Mitigation of DDoS attacks on mobile networks using DDoS detection engine deployed in relation to an evolve node B
Granted: November 15, 2022
Patent Number:
11503471
Systems and methods for inspection of traffic between UE and the core network to mitigate DDoS attacks on mobile networks are provided. According to one embodiment, the method involves parsing SCTP packets and monitoring header anomalies to block anomalous packet floods. According to another embodiment, a memory table maintains requesting S1AP-IDs which have sent certain monitored commands and then blocking those which are sending these messages at abnormally high rates. According to yet…
Internet of things (IoT) device identification on corporate networks via adaptive feature set to balance computational complexity and model bias
Granted: November 8, 2022
Patent Number:
11496394
Systems and methods for efficient kernel space packet processing and IoT device classification are provided. According to one embodiment, a computer system performs IoT device detection processing. Packet header information is received for multiple packets. Based on the packet header information, multiple Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) flows between a given source device of multiple devices and a given destination device of the multiple devices are…
Network traffic metering credit distribution in network device having multiple processing units
Granted: October 25, 2022
Patent Number:
11483241
Systems and methods for network traffic metering credit distribution and packet processing in a network device having multiple processing units are provided. According to an embodiment, management of multiple meters is distributed among multiple processing units of a network device. Each meter is implemented in a form of a master entry and a slave entry. Responsive to receipt by one of the processing units of a packet subject to rate-limiting by a meter, an action to be taken on the…
Selectively disabling anti-replay protection by a network security device
Granted: October 18, 2022
Patent Number:
11477241
Systems and methods for selectively disabling anti-replay security checks based on a defined network policy that can override the globally-defined defaults for specific network sessions are provided. A network security device protecting a private network receives a packet associated with a network traffic flow between a source computing device and an internal destination computing device. The network security device identifies an anti-replay policy associated with the network traffic…
Remote monitoring of a security operations center (SOC)
Granted: October 18, 2022
Patent Number:
11477240
Systems and methods for remote monitoring of a Security Operations Center (SOC) via a mobile application are provided. According to one embodiment, a management service retrieves information regarding multiple network elements that are associated with an enterprise network and extracts parameters of the monitored network elements from the retrieved information. The management service prioritizes the monitored network elements by determining a severity level associated with…
Cloud-based orchestration of incident response using multi-feed security event classifications with machine learning
Granted: October 18, 2022
Patent Number:
11477214
Systems and methods for performing multi-feed classification of security events to facilitate automated IR orchestration are provided. According to one embodiment a cloud-based security service protecting a private network provides a plurality of data feeds, wherein each data feed of the plurality of data feeds independently classify a given security event and produce a classification result. In response to an event associated with a process of an endpoint device that is part of the…
Gamified network security training using dedicated virtual environments simulating a deployed network topology of network security products
Granted: October 18, 2022
Patent Number:
11475790
Systems and methods are described for providing training to attendees of a network security training session through use of gamification. A virtual environment is created containing a network topology simulating a deployed network of network security devices for which teams of the attendees are to receive training. A 3D game interface is presented on a display of a computer system of an attendee. Based on a leaderboard server's game state, a problem-solving objective for the training…
Device integration for a network access control server based on device mappings and testing verification
Granted: October 11, 2022
Patent Number:
11470083
Systems and methods for facilitating self-service device integration for a NAC server is provided. According to one embodiment, a database is maintained by a NAC server. The database includes mappings of system object identifiers to corresponding implementation details of associated devices. A system object identifier of a device that is to be modeled within the NAC server based on implementation details of another device is received. A list of candidate devices is retrieved from the…
Restricting broadcast and multicast traffic in a wireless network to a VLAN
Granted: October 4, 2022
Patent Number:
11463425
Traffic broadcast to a VLAN is restricted. To do so, a plurality of stations are associated with a BSSID (basic service set identifier). A first VLAN is configured by sending a first group key to each station from the plurality of stations that is a member of the first VLAN, wherein each VLAN is associated with a unique group key. One or more frames addressed to the first VLAN are received. The one or more frames are encrypted with the first group key to prevent stations without the…
Airtime fairness in WLANs (wireless local access networks) based on dynamic updates to ATF (airtime fairness) tokens
Granted: October 4, 2022
Patent Number:
11464046
Responsive to the number of stations exceeding a first threshold number, the transmitting stations are prioritized relative to the station based on a station type. Responsive to the number of stations exceeding a second threshold number, the transmitting stations are prioritized relative to the station based on a station RSSI value. The station is assigned to the run queue with an ATF token responsive to being prioritized within the first or second thresholds permitting transmission of…
Heatsink arrangement for integrated circuit assembly and method for assembling thereof
Granted: September 27, 2022
Patent Number:
11456231
Various heatsink arrangements, and methods for implementing and using such are discussed.
Authenticating client devices in a wireless communication network with client-specific pre-shared keys
Granted: September 20, 2022
Patent Number:
11451959
Systems and methods for authenticating client devices accessing a wireless communication network through an access point communicatively coupled with an authentication server are provided. The authentication server receives an authentication request, including a first message integrity code (MIC) of a client-specific pre-shared key, from the access point or a wireless local area network (LAN) controller that manages the access point, to establish an encrypted communication channel…
File access control based on analysis of user behavior patterns
Granted: September 20, 2022
Patent Number:
11449623
Systems and methods for a machine-learning driven fine-grained file access control approach are provided. According to one embodiment, a server associated with an enterprise network can obtain and store information regarding historical user behavior of users of the enterprise network by observing file access requests initiated by the users. The server receives a file access request initiated by a user, which relates to a file stored within the enterprise network in encrypted form. In…
Automated feature extraction and artificial intelligence (AI) based detection and classification of malware
Granted: September 13, 2022
Patent Number:
11444957
Systems and methods for detection and classification of malware using an AI-based approach are provided. In one embodiment, a T-node maintains a sample library including benign and virus samples. A classification model is generated by training a classifier based on features extracted from the samples. The classification model is distributed to D-nodes for use as a local virus detection model. Responsive to detection of a virus by a D-node, the T-node receives a virus sample from the…
Systems and methods for embedding automated remediation into network solution instructions
Granted: September 13, 2022
Patent Number:
11444826
Various approaches for providing network maintenance and health monitoring. In some cases, some approaches include systems, methods, and/or devices for receiving and cataloging network incidents and in providing proposed solutions that may include embedded automated remediations and/or embedded dynamic instructions to mitigate the network incidents.
Systems and methods for centrally managed host and network firewall services
Granted: May 10, 2022
Patent Number:
11327898
Systems and methods for a unified, cloud-managed platform for controlling enterprise network security are provided. According to one embodiment, a network of an enterprise is protected by a cloud-managed platform. An underlying architecture of the cloud-managed platform is abstracted by providing a portal through which modifications to security policies are expressed as business requirements of the enterprise. The security policies are automatically enforced regardless of location or…
Accelerating data communication using tunnels
Granted: May 10, 2022
Patent Number:
11329961
Methods and systems are provided for increasing application performance and accelerating data communications in a WAN environment. According to one embodiment, packets are received at a flow classification module operating at the Internet Protocol (IP) layer of a first wide area network (WAN) acceleration device via a private tunnel, which is operable to convey application layer data for connection-oriented applications between WAN acceleration devices. The packets are passed to a WAN…
Virtual routing and forwarding (VRF)-aware socket
Granted: May 10, 2022
Patent Number:
11329959
Systems and methods for a VRF-aware socket are provided. According to one embodiment, a user-space application of a network device, maintaining a virtual routing table for each of multiple VRF domains, creates a VRF-aware listening socket. The socket includes information regarding: (i) which of the virtual routing tables is to be used to look up routing or forwarding information for outgoing traffic; (ii) the VRF domain(s) from which the socket is able to receive incoming traffic; and/or…
Avoiding asymetric routing in an SDWAN by dynamically setting BGP attributes within routing information advertised by an SDWAN appliance
Granted: May 10, 2022
Patent Number:
11329913
Systems and methods are described for automatically controlling network routing between downstream side and upstream side of a communication network to enforce symmetric routing. According to one embodiment, a Software-Defined Wide Area Network (SDWAN) controller of a network device associated with a spoke site of an SDWAN manages links forming the SDWAN. The controller receives information regarding route maps, including a preferred route-map and an un-preferred route-map. Further, the…
Dynamic establishment of application-specific network tunnels between network devices by an SDWAN controller
Granted: May 10, 2022
Patent Number:
11329883
Systems and methods for dynamically establishing network overlay tunnels between edges within different groups of a network architecture are provided. According to an embodiment, a Software-Defined Wide Area Network (SDWAN) controller associated with a private network, receives a request to initiate a dynamic Virtual Private Network (VPN) link for a network session between a source edge and a destination edge. The SDWAN controller determines configuration information for each of the…
