A system and method for file type identification involving extraction of a file-print of a file, the file-print being a unique or practically-unique representation of statistical characteristics associated with the distribution of bits in the binary contents of the file, similar to a fingerprint. The file-print is then passed to a machine learning algorithm that has been trained to recognize file types from their file-prints. The machine learning algorithm returns a predicted file type and, in some cases, a probability of correctness of the prediction. The file may then be encoded using an encoding algorithm chosen based on the predicted file type.

A method for processing a denial of service (DOS) includes: receiving a de-authentication/disassociation (D/D) frame by an access point (AP), determining by the AP a state of security association establishment between the AP and a client device, maintaining a connection between the AP and the client device if the security association is incomplete, sending a probe packet from the AP to the client device if security association is complete and the connection between the AP and the client device is in a non-PMF (protected management frames) setting, maintaining the connection if the client device responds to the probe packet, and terminating the connection if the client device does not respond to the probe packet.

The disclosed computer-implemented method includes applying transport protocol heuristics to selective acknowledgement (SACK) messages received at a network adapter from a network node. The transport protocol heuristics identify threshold values for operational functions that are performed when processing the SACK messages. The method further includes determining, by applying the transport protocol heuristics to the SACK messages received from the network node, that the threshold values for the transport protocol heuristics have been reached. In response to determining that the threshold values have been reached, the method includes identifying the network node as a security threat and taking remedial actions to mitigate the security threat. Various other methods, systems, and computer-readable media are also disclosed.

Systems and techniques for misbehavior processing in connected vehicle networks such as a vehicle-to-everything (V2X) communication environment are described herein. A misbehavior report may be received by a local misbehavior agent from a node operating on a vehicle communication network. The local misbehavior agent may be responsible for a geographic area in which the node is located. The misbehavior report may be corroborated using the misbehavior report and evidence of misbehavior of a subject node of the misbehavior report. A revocation recommendation may be generated for the subject node based on the corroboration. The revocation recommendation may be transmitted to a misbehavior authority operating on the vehicle communication network.

A device bootstrap method and a terminal configured to send a bootstrap request to a server, wherein the bootstrap request includes a node identifier (ID) and a transmission channel parameter of the terminal, receiving an acknowledgment message carrying a transmission channel selected by the server, where the transmission channel is determined based on the transmission channel parameter, receiving a temporary ID indication message including a temporary ID and a temporary key sent by a forwarding apparatus, where the forwarding apparatus is a network element that is configured to send a message to the terminal through the transmission channel selected by the server, and wherein the terminal is further configured to establish a secure communication channel with the server according to the temporary ID and the temporary key.

The present invention relates to methods, systems and apparatus for providing efficient packet flow fillrate adjustments and providing protection against distributed denial of service attacks. One exemplary embodiment in accordance with the invention is a method of operating a communication system including the steps of receiving, at a session border controller, a first SIP invite request message; making a decision, at the session border controller, as to whether the first SIP invite request originated from an Integrated Access Device or an IP-PBX device; generating, at the SBC, a packet flow fillrate based on said decision as to whether the SIP invite request originated at an Integrated Access Device or an Internet Protocol-Private Branch Exchange (IP-PBX) device.

A method for transmitting data in a computer network is provided, which comprises, at a first node of the network: receiving a computing puzzle from a puzzle server node of the network distinct from the first node; determining a solution to the puzzle for transmitting a message to a second node of the network distinct from the puzzle server node; and transmitting data to the second node, wherein the transmitted data comprises a message and the determined solution to the puzzle.

An automated vehicle parking system uses a driver's authentication device, such as a mobile phone or portable tag, to identify the driver. Vehicle sensing terminals detect when and where a vehicle has parked and send wireless notifications to the vehicle owner's authentication device. The authentication device, the vehicle sensing terminal and a cloud server interact using secure wireless communications to validate the driver's qualifications and record the parking event. Vehicle sensing terminals detect when the vehicle leaves its parking space and the parking system automatically terminates the parking session. The authentication device handles the bulk of the communication with the cloud server to reduce consumption of the vehicle sensing terminal's power supply. The sensing and portable tag devices communicate using secure tokens that are encrypted with unique individual or group keys.

In the context of network activity by an endpoint in an enterprise network, malware detection is improved by using a combination of reputation information for a network address that is accessed by the endpoint with reputation information for an application on the endpoint that is accessing the network address. This information, when combined with a network usage history for the application, provides improved differentiation between malicious network activity and legitimate, user-initiated network activity.

A distributed denial of service (“DDoS”) attack profiler can determine a plurality of DDoS attack properties associated with a DDoS attack that utilizes an Internet of Things (“IoT”) device operating in communication with a home gateway. The DDoS attack profiler can create a DDoS attack profile and can provide a DDoS attack report based upon the DDoS attack profile to a correlator. An IoT device profiler can determine a plurality of IoT device properties and can create, based upon the plurality of IoT device properties, an IoT device profile. The IoT device profiler can create an anomaly report that identifies an anomaly associated with the IoT device. The correlator can correlate the DDoS attack report with the anomaly report to determine if a match exists. In response to determining that the match exists, the home gateway system can store the bot match record in a bot match repository.