Decoding includes sensing a packet related to SSL handshake for connecting a SSL between a client and a server after a TCP session has been established between the client and the server in an SSL decoding device. If the packet for an SSL handshake is transmitted in a preset operating system, an SSL between the client and the SSL decoding device and an SSL between the SSL decoding device and the server is established. A TCP session between a virtual client corresponding to the client and a virtual server corresponding to the server is also established. A packet transmitted/received between the virtual client and the virtual server is transmitted when the TCP session is established. If a first SSL packet transferred from the client to the SSL decoding device is received, the SSL packet is decoded and transmitted to the security device and to the server.

A system that enables hanging lawful interception (LI) resources to be cleaned up includes a triggering function set comprising a plurality of triggering functions. The system also includes a data store comprising a plurality of auditing records corresponding to the plurality of triggering functions in the triggering function set. Each auditing record comprises a claimant attribute. Each triggering function sends an update request to the data store in response to being notified about a failed triggering function within the triggering function set. Each update request comprises a request to change ownership of the auditing record corresponding to the failed triggering function. A triggering function is selected as a new owner of the auditing record corresponding to the failed triggering function based at least in part on a match between the claimant attribute in the auditing record and a claimant field in the update request sent by the triggering function.

A method, apparatus, and a computer-readable medium for network device protection. The method includes: intercepting present network data related to a present data connection of a user apparatus; analyzing the present network data; and in response to determining that the user apparatus utilizes a privacy feature in the present data connection implemented by a first internet relay and a second internet relay, blocking the present data connection.

Techniques and mechanisms for using passively collected network data to automatically generate a fingerprint prevalence database without the need for endpoint ground truth. The process first clusters all observations with the same fingerprint string and similar source and destination context. The process then annotates each cluster with descriptive information and uses a rule-based system to derive an informative name from that descriptive information, e.g., “winnt amp client” or “cross-platform browser”. Optionally, the learned database may be augmented by a user to clarify custom process labels. Additionally, the generated database may be used to report the inferred processes in the same way as databases generated with endpoint ground truth.

A route viewing system includes a computing system that receives information associated with one or more routes through a network, and identifies the routes that are associated with at least one illicit user computer used by an illicit user. The computing system then obtains a source location of a source address of the routes and a destination location of a destination address of the routes, and displays the routes on a geographical display at the source location of the source address and the destination location of the destination address of each of the routes.

Various embodiments are generally directed to improved channel quality information feedback techniques. In one embodiment, for example, an apparatus for a base station is provided that includes a radio interface and a processor coupled to the radio interface. The processor is configured to receive a channel quality indicator (CQI) index, wherein the CQI index is based on a channel state information (CSI) reference resource, further wherein a first three orthogonal frequency-division multiplexing (OFDM) symbols of the CSI reference resource are occupied by control signals, select a modulation and coding scheme (MCS) for a physical downlink shared channel (PDSCH) based on the CQI index, and cause transmission of the PDSCH based on the selected MCS via the radio interface. Other embodiments are described and claimed.

The disclosure relates to a communication technique for converging, with an IoT technology, a 5G communication system for supporting a higher data transmission rate than a 4G system, and a system therefor. The disclosure may be applied to intelligent services, such as smart homes, smart buildings, smart cities, smart cars or connected cars, health care, digital education, retail businesses, and security and safety related services, on the basis of 5G communications technologies and IoT-related technologies. A method for operating relay UE in a mobile communication system includes transmitting, to a network node connected to the relay UE, a remote UE report message including remote UE information about a remote UE accessing a network via the relay UE, wherein the remote UE information includes IP address information allocated to the remote UE; starting a timer upon transmitting the remote UE report message to the network node; receiving, from the network node, a response message in reply to the remote UE report message; and stopping the timer upon receipt of the response message from the network node. the IP address information includes an IP address and port information of the remote UE in case that IPv4 is used as an address type.

System and method that uses a first transceiver and a second transceiver, and a processor. The processor is configured to cause a cellular device associated with the 5G cellular network to communicate, to the first transceiver, a 5G identifier used by the device to identify itself, using the first transceiver. The processor is further configured to ascertain a correspondence between the 5G identifier and a Subscription Permanent Identifier (SUPI), by communicating with a core network of the 5G cellular network via a lawful-interception (LI) communication interface of the core network. The processor is further configured to cause the cellular device to register with the second transceiver, in response to ascertaining the correspondence and to the 5G identifier having been communicated from the cellular device.

System and method to receive respective copies of communication packets exchanged, over a network, with respective communication endpoints belonging to respective servers, the packets containing respective endpoint identifiers, each of which includes a respective Internet Protocol (IP) address and port number identifying the communication endpoint with which the packet containing the endpoint identifier was exchanged. The processor is further configured to ascertain respective services that use the communication endpoints, by communicating investigative traffic over the network. The processor is further configured to store an association between the communication endpoints and the services, respectively, in the memory, in response to ascertaining the services.

A method and system for automatically classifying protected devices of a protected network to protection groups providing customized protection. The method includes accessing network flow information that includes network statistics processed from observed data obtained by packet interception devices, accessing at least one model that was trained using machine learning and a training data set of the network flow information to classify protected devices having addresses that correspond to destination addresses associated with the training data set to respective protection groups as a function of the network statistics that correspond to the training data set, and classifying a protected device that has an address that corresponds to a destination address associated with a portion of the network flow information to at least one of the protection groups using the at least one model and machine learning and as a function of the network statistics that correspond to the portion of the network flow information.