Dynamic application bandwidth throttling and station steering for access points based on QOE (quality of experience) on a wireless network
Granted: January 8, 2019
Patent Number:
10178570
Application bandwidth is dynamically throttled and/or stations are steered to different access points to maintain optimal QoE for stations on a wireless network. Responsive to a determination that the available bandwidth for the one or more applications is below a threshold for station QoE application minimum bandwidth, the current QoE station index is updated. Responsive to a determination that the current QoE station index is below a system determined QoE level, throttling the one or…
Augmented reality visualization device for network security
Granted: January 8, 2019
Patent Number:
10178130
Systems and methods for managing network security events with the assistance of augmented reality are provided. According to one embodiment, a reality image of a network object is captured by an augmented reality device. The network object is identified from the reality image by the augmented reality device. Dynamic network security information is received by the augmented reality device from a network security appliance associated with a network that is managing the network object. An…
Systems and methods for categorizing network traffic content
Granted: January 8, 2019
Patent Number:
10178115
A method for categorizing network traffic content includes determining a first characterization of the network traffic content determining a first probability of accuracy associated with the first characterization, and categorizing the network traffic content based at least in part on the first characterization and the first probability of accuracy. A method for use in a process to categorize network traffic content includes obtaining a plurality of data, each of the plurality of data…
Operation of a dual instruction pipe virus co-processor
Granted: January 8, 2019
Patent Number:
10176322
Circuits and methods are provided for detecting, identifying and/or removing undesired content. According to one embodiment, a method for performing content scanning of content objects is provided. A content object that is to be scanned is stored by a general purpose processor to a system memory of the general purpose processor. Content scanning parameters associated with the content object are set up by the general purpose processor. Instructions from a signature memory of a…
Network security management via social media network
Granted: January 1, 2019
Patent Number:
10171506
Systems and methods for managing users' local security policies based on social media network information are provided. According to one embodiment, a network security appliance of a private network receives authentication request from a client machine and provides a social login interface of a social media network to the client machine. After a user of the client machine is authenticated by the social media network through a personal social media network account of the user, the network…
Denial-of-service (DoS) mitigation based on health of protected network device
Granted: January 1, 2019
Patent Number:
10171492
Systems and methods for improving the performance of DDoS mitigation by monitoring the health of a protected network resource are provided. According to one embodiment, health of a network device protected by DoS mitigation device can be evaluated and packet/traffic received on the DoS mitigation device can be selectively/conditionally forwarded to the protected network device or can be dropped based on the health of the protected network device. According to one embodiment, at-least a…
Near real-time detection of denial-of-service attacks
Granted: January 1, 2019
Patent Number:
10171491
Methods and systems for detection and mitigation of denial-of-service (DoS) attacks against network applications/services/devices in near real-time are provided. According to one embodiment, multiple access requests are received at a network device from a source Internet Protocol (IP) address. Temporal and/or spacial information relating to the access requests are stored in a first database operatively coupled with the network device. It is determined based on a first defined condition…
Ransomware detection and damage mitigation
Granted: January 1, 2019
Patent Number:
10169586
Systems and methods for file encrypting malware detection are provided. According to one embodiment, a monitoring module is installed within active processes running on a computer system by a kernel mode driver. Performance of a directory traversal operation on a directory of the computer system is detected by a monitoring module of a first process of the multiple active processes in which a parameter of the traversal operation includes a wildcard character. When a number of…
Network flow analysis
Granted: December 25, 2018
Patent Number:
10164846
Systems and methods for a network flow analysis service that facilitates collection, analysis and sharing of information regarding network flows are provided. According to one embodiment, a network flow analysis service provider collects network traffic information of network flows from a plurality of different network sources, analyzes at least one attribute associating with the network flows based on the network traffic information; and distributes the at least one attribute to…
Steering wireless local area network (WLAN) clients
Granted: December 18, 2018
Patent Number:
10159039
Systems and methods for steering WiFi clients based on capabilities of the clients and access points (APs) are provided. According to one embodiment, multiple access points (APs) of a wireless local area network (WLAN) receives probe requests from a WLAN client for joining the WLAN. The APs forward the probe requests to an AP controller (AC) that controls the APs of the WLAN. The AC selects one or more of the multiple APs based at least on the matching of the capability of the WLAN…
Cache management based on factors relating to replacement cost of data
Granted: December 4, 2018
Patent Number:
10148785
Systems and methods for a cache replacement policy that takes into consideration factors relating to the replacement cost of currently cached data and/or the replacement cost of received data. According to one embodiment, data is received by a network device responsive to a request issued on behalf of a client device. A cache management system running on the network device estimates, for each of multiple cache entries of a cache managed by the cache management system, a computational…
Classification of top-level domain (TLD) websites based on a known website classification
Granted: December 4, 2018
Patent Number:
10148700
Systems and methods for classification of web sites and/or their corresponding URLs based on a known web site classification are provided. According to one embodiment, a website URL is received that is known to be associated with a particular content classification. A list of candidate domain names including a host name of the website URL is generated based on a defined TLD list. For each of the candidate domain names it is determined whether an IP address of the candidate domain name is…
Selective enforcement of event record purging in a high volume log system
Granted: December 4, 2018
Patent Number:
10148698
Event record purging is selectively enforced in a high volume log system. A plurality of data retention policies is received for one or more data types. Each data retention policy can describe a retention duration for enforcement of different data types with respect to online retention and offline retention. Only online compressed file from a period of time potentially containing event records with an expiring retention duration are uncompressed. Other files are ignored to save I/O…
Detection of unwanted electronic devices to provide, among other things, internet of things (IoT) security
Granted: December 4, 2018
Patent Number:
10148691
Systems and methods for detection of undesired/unwanted electronic devices are provided. According to one embodiment, a spectral signature of an electronic device is received by a sensing device configured to detect presence of an unwanted electronic device in proximity to an electronic device environment. The received spectral signature is matched against multiple stored spectral signatures of one or more electronic devices associated with the electronic device environment. When the…
Content filtering of remote file-system access protocols
Granted: December 4, 2018
Patent Number:
10148687
Methods and systems for content filtering of remote file-system access protocols are provided. According to one embodiment, a proxy, implemented within a network gateway device of a private network, monitors remote file-system access protocol sessions involving client computer systems and a server computer system associated with the private network. For each file on a share of the server computer system being accessed by one or more of the client computer systems: (i) a shared holding…
Firewall policy management
Granted: December 4, 2018
Patent Number:
10148620
Methods and systems are provided for creation and implementation of firewall policies. According to one embodiment, a firewall maintains a log of observed network traffic flows. An administrator may request the firewall to generate a customized report based on the logged network traffic by extracting information from the log based on specified report parameters. The report includes aggregated network traffic items and one or more corresponding action objects. Responsive to receipt of a…
Application based conditional forwarding and load balancing in a software defined networking (SDN) architecture
Granted: December 4, 2018
Patent Number:
10148594
Systems and methods for an SDN switch that provides application-based conditional forwarding and session-aware load balancing are provided. According to one embodiment, a packet is received at an input port of a Software Defined Networking (SDN) switch. The packet is forwarded by the SDN switch to a first flow processing unit (FPU) of multiple FPUs of the SDN switch. The first FPU determines whether the packet is to be tracked. And, if so, the received packet is transmitted to a second…
Network processing unit (NPU) integrated layer 2 network device for layer 3 offloading
Granted: December 4, 2018
Patent Number:
10148576
Systems and methods for facilitating offloading of communication sessions from layer 3 network devices are provided. According to one embodiment, session information pertaining to a session capable of being offloaded is received from a layer 3 network device by a layer 2 network device that includes multiple network processing units (NPUs). The session is assigned to one of the NPUs. Subsequently, responsive to receiving, by the layer 2 network device, a packet associated with the…
Optimizing multimedia streaming in WLANs (wireless local access networks) with a remote SDN (software-defined networking) controller
Granted: November 13, 2018
Patent Number:
10129315
An SDN controller to provision network resources at a data plane to keep progressive downloads of multimedia files proportional to encoding rates is disclosed. Packets from a new or unknown flow being downloaded at a default rate are forwarded from an access point, or other device, to an SDN controller for analysis. If a progressive download of a multimedia file (e.g., a video file) in progress is detected, an encoding rate of frames for the multimedia file is determined. A target…
Deauthenticating and disassociating unauthorized access points with spoofed management frames
Granted: November 13, 2018
Patent Number:
10129755
A spoofed management frame is sent to an unauthorized access point (AP) on behalf of a station from an authorized AP, using a media access control (MAC) address of the station. The spoofed frame triggers a security association (SA) query from an unauthorized AP to reestablish valid communications. An acknowledgment (ACK) frame sent from the client to the unauthorized AP responsive to the SA query request is detected by the AP. A probe response is sent to the client. The probe response…
