failure , comprising:a reading unit configured to read signal to noise ratios of subcarriers from a receiver of a multicarrier optical communication system according to a predetermined monitoring time interval;a judging unit configured to judge whether there exists a first predetermined number of subcarriers of which the signal to noise ratios are less than a first threshold value;a detecting unit configured to monitor a change of distortion of the system when the judging unit judges yes, and determine a cause of degradation of signal to noise ratios according to a change of distortion in the system; anda reporting unit configured to report one of the degradation of signal to noise ratios and the cause of degradation of signal to noise ratios.2. The apparatus according to claim 1 , wherein the ...

Management method and computer

A plurality of servers are provided by executing server software on a specific computer or other computers in a system. These servers, including first and second servers, have subordinate relationships for propagating load values from one server to another server in the system. The second server is subordinate to the first server. The first server receives a load value from the second server, the received load value representing a load on a group of servers including the second server and its subordinate servers. The first server then determines whether to enhance the system, based on a load value of the first server itself and the load value received from the second server.

Network Directionality Mapping System

A computing system for monitoring, validating, and illustrating data transfer between computing devices in an enterprise computing system receives packet header information from network sensing modules. The computing system validates the records of the collected packet header information and discards erroneous records. The computing system corrects invalidly recorded information in the records. The computing system identifies records corresponding to unidirectional and bidirectional data transfer, generating a single data transfer record for a unidirectional data transfer and a pair of data transfer records for a bidirectional data transfer. The computing system stores the data transfer records in a standard data structure accessible at a user interface. The computing system generates a graphical directionality map for display at the user interface based on the input data transfer records to depict the data transfer relationships between computing devices. 1. A computing platform , comprising:at least one processor;a communication interface communicatively coupled to the at least one processor; and receive, via a network and from a network sensing module, packet header information corresponding to a record associated with a first data transfer between a first computing device and a second computing device, wherein the packet header information comprises octet information corresponding to a representation of an eight bit data transfers;', 'analyze, the record to validate the recordation of the first data transfer by the network sensing module and to identify the first data transfer as unidirectional or bidirectional;', 'generate, based on a validation of the record, a first data transfer record for storage in a network directionality data store, wherein the first data transfer record is representative of the first data transfer from the first computing device to the second computing device;', 'storing, based on octet information of the record, an indication of an ...

Technologies for annotating process and user information for network flows

Systems, methods, and computer-readable media for annotating process and user information for network flows. In some embodiments, a capturing agent, executing on a first device in a network, can monitor a network flow associated with the first device. The first device can be, for example, a virtual machine, a hypervisor, a server, or a network device. Next, the capturing agent can generate a control flow based on the network flow. The control flow may include metadata that describes the network flow. The capturing agent can then determine which process executing on the first device is associated with the network flow and label the control flow with this information. Finally, the capturing agent can transmit the labeled control flow to a second device, such as a collector, in the network.

MICROBURST DETECTION AND MANAGEMENT

Systems, methods, and apparatuses provide a scalable framework for analyzing queuing and transient congestion in network switches. The system reports which flows contributed to the queue buildup and enables direct per-packet action in the data plane to prevent transient congestion. The system may be configured to analyze queuing in legacy network switches. 1. A method for microburst detection and management , the method comprising:obtaining a plurality of packets, wherein the obtaining of the plurality of packets uses a snapshot-based data structure to take snapshots of data comprising the plurality of packets;detecting, by the device, congestion associated with the device, wherein the congestion is a microburst congestion, wherein the microburst comprises a change of three times or more than an average traffic rate;determining, by the device, that a subset of the plurality of packets are in a congested queue when the congestion occurs; andbased on the subset of the plurality of packets reaching a threshold percentage of packets in the congested queue when the congestion occurs, indicating, by the device, an identifiable flow that is a culprit flow, wherein the identifiable flow comprises the subset of the plurality of packets.2. The method of claim 1 , further comprising re-routing the packets of the identifiable flow to another route.3. The method of claim 1 , further comprising adjusting a quality of service of the device associated with packets of the identifiable flow.4. The method of claim 1 , further comprising dropping packets associated with the identifiable flow.5. The method of claim 1 , further comprising load balancing packets of the identifiable flow.6. The method of claim 1 , further comprising delaying packets of the identifiable flow.7. The method of claim 1 , wherein the device is a switch.8. A system for microburst detection and management claim 1 , the system comprising:one or more processors; and obtaining a plurality of packets, wherein the ...

SYSTEMS AND METHODS FOR IDENTIFYING A SEQUENCE OF EVENTS AND PARTICIPANTS FOR RECORD OBJECTS

Methods, systems, and storage media for identifying a sequence of events and participants for record objects are disclosed. Exemplary implementations may: access record objects of a system of record; identify a subset of record objects associated with a group entity and having a first record object status; identify one or more electronic activities linked to the record objects; determine an event-participant pattern based on the electronic activities linked to the record object; identify electronic activities linked with a second record object; determine that a first event is performed by the a participant type and a second event is not yet performed by a second participant type; generate a content item identifying an action to trigger a performance of the second event; and transmit the content item to a device of a participant of at least one electronic activity linked with the second record object. 1. A method , comprising:accessing, by one or more processors, a plurality of record objects of a system of record of a data source provider, each record object of the plurality of record objects corresponding to a respective group entity, each record object comprising one or more object field-value pairs and linked to one or more electronic activities;identifying, by the one or more processors, a subset of record objects of the plurality of record objects associated with a group entity and having a first record object status;identifying, by the one or more processors, for each record object of the subset of record objects, one or more electronic activities linked to the record object, each electronic activity identifying one or more participants and corresponding to at least one event;determining, by the one or more processors, for each record object of the subset of record objects, an event-participant pattern based on the electronic activities linked to the record object, the event-participant pattern including at least a first event performed by a first participant ...

ENTERPRISE SERVER BEHAVIOR PROFILING

Generation of behavior profiling reports is provided for enterprise server devices in a network of enterprise server devices, as well as generation and association of severity scores for behavior profiling reports generated for enterprise server devices included in the network of enterprise server devices. A method can comprise receiving historical security event data representing historical security events of a first device and owner data representing an owner of the first device, and, as a function of the historical security event data and the owner data, an anomalous contact established between the first device and the second device can be identified. Further, in response to identifying the existence of the anomalous contact, the second device can be depicted on a connected graph of anomalous contacts established by the first device. 1. A device , comprising:a processor; and receiving historical security event data representing historical security events of a first device and owner data representing an owner of the first device;', 'as a function of the historical security event data and the owner data, identifying an existence of an anomalous contact established between the first device and the second device; and', 'in response to identifying the existence of the anomalous contact, depicting the second device on a connected graph of anomalous contacts established by the first device., 'a memory that stores executable instructions that, when executed by the processor, facilitate performance of operations, comprising2. The device of claim 1 , wherein the operations further comprise determining the existence of the anomalous contact as a function of the first device being determined to have failed to establish a contact with the second device within a defined period of time.3. The device of claim 1 , wherein the operations further comprise connecting the first device and the second device as depicted on the connected graph of the anomalous contacts with an edge ...

IDENTIFYING MODIFICATIONS TO TECHNICAL CHARACTERISTICS OF A COMMUNICATION CHANNEL TO ALTER USER PERCEPTION OF COMMUNICATION CHANNEL PERFORMANCE

Probes are coupled to a network via one or more communication channels. The probes capture a set of technical characteristics of the communication channel (e.g., signal intensity, signal quality, signal to noise ratio, etc.), which may include characteristics of data exchanges between third party systems and the probes. Captured characteristics are provided to an online system, which obtains information from users who are communicating content via the communication channel regarding user perception of content transmission or receipt. Based on the received characteristics and information describing user perception, the online system generates a value of a performance metric for the communication channel associated with a set of users having one or more common characteristics. The online system may use values of the performance metric for different technical characteristics to evaluate effects of modifying a technical characteristic of the communication channel on perception of the communication channel by users in the set. 1. A method comprising:obtaining characteristics of users associated with client devices receiving content via a communication channel;obtaining information describing user perception of content provided to the client devices via the communication channel;receiving technical characteristics of the communication channel providing the content to the client devices captured by one or more probes coupled to the communication channel;identifying a set of users having a common characteristic;generating a model for the set of users correlating values of a performance metric for the communication channel with technical characteristics of the communication channel based on the obtained information describing user perception of users in the set and the received technical characteristics of the communication channel;identifying one or more modifications to the communication channel by comparing a value of the performance metric corresponding to received ...

AUTOMATIC COPY VALIDATION USING REAL-WORLD APPLICATION TRAFFIC

One example method includes bringing up a clone application in a validation environment, replaying recorded incoming network traffic to the clone application, obtaining a response of the clone application to the incoming network traffic, comparing the response of the clone application to recorded outgoing network traffic of the production application, and making a validation determination regarding the clone application, based on the comparison of the response of the clone application to recorded outgoing network traffic of the production application. When the clone application is not validated, the example method includes identifying and resolving a problem relating to the clone application. 1. A method , comprising:bringing up a clone application in a validation environment;replaying recorded incoming network traffic to the clone application;obtaining a response of the clone application to the incoming network traffic;comparing the response of the clone application to recorded outgoing network traffic of the production application;making a validation determination regarding the clone application, based on the comparison of the response of the clone application to recorded outgoing network traffic of the production application; andwhen the clone application is not validated, identifying and resolving a problem relating to the clone application.2. The method as recited in claim 1 , wherein the clone application is created by applying a cloning process to the production application.3. The method as recited in claim 1 , wherein the validation environment comprises a clone of a production environment in which the production application operates.4. The method as recited in claim 1 , wherein the recorded incoming network traffic was generated by recording incoming network traffic to the production application.5. The method as recited in claim 1 , wherein part of the method is performed by a network traffic generator player-validator.6. The method as recited in claim 1 , ...

OCCUPANCY SENSING

Example implementations may relate to an occupancy sensing system. For example, the occupancy sensing system may collect connection data and traffic data related to electronic devices that connect to the networking device. The occupancy sensing system may determine a number of resident devices and a number of high-traffic devices, based on the connection data or the traffic data. The occupancy sensing system may determine a number of the electronic devices that are coactive within an analysis time window, and may constrain the number of coactive electronic devices to a range from the number of high-traffic devices to the number of resident devices to generate an occupancy value. 1. An occupancy sensing system comprising:an input engine to collect, from a networking device, connection data and traffic data related to electronic devices that connect to the networking device;a classification engine to differentiate the electronic devices into resident devices and transient devices based on the connection data and to determine a number of the resident devices;a dominance engine to determine a number of high-traffic devices among the electronic devices based on the traffic data; andan occupancy engine to determine a number of the electronic devices that are coactive in an analysis time window, and to determine an occupancy value that is the number of electronic devices that are coactive bounded in a range from the number of resident devices to the number of high-traffic devices.2. The occupancy sensing system of claim 1 , wherein the occupancy engine is to determine the number of electronic devices that are coactive by:identification of active devices as electronic devices that have traffic data above a background activity threshold,application of an association rule miner engine to calculate frequencies of coactivity of combinations of the active devices over a plurality of sampling time windows within the analysis time window, andselection of a combination of active ...

TRAFFIC MEASUREMENT SYSTEM FOR WIRELESS SERVICE PROVIDERS

A device receives packet information associated with a traffic flow and a network segment. The network segment includes a portion of a network via which the traffic flow is transmitted. The device associates the received packet information with a period of time. The device determines that the period of time has expired, and aggregates the received packet information based on determining that the period of time has expired. The device determines a network performance parameter associated with the traffic flow over the network segment based on the aggregated packet information. The device generates performance information that identifies the network performance parameter, the traffic flow, and the network segment. The device provides the performance information. 1. A device , comprising: [ 'the network segment including a portion of a network via which the traffic flow is transmitted;', 'receive packet information associated with a traffic flow and a network segment,'}, 'associate the received packet information with a period of time;', 'determine that the period of time has expired;', 'aggregate the received packet information based on determining that the period of time has expired;', 'determine a network performance parameter associated with the traffic flow over the network segment based on the aggregated packet information;', 'generate performance information that identifies the network performance parameter, the traffic flow, and the network segment; and', 'provide the performance information., 'one or more processors to2. The device of claim 1 , where the one or more processors claim 1 , when providing the performance information claim 1 , are further to:output the performance information to an analytics device for display.3. The device of claim 1 , where the one or more processors claim 1 , when providing the performance information claim 1 , are further to:output the performance information to an analytics device for processing.4. The device of claim 1 , ...

STATISTICAL COLLECTION IN A NETWORK SWITCH NATIVELY CONFIGURED AS A LOAD BALANCER

In an example, there is disclosed a network apparatus for providing native load balancing within a switch or router, including a first network interface operable to communicatively couple to a first network; a plurality of second network interfaces operable to communicatively couple to a second network; one or more logic elements comprising a switching engine operable for providing network switching or routing; and one or more logic elements forming a load balancing engine operable for receiving incoming network traffic via the first network, the incoming traffic having a destination internet protocol address (IP) corresponding to a virtual IP (VIP) designated for load balancing; assigning the incoming traffic to a traffic bucket associated with the second network; and logging the assigning; wherein the switching engine and load balancing engine are configured to be provided on the same hardware as each other and as the first network interface and plurality of second network interface. 1. A network apparatus for providing load balancing , the apparatus comprising: 'providing network switching or routing of incoming network traffic without load balancing the incoming network traffic, the incoming network traffic not including a destination internet protocol (IP) address corresponding to a virtual IP (VIP) address; and', 'a switching engine operable for 'load balancing other incoming traffic having the destination IP address corresponding to the VIP address designated for load balancing.', 'a load balancing engine operable for2. The network apparatus of claim 1 , wherein the load balancing engine is further operable for:assigning the other incoming traffic to a traffic bucket associated with a service node based on a load balancing algorithm performed on the other incoming traffic;logging the assigning; andcompiling a statistical report based at least in part on the logging.3. The network apparatus of claim 2 , wherein compiling the statistical report comprises ...

Technologies for switch link and ply management for variable oversubscription ratios

Technologies for switch link and ply management for variable oversubscription ratios include powering up and down links of one or more network plys according to bandwidth demand, desired oversubscription ratio and/or other parameters. Telemetry data representing one or more network traffic metrics of one or more switch plies is monitored to determine respective power states of the plurality of links associated with the one or more switch plies as a function of a desired oversubscription ratio calculated based on the telemetry data. The respective power state of the plurality of links is set accordingly.

INFRASTRUCTURE-AGNOSTIC NETWORK-LEVEL VISIBILITY AND POLICY ENFORCEMENT FOR CONTAINERS

An enforcement mechanism on an operating system instance enforces a segmentation policy on a container. A configuration generation module executing in a host namespace of the operating system instance receives management instructions from a segmentation server for enforcing the segmentation policy on a container. The configuration generation module executes in the host namespace to configure a traffic control and monitoring module in a container namespace associated with the container. The traffic control and monitoring module in the container namespace controls and monitors communications to and from the container in accordance with its configuration. By executing a configuration generation module in the host namespace to configure traffic control and monitoring module in the container namespace, the enforcement mechanism beneficially enables robust and lightweight enforcement in a manner that is agnostic to different containerization protocols. 1. A method for facilitating visibility into traffic flow data associated with containers , the method comprising:executing a container on a host operating system of a processing device, wherein host processes of the host operating system are associated with a host namespace and the container is associated with a container namespace;monitoring, by a traffic control and monitoring module executing in the container namespace, communications associated with the container namespace to identify traffic flows associated with the container;obtaining, by a traffic flow reporting module executing in the host namespace, the traffic flows associated with the container; andtransmitting, by the traffic flow reporting module, the obtained traffic flows to a server.2. The method of claim 1 , further comprising:obtaining, by a configuration generation module executing in the host namespace of the host operating system, management instructions from the server for controlling communications to and from the container;configuring, by the ...

HIERARCHICAL AGGREGATION OF SELECT NETWORK TRAFFIC STATISTICS

Disclosed herein are systems and methods for the collection, aggregation, and processing of network traffic statistics for a plurality of network appliances in a wide area network. Select network traffic statistics can be collected and associated with a hierarchical string, and aggregated over time. In this way, only information that is likely to be relevant is gathered and maintained, allowing for the maintenance of select network traffic statistics for large-scale operations. 1. A method for aggregating select network traffic statistics for each of a plurality of network appliances connected in a communication network , the method comprising:for each flow from a first network appliance, extracting a first attribute value of a first flow attribute;for each flow from the first network appliance, extracting a second attribute value of a second flow attribute;building at least one hierarchical string with the extracted first attribute value and the extracted second attribute value,extracting at least one network metric for at least one network characteristic associated with the at least one hierarchical string;aggregating the at least one network metric for the at least one network characteristic over a plurality of flows to and from the first network appliance in the communication network; 'the eviction policy determining that a record is aggregated into a higher level record of the accumulating map and is evicted from the accumulating map; and', 'wherein the accumulating map has a target number of entries for a specified time period and an eviction policy determines how information is aggregated once the accumulating map reaches its target number of entries for the specified time period,'}, 'generating an accumulating map that is updated in substantially real time, the accumulating map comprising the at least one hierarchical string and associated aggregated network metrics for the first flow attribute and the second flow attribute of the hierarchical string,'} ...

Detecting Anomalies in a Computer Network Based on Usage Similarity Scores

A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly. 1. A method comprising:accessing, by a computer system, usage similarity scores for a plurality of network devices associated with a computer network, the usage similarity scores being indicative of which of the network devices have been shared by a user or by a group of users who satisfy a similarity criterion;accessing, by the computer system, data indicative of computer network activity of a particular user of a plurality of users; anddetecting, by the computer system, in response to accessing the data, an anomaly indicative that the particular user has interacted with a particular network device with which the particular user does not normally interact, based on the usage similarity scores.2. The method of claim 1 , further comprising:retrieving a graph data structure that records anomalies in the computer network and relationships between the anomalies and the users and network devices;identifying a security threat based on the detected anomaly by identifying, in the graph data structure, a relationship path in the data structure from the particular user to a network device designated as a critical resource of the computer network, the relationship path including users and network devices ...

CROWD-SOURCED CLOUD COMPUTING RESOURCE VALIDATION

Resource provider specifications, characterizing computing resources of computing resource providers, are received. The reachability of each IP address included in the received specification is determined. An agent is deployed that is operable to determine the value of each of a set of metrics in the environment of the host at which the agent is deployed. The agent determines the value of each metric of the set of metrics in the environment of the relevant host, and communicates the determined values to one or more computing devices that validate whether the resources characterized by the communicated values are sufficient to provide the performance characterized by the received specification and that each ISP router complies with a predetermined policy. For each computing resource provider validated and determined to comprise an ISP router compliant with policy, the specified computing resources are added to a pool of resources for cloud computing. 120-. (canceled)21. A method , comprising: receiving a plurality of resource provider specifications characterizing computing resources of each resource provider and comprising at least one host and at least one router;', 'determining, for each received resource provider specification, a reachability of an Internet Protocol (IP) address associated with the at least one host;', 'deploying, at each host determined to be reachable, an agent operable to determine a value of each of a set of metrics in an environment of the host at which the agent is deployed;', 'receiving, from each deployed agent, determined values of each of the set of metrics;', 'validating, for each resource provider, the received resource provider specification;', 'determining that each router in the computing resources of each resource provider complies with a predetermined policy; and', 'for each validated resource provider comprising a router compliant with the predetermined policy, adding the specified computing resources of the resource provider to ...

Method and system for classifying data objects based on their network footprint

The present invention provides a method for determining a type of an object distributed through communication network said method implemented by one or more processing devices operatively coupled to a non-transitory storage device, on which are stored modules of instruction code that when executed cause the one or more processing devices to perform: monitoring objects traffic through communication network; building the objects' footprint, wherein said footprint is inferred from monitored traffic flows that contain said object wherein the footprint is organized in a graph structure wherein nodes are source and target network addresses of said traffic flows two nodes are connected if there is a traffic flows between the network address of the respective nodes containing the said object, analyzing the objects footprint for identifying features characteristics/parameters of the footprint to determine the objects type. 1. A method for determining a type of an object distributed through communication network said method implemented by one or more processing devices operatively coupled to a non-transitory storage device , on which are stored modules of instruction code that when executed cause the one or more processing devices to perform:monitoring objects traffic through communication network;building the objects' footprint, wherein said footprint is inferred from monitored traffic flows that contain said object wherein the footprint is organized in a graph structure wherein nodes are source and target network addresses of said traffic flows two nodes are connected if there is a traffic flows between the network address of the respective nodes containing the said object.analyzing the object's footprint for identifying features characteristics/parameters of the footprint to determine the object's type.2. The method of wherein the types of objects include malicious and legitimate/benign.3. The method in wherein the object identity is determined by a signature claim 1 , ...

METHODS AND SYSTEMS FOR USING EMBEDDING FROM NATURAL LANGUAGE PROCESSING (NLP) FOR ENHANCED NETWORK ANALYTICS

Systems and methods are provided for utilizing natural language process (NLP), namely semantic learning approaches, in the realm of network security. Techniques include analyzing network transaction records to form a crafted corpus related to a semantics of network activity. The crafted corpus can be adapted to include sequences of network entities that are deemed most appropriate for analyzing a particular category related to network activity. For example, crafted corpuses can include sequences of servers accessed by each user, in order to identify activity trends in a user's normal activity. A network embeddings model can be trained on the crafted corpus. The network embeddings model includes an embedding space of text that represents interactions between network entities and captures contextual similarities of text, which further measures similarities between the network entities in the embedding space. Using network embeddings model, network activity is monitored and modeled over time, and anomalies efficiently detected. 1. A method for analyzing access patterns within a communication network , comprising:receiving, by a network device, a plurality of transaction records associated with network interactions amongst a plurality of network entities in the communication network;analyzing, by the network device, the plurality of transaction records to identify the network entities within the plurality of transaction records, wherein the network entities are identified as text strings using text-based analysis;generating, by the network device, a crafted corpus comprising a sequence of network entities within the plurality of transaction records, wherein the crafted corpus is generated based on a type of access semantics to be captured by an embedding and based on a selected corpus category;generating, by the network device, a network embeddings model based on the crafted corpus of sequences of network entities, wherein the network embeddings model includes a vector ...

Application Classification

A computing system may automatically classify applications that are used via a communication network. Application classification may include identifying a signature or group of signatures that belongs to an application or service associated with data flow through a network. The computer system of the network may collect data regarding the application from a mobile device, from the network, and/or from a digital distribution service accessible via the network. The system may combine such data together to identify and classify the application. 1. A wireless communication network comprising:one or more processors;a non-transitory storage medium; and send a command to a mobile device (MD) via the wireless communication network, the command configured to request MD log data generated by the MD, the MD log data based, at least in part, on an application;', 'in response to the command, receive the MD log data from the MD;', 'receive network log data from a log of historical data of traffic on the wireless communication network, the network log data being associated with the application and the traffic, the traffic having been sent and/or received to/from one or more destinations on an Internet;, 'instructions stored in the non-transitory storage medium, the instructions being executable by the one or more processors togenerate combined log data by combining the MD log data and the network log data;identify at least one matching pattern in the combined log data, based, at least in part, on the MD log data and the network log data in the combined log data;determine a classification of the application based, at least in part, on the at least one matching pattern in the combined log data; andenforce one or more network policies based, at least in part, on the classification of the application.2. The wireless communication network of claim 1 , wherein the instructions are further executable by the one or more processors to:receive application information about the application ...

METHOD AND DEVICE FOR MONITORING NETWORK DATA

Provided in the embodiments of the present application are a method and device for monitoring network data. The method comprises: a NWDAF determines a terminal UE to be monitored that requires network data analysis and the type of data analysis for the UE to be monitored; the NWDAF determines a provider network function network element and a monitoring event which correspond to the UE to be monitored according to the type of data analysis for the UE to be monitored, the provider network function network element being used to provide source data for the UE to be monitored which is related to the data analysis type, and the monitoring event being used to indicate to the provider network function network element to monitor the source data; and the NWDAF sends the monitoring event to the provider network function network element. 1. A method for monitoring network data , comprising:determining, by a network data analytics function (NWDAF), a user equipment (UE) to be monitored for which network data analytics is required, and a type of data analytics for the UE to be monitored;determining, by the NWDAF, a network function and a monitoring event for the UE according to the type of data analytics, wherein the network function provides data, corresponding to the type of data analytics, of the UE to be monitored, and the monitoring event indicates the network function to monitor the source data; andtransmitting, by the NWDAF, the monitoring event to the network function.2. The method according to claim 1 , wherein after transmitting claim 1 , by the NWDAF claim 1 , the monitoring event to the network function claim 1 , the method further comprises:receiving, by the NWDAF, the data, reported by the network function according to the monitoring event and corresponding to the type of data analytics, of the UE to be monitored; andanalyzing, by the NWDAF, the received data to generate a result of data analytics, conforming to the type of data analytics, for the UE to be monitored ...

DEEP PATH ANALYSIS OF APPLICATION DELIVERY OVER A NETWORK

Techniques for deep path analysis of application delivery over a network are disclosed. In some embodiments, deep path analysis of application delivery over a network includes monitoring a network path between an agent and a destination; determining the network path between the agent and the destination; and generating a graphical visualization of the network path. 1. (canceled)2. A system , comprising: monitor a network path between an agent and a destination;', send a plurality of probes from the agent to the destination with increasing Time To Live (TTL) limited TCP SYN packets, wherein a TCP SYN ACK packet from the destination is used as a reference if an ICMP TTL Exceeded message is not received from an intermediate node or a final node, and the final node corresponds to the destination; and', 'determine one or more network metrics; and', 'characterize one or more nodes along the network path including one or more intermediate nodes, wherein characterize the one or more nodes along the network path further includes], 'determine the network path between the agent and the destination, wherein the agent performs one or more active measurements to determine the network path and to measure transit delays of packets from the agent to the destination across an Internet Protocol (IP) network using TCP SYN packets, wherein the network path includes a data path between the agent and the destination, and wherein the agent performs one or more active measurements to determine the network path and to measure transit delays of packets from the agent to the destination across the IP network using TCP SYN packets further includes, 'generate a graphical visualization of the network path to facilitate deep path analysis of application delivery over the IP network, wherein the graphical visualization of the network path includes each node in an expandable topology of a hop-by-hop view of the network path between the agent and the destination, wherein each of the one or more ...

TRANSMISSION DEVICE AND TRAFFIC AMOUNT MEASUREMENT METHOD

A transmission device includes: one or more processors; and a memory configured to store a program which is executed by the one or more processors, wherein the one or more processors is configured to: measure a communication traffic amount on a line; calculate a degree of change in the communication traffic amount; compare the degree of change in the communication traffic amount with a threshold; and measure, in accordance with a comparison result, the communication traffic amount on the line in accordance with one of a first measurement cycle and a second measurement cycle that is shorter than the first measurement cycle. 1. A transmission device comprising:one or more processors; anda memory configured to store a program which is executed by the one or more processors,wherein the one or more processors is configured to:measure a communication traffic amount on a line;calculate a degree of change in the communication traffic amount;compare the degree of change in the communication traffic amount with a threshold; andmeasure, in accordance with a comparison result, the communication traffic amount on the line in accordance with one of a first measurement cycle and a second measurement cycle that is shorter than the first measurement cycle.2. The transmission device according to claim 1 ,wherein when the degree of change exceeds the threshold, the one or more processors measure the communication traffic amount in accordance with the second measurement cycle.3. The transmission device according to claim 1 ,wherein the one or more processors identify a changing direction of the degree of change in the communication traffic amount as an increasing direction or a decreasing direction.4. The transmission device according to claim 1 ,wherein the one or more processors:measure the communication amount in accordance with the second measurement cycle when a changing direction of the degree of change in the communication traffic amount is identified as an increasing direction ...

DISTRIBUTED PLATFORM TEST NETWORK

A test network is provided to test updates to configurations and resources of a distributed platform and to warm servers prior to their deployment in the distributed platform. The test network tests and warms using real-time production traffic of the distributed platform in a manner that does not impact users or performance of the distributed platform. At least one distributed platform caching server passes content requests that it receives to the test network using a connectionless protocol. The test network includes a test server that is loaded with any of a configuration or resource under test or whose cache is to be loaded prior to the server's deployment into the distributed platform. The test network also includes a replay server that receives the requests from the caching server, distributes the requests to the test server, and monitors the test server responses. 1. A system comprising:a plurality of points-of-presence (PoPs) and a test network;at least one PoP of the plurality of PoPs comprising a plurality of caching servers operating to respond to content requests from a plurality of users by caching and serving requested content to the plurality of users and with a particular caching server of the plurality of caching servers passing content requests that the particular caching server receives to the test network using a connectionless protocol; andthe test network comprising a replay server and a test server, wherein the test server is configured with any one of a configuration and resource under test, and wherein the replay server tests performance of any of the configuration and resource by receiving the content requests from the particular caching server, distributing a particular content request from said content requests to the test server, and monitoring the test server response to the particular content request.2. The system of claim 1 , wherein the test server is configured with a routing table mapping an address of a user originating the ...

IDENTIFYING SERVICES PROVIDED OVER SECURED CONNECTIONS USING DNS CACHING

A method for communication includes intercepting Domain Name System (DNS) messages that are sent in a communication network in preparation for setting up respective communication sessions that provide respective services associated with respective service types. DNS information that is indicative of the respective service types is extracted from the intercepted DNS messages, and the extracted DNS information is cached. A service type associated with a given communication session is identified using the cached DNS information, and a traffic policy is applied to the given communication session depending on the identified service type. 1. A method for communication , comprising:intercepting Domain Name System (DNS) messages that are sent in a communication network in preparation for setting up respective communication sessions that provide respective services associated with respective service types;extracting from the intercepted DNS messages DNS information that is indicative of the respective service types, and caching the extracted DNS information; andidentifying a service type associated with a given communication session using the cached DNS information, and applying a traffic policy to the given communication session depending on the identified service type.2. The method according to claim 1 , wherein the given communication session delivers a respective service over a secured connection.3. The method according to claim 1 , wherein extracting the DNS information comprises extracting from the DNS messages Uniform Resource Identifiers (URIs) identifying hosts in the communication network to which users attempt to connect claim 1 , and respective IP addresses of the hosts claim 1 , and mapping the extracted URIs to one or more predefined service types claim 1 , and wherein caching the DNS information comprises caching the extracted IP addresses and the one or more service types in association with one another.4. The method according to claim 3 , wherein identifying ...

METHOD, DEVICE, AND SYSTEM FOR PERFORMING BALANCE ADJUSTMENT ON EGRESS TRAFFIC OF SDN BASED IDC NETWORK

A method, a device, and a system for performing balance adjustment on egress traffic of an SDN-based IDC network are disclosed, to resolve a technical problem that balance adjustment cannot be performed on egress traffic of an IDC network. The method includes: sending group information of at least one AS group to an SDN controller, where the group information is used by the SDN controller to generate an AS filtering policy and deliver the AS filtering policy to a DPE; obtaining AS traffic information that is obtained by the DPE through statistics collection according to the AS filtering policy; generating a traffic adjustment policy according to the AS traffic information, where the traffic adjustment policy is used to instruct to adjust traffic of a destination AS group to a destination egress link; and sending the traffic adjustment policy to the SDN controller. 1. A method for performing balance adjustment on egress traffic of a software-defined networking (SDN)-based Internet data center (IDC) network , wherein the IDC network comprises: a data center provider edge (DPE) , a traffic analysis device and an SDN controller that are connected to the DPE , a policy management device connected to the traffic analysis device and the SDN controller , wherein the DPE is connected to multiple core network provider edges (CPEs) in a public network by using multiple egress links , the method comprising:sending, by the policy management device, group information of at least one autonomous system (AS) group to the SDN controller for generating an AS filtering policy for delivery to the DPE, wherein each AS group in the at least one AS group comprises one or more ASs;obtaining, by using the traffic analysis device, AS traffic information that is obtained by the DPE through statistics collection according to the AS filtering policy, wherein the AS traffic information comprises: information about traffic of an AS group that flows through the multiple egress links from the DPE to ...

SIGNALLING CONGESTION

Methods and apparatus are disclosed for signalling congestion being caused by data items such as packets, received at a network element such as a router, in a communications network such as the Internet, or being caused by items otherwise requiring service or capacity from a shared resource. Preferred embodiments of the method involve identifying whether or not received data items received at a network element are capable of carrying congestion indications such as ECN marks, and for those that are capable, assigning congestion indications to the data items in dependence on a queue length characterisation based on a substantially current, instantaneous measurement of the length of the queue, whereas for those that are not capable, a sanction such as dropping may be applied in dependence on a different queue length characterisation based on a weighted moving average of current, recent, and less recent measurements of the length of the queue. 1) A method of signalling congestion being caused by data items received at a network element in a communications network , the network element having a queue having a length , the method comprising steps of:identifying, in respect of each of a plurality of received data items, whether or not said data item is capable of carrying a congestion indication;determining a first queue length characterisation, said first queue length characterisation being determined according to a first function such as to depend on measurements inferring the length of the queue at a plurality of different times;determining a second queue length characterisation, said second queue length characterisation being determined according to a second function such as to depend on a current or recent measurement inferring the length of the queue, the most recent queue length being more strongly weighted in said second function than it is in said first function;applying a sanction in respect of data items identified as not being capable of carrying congestion ...

MACHINE LEARNING BASED END TO END SYSTEM FOR TCP OPTIMIZATION

Bypass network traffic records are generated for a web application. Sufficient statistics of network optimization parameters are calculated for network performance categories. The bypass network traffic records are partitioned for the network performance categories into network traffic buckets. Sufficient statistics and the network traffic buckets are used to generate network quality mappings. The network quality mappings are used as training instances to train a machine learner for generating network optimization policies to be implemented by user devices. 1. A computer-implemented method , comprising:receiving, by one or more computing devices, a plurality of bypass network traffic records for a web application that communicates with user devices from a plurality of different access networks in a time window, wherein the plurality of bypass network traffic records is generated from user traffic data devoid of information about network access technologies used by the user devices to access the web application;wherein the plurality of bypass network traffic records is clustered into a plurality of network performance categories, wherein each network performance category in the plurality of network performance categories comprises a respective subset of bypass network traffic records in the plurality of bypass network traffic records;calculating, by the one or more computing devices, a plurality of sets of sufficient statistics of one or more network optimization parameters for the plurality of network performance categories, wherein each set of sufficient statistics of the one or more network optimization parameters is calculated for a corresponding network performance category based on its respective subset of bypass network traffic records;partitioning, by the one or more computing devices, the respective subset of bypass network traffic records for the corresponding network performance category into one or more network traffic buckets, thereby generating a ...

HIGHLY-SCALABLE, SOFTWARE-DEFINED, IN-NETWORK MULTICASTING OF LOAD STATISTICS DATA

In an embodiment, a computer-implemented method for highly-scalable, in-network multicasting of statistics data is disclosed. In an embodiment, a method comprises: receiving, from an underlay controller, a match-and-action table that is indexed using one or more multicast (“MC”) group identifiers and includes one or more special MC headers; detecting a packet carrying statistics data; determining whether the packet includes an MC group identifier; in response to determining that the packet includes the MC group identifier: using the MC group identifier, retrieving a special MC header, of the one or more special MC headers, from the match-and-action table; generating an encapsulated packet by encapsulating the packet with the special MC header; and providing the encapsulated packet to an interface controller for transmitting the encapsulated packet to one or more physical switches. 1receiving, from an underlay controller, a match-and-action table that is indexed using one or more multicast (“MC”) group identifiers and includes one or more special MC headers;detecting a packet carrying statistics data;determining whether the packet includes an MC group identifier;wherein the MC group identifier identifies an MC group that includes one or more recipients of the statistics data; using the MC group identifier, retrieving a special MC header, of the one or more special MC headers, from the match-and-action table;', 'generating an encapsulated packet by encapsulating the packet with the special MC header; and', 'providing the encapsulated packet to an interface controller for transmitting the encapsulated packet to one or more physical switches., 'in response to determining that the packet includes the MC group identifier. A computer-implemented method for highly-scalable, in-network multicasting of load statistics data, the method comprising: This application is a continuation of U.S. patent application Ser. No. 16/432,477, filed Jun. 5, 2019, entitled “Highly-Scalable, ...

Systems and Methods for Determining a Network Path Trace

In one embodiment, a method includes receiving, by a network orchestrator, trace parameters from a user device. The method also includes determining, by the network orchestrator, to initiate a network path trace for the application, generating, by the network orchestrator, a filter policy for the network path trace using the trace parameters, and allocating, by the network orchestrator, a trace identification to the network path trace. The method also includes initiating, by the network orchestrator, the network path trace within a network by communicating the filter policy and the trace identification to a first node of the network and receiving, by the network orchestrator, network path trace data from a plurality of nodes of the network. The method further includes generating, by the network orchestrator, a trace report for the application using the network path trace data. 1. A network orchestrator , comprising:one or more processors; and receiving trace parameters from a user device, wherein the trace parameters are associated with an application;', 'determining to initiate a network path trace for the application;', 'generating a filter policy for the network path trace using the trace parameters;', 'allocating a trace identification to the network path trace;', 'initiating the network path trace within a network by communicating the filter policy and the trace identification to a first node of the network;', 'receiving network path trace data from a plurality of nodes of the network, wherein the plurality of nodes of the network comprises the first node; and', 'generating a trace report for the application using the network path trace data., 'one or more computer-readable non-transitory storage media coupled to the one or more processors and comprising instructions that, when executed by the one or more processors, cause the network orchestrator to perform operations comprising2. The network orchestrator of claim 1 , wherein the trace report comprises a bi- ...

System and method for processing digital traffic metrics

A computer-implemented method is disclosed for processing metrics via a controller. The controller comprises a processor and a memory storing program instructions which when executed by the processor causes implementation of the steps of generating or receiving metrics characterising digital traffic and/or related user behaviour from one or more sources and generating or receiving a tabular dataset associated with the metrics, wherein the dataset comprises rows of metrics and dimensions in which each row represents a subset of a metric grouping characterised by a combination of dimensions. The processor further implements the steps of receiving one or more partition identifiers representing a data structure of dataset partitions, assigning one or more metric groupings to one or more partition identifiers and analysing the dataset according to partition identifiers.

SYSTEMS AND METHODS FOR PREVENTING DENIAL OF SERVICE ATTACKS UTILIZING A PROXY SERVER

Aspects of the present disclosure involve systems, methods, computer program products, and the like, for utilizing an access log of a proxy server device of a content delivery network (CDN) to detect and mitigate a denial of service (DOS) on a web or content server hosted by the CDN. Through an analysis of the content requests received at the proxy server listed in the access logs, one or more IP addresses may be identified as involved in a potential DOS attack or other suspicious behavior. Once identified, the suspicious activities of the one or more IP addresses may be tracked and aggregated over a particular period of time, with each detected suspicious request to the content server being counted. The count of suspicious requests to the content server may then be compared to one or more threshold values and a remediation action may occur when the thresholds are met or exceeded. 1. A method for managing a content delivery network (CDN) , the method comprising:obtaining an access log of a proxy server in communication with an associated content server of the CDN, the access log comprising uniform resource locator (URL) requests for content intended for the associated content server;scanning the access log to detect a plurality of entries in the access log indicating the proxy server receiving a first URL request of a group of related URL requests from a particular Internet Protocol (IP) address associated with a requesting device, the receiving of the first URL request of the group of related URL requests from the particular IP address occurring within a first timeframe;comparing the plurality of entries in the access log indicating the proxy server receiving the first URL request of the group of related URL requests from the particular IP address associated with a requesting device to a first threshold value; andstoring the particular IP address in a listing of potential sources of denial of service (DOS) attacks on the associated content server when the plurality ...

SECURELY MANAGING NETWORK CONNECTIONS

The disclosure relates generally to methods, systems, and apparatuses for managing network connections. A system for managing network connections includes a storage component, a decoding component, a rule manager component, and a notification component. The storage component is configured to store a list of expected connections for a plurality of networked machines, wherein each connection in the list of expected connections defines a start point and an end point for the connection. The decoding component is configured to decode messages from the plurality of networked machines indicating one or more connections for a corresponding machine. The rule manager component is configured to identify an unexpected presence or absence of a connection on at least one of the plurality of network machines based on the list of expected connections. The notification component is configured to provide a notification or indication of the unexpected presence or absence. 1. A method comprising:storing a first list of connections among a plurality of networked resources;detecting, by one or more processors, one or more differences between the first list of connections and a second list of connections of a first networked resource of the plurality of networked resources; andupdating, by the one or more processors, the second list of connections based on the one or more differences to align the second list of connections with the first list of connections.2. The method of claim 1 , wherein the first list of connections comprises a list of desired connections among the plurality of networked resources.3. The method of claim 2 , wherein each desired connection in the list of desired connections defines two network resources between which the desired connection exists.4. The method of claim 1 , wherein the second list of connections indicates existing connections between the first networked resource and the plurality of networked resources.5. The method of claim 1 , wherein updating the ...

SYSTEMS AND METHODS FOR OPTIMIZATION OF TRANSMISSION OF REAL-TIME DATA VIA NETWORK LABELING

The present invention relates to systems and methods for network labeling in order to enhance real time data transfers. A network for a real time data transfer is identified and predictive models for network performance are compared against to determine if the network is suitable for the data transfer. If so, then the real time data transfer may be completed as expected. However, if the network is predicted to be unsuitable for transmission an alternate means for connection may be suggested. The alternate suggestion may include delaying the data transfer until the network is expected to be in better conditions, connecting to another access point in the network, or switching to another network entirely. During the data transfer, the quality of the network is monitored in order to update the predictive models for the network's quality. Identifiers for the network may be utilized to keep track of the networks. Network signal strength, signal pollution and time may also be tracked in order to identify patterns in the network's performance. 1) A computerized network routing method comprising:determining a plurality of edge servers in a network based upon geographical similarity and commonality of ISP addresses;selecting an edge server from the plurality of edge servers by sending test packets to the plurality of edge servers and monitoring a response;determining a plurality of regional servers based upon geographical proximity;selecting a regional server from the plurality of regional servers based upon relative data traffic load;optimizing packet size and encoding for data over the selected edge server and regional server;initiating real time data transfer using the selected edge server and regional server using the optimized data packet size and encoding;renegotiating an updated data packet size and encoding based upon a change in conditions of the selected edge server and regional server.2) The method of claim 1 , wherein the monitoring the response determines packet ...

APPARATUS AND METHOD FOR MONITORING A WIRELESS NETWORK

There is provided an apparatus and method to enable passive, real-time monitoring of an existing wireless network. It classifies and identifies threats and/or devices that are communicating using the infrastructure and data traffic patterns of the participating devices. The monitoring information is provided in a manner so as to provide appropriate insights for technical support and home users. 1. An apparatus for monitoring a wireless network , the apparatus including at least one data processor configured to:receive, from at least one user device, data from the at least one user device;extract, from the received data, information from a frame header;prune, from the received data, unnecessary features;group, from the received data, basic features based on MAC addresses;determine, from the received data, processed features based on block size; andidentify, from the received data, unusual data traffic patterns.2. The apparatus of claim 1 , the apparatus including at least one data processor further configured to:carry out model training for predictive purposes;store frame information to enable mining of the information; andpresent a visual representation of data traffic in the wireless network.3. The apparatus of claim 1 , wherein the data is receivable via multiple transmission protocols.4. The apparatus of claim 1 , wherein the extracted information is at least one parameter selected from a group consisting of: source and destination addresses claim 1 , frame type and sub-type claim 1 , and SSIDs present.5. The apparatus of claim 1 , wherein pruning of unnecessary features aids in classification of the extracted information claim 1 , the pruning being carried out using statistical analysis.6. The apparatus of claim 2 , wherein the model training is carried out by taking two inputs—a set of signatures from the feature pruner and the set of MAC addresses to device types mapping from device annotator.7. The apparatus of claim 2 , wherein the visual representation is ...

Automatic Traffic Classification of Web Applications and Services Based on Dynamic Analysis

An approach is provided that automatically classify network traffic of web applications and services based on a dynamic analysis. The approach scans a resource that corresponds to a named network application and receives, as a result of the scan, network resource identifiers that are accessed by the named network application. Network traffic between users and network resources is monitored, with the monitoring resulting in a set of visited network resource identifiers. The set of resource identifiers is found by matching the visited network resource identifiers with the network resource identifiers returned by the scan. Each of the set of resource identifiers is then matched with the named application.

Multizone migration services

Embodiments of the disclosure provide systems and methods for migrating cloud-based content between storage locations while maintaining availability of the content being migrated. Embodiments described herein allow data undergoing migration, even data that is inflight, to be accessed, edited, copied, moved, and/or deleted without downtime, blackout periods, or other restrictions.

HOST-BASED FLOW AGGREGATION

Some embodiments provide a novel method for collecting and reporting attributes of data flows associated with machines executing on a plurality of host computers to an analysis appliance. Each host computer, in some embodiments, is responsible for collecting and reporting attributes of data flows associated with machines executing on a host computer. In some embodiments, the host computer includes a flow exporter that processes and publishes flow data to the analysis appliance, a set of agents for collecting context data relating to the flows from machines executing on the host, a set of additional modules that provide additional context data, an anomaly detection engine that analyzes flow data and context data and provides additional context data, and a context exporter for processing and publishing context data to the analysis appliance. 1. A method for collecting and reporting attributes of data flows associated with machines executing on a host computer , the method comprising:aggregating statistics for individual flows identified during each of a plurality of time periods;for each time period, identifying a plurality of groups of flows with each group comprising one or more individual flows;for each identified group, identifying a set of attributes by aggregating one or more subsets of attributes of one or more individual flows in the group, the subset of attributes of each individual flow in each group comprising the aggregated statistics of the individual flow; andafter the plurality of time periods, providing the set of attributes for each group identified in the plurality of time periods to a server for further analysis of the data flows identified.2. The method of claim 1 , wherein the identified set of attributes are contextual attributes for layers other than layers 2-4 of the open systems interconnection (OSI) model.3. The method of claim 1 , wherein the identified set of attributes are contextual attributes for layers other than layers 2-7 of the open ...

METHOD AND NETWORK DEVICE FOR OVERLAY TUNNEL TERMINATION AND MIRRORING SPANNING DATACENTERS

A method and network device for overlay tunnel termination and mirroring spanning datacenters. Specifically, the method and network device disclosed herein entail the traversal of mirrored network traffic from datacenters lacking traffic analysis tools to other datacenters including the sought after traffic analysis tools. Further, the aforementioned traversal of mirrored network traffic may utilize virtual network layer overlay domain tunnels. 1. A method for processing network traffic , comprising:receiving a first original packet originating from a source host;examining the first original packet to obtain first monitoring pertinent information;obtaining, based on the first monitoring pertinent information, a first tool-reachable network address and a tunnel compatibility;encapsulating, based on the first tool-reachable network address and the tunnel compatibility, the first original packet into a tunnel packet; andtransmitting the tunnel packet to a local service device.2. The method of claim 1 , wherein the first original packet comprises header information claim 1 , and wherein the first monitoring pertinent information comprises at least a portion of the header information.3. The method of claim 1 , wherein obtaining the first tool-reachable network address and the tunnel compatibility claim 1 , comprises:performing a first lookup on a tool assignment table using the first monitoring pertinent information to identify a tool identifier; andperforming a second lookup on a tool information table using the tool identifier to obtain the first tool-reachable network address and the tunnel compatibility.4. The method of claim 1 , wherein the first tool-reachable network address is a loopback Internet Protocol (IP) address associated with a logical network interface configured through a physical network interface of a remote network device.5. The method of claim 4 , wherein the tunnel compatibility reflects a compatible state claim 4 , wherein the tunnel packet ...

SYSTEM AND METHOD FOR CONTROL AND/OR ANALYTICS OF AN INDUSTRIAL PROCESS

In a system and a method for control and/or analytics of an industrial process and especially a system and a method for the prioritization of the data transmission of process data from plant-side automation and processing units to remote processing units external to the plant, the system has an the plant side at least one automation or processing unit, which carries out first process variable computations and acts on the process. On the side external to the plant, the system has a remote processing unit that carries out a number of second process variable computations and that receives local data from the at least one automation or processor unit via a data connection and at least one data collector unit. The data collector unit prioritizes the data transfer via the data connection between the at least one automation or processor unit and the processing unit external to the plant. 1. A system for remotely controlling and/or analyzing an industrial process in a plant , comprising:at least one plant-side automation or processing unit disposed in the plant and acting on the industrial process, the plant side unit being capable of carrying out first process variable computations;a remote processing unit disposed outside the plant the remote unit capable of carrying out second process variable computations, the remote unit receiving local data from the at least one plant-side unit via a data link; andat least one data collector unit disposed in the plant, the data collector unit prioritizes data transfer via the data link between the at least one plant-side unit and the remote unit.2. The system of claim 1 , wherein the data collector unit comprises a data buffer for buffering the local data.3. The system of claim 1 , wherein the data collector unit comprises an element for pre-processing the local data.4. The system of claim 1 , wherein the data collector unit comprises a priority dispatcher and priority memory claim 1 , wherein the priority dispatcher assigns the local ...

DOCUMENT PERFORMANCE INDICATORS BASED ON REFERRAL CONTEXT

A computer-implemented method for providing performance indicators of destination documents includes identifying a referral document to a destination document, where the referral document comprising a source of at least one visitor to the destination document. The method also includes extracting referral keywords from content of the referral document, the referral keywords corresponding to a referral context of the referral document. The method further includes determining a degree of correlation between the referral document and the destination document based on a comparison between the referral keywords and destination keywords, the destination keywords corresponding to destination context of the destination document. Additionally, the method includes providing one or more performance indicators to a user based on the correlation between the referral document and the destination document, where the one or more performance indicators correspond to a performance metric that quantifies interactions between visitors and the destination document. 1. A computer-implemented method for providing performance indicators of destination documents , the method comprising:identifying a referral document to a destination document, the referral document comprising a source of at least one visitor to the destination document;extracting referral keywords from content of the referral document, the referral keywords corresponding to a referral context of the referral document;determining a degree of correlation between the referral document and the destination document based on a comparison between the referral keywords and destination keywords, the destination keywords corresponding to destination context of the destination document; andproviding one or more performance indicators to a user based on the correlation between the referral document and the destination document, wherein the one or more performance indicators correspond to a performance metric that quantifies interactions ...