A data transmission method implemented by a network device, where the data transmission method includes receiving a first data packet sent by a transmit end, buffering the first data packet to a low-priority queue when the first data packet is sent by the transmit end during a first round-trip time (RTT) of a data transmission phase between the transmit end and a receive end, receiving a second data packet from the transmit end, buffering the second data packet to a high-priority queue when the second data packet is not sent by the transmit end during the first RTT, and forwarding the second data packet in the high-priority queue before the first data packet in the low-priority queue.

Systems, methods, and computer-readable media for managing compromised sensors in multi-tiered virtualized environments. In some embodiments, a system can receive, from a first capturing agent deployed in a virtualization layer of a first device, data reports generated based on traffic captured by the first capturing agent. The system can also receive, from a second capturing agent deployed in a hardware layer of a second device, data reports generated based on traffic captured by the second capturing agent. Based on the data reports, the system can determine characteristics of the traffic captured by the first capturing agent and the second capturing agent. The system can then compare the characteristics to determine a multi-layer difference in traffic characteristics. Based on the multi-layer difference in traffic characteristics, the system can determine that the first capturing agent or the second capturing agent is in a faulty state.

Systems, methods, and computer-readable media for managing compromised sensors in multi-tiered virtualized environments. In some embodiments, a system can receive, from a first capturing agent deployed in a virtualization layer of a first device, data reports generated based on traffic captured by the first capturing agent. The system can also receive, from a second capturing agent deployed in a hardware layer of a second device, data reports generated based on traffic captured by the second capturing agent. Based on the data reports, the system can determine characteristics of the traffic captured by the first capturing agent and the second capturing agent. The system can then compare the characteristics to determine a multi-layer difference in traffic characteristics. Based on the multi-layer difference in traffic characteristics, the system can determine that the first capturing agent or the second capturing agent is in a faulty state.

A computer-implemented method for protecting a processing environment from malicious incoming network traffic may be provided. The method comprises: in response to receiving incoming network traffic comprising a data packet, performing a packet and traffic analysis of the data packet to determine whether said data packet is non-malicious and malicious, and processing of the data packet in a sandbox environment. Furthermore, the method comprises: in response to detecting that the data packet is non-malicious based on the packet and traffic analysis, releasing the processed data packet from the sandbox environment for further processing in the processing environment, and in response to detecting that the data packet is malicious based on the packet and traffic analysis discarding the data packet.

A computer-implemented method for protecting a processing environment from malicious incoming network traffic may be provided. The method comprises: in response to receiving incoming network traffic comprising a data packet, performing a packet and traffic analysis of the data packet to determine whether said data packet is non-malicious and malicious, and processing of the data packet in a sandbox environment. Furthermore, the method comprises: in response to detecting that the data packet is non-malicious based on the packet and traffic analysis, releasing the processed data packet from the sandbox environment for further processing in the processing environment, and in response to detecting that the data packet is malicious based on the packet and traffic analysis discarding the data packet.

A first node and a second node transmit packets to a third node via a switch. The packets are buffered in a Tx buffer in the switch and then transmitted to the third node. When the third node detects a sign of congestion at the Tx buffer based on the reception frequency of the packets, it is recognized, from transmitter addresses included in the received packets, that the nodes transmitting the packets to the third node are the first node and the second node, and a control packet for a transmission stop request is transmitted to the first node and the second node. On receiving the control packet for a transmission stop request, the first node stops transmission of only packets addressed to the third node. On receiving the control packet for a transmission stop request, the second node stops transmission of only packets addressed to the third node.

A first node and a second node transmit packets to a third node via a switch. The packets are buffered in a Tx buffer in the switch and then transmitted to the third node. When the third node detects a sign of congestion at the Tx buffer based on the reception frequency of the packets, it is recognized, from transmitter addresses included in the received packets, that the nodes transmitting the packets to the third node are the first node and the second node, and a control packet for a transmission stop request is transmitted to the first node and the second node. On receiving the control packet for a transmission stop request, the first node stops transmission of only packets addressed to the third node. On receiving the control packet for a transmission stop request, the second node stops transmission of only packets addressed to the third node.

A component of a cellular communication system is configured to prioritize data packets based on packet tags that have been associated with the data packets. The packet tags may comprise an application identifier and a customer identifier, as examples. A Packet Data Convergence Protocol (PDCP) layer of a radio protocol stack receives a data packet and associated packet tags and assigns the data packet to a preferred transmission queue or a non-preferred transmission queue, based on the packet tags associated with the data packet. In order to manage queue overflows, data packets of the non-preferred transmission queue may be discarded when they have been queued for more than a predetermined length of time. Data packets of the preferred transmission queue, however, are retained regardless of how long they have been queued.

Provided are a method of providing a communication channel for secure management between a uniway data transmitting device and a uniway data receiving device which are physically separated from each other in a uniway security gateway system, and a uniway data transceiving device for providing two uniway communication channels therefor. The uniway security gateway system includes a uniway data transmitting device located in a secure area and a uniway data receiving device located in a control area, wherein the uniway data transmitting device and the uniway data receiving device provide a first communication channel for transmitting and receiving data in one direction from the secure area to the control area and a second communication channel for transmitting and receiving management data in one direction from the control area to the secure area.

Provided are a method of providing a communication channel for secure management between a uniway data transmitting device and a uniway data receiving device which are physically separated from each other in a uniway security gateway system, and a uniway data transceiving device for providing two uniway communication channels therefor. The uniway security gateway system includes a uniway data transmitting device located in a secure area and a uniway data receiving device located in a control area, wherein the uniway data transmitting device and the uniway data receiving device provide a first communication channel for transmitting and receiving data in one direction from the secure area to the control area and a second communication channel for transmitting and receiving management data in one direction from the control area to the secure area.