This specification generally relates to methods and systems for applying network policies to devices based on their current access network. One example method includes identifying a proxy connection request sent from a particular client device to a proxy server over a network, the proxy connection request including a hostname and configured to direct the proxy server to establish communication with the computer identified by the hostname on behalf of the client device; determining an identity of the client device based on the proxy connection request; identifying a domain name system (DNS) response to a DNS request including the hostname from the proxy connection request; and updating DNS usage information for the particular client based on the identified DNS response including the hostname from the proxy connection request.

A server can include a detection module for monitoring an electronic account and detecting irregular or fraudulent activities. The detection module can be a machine learning model configured to detect activities or patterns indicative of an account being compromised, hacked or accessed by unauthorized users. Upon detection of the irregular activities or patterns, the detection module can transmit a notification or signal to a trigger module which can implement remedial actions. The trigger module can receive the signal from the detection module and execute an action in accordance with a trigger plan. The trigger plan can include various information and a range of actions, which can be selected and/or executed based on the information included in the signal.

Some embodiments provide a technique for detecting highly-vulnerable domain names and remediating associated problems. The technique can include collecting DNS data representing a requests to the DNS over a period of time and determining a subset of the DNS data representing DNS-based service discovery requests to unregistered domains over the period of time. The technique can also include, for each of the unregistered domains, determining a query ratio and a persistence ratio. The technique can also include ranking the unregistered domains according to a metric that includes the query ratios and the persistence ratios, such that a ranked list of domain names is produced and outputting an initial segment of the ranked list of domain names as the highly-vulnerable domain names. The technique can also include remediating attacks on at least one of the highly-vulnerable domain names.

A method for processing a cloud service in a cloud system, wherein the cloud system includes a hosted cloud, an allied cloud, and an alliance management apparatus, wherein the hosted cloud includes a first region, the allied cloud includes a second region, the hosted cloud further provides a virtual region for a user, and the virtual region is mapped by the second region on the hosted cloud. The alliance management apparatus enables a user of the hosted cloud to obtain unified experience when the user accesses the first region and the virtual region in the cloud system, for example, unified experience in control interface access, and unified experience in application programming interface (API) access.

Methods, systems, and storage media for identifying a sequence of events and participants for record objects are disclosed. Exemplary implementations may: access record objects of a system of record; identify a subset of record objects associated with a group entity and having a first record object status; identify one or more electronic activities linked to the record objects; determine an event-participant pattern based on the electronic activities linked to the record object; identify electronic activities linked with a second record object; determine that a first event is performed by the a participant type and a second event is not yet performed by a second participant type; generate a content item identifying an action to trigger a performance of the second event; and transmit the content item to a device of a participant of at least one electronic activity linked with the second record object.

A method for managing a mobile node of an SDN controller according to an aspect of the present disclosure includes receiving a router solicitation message of a mobile node transmitted through a first AP operated by the SDN controller.

Aspects of the present disclosure involve provisioning customers of an aggregator, such as a reseller, of a content delivery network (CDN). Content requests to the CDN are processed in accordance with the virtual IP (VIP) address at which the request was received, according to a property template bound to the VIP. The template is selected by the customer and involves discrete parameters for the reseller. Cache fills of the network are processed without direct knowledge by the CDN of the customer origin through a combination of some request attribute, e.g., alias host of the customer, and an attribute of the reseller to make a DNS request to a name server outside the CDN. Another aspect involves receiving a property template selection, an origin and an alias from a customer of the reseller, and providing appropriate DNS entries to validate the customer and provide origin information to the CDN.

A system and method are disclosed for managing the deployment of application programming interfaces (APIs) within a hybrid cloud network architecture. APIs can be created for applications or services deployed to a hybrid cloud including public clouds and/or private clouds. The APIs are deployed to API gateways associated with each data center in the network. The network is conceptually divided into spaces, where each space corresponds to a set of API gateways deployed within designated geographical regions. The API gateways are mapped to the network locations for the API gateways by interacting with Domain Name System (DNS) name servers. API calls use the domain names as included in the DNS records to resolve the API call as being directed to a specific API gateway corresponding to the service for the API call.

One embodiment provides a system that facilitates schematized access control in a content centric network. During operation, the system generates, by a content producing device, a secret key for a user based on a schema, wherein the schema is a regular expression which corresponds to one or more names and allows a user access to content associated with the names, wherein a name is a hierarchically structured variable length identifier that includes contiguous name components ordered from a most general level to a most specific level. The system receives an interest with a name that corresponds to the schema. The system encrypts a payload of a responsive content object based on the interest name. The system transmits the responsive content object with the encrypted payload to the user, which allows the user to decrypt the encrypted payload with the secret key.

Methods, systems, and computer program products for managing Internet of Things (IoT) network-connected devices.