12374 results about "Network data" patented technology

A networking database containing a plurality of records for different individuals in which individuals are connected to one another in the database by defined relationships. Each individual has the opportunity to define the relationship which may be confirmed or denied. E-mail messaging and interactive communication between individuals and a database service provider provide a method of constructing the database. The method includes having a registered individual identify further individuals and define therewith a relationship. The further individuals then, in turn, establish their own defined relationships with still other individuals. The defined relationships are mutually defined.

A networking database containing a plurality of records for different identities in which identities are connected to one another by defined or interpreted Inter-Personal and Intra-Personal relationships. Individuals using the system may define, group and categorize specific identities and relationships; the system may also define, categorize and group both identities and relationships belonging to individuals registered with the system and unregistered users through computational analysis. Identities and relationships may be discovered by the system via an opt-in user-provided mechanism, via a third-party providing information, or through the system's own discovery. Identity and Relationship data can then be used to customize content.

A suspicious activity capture system can comprise a tap configured to copy network data from a communication network, and a controller coupled to the tap. The controller is configured to receive the copy of the network data from the tap, analyze the copy of the network data with a heuristic to determine if the network data is suspicious, flag the network data as suspicious based on the heuristic determination, and concurrently simulate transmission of the network data to a plurality of destination devices.

A suspicious activity capture system can comprise a tap configured to copy network data from a communication network, and a controller coupled to the tap. The controller is coupled to the tap and is configured to receive the copy of the network data from the tap, analyze the copy of the network data with a heuristic to flag the network data as suspicious, and simulate transmission of the network data to a destination device.

A method and apparatus for selecting and converting database records or sets of related documents into network data and presenting that data in a network visualization system that enables users to select among, and move between various network displays by selecting one or more attributes of the data to be represented as the nodes and links of the network.

A system and method of interactive and live computerized matching in which a first user is provided with a personal data device including a wireless communication system. A secure network is configured to include a server programmed with a personal characteristic database and a database searching algorithm, and a wireless communication system at a specific geographic location that is capable of communicating with the user's personal data device. The first user is allowed to log on through the wireless communication system to the secure network using his or her personal data device, and communicates to and stores in the database personal data defining his or her characteristics and those for his or her ideal match. Either the secure network automatically identifies the first users precise geographic location, or the user himself otherwise indicates and stores in the database of the network an identifying address that indicates his current specific geographic location. The user then instructs the database searching algorithm to search for and identify other users similarly logged on to the network at the same specific geographic location. The user is able to initiate a search of the database for possible matches within the pool of other users also logged on to the network at the same specific geographic location. The secure network then indicates to the first user the results of the search.

Systems and methods for malware containment and security analysis on connection are provided. Digital devices are quarantined for a predetermined period of time upon connection to the communication network. When a digital device is quarantined, all network data transmitted by the digital device is directed to a controller which then analyzes the network data to identify unauthorized activity and/or malware within the newly connected digital device. An exemplary method to contain malware includes detecting a digital device upon connection with a communication network, quarantining network data from the digital device for a predetermined period of time, transmitting a command to the digital device to activate a security program to identify security risks, and analyzing the network data to identify malware within the digital device.

Network data files are secure through the operation of an infrastructure gateway-based network file access appliance. Network file data, corresponding to network pocket payload data, are further reduced to a sequence of data blocks that are secured through any combination of block encryption, compression, and digital signatures. File meta-data, including encryption, compression and block-level digital signatures are persistently stored with the file data, either in-band in the file as stored or out-of-band key as a separately stored file or file policy record. File meta-data is recovered with accesses of the file data to support bidirectional encryption and compression and to detect tampering with the file data by comparison against block-level digital signatures.

Disclosed is a method and apparatus for detecting exploit code in network flows. Network data packets are intercepted by a flow monitor which generates data flows from the intercepted data packets. A content filter filters out legitimate programs from the data flows, and the unfiltered portions are provided to a code recognizer which detects executable code. Any embedded executable code in the unfiltered data flow portions is identified as a suspected exploit in the network flow. The executable code recognizer recognizes executable code by performing convergent binary disassembly on the unfiltered portions of the data flows. The executable code recognizer then constructs a control flow graph and performs control flow analysis, data flow analysis, and constraint enforcement in order to detect executable code. In addition to identifying detected executable code as a potential exploit, the detected executable code may then be used in order to generate a signature of the potential exploit, for use by other systems in detecting the exploit.

Systems and methods for malware attack prevention are provided. Network data is copied from a communication network. It is then determined if a possible malware attack is within the copied network data. The network data is intercepted based on the determination. The network data is then analyzed to identify a malware attack.

Exemplary systems and methods for malware attack detection and identification are provided. A malware detection and identification system can comprise a controller. The controller can comprise an analysis environment configured to transmit network data to a virtual machine, flag input values associated with the network data from untrusted sources, monitor the flagged input values within the virtual machine, identify an outcome of one or more instructions that manipulate the flagged input values, and determine if the outcome of the one or more instructions comprise an unauthorized activity.

The present invention relates to a method and apparatus based on Bloom filters for detecting predefined signatures (a string of bytes) in a network packet payload. A Bloom filter is a data structure for representing a set of strings in order to support membership queries. Hardware Bloom filters isolate all packets that potentially contain predefined signatures. Another independent process eliminates false positives produced by the Bloom filters. The system is implemented on a FPGA platform, resulting in a set of 10,000 strings being scanned in the network data at the line speed of 2.4 Gbps.

Embodiments of the invention address the problem of detecting bots in network traffic based on a classification model learned during a training phase using machine learning algorithms based on features extracted from network data associated with either known malicious or known non-malicious client and applying the learned classification model to features extracted in real-time from current network data. The features represent communication activities between the known malicious or known non-malicious client and a number of servers in the network.

A dynamic signature creation and enforcement system can comprise a tap configured to copy network data from a communication network, and a controller coupled to the tap. The controller is configured to receive the copy of the network data from the tap, analyze the copy of the network data with a heuristic to determine if the network data is suspicious, flag the network data as suspicious based on the heuristic determination, simulate transmission of the network data to a destination device to identify unauthorized activity, generate an unauthorized activity signature based on the identification, and transmit the unauthorized activity signature to a digital device configured to enforce the unauthorized activity signature.

A policy agent of a network performs an out-of-band user authentication process to verify the identity of a user of a client computer and associates the network data received from the client computer with the user. When the client computer initiates a network data connection to or through the policy agent, the policy agent sends an encrypted challenge to the client computer. The challenge is encrypted with a private key of the policy agent. When the client computer receives the challenge, it decrypts the challenge and prepares a message digest value based on the challenge and the network data sent by the user. The message digest value is then encrypted with the private key of the user to form a response, and the response is sent to the policy agent. The policy agent decrypts the response with the public key of the user to obtain the message digest value and calculates a digest value based on the challenge and the received network data. The policy agent then compares the calculated digest value with the decrypted digest value. A match between the two digest values indicates that the user is successfully authenticated and that the received network data are associated with the user. The policy agent may then apply network policies based on the credentials of the authenticated user.

The present invention is an system and method for comprehensively testing a customer connection to a communications network. A customer is identified from information obtained at a customer interface. A test can be performed on the customer connection. A typical test compares two datasets related to the customer connection to determine a state of the customer connection. The first and second dataset can include historical data. A parameter in the first dataset obtained from a network element can be compared to a parameter in a second dataset obtained from a customer database. The comparison can be made in light of changes recorded in a provisioning database. Relevant network data can be obtained from customer premises equipment (CPE). The customer can be notified of a network issue proactively or upon customer inquiry.

A method for identifying a botnet in a network, including analyzing historical network data using a pre-determined heuristic to determine values of a connectivity graph based feature in the historical network data, obtaining a ground truth data set having labels assigned to data units in the historical network data identifying known malicious nodes in the network, analyzing the historical network data and the ground truth data set using a machine learning algorithm to generate a model representing the labels as a function of the values of the connectivity graph based feature, analyzing real-time network data using the pre-determined heuristic to determine a value of the connectivity graph based feature for a data unit in the real-time network data, assigning a label to the data unit by applying the model to the value of the connectivity graph based feature, and categorizing the data unit as associated with the botnet based on the label.

A method of gathering information relevant to the interests of a user includes receiving activity history associated with the user from a network data source, where the activity history includes a description of a user action initiated by the user, generating a first metadata item based upon the activity history; and storing the first metadata item as user profile information associated with the user in a user profile database. Generating the first metadata item may include extracting text from the activity history and generating the first metadata item based upon the text. The activity history may include a description of a user action. The method may further include providing a server plugin for performing a second method in response to access of web content on a server by the user, the second method comprising retrieving a content object from the server, determining if the first metadata item is relevant to the content object, adding a web link to the web content as a reference to the content object in response to the content object being relevant to the first metadata item; and providing the web content to the user.

Data is now able to be transferred back and forth between computer systems which have disparate file systems, e.g., between a computer having a hierarchical file system and a computer having a nonhierarchical file system. The differences, however, are not limited to the file storage system. Data may now be transferred across different platforms, different human and computer languages, different binary codes, etc. From one computer system the associated metadata is stored in a interpretable format on the second computer system so that when data and its associated metadata are transferred, the second computer system can interpret the transferred data. Data transfer can be accomplished in both directions. Thus, a tool writer or a software developer using a integrated development environment, such as Eclipse, on a Linux workstation with its hierarchical file system may download source files and other resources from an iSeries computer server with its OS/400 nonhierarchical file system, modify the resources, and then put them back onto the iSeries machine for use on the iSeries. The metadata of the source file and other resources are stored in a .properties file which, if in XML format, supports the transfer of resources across the Internet.