Patent application number | Description | Published |
20090070453 | Method and Apparatus for Limiting Reuse of Domain Name System Response Information - A method of limiting reuse of domain name information includes the steps of requesting the information by a local domain name server from an authoritative domain name server, and providing this information to a requestor, such as a client or server. The domain name information includes an allowable usage limit that represents a maximum number of times that the information can be provided to the requestor before revalidating the information. A system for limiting reuse of domain name information includes an authoritative domain name server, a local domain name server, and a requestor. The authoritative server provides the information, which includes the allowable usage limit, in response to a request by the local server. The request from the local server may include the number of times that the local server provided the information to one or more requestors as an observed usage. | 03-12-2009 |
20090106417 | Method and apparatus for packet analysis in a network - A method and system for monitoring traffic in a data communication network and for extracting useful statistics and information is disclosed. | 04-23-2009 |
20090113016 | Managing email servers by prioritizing emails - Disclosed are email server management methods and systems that protect the ability of the infrastructure of the email server to process legitimate emails in the presence of large spam volumes. During a period of server overload, priority classes of emails are identified, and emails are processed according to priority. In a typical embodiment, the server sends emails sequentially in a queue, and the queue has a limited capacity. When the server nears or reaches that capacity, the emails in the queue are analyzed to identify priority emails, and the priority emails are moved to the head of the queue. | 04-30-2009 |
20090113057 | Proximity Routing For Session Based Applications Using Anycast - Certain exemplary embodiments can comprise a method, which can comprise automatically providing content to an information device from a content distribution node of a plurality of content distribution nodes. The information device can be adapted to send a request for the content from the first content distribution node utilizing an Internet Protocol (IP) address of the content distribution node. | 04-30-2009 |
20090171890 | Efficient predicate prefilter for high speed data analysis - A method and system are disclosed for operating a high speed data stream management system which runs a query plan including a set of queries on a data feed in the form of a stream of tuples. A predicate prefilter is placed outside the query plan upstream of the set of queries, and includes predicates selected from those used by the queries. Predicates are selected for inclusion in the prefilter based on a cost heuristic, and predicates are combined into composites using a rectangle mapping heuristic. The prefilter evaluates the presence of individual and composite predicates in the tuples and returns a bit vector for each tuple with bits representing the presence or absence of predicates in the tuple. A bit signature is assigned to each query to represent the predicates related to that query, and a query is invoked when the tuple bit vector and the query bit signature are compatible. | 07-02-2009 |
20090187584 | Query-aware sampling of data streams - A system, method and computer-readable medium provide for assigning sampling methods to each input stream for arbitrary query sets in a data stream management system. The method embodiment comprises splitting all query nodes in a query directed acyclic graph (DAG) having multiple parent nodes into sets of independent nodes having a single parent, computing a grouping set for every node in each set of independent nodes, reconciling each parent node with each child node in each set of independent node, reconciling between multiple child nodes that share a parent node and generating a final grouping set for at least one node describing how to sample an input stream for that node. | 07-23-2009 |
20090198569 | METHOD AND APPARATUS FOR PRESENTING ADVERTISEMENTS - A system that incorporates teachings of the present disclosure may include, for example, a controller to determine a behavioral profile of an end user from packet traffic generated by activities of the end user, and share the behavioral profile with a network element for distributing targeted advertisements to the end user according to the behavioral profile. Additional embodiments are disclosed. | 08-06-2009 |
20090254638 | Topology Aware Content Delivery Network - A method of assigning a server to a client system includes determining an ingress point of the client system and identifying possible egress points for the client system. The method further includes selecting the server from a plurality of servers to reduce network cost and delivery time. | 10-08-2009 |
20090285117 | ESTIMATING ORIGIN-DESTINATION FLOW ENTROPY - The preferred embodiments of the present invention are directed to estimating entropy of origin-destination (OD) data flows in a network. To achieve this, first and second sketches are created corresponding to ingress (i.e. origin) and egress (i.e. destination) flows. The sketches allow estimating entropy associated with data streams as well as entropy associated with an intersection of two or more of the data streams, which provides a mechanism for estimating the entropy OD flows in a network. | 11-19-2009 |
20090300768 | Method and apparatus for identifying phishing websites in network traffic using generated regular expressions - According to an aspect of this invention, a method to detect phishing URLs involves: creating a whitelist of URLs using a first regular expression; creating a blacklist of URLs using a second regular expression; comparing a URL to the whitelist; and if the URL is not on the whitelist, comparing the URL to the blacklist. False negatives and positives may be avoided by classifying Internet domain names for the target organization as “legitimate”. This classification leaves a filtered set of URLs with unknown domain names which may be more closely examined to detect a potential phishing URL. Valid domain names may be classified without end-user participation. | 12-03-2009 |
20090316590 | Sampling and Analyzing Packets in a Network - The preferred embodiments of the present invention can include sampling packets transmitted over a network based on the content of the packets. If a packet is sampled, the sampling unit can add one or more fields to the sampled packet that can include a field for a number of bytes contained in the packet, a packet count, a flow count, a sampling type, and the like. The sampled packets can be analyzed to discern desired information from the packets. The additional fields that are added to the sampled packets can be used during the analysis. | 12-24-2009 |
20100020687 | Proactive Surge Protection - A system for protecting a network from a traffic surge includes a data collection module, an allocation module, and a traffic flow module. The data collection module is configured to obtain network utilization information for a plurality of traffic flows. The allocation module is configured to determine an optimal bandwidth allocation for each of the plurality of traffic flows. The traffic flow module is configured to preferentially drop network packets for a traffic flow exceeding the optimal bandwidth allocation. | 01-28-2010 |
20100020688 | Systems and Methods for Proactive Surge Protection - A system for protecting a network from a traffic surge includes a data collection module, an allocation module, and a traffic flow module. The data collection module is configured to obtain network utilization information for a plurality of traffic flows. The allocation module is configured to determine a bandwidth allocation to minimize a drop probability for the plurality of traffic flows. The traffic flow module is configured to preferentially drop network packets for a traffic flow exceeding the optimal bandwidth allocation. | 01-28-2010 |
20100030741 | METHOD AND APPARATUS FOR PERFORMING QUERY AWARE PARTITIONING - A method and system for providing query aware partitioning are disclosed. For example, the method receives a query plan comprising a plurality of queries, and classifies each one of the plurality of queries. The method computes an optimal partition set for each one of the plurality of queries, and reconciles the optimal partition set of each one of the plurality of queries with at least one subset of queries of the plurality of queries. The method selects at least one reconciled optimal partition set to be used by each query of the plurality of queries, and stores the selected at least one reconciled optimal partition set in a computer readable medium. | 02-04-2010 |
20100042387 | SYSTEM AND METHOD FOR USER BEHAVIOR MODELING - Disclosed herein are systems, methods, and computer readable-media for contextual adaptive advertising. The method for contextual adaptive advertising comprises tracking user behavior across multiple modalities or devices, storing one or more representations of user behavior in a log as descriptors, normalizing the descriptors, merging the normalized descriptors into a unified click or interactive stream, and generating a behavioral model by analyzing the click or interactive stream. | 02-18-2010 |
20100064131 | METHOD AND APPARATUS FOR AUTOMATICALLY CONSTRUCTING APPLICATION SIGNATURES - The present invention relates to a method and system for the automated construction of application signatures. In one example, an approach for automatically constructing accurate signatures for individual applications, with minimal human involvement or application domain knowledge, is provided. Given a training data set containing the application traffic, the Automated Construction of Application Signatures (ACAS) system uses a combination of statistical, information theoretic and combinatorial optimization techniques, to derive application-layer signatures from the payload of packets, e.g., IP packets. Evaluations with a range of applications demonstrate that the derived signatures are very accurate and scale to identifying a large number of flows in real time on high-speed links. | 03-11-2010 |
20100085889 | Statistical, Signature-Based Approach to IP Traffic Classification - A signature-based traffic classification method maps traffic into preselected classes of service (CoS). By analyzing a known corpus of data that clearly belongs to identified ones of the preselected classes of service, in a training session the method develops statistics about a chosen set of traffic features. In an analysis session, relative to traffic of the network where QoS treatments are desired (target network), the method obtains statistical information relative to the same chosen set of features for values of one or more predetermined traffic attributes that are associated with connections that are analyzed in the analysis session, yielding a statistical features signature of each of the values of the one ore more attributes. A classification process then establishes a mapping between values of the one or more predetermined traffic attributes and the preselected classes of service, leading to the establishment of QoS treatment rules. | 04-08-2010 |
20100121945 | Hybrid Unicast/Anycast Content Distribution Network System - A method includes receiving a request for an edge cache address, and comparing a requester address to an anycast group. The method can further include providing an anycast edge cache address when the requestor address is in the anycast group. Alternatively, the method can further include determining an optimal cache server, and providing a unicast address of the optimal cache server when the requester address is not in the anycast group. | 05-13-2010 |
20100125643 | Interdomain Network Aware Peer-to-Peer Protocol - A method includes receiving network distance information, receiving a request from a client for an identity of a peer providing content, and identifying a first peer and a second peer providing the content. The network distance information includes a compilation of network distance information provided by a plurality of service providers. The method further includes determining that a network distance between the first peer and the client is less than a network distance between the second peer and the client based on the network distance information, and providing the identity of the first peer to the client. | 05-20-2010 |
20100138543 | Real-time content detection in ISP transmissions - A method and system for detecting the transmission of preidentified content, such as copyrighted material, over an Internet Service Provider (ISP) network. A set of rules is provided to identify one or more traffic flow profiles of data streams transmitting preidentified content. Preferably the rules are adaptively created through analysis of actual ISP data in conjunction with data suggesting an initial set of profile characteristics. The rules are applied to data streams being transmitted in the ISP network, so that data streams fitting one or more of the profiles are identified. A database contains, e.g., as digital signatures or fingerprints, one or more items of content whose transmission is sought to be detected. Data streams identified as matching a profile are analyzed to determine if their content matches an item of content in the database, and if so, an action is taken which may include interrupting the transmission, suspending an ISP account, or reporting the transmission. An ISP with a system performing this method may offer services to content providers, and a plurality of ISPs may jointly use a single database of preidentified content to be compared to each ISP's identified data streams. | 06-03-2010 |
20100138555 | System and Method to Guide Active Participation in Peer-to-Peer Systems with Passive Monitoring Environment - A method includes identifying shared content by inspecting a peer-to-peer traffic flow and identifying source peers providing the shared content, and requesting the shared content from the source peers. The method further includes receiving requests for the shared content from requesting peers, identifying requesting peers based on the requests for the shared content, and providing the shared content to a local subset of the requesting peers. | 06-03-2010 |
20100146100 | Flexible Application Classification - A system includes an information storage module and an inspection module. The information storage module is configured to store a plurality of tags. Each tag is associated with a known set of traffic types of a plurality of known sets of traffic types. The inspection module is configured to compare a traffic flow to a set of traffic types to determine a matching set of traffic types, request a tag from the information storage module, and mark the traffic flow with the tag. The tag corresponds to the matching set of traffic types. | 06-10-2010 |
20100153802 | System and Method for Anycast Transport Optimization - A system includes first, second, and third content servers, and an edge server. The first, second, and third content servers each are configured to cache content. The edge server is in communication with the first, second, and third content servers. The edge server is configured to receive a content request, and to request different portions of the content from each of the first, second, and third content servers based on a network cost of each of the first, second, and third content servers. | 06-17-2010 |
20100161535 | METHOD AND APPARATUS FOR INFERRING THE PRESENCE OF STATIC INTERNET PROTOCOL ADDRESS ALLOCATIONS - A method and apparatus for inferring if an IP address allocation in a remote network is static or dynamic are disclosed. For example, the method contacts at least one remote peer to peer endpoint using a peer to peer application to obtain an IP address of the at least one remote peer to peer endpoint. The method then analyzes characteristics of the at least one remote peer to peer endpoint over a predefined period of time to infer whether the presence of static IP address allocation exists for the at least one remote peer to peer endpoint. | 06-24-2010 |
20100262683 | Network Aware Forward Caching - An Internet service provider includes a cache server and a network aware server. The network aware server is operable to determine an optimization between a cost of retrieving content from a network and a cost of caching content from the network at the first cache server and then send a content identifier to the cache server. The cache server is operable to receive the content identifier, and determine the source of a content item. If the source is the same as the content identifier, then the cache server caches the content item. | 10-14-2010 |
20110004932 | Firewall for tunneled IPv6 traffic - A NAT device and method implemented on the device for filtering tunneled IPv6 traffic is disclosed. The method comprises: receiving an IP traffic stream at an ingress network interface to the NAT, performing deep packet inspection on the traffic stream to detect the tunneled IPv6 packets, and applying a filter to the IPv6 packets. | 01-06-2011 |
20110029596 | Anycast Transport Protocol for Content Distribution Networks - A cache server for providing content includes a processor configured to receive a first datagram from a client system sent to an anycast address, send a response datagram to the client system in response to the first datagram, receive a request datagram from the client system sent to the anycast address, and send a batch of content datagrams to the client system. The first datagram includes a universal resource locator corresponding to the content. The response datagram includes a content identifier for the content. The request datagram includes the content identifier, an offset, and a bandwidth indicator. The batch of content datagrams includes a portion of the content starting at the offset. | 02-03-2011 |
20110030054 | Progressive wiretap - Disclosed is a method and system for identifying a controller of a first computer transmitting a network attack to an attacked computer. To identify an attacker implementing the attack on the attacked computer, the present invention traces the attack back to the controller one hop at a time. The invention examines traces of the attacked computer to identify the first computer. Traffic transmitted to the first computer is redirected through a monitoring complex before being transmitted to the first computer. The controller is then detected from traffic monitoring by the monitoring complex. | 02-03-2011 |
20110035282 | Consumer Sensitive Electronic Billboards - A method and system for advertising on an electronic billboard is capable of adapting over time to advertising criteria associated with actual viewers of the billboard. Mobile device users in a vicinity of the billboard are identified. User profiles indicative of fixed network and/or wireless network usage for the mobile device users are analyzed for pertinent advertising criteria. The predominant advertising criteria may be used to select the billboard content. The content may also be obtained via an auction for the billboard display and/or the advertising criteria. | 02-10-2011 |
20110055316 | Anycast Aware Transport for Content Distribution Networks - A system for providing content includes a plurality of content delivery servers and a routing control module. Each of the content delivery servers is configured to receive a first request from a client system sent to an anycast IP address for the content, and to provide a first portion of the content to the client system. Each of the content delivery servers is further configured to receive a second request from the client system sent to the anycast IP address for a second portion of the content, and to provide the second portion of the content to the client system. The routing control module is configured to modify the routing of the anycast address from a first content delivery server to a second content delivery server. | 03-03-2011 |
20110060818 | Method and Apparatus for Packet Analysis in a Network - A method and system for monitoring traffic in a data communication network and for extracting useful statistics and information is disclosed. | 03-10-2011 |
20110085630 | TCP FLOW CLOCK EXTRACTION - A packet trace is received. The packet trace is transformed into a sequence of pulse signals in a temporal domain. The sequence of pulse signals in the temporal domain is transformed into a sequence of pulse signals in a frequency domain. Peaks are detected within relevant frequency bands in the sequence of pulse signals in the frequency domain. A fundamental frequency is identified within the peaks. The fundamental frequency, which represents the TCP flow clock, is returned. | 04-14-2011 |
20110096662 | Inferring TCP Initial Congestion Window - A packet trace is received. Inter-arrival times between the multiple packets in the packet trace are determined. An inter-arrival time in the inter-arrival times that is greater than a threshold is identified. An order number of the inter-arrival time is identified. A determination is made as to whether a size of each of at least a portion of the multiple packets is equal to a maximum segment size. When a determination is made that the size of each of at least a portion of the multiple packets is equal to the maximum segment size a size of the ICW as a product of the order number and the maximum segment size is returned. | 04-28-2011 |
20110103256 | Detecting Irregular Retransmissions - A packet trace is received. Transmitted bytes and retransmitted bytes are identified in the packet trace. Upon identifying the transmitted bytes and the retransmitted bytes in the packet trace, one or more time-rate pairs are determined from the packet trace. The time-rate pairs are plotted on a rate tracking graph. | 05-05-2011 |
20110134748 | Bulk Data Transport in a Network - A network is configured to utilize available bandwidth to conduct bulk data transfers without substantially affecting the successful transmission of time-sensitive traffic in the network. In order to avoid this interference, the packets carrying data for bulk data transfers are associated with a low priority class such that the routers of the network will preferentially drop these packets over packets associated with the normal traffic of the network. As such, when the normal traffic peaks or there are link failures or equipment failures, the normal traffic is preferentially transmitted over the bulk-transfer traffic and thus the bulk-transfer traffic dynamically adapts to changes in the available bandwidth of the network. Further, to reduce the impact of dropped packets for the bulk-transfer traffic, the packets of the bulk-transfer traffic are encoded at or near the source component using a loss-resistant transport protocol so that the dropped packets can be reproduced at a downstream link. | 06-09-2011 |
20110153719 | Integrated Adaptive Anycast for Content Distribution - A system includes first and second cache servers a domain name server, and a route controller. The cache servers are each configured to respond to an anycast address. Additionally, the first cache server is configured to respond to a first unicast address, and the second cache server is configured to respond to a second unicast address. The router controller configured to determine wither the status of the first cache server is non-overloaded, overloaded, or offline. The route controller is further configured to instruct the domain name server to provide the second unicast address when the status is overloaded or offline, and modify routing of the anycast address to direct a content request sent to the anycast address to the second cache server when the status is offline. The domain name server is configured to receive a request from a requestor for a cache server address. Additionally, the domain name server is configured to provide an anycast address to the requestor when the status of the first cache server is non-overloaded, and provide the second unicast address to the requestor when the status of the first cache server is offline or overloaded. | 06-23-2011 |
20110153941 | Multi-Autonomous System Anycast Content Delivery Network - A content delivery network includes first and second sets of cache servers, a domain name server, and an anycast island controller. The first set of cache servers is hosted by a first autonomous system and the second set of cache servers is hosted by a second autonomous system. The cache servers are configured to respond to an anycast address for the content delivery network, to receive a request for content from a client system, and provide the content to the client system. The first and second autonomous systems are configured to balance the load across the first and second sets of cache servers, respectively. The domain name server is configured to receive a request from a requestor for a cache server address, and provide the anycast address to the requestor in response to the request. The anycast island controller is configured to receive load information from each of the cache servers, determine an amount of requests to transfer from the first autonomous system to the second autonomous system; send an instruction to the first autonomous system to transfer the amount of requests to the second autonomous system. | 06-23-2011 |
20110161313 | METHOD AND APPARATUS FOR AUTOMATED END TO END CONTENT TRACKING IN PEER TO PEER ENVIRONMENTS - A method, computer readable medium and system for automatically tracking content in a peer-to-peer environment are disclosed. For example, the method monitors a number of times each content title of a plurality of content titles are downloaded in the peer-to-peer environment, adds one or more content titles of the plurality of content titles that are downloaded above a predetermined threshold to a list, downloads each one of the one or more content titles in the list via the peer-to-peer environment and verifies that each one of the one or more content titles that are downloaded matches at least one content title in the list. | 06-30-2011 |
20110214177 | System and Method for Avoiding and Mitigating a DDoS Attack - Described is a system and method for receiving a data packet including a destination address and a source address, the data packet corresponding to a port number, assigning an address risk value for the data packet based on the source address and a port risk value for the data packet based on the port number. The data packet is categorized into a community based on the source address, wherein the community is predefined by a user corresponding to the destination address, the community includes a utility value. The address risk value and the port risk value are compared to the utility value to yield a benefit coefficient and the data packet is treated based on the benefit coefficient. | 09-01-2011 |
20110231475 | Internet Protocol Version 6 Content Routing - A content delivery system includes a cache server, a domain name server, and a redirector. The domain name server is configured to receive a request for a cache server address, and provide an IPv6 anycast address. The redirector is configured to receive a content request addressed to the IPv6 anycast address from a client system, receive load information from the cache server, and determine if the cache server is available. The redirector is further configured to forward the content request to the cache server when the cache server is available. The cache server is configured to receive the content request forwarded from the redirectors, send a response to the content request to a client system, the response including an IPv6 unicast address of the cache server as a source address, an IPv6 unicast address of the client system as a destination address, and the IPv6 anycast address as a home address, and provide the content to the requestor. | 09-22-2011 |
20120057571 | METHOD AND APPARATUS FOR NORMALIZING CELLULAR COMMUNICATIONS NETWORK DATA - A method, computer readable medium and apparatus for normalizing cellular communications network data are disclosed. For example, the method collects a data packet from the cellular communications network, modifies a time stamp of the data packet in accordance with a promotion delay time from the time stamp of the data packet to create a normalized data packet and processes the normalized data packet to optimize state machine configurations. | 03-08-2012 |
20120058773 | METHOD AND APPARATUS FOR PERFORMING A DEMOTION IN A CELLULAR COMMUNICATIONS NETWORK - A method, computer readable medium and apparatus for performing a demotion in a cellular communications network are disclosed. For example, the method receives a packet indicating that a batching transfer is completed, determines if a background packet was received after receiving the packet indicating that the batching transfer is completed and demotes a state of a state machine implemented by a radio network controller to a lower state if the background packet was not received. | 03-08-2012 |
20120060221 | Prioritizing Malicious Website Detection - A computer implemented method includes identifying a universal resource locator and characterizing a traffic pattern associated with the universal resource locator. The traffic pattern can include referrer information, referring information, advertising network relationship information, and any combination thereof. The method can further include classifying the universal resource locator into a risk category based on the traffic pattern. | 03-08-2012 |
20120096140 | Network Aware Forward Caching - A network includes a cache server and a network aware server that operates to determine an optimization between a cost of retrieving content from a communication network and a cost of caching content at the cache server. The optimization is determined as a minimum of a sum of a transit cost, a backbone cost, and a caching cost. The transit cost includes a money cost per data unit. The backbone cost includes a money cost per data unit and time unit. The caching cost includes a money cost per server unit. In response to determining the optimization, the network aware server sends a content identifier to the cache server, and the cache server receives the content identifier, determines a source of a content item, and if the source is the same as the content identifier, then cache the content item. | 04-19-2012 |
20120120812 | METHOD AND APPARATUS FOR INFERRING STATE TRANSITIONS IN A WIRELESS COMMUNICATIONS NETWORK - A method, a computer readable medium and an apparatus for inferring state transitions in a wireless communications network are disclosed. In one embodiment, the method infers a state promotion procedure. In another embodiment, the method infers a state demotion procedure. | 05-17-2012 |
20120122405 | METHOD AND APPARATUS FOR PROVIDING A DYNAMIC INACTIVITY TIMER IN A WIRELESS COMMUNICATIONS NETWORK - A method, a computer readable medium and an apparatus for providing a dynamic inactivity timer are disclosed. For example, the method monitors a timer for a time threshold associated with a burst of a plurality of bursts of packets, and determines if the timer for the time threshold associated with the burst has expired. The method predicts an inter-burst time for the burst, if the timer for the time threshold associated with the burst has expired and sets the dynamic inactivity timer in accordance with the inter-burst time for the burst. | 05-17-2012 |
20120131664 | METHOD AND APPARATUS FOR CONTENT AWARE OPTIMIZED TUNNELING IN A MOBILITY ENVIRONMENT - A method, computer readable medium and apparatus for performing content aware optimized tunneling in a communication network are disclosed. For example, the method authenticates a user endpoint device, establishes a tunnel to the user endpoint device if the user endpoint device is authenticated, analyzes content of a data packet transmitted through the tunnel to determine if the tunnel should be re-directed, and re-directs the tunnel to a gateway general packet radio services support node light based upon the content of the data packet. | 05-24-2012 |
20120147758 | SYSTEM FOR ESTIMATING DOWNLOAD SPEED FROM PASSIVE MEASUREMENTS - A system for passive estimation of throughput in an electronic network is disclosed. The system may include an plurality of mobile devices configured to operate in the network and may further include an electronic data processor. The processor may be configured to access flow records for data flows associated with the mobile devices during a predetermined time interval. Additionally, the processor may be configured to annotate the flow records with an application field and a content provider field. The processor may also be configured to determine a flow type of each data flow based on the application field and the content provider field of the flow records. Furthermore, the processor may be configured to generate a throughput index that only includes non-rate-limited flow types. Moreover, the processor may be configured to estimate maximum throughput for each data flow having non-rate-limited flow types in the throughput index. | 06-14-2012 |
20120151041 | INTELLIGENT MOBILITY APPLICATION PROFILING TOOL - Systems and methods for analyzing mobile device applications within a wireless data network are presented herein. More particularly, described herein is a novel Intelligent Mobility Application Profiling Tool (iMAP) and/or other mechanisms, systems and methods for profiling and benchmarking applications associated with mobile devices in a wireless data network. Various systems and methods described herein expose cross-layer interaction associated with a network device in order to profile an application on the network device with respect to energy efficiency, performance, and functionality. As described herein, radio resource control (RRC) analysis can be performed to infer RRC states associated with a given application, identify tail time, etc. Further, analyzers are employed for various layers, including transmission control protocol (TCP) and/or hypertext transfer protocol (HTTP), as well as to analyze communication bursts associated with a given application. Analysis results are subsequently utilized to deliver application profiling results to a user. | 06-14-2012 |
20120151043 | System for Internet Scale Visualization and Detection of Performance Events - A system for visualization of performance measurements is disclosed. The system may include an electronic data processor configured to receive a stream of the performance measurements and select a maximum number of leaf nodes of a plurality of nodes for use in an adaptive decision tree. Additionally, the electronic processor may be configured to determine a depth of each branch in the adaptive decision tree needed to differentiate performance among internet protocol addresses in an internet protocol prefix of each node. Each of the plurality of nodes may be annotated with a predicted latency category and the processor may be configured to generate the adaptive decision tree based on the maximum number of leaf nodes selected, the depth of each branch determined, the predicted latency category, and on the stream of performance measurements associated with the network. Moreover, the processor may display the adaptive decision tree. | 06-14-2012 |
20120155255 | METHOD AND APPARATUS FOR MANAGING A DEGREE OF PARALLELISM OF STREAMS - A method, computer readable medium and apparatus for managing a degree of parallelism of streams are disclosed. For example, the method analyzes wireless traffic to determine a profile of the wireless traffic, determines an amount of available processing resources, and manages the degree of parallelism of streams based on the profile and the amount of available processing resources in a probe server. | 06-21-2012 |
20120155293 | METHOD AND APPARATUS FOR PROVIDING A TWO-LAYER ARCHITECTURE FOR PROCESSING WIRELESS TRAFFIC - A method and system for processing wireless traffic of a wireless network, e.g., a cellular network are disclosed. For example, the method obtains wireless traffic, and processes the wireless traffic by a plurality of probe servers, where each of the plurality of probe servers generates a plurality of feeds comprising a data feed and a control feed. The method correlates the plurality of feeds from the plurality of probe servers by a plurality of aggregator servers, where the data feed and the control feed of each of the plurality of probe servers are correlated with at least one other probe server of the plurality of probe servers, and outputs a correlated result from the correlating. | 06-21-2012 |
20120155379 | METHOD AND APPARATUS FOR APPLYING UNIFORM HASHING TO WIRELESS TRAFFIC - A method, computer readable medium and apparatus for hashing wireless traffic are disclosed. For example, the method hashes the wireless traffic uniformly by a plurality of probe servers based on at least one first key to provide a plurality of streams, and hashes at least one output stream of each of the plurality of probe servers uniformly based on at least one second key to provide a plurality of output streams. The method then provides the plurality of output streams to at least one aggregator server. | 06-21-2012 |
20120157088 | METHOD AND APPARATUS FOR CORRELATING END TO END MEASUREMENTS THROUGH CONTROL PLANE MONITORING OF WIRELESS TRAFFIC - A method, computer readable medium and apparatus for correlating measures of wireless traffic are disclosed. For example, the method obtains the wireless traffic, and processes the wireless traffic by a plurality of probe servers, where each of the plurality of probe servers generates a plurality of feeds, wherein the plurality of feeds comprises a data feed and a control feed. The method correlates the plurality of feeds from the plurality of probe servers by a plurality of aggregator servers, where the data feed and the control feed of each of the plurality of probe servers are correlated with at least one other probe server of the plurality of probe servers to provide a correlated control plane and a correlated data plane, and extracts at least partial path information of a flow from the correlated control plane. The method then correlates performance information from the correlated data plane for the flow. | 06-21-2012 |
20120159109 | METHOD AND APPARATUS FOR IMPROVING NON-UNIFORM MEMORY ACCESS - A method, computer readable medium and apparatus for improving non-uniform memory access are disclosed. For example, the method divides a plurality of stream processing jobs into a plurality of groups of stream processing jobs to match a topology of a non-uniform memory access platform. The method sets a parameter in an operating system kernel of the non-uniform memory access platform to favor an allocation of a local memory, and defines a plurality of processor sets. The method binds one of the plurality of groups to one of the plurality of processor sets, and run the one group of stream processing jobs on the one processor set. | 06-21-2012 |
20120246308 | Interdomain Network Aware Peer-to-Peer Protocol - A method includes receiving network distance information, receiving a request from a client for an identity of a peer providing content, and identifying a first peer and a second peer providing the content. The network distance information includes a compilation of network distance information provided by a plurality of service providers. The method further includes determining that a network distance between the first peer and the client is less than a network distance between the second peer and the client based on the network distance information, and providing the identity of the first peer to the client. | 09-27-2012 |
20120281586 | SYSTEMS, METHODS, AND DEVICES FOR MONITORING NETWORKS - Certain exemplary embodiments comprise a method comprising: for selected traffic that enters a backbone network via a predetermined ingress point and is addressed to a predetermined destination, via a dynamic tunnel, automatically diverting the selected traffic from the predetermined ingress point to a processing complex; and automatically forwarding the selected traffic from the processing complex toward the predetermined destination. | 11-08-2012 |
20120307678 | Inferring TCP Initial Congestion Window - A packet trace is received. Inter-arrival times between the multiple packets in the packet trace are determined. An inter-arrival time in the inter-arrival times that is greater than a threshold is identified. An order number of the inter-arrival time is identified. A determination is made as to whether a size of each of at least a portion of the multiple packets is equal to a maximum segment size. When a determination is made that the size of each of at least a portion of the multiple packets is equal to the maximum segment size, a size of the ICW as a product of the order number and the maximum segment size is returned. | 12-06-2012 |
20120324041 | BUNDLING DATA TRANSFERS AND EMPLOYING TAIL OPTIMIZATION PROTOCOL TO MANAGE CELLULAR RADIO RESOURCE UTILIZATION - Techniques for increasing power and resource efficiency of a mobile device are presented herein. In the mobile device, with regard to periodic or one-time data transfers, a communication management component can analyze information comprising data transfer parameter information, including jitter information, associated with each application of a subset of applications used by the device and can desirably schedule and/or bundle data transfers associated with the applications to reduce the number of separate data bursts to transfer that data to thereby reduce use of wireless resources and power consumption by the device. A push notification system can receive respective jitter information associated with each application from the mobile device, and the push notification system can desirably schedule and/or bundle push notifications to reduce the number of separate data bursts sent to the device to reduce use of wireless resources and power consumption by the device. | 12-20-2012 |
20130007255 | Methods, Devices, and Computer Program Products for Providing a Computing Application Rating - A rating is provided for a computing application. Traffic data, power data, and/or network signaling load data is collected for a computing application and compared with other similar data. A rating for the computing application is provided based on the comparison. | 01-03-2013 |
20130031630 | Method and Apparatus for Identifying Phishing Websites in Network Traffic Using Generated Regular Expressions - According to an aspect of this invention, a method to detect phishing URLs involves: creating a whitelist of URLs using a first regular expression; creating a blacklist of URLs using a second regular expression; comparing a URL to the whitelist; and if the URL is not on the whitelist, comparing the URL to the blacklist. False negatives and positives may be avoided by classifying Internet domain names for the target organization as “legitimate”. This classification leaves a filtered set of URLs with unknown domain names which may be more closely examined to detect a potential phishing URL. Valid domain names may be classified without end-user participation. | 01-31-2013 |
20130033982 | Bulk Data Transport in a Network - A network is configured to utilize available bandwidth to conduct bulk data transfers without substantially affecting the successful transmission of time-sensitive traffic in the network. In order to avoid this interference, the packets carrying data for bulk data transfers are associated with a low priority class such that the routers of the network will preferentially drop these packets over packets associated with the normal traffic of the network. As such, when the normal traffic peaks or there are link or equipment failures, the normal traffic is preferentially transmitted over the bulk-transfer traffic and thus the bulk-transfer traffic dynamically adapts to changes in the available bandwidth of the network. Further, to reduce the impact of dropped packets for the bulk-transfer traffic, the packets are encoded at or near the source component using a loss-resistant transport protocol so that the dropped packets can be reproduced at a downstream link. | 02-07-2013 |
20130035082 | CONTROLLING TRAFFIC TRANSMISSIONS TO MANAGE CELLULAR RADIO RESOURCE UTILIZATION - Techniques for using controlling traffic transmissions to manage radio resource utilization are presented herein. When content is being streamed to user equipment (UE) and is at least initially intended to be streamed in real time at a constant bitrate, a communication management component can determine whether the content being transmitted to the UE can be delayed, instead of being transmitted in real time. In response to determining that the content can be delayed, the communication management component can facilitate buffering data and periodically streaming the data to the UE in data bursts to reduce use of UE power and radio resources. When transmitting a visual image to a UE, the communication management component can adjust resolution of a visual image to correspond to screen dimensions of the UE based on information indicating screen dimensions of the UE that can be received from the UE. | 02-07-2013 |
20130042009 | Network Aware Forward Caching - A network includes a cache server and a network aware server that operates to determine an optimization between a cost of retrieving content from a communication network and a cost of caching content at the cache server. The optimization is determined as a minimum of a sum of a transit cost, a backbone cost, and a caching cost. The transit cost includes a money cost per data unit. The backbone cost includes a money cost per data unit and time unit. The caching cost includes a money cost per server unit. In response to determining the optimization, the network aware server sends a content identifier to the cache server, and the cache server receives the content identifier, determines a source of a content item, and if the source is the same as the content identifier, then cache the content item. | 02-14-2013 |
20130091572 | Systems, methods, and devices for defending a network - Certain exemplary embodiments comprise a method comprising: within a backbone network: for backbone network traffic addressed to a particular target and comprising attack traffic and non-attack traffic, the attack traffic simultaneously carried by the backbone network with the non-attack traffic: redirecting at least a portion of the attack traffic to a scrubbing complex; and allowing at least a portion of the non-attack traffic to continue to the particular target without redirection to the scrubbing complex. | 04-11-2013 |
20130159503 | METHOD AND APPARATUS FOR DETECTING TETHERING IN A COMMUNICATIONS NETWORK - A method, non-transitory computer readable medium and apparatus for detecting a tethering function being performed by an endpoint device in a communications network are disclosed. For example, the method analyzes a data packet directed towards the endpoint device, detects a signature based upon analyzing the data packet, and identifies the endpoint device as performing the tethering function based upon detecting the signature. | 06-20-2013 |
20130219059 | Internet-Wide Scheduling of Transactions - A method and system for distributing content on a network through network-wide transactions is disclosed. The method and system monitors the network using triggered measurement of the performance of an element of the network, dynamically computing, based on the monitoring, the regions of the network with available performance capacity for the transaction to proceed at a given time, determining, based on the computing, a scheduled time for the transaction to proceed, and distributing the content according to a schedule related to the scheduled time. | 08-22-2013 |
20130262429 | METHOD AND APPARATUS FOR AUTOMATED END TO END CONTENT TRACKING IN PEER TO PEER ENVIRONMENTS - A method, computer readable medium and system for automatically tracking content in a peer-to-peer environment are disclosed. For example, the method monitors a number of times each content title of a plurality of content titles are downloaded in the peer-to-peer environment, adds one or more content titles of the plurality of content titles that are downloaded above a predetermined threshold to a list, downloads each one of the one or more content titles in the list via the peer-to-peer environment and verifies that each one of the one or more content titles that are downloaded matches at least one content title in the list. | 10-03-2013 |
20130263244 | REVERSE FIREWALL WITH SELF-PROVISIONING - An application provisioning device may be used to manage a profile of a host and provide data corresponding to a selected application for installation at a host. A reverse firewall may use the profile of the host to determine whether to allow or block particular network communication from an application running on the host. An indication of a selected application may be received at the application provisioning device. Configuration information may also be received at the application provisioning device. The application provisioning server may request an update to the profile of a host and transmit such a request. The profile may be updated to reflect the configuration information and/or information of the selected application. Data corresponding to the selected application may be updated and transmitted to a host computer, where it may be installed. Therefore, the installed application running on the host may operate without being prematurely blocked by the reverse firewall. | 10-03-2013 |
20130272159 | System for Estimating Download Speed From Passive Measurements - A system for passive estimation of throughput in an electronic network is disclosed. The system may include an plurality of mobile devices configured to operate in the network and may further include an electronic data processor. The processor may be configured to access flow records for data flows associated with the mobile devices during a predetermined time interval. Additionally, the processor may be configured to annotate the flow records with an application field and a content provider field. The processor may also be configured to determine a flow type of each data flow based on the application field and the content provider field of the flow records. Furthermore, the processor may be configured to generate a throughput index that only includes non-rate-limited flow types. Moreover, the processor may be configured to estimate maximum throughput for each data flow having non-rate-limited flow types in the throughput index. | 10-17-2013 |
20130298240 | Prioritizing Malicious Website Detection - A computer implemented method includes identifying a universal resource locator and characterizing a traffic pattern associated with the universal resource locator. The traffic pattern can include referrer information, referring information, advertising network relationship information, and any combination thereof. The method can further include classifying the universal resource locator into a risk category based on the traffic pattern. | 11-07-2013 |
20130304914 | Topology Aware Content Delivery Network - A method of assigning a server to a client system includes determining an ingress point of the client system and identifying possible egress points for the client system. The method further includes selecting the server from a plurality of servers to reduce network cost and delivery time. | 11-14-2013 |
20130315088 | INTELLIGENT MOBILITY APPLICATION PROFILING TOOL - Analyzing mobile device applications within a wireless data network and other related aspects are presented herein. More particularly, described herein is a novel Intelligent Mobility Application Profiling Tool (iMAP) and/or other mechanisms, systems and methods for profiling and benchmarking applications associated with mobile devices in a wireless data network. Various systems and methods described herein expose cross-layer interaction associated with a network device in order to profile an application on the network device with respect to energy efficiency, performance, and functionality. As described herein, radio resource control (RRC) analysis can be performed to infer RRC states associated with a given application, identify tail time, etc. Further, analyzers are employed for various layers, including transmission control protocol (TCP) and/or hypertext transfer protocol (HTTP), as well as to analyze communication bursts associated with a given application. Analysis results are subsequently utilized to deliver application profiling results to a user. | 11-28-2013 |
20140040359 | Anycast Transport Protocol For Content Distribution Networks - A cache server for providing content includes a processor configured to receive a first datagram from a client system sent to an anycast address, send a response datagram to the client system in response to the first datagram, receive a request datagram from the client system sent to the anycast address, and send a batch of content datagrams to the client system. The first datagram includes a universal resource locator corresponding to the content. The response datagram includes a content identifier for the content. The request datagram includes the content identifier, an offset, and a bandwidth indicator. The batch of content datagrams includes a portion of the content starting at the offset. | 02-06-2014 |
20140047109 | Integrated Adaptive Anycast For Content Distribution - A system includes first and second cache servers a domain name server, and a route controller. The cache servers are each configured to respond to an anycast address. Additionally, the first cache server is configured to respond to a first unicast address, and the second cache server is configured to respond to a second unicast address. The router controller configured to determine wither the status of the first cache server is non-overloaded, overloaded, or offline. The route controller is further configured to instruct the domain name server to provide the second unicast address when the status is overloaded or offline, and modify routing of the anycast address to direct a content request sent to the anycast address to the second cache server when the status is offline. The domain name server is configured to receive a request from a requestor for a cache server address. Additionally, the domain name server is configured to provide an anycast address to the requestor when the status of the first cache server is non-overloaded, and provide the second unicast address to the requestor when the status of the first cache server is offline or overloaded. | 02-13-2014 |
20140059208 | Methods, Systems, and Products for Monitoring Domain Name Servers - Methods, systems, and products infer performance of a domain name system. Queries to, and responses from, the domain name system are logged and categorized. Each category is associated with a different performance issue related to the domain name system. The number of entries in each category may be used to infer the performance of the domain name system | 02-27-2014 |
20140164140 | METHOD AND APPARATUS FOR PRESENTING ADVERTISEMENTS - A system that incorporates teachings of the present disclosure may include, for example, a controller to determine a behavioral profile of an end user from packet traffic generated by activities of the end user, and share the behavioral profile with a network element for distributing targeted advertisements to the end user according to the behavioral profile. Additional embodiments are disclosed. | 06-12-2014 |
20140204789 | METHOD AND APPARATUS FOR MANAGING A DEGREE OF PARALLELISM OF STREAMS - A method, computer readable medium and apparatus for managing a degree of parallelism of streams are disclosed. For example, the method analyzes wireless traffic to determine a profile of the wireless traffic, determines an amount of available processing resources, and manages the degree of parallelism of streams based on the profile and the amount of available processing resources in a probe server. | 07-24-2014 |
20140206344 | METHOD AND APPARATUS FOR CORRELATING END TO END MEASUREMENTS THROUGH CONTROL PLANE MONITORING OF WIRELESS TRAFFIC - A method, computer readable medium and apparatus for correlating measures of wireless traffic are disclosed. For example, the method obtains the wireless traffic, and processes the wireless traffic by a plurality of probe servers, where each of the plurality of probe servers generates a plurality of feeds, wherein the plurality of feeds comprises a data feed and a control feed. The method correlates the plurality of feeds from the plurality of probe servers, where the data feed and the control feed of each of the plurality of probe servers are correlated with at least one other probe server of the plurality of probe servers to provide a correlated control plane and a correlated data plane, and extracts at least partial path information of a flow from the correlated control plane. The method then correlates performance information from the correlated data plane for the flow. | 07-24-2014 |
20140223559 | Systems, methods, and devices for defending a network - Certain exemplary embodiments comprise a method comprising: within a backbone network: for backbone network traffic addressed to a particular target and comprising attack traffic and non-attack traffic, the attack traffic simultaneously carried by the backbone network with the non-attack traffic: redirecting at least a portion of the attack traffic to a scrubbing complex; and allowing at least a portion of the non-attack traffic to continue to the particular target without redirection to the scrubbing complex. | 08-07-2014 |
20140258518 | METHOD AND APPARATUS FOR APPLYING UNIFORM HASHING TO WIRELESS TRAFFIC - A method, computer readable medium and apparatus for hashing wireless traffic are disclosed. For example, the method hashes the wireless traffic uniformly by a plurality of probe servers based on at least one first key to provide a plurality of streams, and hashes at least one output stream of each of the plurality of probe servers uniformly based on at least one second key to provide a plurality of output streams. The method then provides the plurality of output streams to at least one aggregator server. | 09-11-2014 |
20140269430 | METHOD AND APPARATUS FOR DETECTING TETHERING IN A COMMUNICATIONS NETWORK - A method, non-transitory computer readable medium and apparatus for detecting a tethering function being performed by an endpoint device in a communications network are disclosed. For example, the method analyzes a data packet directed towards the endpoint device, detects a signature based upon analyzing the data packet, and identifies the endpoint device as performing the tethering function based upon detecting the signature. | 09-18-2014 |
20140365564 | Network Communication Using Identifiers Mappable To Resource Locators - A technique for providing information via a data network is disclosed. A first server transmits an identifier to a client, where the identifier is mappable to a uniform resource locator (URL) associated with content stored on a second server. The client transmits the identifier to a second server. The second server maps the identifier to its associated URL, retrieves the content associated with the URL, and transmits the content to the client. Various types of mappings are disclosed, including encryption and predetermined mappings. | 12-11-2014 |
20140379863 | Proximity Routing For Session Based Applications Using Anycast - Certain exemplary embodiments can comprise a method, which can comprise automatically providing content to an information device from a content distribution node of a plurality of content distribution nodes. The information device can be adapted to send a request for the content from the first content distribution node utilizing an Internet Protocol (IP) address of the content distribution node. | 12-25-2014 |
20150026251 | INTERNET PROTOCOL VERSION 6 CONTENT ROUTING - A content delivery system includes a cache server, a domain name server, and a redirector. The domain name server is configured to receive a request for a cache server address, and provide an IPv6 anycast address. The redirector is configured to receive a content request addressed to the IPv6 anycast address from a client system, receive load information from the cache server, and determine if the cache server is available. The redirector is further configured to forward the content request to the cache server when the cache server is available. The cache server is configured to receive the content request forwarded from the redirectors, send a response to the content request to a client system, the response including an IPv6 unicast address of the cache server as a source address, an IPv6 unicast address of the client system as a destination address, and the IPv6 anycast address as a home address, and provide the content to the requestor. | 01-22-2015 |