A network is secured by managing domain name requests such that client devices are restricted from visiting malicious or undesirable domains. An endpoint Domain Name Server (DNS) agent is installed on client devices on a local network, and the endpoint DNS agents intercept DNS requests from the client devices and process the received DNS request in the endpoint DNS agent based on a security policy set for the client device via the endpoint DNS agent. In a further example, the endpoint DNS agent receives an HTTP message from a client browser including a Server Name Identifier tag, and generates a signed certificate spoofing the domain identified in the Server Name Identifier tag to insert itself as a man-in-the-middle between the identified domain and the client browser.

A server-side technique to detect and mitigate client-side content filtering, such as ad blocking. In operation, the technique operates on a server-side of a client-server communication path to provide real-time detect the existence of a client filter (e.g., an ad blocker plug-in) through transparent request exchanges, and then to mitigate (defeat) that filter through one or operations designed to modify the HTML response body or otherwise obscure URLs. Preferably, the publisher (the CDN customer) defines one or more criteria of the page resources being served by the overlay (CDN) and that need to be protected against the client-side filtering.

Systems and methods presented herein provide for real time communications between service provider subscribers. In one embodiment, a web server is operable to provide a network-to-network interface (NNI) with a plurality of service providers, to communicate with the service providers through WebRTC links, and to retrieve contact information of subscribers to the service providers over the WebRTC links. The web server also includes a database operable to store the contact information of the subscribers. The web server is also operable to process a connection request from a first of the subscribers to connect with a second of the subscribers, to retrieve the second subscriber's contact information from the database, to push a notification message to a device of the second subscriber using the second subscriber's contact information (e.g., a user identity), and to establish a WebRTC connection between first and second subscribers when the second subscriber accepts the connection.

A method and a system for updating a first whitelist at a network node. The network node receives data packets from an Internet of Things (IoT) device and determines a predetermined identifier for the IoT device. The network node then determines whether the predetermined identifier is in the first whitelist. When the predetermined identifier is not in the first whitelist, the network node starts a first time period. When the predetermined identified is on the first whitelist, the network node determines whether the data packets are received within the first time period. When the data packets are received within the first time period, the network node identifies destination addresses of the data packets and updates the first whitelist based on the destination addresses and the predetermined identifier. The updated first whitelist is stored in non-transitory computer readable storage medium in the network node.

In an attempt to establish a communication session between a first communication entity and a second communication entity, a first message is received. For example, the first message may be a SIP INVITE message. A determination is made, based on a registration message from the first communication entity and/or the second communication entity, that at least one of the first communication entity or the second communication entity is Internet Protocol (IP) version intolerant. In response to determining that the at least one of the first communication entity or the second communication entity is IP version intolerant, one or more IP addresses are adapted in messages (e.g., the SIP INVITE message) for establishing the communication session. The adaption changes/removes the one or more IP addresses to a different IP version to ensure proper IP compatibility.

The disclosure provides a domain name recognition method and a domain name recognition device. The domain name recognition method includes the following steps. A first string of a first domain name and a second string of a second domain name are obtained. Multiple characters of the first string and the second string are classified into multiple clusters. Multiple vectors corresponding to the clusters are generated, wherein each of the characters corresponds to one of the vectors. A first vector set corresponding to the first string and a second vector set corresponding to the second string are generated. A similarity of the first vector set and the second vector set is calculated.

Guided word association based domain name detection may be performed by obtaining an original domain name, constructing a feature space from a corpus of text, wherein each word appearing in the corpus is represented as a vector in the feature space, detecting whether a domain name registration exists for each combination of the original domain name and each of a plurality of seed words from the feature space, determining, for each seed word included in an existing domain name registration, a plurality of nearest neighbor candidate words, based on vector distance in the feature space, and repeating, for one or more repetitions, the detecting and the determining, wherein the plurality of nearest neighbor candidate words are utilized as the plurality of seed words.

In embodiments, Internet of Things (IoT) devices may be organized according to an IoT device hierarchy, which may include parent and/or child associations between resources associated with IoT devices and/or with groupings of IoT devices. IoT devices wishing to support an IoT device hierarchy may utilize an extended IoT device resource model which provides for IoT device hierarchy information and interfaces to be provided by supporting IoT devices. A supporting resource may have one or more parent properties and/or child properties which may identify, respectively, parent or child resources which are associated with the resource. In various embodiments, these parent properties and/or child properties may include uniform resource identifiers (URI). A supporting resource may also identify an interface type for a hierarchical access interface, through which one or more descendant resources may be accessed through a single command. Other embodiments may be descried and/or claimed.

The invention relates to a system for receiving an interest message. The system comprises at least one communication interface, at least one memory and at least one processor. The at least one processor is configured to receive an interest message on a first one of the at least one communication interface. The interest message comprises a name of a requested data object. At least one name component of the name of the requested data object comprises a range. The at least one processor is further configured to determine whether the at least one memory comprises a named data object having a name matching the name of the requested data object and to provide the named data object on the first one of the at least one communication interface if the memory comprises the named data object. The at least one processor is also configured to, if the memory does not comprise the named data object, forward the interest message on one or more further ones of the at least one communication interface, associate the name of the requested data object with an identifier of the first one of the at least one communication interface in the at least one memory, receive the named data object on the one or more further ones of the at least one communication interface and forward the named data object on the first one of the at least one communication interface based on the association.

Systems and methods determine whether domain names are potentially maliciously registered variants of a set of monitored domain names. A computer system can receive domain names from a feed of newly registered domain names. For each received domain name, the computer system can generate a series of images of the domain name in different fonts and/or with various distortions applied thereto. The computer system can then transform the domain name images back to text via optical character recognition. Due to the differences in fonts and/or distortions applied to the generated images of the received domain name, the optical character recognition process can produce different text strings than the originally received domain name. The converted textual domain names are then analyzed to determine whether any one is sufficiently similar to a monitored domain name, indicating that the received domain name could be a malicious variant thereof.