In some examples, a system counts a number of digits in a domain name. The system compares a value based on the number of digits to a threshold, and indicates that the domain name is potentially generated by malware in response to the value having a specified relationship with respect to the threshold.

A network connection between a server group of a data intake and query system and each of one or more source network nodes is established. The server group includes an indexer server and a model management server. Source data at the server group is received from at least one of the one or more source network nodes via the respective network connections and transformed, by the indexer server, to timestamped entries of machine data. A model management server detects data constraints for a security model. The data constraints include a data element used by the security model and an availability requirement set, the availability requirement set defining when the data element is available. Using the timestamped entries, the data constraints are validated to obtain a validation result, where validating the data constraints includes determining whether the timestamped entries satisfy the availability requirement set for the data element. The model management server determines a data availability assessment of the security model based on the validation result. The data availability assessment of the security model is stored in computer storage.

Approaches provide for monitoring attempted network activity such as network port connections and corresponding payloads of network data obtained by a network device and, based on the attempted connections and/or payloads, identifying malicious network activity in real time. For example, network activity obtained from a plurality of network devices in a service provider environment can be monitored to attempt to detect compliance with appropriate standards and/or any of a variety of resource usage guidelines (e.g., network behavioral standards or other such rules, guidelines, or network behavior tests) based at least in part on network port connection activity with respect to at least one network device. If it is determined that network activity is not in compliance with the usage guidelines, or other such network behavior test, the system can take one or more remedial actions, which can include generating a notification identifying the malicious network activity.

A method and system for dynamically modifying rules in a firewall infrastructure. A signed passport, which includes a heart-beat time-out interval and a firewall rule, is received. A trigger signal is generated within the heart-beat time-out interval. The signed passport and the trigger signal are transmitted within the heart-beat time-out interval to a border control agent of a firewall in the firewall infrastructure. In response to receiving, from the border control agent, a continuous confirmation of the firewall rule within a time interval shorter than the heart-beat time-out interval, the firewall is modified according to the firewall rule. In response to determining that the trigger signal was not received by the border control agent within the heart-beat time-out interval, the firewall rule is reset.

A method comprises receiving, at a network infrastructure device, a flow of packets, determining, using the network infrastructure device and for a first subset of the packets, that the first subset corresponds to a first datagram and determining a first length of the first datagram, determining, using the network infrastructure device and for a second subset of the packets, that the second subset corresponds to a second datagram that was received after the first datagram, and determining a second length of the second datagram, determining, using the network infrastructure device, a duration value between a first arrival time of the first datagram and a second arrival time of the second datagram, sending, to a collector device that is separate from the network infrastructure device, the first length, the second length, and the duration value for analysis.

The present application relates to the handling of what are generally referred to as denial of service (DoS) attacks. More specifically, the present application relates to a method and system for protecting one or more on-line Web service application servers from DoS and/or distributed DoS (DDoS) attacks.

An information processing system includes a first device and a second device that is configured to perform a short-range wireless communication with the first device. In a case where the first device requests an external authentication apparatus for authentication, the first device sends information regarding the second device to the external authentication apparatus.

A system and method for generating a random number from an IP network is provided. A first datagram is transmitted from a first system to a second system and back to the first system. A second datagram is transmitted from the first system to the second system and back to the first system. The time elapsed between transmission of the first datagram to the second system and receipt of the first datagram back at the first system is measured as a first elapsed time. The time elapsed between transmission of the second datagram to the second system and receipt of the second datagram back at the first system is measured as a second elapsed time. The difference between the first elapsed time and the second elapsed time provides a random value.

Aspects of the present disclosure include a system comprising a computer-readable storage medium storing at least one program and a method for managing access permissions associated with data resources. The method includes providing a user interface for registering a policy to a client device, and receiving a policy registration associated with a data resource stored in a first network database. The method further includes registering a policy associated with the data resource based on the policy registration. The registering of the policy includes creating a policy object that is linked to the data resource and storing the policy object in a second network database.

A system and method for securely recording voice communications, comprising an authentication server, further comprising at least a software components operating on a network-capable computing device, and a database, wherein an authentication server verifies the validity of voice communications and a database stores voice communication recordings.