Systems and methods for analyzing user behavior patterns to detect compromised computing devices in an enterprise network are provided. According to one embodiment, an enforcement engine running on a network security device, identifies top users of a network exhibiting a suspicious behavior relating to login failures by determining a first set of users having a number of login failure events during a given time duration exceeding a threshold. The enforcement engine identifies from the first set of computers associated with the top users, a second set of computers exhibiting a suspicious behavior relating to new connections exceeding a threshold. The enforcement engine classifies a third set of computers, representing a subset of the second set exhibiting a suspicious behavior relating to consecutive new connections, as compromised source computers when their respective new connections are in a sequence that results in a Shannon entropy measure exceeding a threshold.

A system and computer-implemented method to monitor network traffic for a protected network using a block of IP addresses including an IP address for a server. The method includes selecting one or more green addresses, each being a different IP address from the block of IP addresses, associating the green addresses with the IP address of the server, and receiving a packet of the internet traffic from a client directed to an IP address of the block of IP addresses prior to any performance of DPI on the packet. It is determined whether the destination address matches the one or more green addresses or is a yellow address (which belongs to the block of IP addresses, but is not a green address). When determined that the destination address matches the one or more green addresses, the method the packet is sent to the IP address associated with the matching green address, bypassing any DPI. Otherwise, the packet is sent to a scrubber to analyze the packet using DPI and handle the packet or perform a redirection of the client. The redirection causes subsequent requests from the client to be sent to the IP address associated with the green address, bypassing any DPI.

A system and computer-implemented method to monitor network traffic for a protected network using a block of IP addresses including an IP address for a server. The method includes selecting one or more green addresses, each being a different IP address from the block of IP addresses, associating the green addresses with the IP address of the server, and receiving a packet of the internet traffic from a client directed to an IP address of the block of IP addresses prior to any performance of DPI on the packet. It is determined whether the destination address matches the one or more green addresses or is a yellow address (which belongs to the block of IP addresses, but is not a green address). When determined that the destination address matches the one or more green addresses, the method the packet is sent to the IP address associated with the matching green address, bypassing any DPI. Otherwise, the packet is sent to a scrubber to analyze the packet using DPI and handle the packet or perform a redirection of the client. The redirection causes subsequent requests from the client to be sent to the IP address associated with the green address, bypassing any DPI.

Provided are an identifier resolution method and apparatus for the Internet of Things. In the method, different identifier resolution systems are compatible through constructing an identifier resolution architecture for the Internet of Things, and a unified method is used for resolving various identifiers. Therefore, it is simply required to maintain one identifier resolution architecture for the Internet of Things when resolving different identifiers, which reduces the workload and difficulty for maintenance of the identifier resolution system and thus reduces the workload and difficulty for maintenance of the Internet of Things.

Provided are an identifier resolution method and apparatus for the Internet of Things. In the method, different identifier resolution systems are compatible through constructing an identifier resolution architecture for the Internet of Things, and a unified method is used for resolving various identifiers. Therefore, it is simply required to maintain one identifier resolution architecture for the Internet of Things when resolving different identifiers, which reduces the workload and difficulty for maintenance of the identifier resolution system and thus reduces the workload and difficulty for maintenance of the Internet of Things.

A second wireless device may transmit, to a first wireless device, a feedback message indicative of a transition from a first compression state to a second compression state. The first wireless device may transition, based on a state change indication corresponding to the feedback message, from the first compression state to the second compression state. The first wireless device may transmit, to the second wireless device based on the transition from the first compression state to the second compression state, one or more first data packets that are previously compressed based on the first compression state or one or more second data packets that are uncompressed or recompressed based on the second compression state. The one or more second data packets being associated with the one or more first data packets.

Adaptive payload extraction in wireless communications involving multi-access address packets are described herein. A device can be configured to detect a synchronization sequence of a nested data packet, the nested data packet having synchronization sequences placed in series ahead of a payload, the synchronization sequences including the synchronization sequence; evaluate blocks after the synchronization sequence in the nested data packet to identify the blocks as either additional ones of the synchronization sequences or the payload in the nested data packet; and extract the payload.

Adaptive payload extraction in wireless communications involving multi-access address packets are described herein. A device can be configured to detect a synchronization sequence of a nested data packet, the nested data packet having synchronization sequences placed in series ahead of a payload, the synchronization sequences including the synchronization sequence; evaluate blocks after the synchronization sequence in the nested data packet to identify the blocks as either additional ones of the synchronization sequences or the payload in the nested data packet; and extract the payload.

A data packet generator periodically generates a data packet including a passcode comprising a plurality of characters. The data packet is sent to a server or a computing device for validation. If validated, the data packet is used, for example, to identify the location of a user or device. Additional systems and methods involving such a data packet generator are also disclosed.

A data packet generator periodically generates a data packet including a passcode comprising a plurality of characters. The data packet is sent to a server or a computing device for validation. If validated, the data packet is used, for example, to identify the location of a user or device. Additional systems and methods involving such a data packet generator are also disclosed.