公开(公告)号：US10079844B2

公开(公告)日：2018-09-18

申请号：US15683129

申请日：2017-08-22

Applicant: AT&T INTELLECTUAL PROPERTY I, L.P.

Inventor： Thusitha Jayawardena ,  Jeffrey E. Bickford ,  Mikhail Istomin ,  John Liefert ,  Gokul Singaraju ,  Christopher Van Wart

IPC: G06F21/00 ,  H04L29/06 ,  G06F11/07 ,  G06F9/455

CPC classification number: H04L63/1416 ,  G06F9/45512 ,  G06F9/45558 ,  G06F11/0709 ,  G06F11/0712 ,  G06F11/0751 ,  G06F11/079 ,  G06F2009/45587 ,  G06F2009/45591 ,  H04L63/145

Abstract: An insider attack resistant system for providing cloud services integrity checking is disclosed. In particular, the system utilizes an automated integrity checking script and virtual machines to check the integrity of a service. The system may utilize the integrity checking script and virtual machines to execute a set of operations associated with the service so as to check the integrity of the service. When executing the set of operations, the system may only have access to the minimum level of access to peripherals that is required for each operation in the set of operations to be executed. After each operation is executed, the system may log each result for each operation, and analyze each result to determine if a failure exists for any of the operations. If a failure exists, the system may determine that a change in an expected system behavior associated with the service has occurred.

公开(公告)号：US11477163B2

公开(公告)日：2022-10-18

申请号：US16551059

申请日：2019-08-26

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Thusitha Jayawardena ,  Christopher Van Wart ,  Leonard Russo ,  Nicholas Arconati ,  Robert Chin

IPC: H04L29/06 ,  H04L9/40 ,  H04L67/1097 ,  G06F9/455

Abstract: Concepts and technologies directed to scrubbed internet protocol domain for enhanced cloud security are disclosed herein. In various aspects, a system can include a processor and memory storing instructions that, upon execution, cause performance of operations. The operations can include exposing an application to a service provider network that provides an internet connection, where the application is provided by a datacenter that communicates with the service provider network. The operations can include monitoring traffic flows to the application during an observation time period, where the traffic flows include probe traffic that attempts to reach the application. The operations can include constructing a scrubbed internet protocol domain such that detected probe traffic is prevented from reaching a plurality of virtual machines provided by the datacenter.

公开(公告)号：US11202254B1

公开(公告)日：2021-12-14

申请号：US16944439

申请日：2020-07-31

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Tarun Chaki ,  Thusitha Jayawardena ,  Nicholas Arconati

IPC: H04W48/18 ,  H04W12/06 ,  H04W4/021 ,  H04W4/50 ,  H04W88/06 ,  H04W8/18

Abstract: Aspects of the subject disclosure may include, for example, selecting, a group of International Mobile Subscriber Identities (IMSIs), selecting a group of traffic simulator devices, and provisioning each of the group of IMSIs to each of the group of traffic simulator devices. Further embodiments can include providing first instructions to a first portion of the group of traffic simulator devices. The first instructions cause the first portion of the group of traffic simulator devices to generate simulated voice traffic over a first plurality of time periods. Additional embodiments can include providing second instructions to a second portion of the group of traffic simulator devices. The second instructions cause the second portion of the group of traffic simulator devices to generate simulated data traffic over a second plurality of time periods. Other embodiments are disclosed.

公开(公告)号：US20210067489A1

公开(公告)日：2021-03-04

申请号：US16551059

申请日：2019-08-26

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Thusitha Jayawardena ,  Christopher Van Wart ,  Leonard Russo ,  Nicholas Arconati ,  Robert Chin

IPC: H04L29/06 ,  H04L29/08 ,  G06F9/455

Abstract: Concepts and technologies directed to scrubbed internet protocol domain for enhanced cloud security are disclosed herein. In various aspects, a system can include a processor and memory storing instructions that, upon execution, cause performance of operations. The operations can include exposing an application to a service provider network that provides an internet connection, where the application is provided by a datacenter that communicates with the service provider network. The operations can include monitoring traffic flows to the application during an observation time period, where the traffic flows includes probe traffic that attempts to reach the application. The operations can include constructing a scrubbed internet protocol domain such that detected probe traffic is prevented from reaching a plurality of virtual machines provided by the datacenter.

公开(公告)号：US10681611B1

公开(公告)日：2020-06-09

申请号：US16193379

申请日：2018-11-16

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Thusitha Jayawardena ,  Christopher Van Wart ,  Donald Levy ,  Cristina Serban ,  David Gross ,  Deon Ogle ,  Shawn Hiemstra ,  Jayaraman Ramachandran

IPC: H04W40/24 ,  H04W40/02 ,  H04W84/04 ,  H04W84/12

Abstract: Aspects of the subject disclosure may include, for example, determining a first access point name according to a first service set identifier associated with a first wireless message transmitted according to a first wireless protocol from a first device, where the first access point name is included in a set of access point names of a cellular communication system, and transmitting a second wireless message according to a second wireless protocol to a communication node of a guided wave communication system, where the guided wave communication system is communicatively coupled to the cellular communication system, where the second wireless message is associated with the first wireless message and includes the first access point name, and where the cellular communication system determines a first routing of first communications associated with the first device according to first access point name. Other embodiments are disclosed.

公开(公告)号：US20190007431A1

公开(公告)日：2019-01-03

申请号：US16101924

申请日：2018-08-13

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Thusitha Jayawardena ,  Jeffrey E. Bickford ,  Mikhail Istomin ,  John Liefert ,  Gokul Singaraju ,  Christopher Van Wart

IPC: H04L29/06 ,  G06F11/07 ,  G06F9/455

CPC classification number: H04L63/1416 ,  G06F9/45512 ,  G06F9/45558 ,  G06F11/0709 ,  G06F11/0712 ,  G06F11/0751 ,  G06F11/079 ,  G06F2009/45587 ,  G06F2009/45591 ,  H04L63/145

Abstract: An insider attack resistant system for providing cloud services integrity checking is disclosed. In particular, the system utilizes an automated integrity checking script and virtual machines to check the integrity of a service. The system may utilize the integrity checking script and virtual machines to execute a set of operations associated with the service so as to check the integrity of the service. When executing the set of operations, the system may only have access to the minimum level of access to peripherals that is required for each operation in the set of operations to be executed. After each operation is executed, the system may log each result for each operation, and analyze each result to determine if a failure exists for any of the operations. If a failure exists, the system may determine that a change in an expected system behavior associated with the service has occurred.

公开(公告)号：US09876721B2

公开(公告)日：2018-01-23

申请号：US14865854

申请日：2015-09-25

Applicant: AT&T INTELLECTUAL PROPERTY I, L.P.

Inventor： Thusitha Jayawardena ,  Gustavo De Los Reyes ,  Xiao Pan ,  Gang Xu

IPC: H04L12/28 ,  H04L12/803 ,  H04L12/24 ,  H04L12/26 ,  H04L12/801 ,  H04L12/851 ,  H04L29/06

CPC classification number: H04L47/122 ,  H04L41/5022 ,  H04L43/0882 ,  H04L43/16 ,  H04L47/10 ,  H04L47/24 ,  H04L63/08 ,  H04L63/1458 ,  H04L65/00 ,  H04L65/80

Abstract: A method provides for the dynamic traffic prioritization in a communication network. The method electronically monitors traffic in a communication network and determines when traffic exceeds configured thresholds on the links of the communication network. Thus, the method determines a link which is potentially about to be congested in the communication network. The method categorizes the traffic on this link by an end system attached to one end of the potentially congested link into a plurality of priority categories using application layer parameters. Using a re-direct capability of the end system, the method re-directs at least one of the pluralities of priority categories of traffic to an alternate Internet Protocol address. The method uses preconfigured Quality of Service mechanisms on the provider edge router attached to the other end of the potentially congested link to guarantee a predetermined amount of bandwidth capacity of the link to traffic destined to the alternate Internet Protocol address.

公开(公告)号：US09787701B2

公开(公告)日：2017-10-10

申请号：US15460818

申请日：2017-03-16

Applicant: AT&T INTELLECTUAL PROPERTY I, L.P.

Inventor： Thusitha Jayawardena ,  Jeffrey E. Bickford ,  Mikhail Istomin ,  John Liefert ,  Gokul Singaraju ,  Christopher Van Wart

IPC: G06F21/00 ,  H04L29/06 ,  G06F11/07 ,  G06F9/455

CPC classification number: H04L63/1416 ,  G06F9/45512 ,  G06F9/45558 ,  G06F11/0709 ,  G06F11/0712 ,  G06F11/0751 ,  G06F11/079 ,  G06F2009/45587 ,  G06F2009/45591 ,  H04L63/145

Abstract: An insider attack resistant system for providing cloud services integrity checking is disclosed. In particular, the system utilizes an automated integrity checking script and virtual machines to check the integrity of a service. The system may utilize the integrity checking script and virtual machines to execute a set of operations associated with the service so as to check the integrity of the service. When executing the set of operations, the system may only have access to the minimum level of access to peripherals that is required for each operation in the set of operations to be executed. After each operation is executed, the system may log each result for each operation, and analyze each result to determine if a failure exists for any of the operations. If a failure exists, the system may determine that a change in an expected system behavior associated with the service has occurred.

公开(公告)号：US08726380B2

公开(公告)日：2014-05-13

申请号：US13663202

申请日：2012-10-29

Applicant: AT&T Intellectual Property I, L.P.

Inventor： Gustavo de los Reyes ,  Thusitha Jayawardena ,  Gang Xu

IPC: G06F21/00

CPC classification number: H04L63/0209 ,  H04L63/1416

Abstract: An edge monitoring approach can be utilized to detect an attack which includes a plurality of relatively low bandwidth attacks, which are aggregated at a victim sub-network. The aggregated low bandwidth attacks can generate a relatively high bandwidth attack including un-solicited data traffic directed to the victim' so that the aggregated attack becomes more detectable at an edge monitor circuit located proximate to the victim. Related systems, devices, and computer program products are also disclosed.

Abstract translation: 可以利用边缘监控方法来检测包括多个相对低带宽的攻击的攻击，这些攻击在受害子网络处被聚合。 聚合的低带宽攻击可以产生相对较高的带宽攻击，包括针对受害者的非请求数据流量，使得聚合攻击在位于受害者附近的边缘监视器电路更可检测。 还公开了相关系统，设备和计算机程序产品。