Aspects of the subject disclosure may include, for example, obtaining first traffic from a first communication device; analyzing the first traffic to classify the first traffic as being associated with an execution of a first application; based on the classification of the first traffic as being associated with the execution of the first application, translating an address associated with the first traffic from a first address associated with a first network to a second address associated with a second network, the second network being different from the first network; and conveying the first traffic to a second communication device of the second network using the second address. Other embodiments are disclosed.

Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a virtual IP (VIP) address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a virtual network of VIP addresses. The client device may then communicate data packets to the server using the VIP address as the destination address, and a virtual network service that works in conjunction with DNS can convert the VIP address to the actual IP address of the server using NAT and forward the data packet onto the server.

Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a random IP address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a random IP address that cannot be used to identify the endpoint device or service. The client device may then communicate data packets to the server using the random IP address as the destination address, and a gateway that works in conjunction with DNS can convert the random IP address to the actual IP address of the server using NAT and forward the data packet onto the server.

A system and method for monitoring network communications are provided. The method comprises capturing one or more packets of data in a networking stack of a computing device. Then, a unique identifier is associated with the computing device that uniquely identifies the computing device. The unique identifier and a sample of the contents of each of the one or more captured packets of data are then stored. The method may further comprise generating hybrid flow data by processing the stored unique identifier and the sample of the contents of each of the one or more captured packets of data. The hybrid data flow comprises the unique identifier, the sample of the contents of each of the one or more captured packets of data, derived network flow data, and derived statistical packet data.

An infrastructure for serving client nodes is disclosed, wherein the infrastructure comprises: a first plurality of service nodes; a second plurality of client nodes; and at least one linking server for providing connecting information to enable the nodes to establish connections between each other, wherein each service node provides service to at least one of the second plurality of client nodes through P2P connections respectively, and a first service node of the first plurality of service nodes acts as a client node to receive service from a second service node of the first plurality of service nodes.

Systems and methods for effectively managing security and privacy measures during a user's connectivity session with a VPN service are provided. The systems and methods use a computer program that introduces a double-NAT feature at the network layer and a temporary hash table containing the minimally necessary temporary data to link two NAT sessions together in a secure manner. The systems and methods avoid including the dynamic management of IP addresses or requiring each client to have an IP address assigned beforehand to avoid compromising the user's identity by hard linking the session traces with the client

A computer that segments traffic associated with different entities across heterogeneous networks is described. During operation, the computer may provide, addressed to a second computer, information that specifies a mapping of an identifier of an electronic device in a wireless network and a second identifier of a virtual container for traffic associated with the electronic device in the wireless network to a third identifier of the electronic device in a cellular-telephone network, where the electronic device and the virtual container are associated with an entity. Then, the computer may communicate the traffic between the wireless network and the cellular-telephone network within the virtual container based at least in part on the mapping, where the virtual container isolates the traffic from other traffic in the wireless network. Note that the identifier may include a MAC address and the third identifier may include an IMSI.

A computer that segments traffic associated with different entities across heterogeneous networks is described. During operation, the computer may provide, addressed to a second computer, information that specifies a mapping of an identifier of an electronic device in a wireless network and a second identifier of a virtual container for traffic associated with the electronic device in the wireless network to a third identifier of the electronic device in a cellular-telephone network, where the electronic device and the virtual container are associated with an entity. Then, the computer may communicate the traffic between the wireless network and the cellular-telephone network within the virtual container based at least in part on the mapping, where the virtual container isolates the traffic from other traffic in the wireless network. Note that the identifier may include a MAC address and the third identifier may include an IMSI.

A server-side technique to detect and mitigate client-side content filtering, such as ad blocking. In operation, the technique operates on a server-side of a client-server communication path to provide real-time detect the existence of a client filter (e.g., an ad blocker plug-in) through transparent request exchanges, and then to mitigate (defeat) that filter through one or operations designed to modify the HTML response body or otherwise obscure URLs. Preferably, the publisher (the CDN customer) defines one or more criteria of the page resources being served by the overlay (CDN) and that need to be protected against the client-side filtering.

A server-side technique to detect and mitigate client-side content filtering, such as ad blocking. In operation, the technique operates on a server-side of a client-server communication path to provide real-time detect the existence of a client filter (e.g., an ad blocker plug-in) through transparent request exchanges, and then to mitigate (defeat) that filter through one or operations designed to modify the HTML response body or otherwise obscure URLs. Preferably, the publisher (the CDN customer) defines one or more criteria of the page resources being served by the overlay (CDN) and that need to be protected against the client-side filtering.