This disclosure generally relate to a method and system for network policy simulation in a distributed computing system. The present technology relates techniques that enable simulation of a new network policy with regard to its effects on the network data flow. By enabling a simulation data flow that is parallel and independent from the regular data flow, the present technology can provide optimized network security management with improved efficiency.

Packets may be received by a packet security gateway. Responsive to a determination that an overload condition has occurred in one or more networks associated with the packet security gateway, a first group of packet filtering rules may be applied to at least some of the packets. Applying the first group of packet filtering rules may include allowing at least a first portion of the packets to continue toward their respective destinations. Responsive to a determination that the overload condition has been mitigated, a second group of packet filtering rules may be applied to at least some of the packets. Applying the second group of packet filtering rules may include allowing at least a second portion of the packets to continue toward their respective destinations.

A method at a network element for monitoring user plane traffic for a user equipment, the method including configuring a set of characteristics and a range of values for each of the set of characteristics for user plane traffic between the user equipment and the network element; monitoring user plane traffic for the user equipment at the network element, the monitoring determining whether at least one characteristic of the user plane traffic falls outside of the configured range of a values, resulting in a characteristic violation; and if the at least one characteristic of the user plane traffic falls outside the configured range of a values, performing an action resulting from the characteristic violation.

Provided is a method of controlling transmission of a packet, the method including generating first group generation information used to generate a plurality of first virtual machine groups by grouping at least one of a plurality of virtual machines in a first host server, based on a network service descriptor related to at least one service provided by a plurality of host servers, transmitting the first group generation information to the first host server, generating a packet transmission rule related to packets transmitted among the plurality of first virtual machine groups, based on the network service descriptor, transmitting the generated packet transmission rule to the first host server, receiving, from the first host server, a notification message notifying about receipt of a packet transmission request that violates the transmitted packet transmission rule, when receiving the violating packet transmission request in the first host server, and outputting the notification message received from the first host server.

A method for operating a communications system, in particular a communications system based on software-defined networking, which has at least one network infrastructure component, in particular an SDN switch, and at least one communications device, the network infrastructure component being developed for forwarding data to and/or from the at least one communications device. The method includes the following steps: allocating the communications device to at least one security zone; specifying at least one forwarding rule for forwarding data by the network infrastructure component to and/or from the communications device, the specification of the forwarding rule taking place under consideration of the security zone.

Systems and methods are provided for managing false positives in a network anomaly detection system. The methods may include receiving a plurality of anomaly reports; extracting fields, and values for the fields, from each of the anomaly reports; grouping the anomaly reports into a plurality of groups according to association rule learning, wherein each group is defined by a respective rule; for each group, creating a cluster based on common values for the fields; and marking each cluster as a possible false positive anomaly cluster.

A network security system centrally manages security packages and deploy them to a network host that is identified as potentially compromised. A security package is selected or assembled to be targeted to the identified host. Security packages are designed to isolate identified hosts from other network resources and collect forensic information from the hosts without interfering with operations of the hosts. Once forensic information is collected, software packages can be dissolved from hosts. Collected forensic information can be used to analyze and mitigate threats on hosts.

A method for making a playlist available to the public, in which the playlist comprises user-defined descriptor information. The user-defined descriptor information is entered as free form text or prose.

An output-decision-based negative feedback control method and system. The method includes: receiving, by an output decider, output responses of at least two heterogeneous functional equivalents, and dividing numbers corresponding to the at least two heterogeneous functional equivalents into at least one set according to the output responses; determining, by the output decider, credibility of each set according to the output responses, and sending the at least one set and the credibility corresponding to each set to a feedback controller via decision information; generating, by the feedback controller, a first scheduling policy and/or a second scheduling policy according to the decision information; and sending, by the feedback controller, the first scheduling policy to an input proxy, and/or sending a change instruction to the heterogeneous functional equivalent indicated by the second scheduling policy. The method can prevent in advance and process a heterogeneous functional equivalent that may be faulty.

Methods, systems, and apparatus for detecting and mitigating anomalous network traffic. With at least one processor in a network, information regarding network traffic flows is obtained and a classification model is generated based on the obtained information, the classification model comprising one or more classification rules for classifying network traffic as normal or anomalous. With the at least one processor in the network, the network traffic is classified as anomalous or normal based on the generated classification model and at least one mitigation action is initiated based on the network traffic being classified as anomalous.