A method of detecting bots, preferably in an operating environment supported by a content delivery network (CDN) that comprises a shared infrastructure of distributed edge servers from which CDN customer content is delivered to requesting end users (clients). The method begins as clients interact with the edge servers. As such interactions occur, transaction data is collected. The transaction data is mined against a set of “primitive” or “compound” features sets to generate a database of information. In particular, preferably the database comprises one or more data structures, wherein a given data structure associates a feature value with its relative percentage occurrence across the collected transaction data. Thereafter, and upon receipt of a new transaction request, primitive or compound feature set data derived from the new transaction request are compared against the database. Based on the comparison, an end user client associated with the new transaction request is then characterized, e.g., as being associated with a human user, or a bot.

A detection device includes processing circuitry configured to identify candidate bots using flow data, use the flow data to count a number of the candidate bots communicating with servers, for each of the servers, and determine servers communicating with a predetermined number or more of the candidate bots among the servers to be malicious servers, and detect candidate bots communicating with the malicious servers that are determined among the candidate bots to be malicious bots.

Methods, systems, and media for dynamically separating Internet of Things (IoT) devices in a network are provided. In accordance with some embodiments of the disclosed subject matter, a method for dynamically separating IoT devices in a network is provided, the method comprising: detecting a first IoT device in the network; monitoring network communication of the first IoT device; determining device information of the first IoT device based on the monitored network communication; and causing the first IoT device to communicate on a first subnet of a plurality of subnets in the network based on the device information.

A method and system disclosed dynamically throttling a rate or volume in time of a power user for avoiding throughput penalties imposed by SaaS vendors on a user group due to excessive Application Programming Interface (API) events from users in the group, monitoring API event rate for requests from the group, collectively, and from individual users of the user group to a SaaS vendor is disclosed. Also, identifying a power user as submitting API events in excess of a limit, and on behalf of the user, throttling the power user's rate of API events submissions, based on a configurable policy specific to the SaaS vendor managed by a proxy, to reduce the user's impact on the API event rate of the group at least when the group's API rate, overall, exceeds or approaches a SaaS imposed trigger of a throughput penalty on the group, thereby avoiding triggering of the throughput penalty by the SaaS.

Data stored on a data asset may be migrated to another data asset while maintaining compliance to applicable regulations. A data asset may experience a failure. Based on the type of data stored by that data asset and the applicable regulations, requirements, and/or restrictions that relate to a transfer of that type data from that data asset, a target data asset may be determined. The data stored on the data asset may then be transferred to the target data asset. The disclosed systems may use data models and/or data maps in determining the requirements for a data transfer and selecting target data assets.

Described embodiments provide systems and method for intelligent path selection to reduce latency and maintain security. A client can request access to a server and multiple connections can be initiated to the requested destination, for example, a direct connection from a branch office and a backhauled connection through a data center. Traffic via the second connection can be controllable by application of at least one rule of the data center. A device can determine a delay in the exchange of data via the connections and a security level of the connections. The determination of the delay in the exchange of data via the another connection can be based on in part feedback about the application of the rule. The device can connect a client device to a server through one of the connections using the determination of the delay and the security level of the connection.

A network apparatus maintains a data repository comprising network traffic data related to a plurality of user devices, the network traffic data being collected from a plurality of Network Service Providers (NSPs). A subset of the plurality of user devices are detected to be communicating with one or more same endpoint devices based on analysing the network traffic data. A number of historical connections between each user device of the subset of the plurality of user devices and the one or more endpoint devices is determined based on analysing historical connection data maintained in the data repository, and in response to detecting that the number of historical connections between the subset of the plurality of user devices and the one or more endpoint devices exceeds a predetermined threshold, the one or more endpoint devices are identified as a suspected botnet.

At an artificial intelligence based service to detect violations of resource usage policies, an indication of a first data set comprising a plurality of network traffic flow records associated with at least a first device of a set of devices may be obtained. Using the first data set, a machine learning model may be trained to predict whether resource usage of a particular device of a particular network violates a first resource usage acceptability criterion. In response to determining, using a trained version of the model, that the probability that a second device has violated the acceptability criterion exceeds a threshold, one or more actions responsive to the violation may be initiated.

A system and method for the detection and system impact mitigation of bots in Internet of Things (IoT) devices, the system including a smart auditor configured to interface with and control a power supply of an IoT device, the smart auditor being configured to measure and transmit power usage information of the IoT device. The system then utilizing a historical database and various IoT devices and associated power usage patterns to identify anomalies in power usage by the IoT device based on historical data, utilize machine learning to recognize normal and non-normal power usage patterns, and generate a command to shut off power to the IoT device upon detection of malicious botnet activity. The system including encryption protocols to maintain privacy during communication of the power usage information as well as maintain integrity and secrecy regarding model information from the historical database.

In an embodiment, a method includes deploying a learning bot onto a system of bots, where the learning bot monitors a first bot of the system of bots, the first bot executing a first automated process. The method further includes determining a learning phase of the learning bot. The learning bot utilizes a plurality of learning phases including a first learning phase, a second learning phase and a third learning phase. The method also includes, responsive to a determination that the learning bot is in the third learning phase, the learning bot: monitoring activity related to the first automated process; collecting data related to the monitored activity; analyzing at least a portion of the collected data; identifying an automatic tuning adjustment responsive to the analyzing; and automatically making the automatic tuning adjustment to the first automated process.