A security appliance may incorporate a touch screen or similar input/output interface, providing command and control over network functionality and configuration, without requiring log in via a network from another computing device. During denial of service attacks, commands from the local interface may be given priority access to processing resources and memory, allowing mitigating actions to be taken, such as shutting down ports, blacklisting packet sources, or modifying filter rules. This may allow the security device to address attacks without having to be manually rebooted or disconnected from the network.

In an embodiment, a computer implemented method receives flow data for a network flows. The method extracts a tuple from the flow data and calculates long-term and short-term trends based at least in part on the tuple. The long-term and short-term trends are compared to determine whether a potential network anomaly exists. If a potential network anomaly does exist, the method initiates a heavy hitter detection algorithm. The method forms a low-complexity intermediate stage of processing that enables a high-complexity heavy hitter detection algorithm to execute when heavy hitters are likely to be detected.

In one embodiment, a telemetry exporter in a network establishes a tunnel between the telemetry exporter and a traffic analysis service. The telemetry exporter obtains packet copies of a plurality of packets sent between devices via the network. The telemetry exporter forms a set of traffic telemetry data by discarding at least a portion of one or more of the packet copies, based on a filter policy. The telemetry exporter applies compression to the formed set of traffic telemetry data. The telemetry exporter sends, via the tunnel, the compressed set of traffic telemetry data to the traffic analysis service for analysis.

Arrangements for controlling access to a protected entity include receiving a redirected client request to access the protected entity that includes a public key of the client; granting, in response to the received redirected request, access tokens of a first type to a client using the public key of the client; identifying a conversion transaction identifying a request to convert the first type of access tokens with access tokens of a second type, the transaction designating the protected entity; determining a conversion value for converting the first-type access tokens into second-type access tokens based on at least one access parameter; converting, using the conversion value, a first sum of the first-type access tokens into a second sum of second-type access tokens; and granting the client access to the protected entity when the sum of second-type of access tokens is received as a payment from the protected entity.

Methods for operating a device and for managing bootstrapping of devices are disclosed. The method (100) for operating a device comprises computing (102) a derivative of a secret shared between the device and a server entity of a network, generating (104) a temporary bootstrap URI by combining at least a part of the computed derivative with a static bootstrap URI for the network, and sending (106) a bootstrap request to the temporary bootstrap URI. The method for managing bootstrapping of devices comprises generating temporary bootstrap URIs corresponding to devices operable to connect to a network, and updating a network DNS registry to map the generated temporary bootstrap URIs to the IP address of at least one of a bootstrap server instance reachable via the network and/or a bootstrap load balancer. Also disclosed are a device, a bootstrap load balancer, a bootstrap server, and a computer program.

A method of enabling functionality at a User Plane Function, UPF, by a Session Management Function, SMF, in a telecommunication network. The method includes receiving, by the UPF, a session creation/modification message for creating/modifying a session between the UPF and the SMF, wherein the session creation/modification message includes a session functionality indication for indicating functionality to be enabled for said session, and enabling, by the UPF, the functionality during the session between said UPF and the SMF.

A handling apparatus (14a) handles a server attack taking place on a network (1Na) or handles a server attack as requested by a security system provided on another network. In accordance with a determination that it is not possible to handle the server attack by the handling apparatus (14a), the control determination apparatus (12a) makes a request to another security system (1Sb) capable of handling the server attack to handle the server attack. A centralized control apparatus (11) determines whether the server attack taking place on the network (1Na) can be handled on another network.

The present invention relates to methods and apparatus for dynamically detecting and/or mitigating threats in communications systems. Exemplary methods and apparatus of the present invention allow for a combination of automated and operator controlled responses to threats. While an operator is provided an opportunity to provide input on how to respond to a threat, after one or more threats of a given type are identified, the system will automatically take corrective action without waiting for operator input and/or in the absence of operator input following notification of a threat.

Systems and methods in which devices synchronize their clocks for purposes of data transmission are described. Particularly, the disclosed systems and methods provide detection and mitigation of interference by malicious (or non-malicious) wireless devices with communication of time synchronized data over wireless networks. Systems and methods are provided where times statistics related to multiple instances of wireless time synchronization are collected and collated. Devices in the system can discipline their internal clocks based on the collated time statistics.

Provided are an electronic device and a method for controlling the electronic device. According to the disclosure, an electronic device configured to perform a radio access network function comprises: a communication interface comprising communication circuitry, a processor operatively connected with the communication interface, and a memory operatively connected with the processor, wherein the memory stores instructions which, when executed, cause the processor to: receive, via the communication interface, wireless communication data transmitted via a radio access network, process the received wireless communication data based on a radio access network protocol by at least one first virtualized module corresponding to at least one function of the radio access network, identify an abnormal sign based on the received wireless communication data or a result of processing of the wireless communication data by the at least one first virtualized module, transfer security information indicating the abnormal sign to a second virtualized module by the at least one first virtualized module, and determine an expected security threat on the radio access network based on the security information indicating the abnormal sign by the second virtualized module.