Ofer Hermoni, Ph.D.

Abstract
A system, method, and computer program product are provided for a determining a network situation in a communication network. In use, at least one threshold value of at least one operational parameter of a communication network is obtained, the at least one operational parameter representing at least one operational status of at least one of a computational device or a communication device. Additionally, log data of the communication network is obtained, the log data containing at… Show more

Abstract
A system, method, and computer program product are provided for a determining a network situation in a communication network. In use, at least one threshold value of at least one operational parameter of a communication network is obtained, the at least one operational parameter representing at least one operational status of at least one of a computational device or a communication device. Additionally, log data of the communication network is obtained, the log data containing at least one value of the at least one operational parameter reported by at least one network entity of the communication network. The at least one value of the at least one operational parameter of the log data is compared with a corresponding threshold value of the at least one threshold value to form a detection of a network situation. Further, the detection of the network situation is reported if the at least one value of the at least one operational parameter of the log data traverses the corresponding threshold value of the at least one threshold value. Show less

Abstract
A system, method, and computer program product are provided for parental controls and recommendations based on artificial intelligence. In use, using an artificial intelligence (AI) server, explicit input is received associated with a first presentation of media. Additionally, the AI server is trained based on the explicit input, and using the AI server, implicit filters are created based on the training. Further, using the AI server, the implicit filters are applied to a second… Show more

Abstract
A system, method, and computer program product are provided for parental controls and recommendations based on artificial intelligence. In use, using an artificial intelligence (AI) server, explicit input is received associated with a first presentation of media. Additionally, the AI server is trained based on the explicit input, and using the AI server, implicit filters are created based on the training. Further, using the AI server, the implicit filters are applied to a second presentation of the media. Show less

Abstract
A system, method, and computer program product are provided for inventory management. In use, at least one order associated with a customer is identified, the order including an order of at least one service. Additionally, the at least one order is decomposed into one or more elements. Further, an infrastructure inventory layer is queried for the one or more elements. In addition, the one or more elements are allocated to the customer and the elements are marked as allocated in a… Show more

Abstract
A system, method, and computer program product are provided for inventory management. In use, at least one order associated with a customer is identified, the order including an order of at least one service. Additionally, the at least one order is decomposed into one or more elements. Further, an infrastructure inventory layer is queried for the one or more elements. In addition, the one or more elements are allocated to the customer and the elements are marked as allocated in a local inventory repository. Furthermore, a service inventory layer is updated based on the allocation of the elements. Show less

Abstract
A system, method, and computer program product are provided for determining dynamic subnetworks in a communication network. In use, a plurality of network entities of a communication network is determined. Additionally, measurements of an amount of interaction between pairs of network entities of the plurality of network entities are collected. Further, at least one division characteristic is determined, and an intersection between the measurements and the at least one division… Show more

Abstract
A system, method, and computer program product are provided for determining dynamic subnetworks in a communication network. In use, a plurality of network entities of a communication network is determined. Additionally, measurements of an amount of interaction between pairs of network entities of the plurality of network entities are collected. Further, at least one division characteristic is determined, and an intersection between the measurements and the at least one division characteristic is determined. Moreover, at least one border of a subnetwork of the communication network is determined, where the at least one border is based on the intersection. Show less

Abstract
According to one aspect of the present invention there is provided a system, method, and computer program product for recovering from a network failure in a communication network using network function virtualization (NFV-based network), the method including: selecting a first network component of the NFV-based network, detecting at least one probable failure of the first network component, selecting a second network component to be used for replacing the instance of the VNF in the… Show more

Abstract
According to one aspect of the present invention there is provided a system, method, and computer program product for recovering from a network failure in a communication network using network function virtualization (NFV-based network), the method including: selecting a first network component of the NFV-based network, detecting at least one probable failure of the first network component, selecting a second network component to be used for replacing the instance of the VNF in the first network component prior to a failure of the first network component, and securing at least one resource of the selected second network component for the other instance of the VNF and maintaining, in the selected second network component, an updated copy of data associated with the instance of the VNF in the first network component. Show less

Abstract
A system, method, and computer program product are provided for validating artificial intelligence models. In operation, a data set is obtained. At least one first artificial intelligence (AI) model on the data set is run, for a first time period, to output first predictions. Additionally, at least one second AI model on the data set is run, for a second time period that is less than the first time period, to output second predictions. A first probability of the first predictions… Show more

Abstract
A system, method, and computer program product are provided for validating artificial intelligence models. In operation, a data set is obtained. At least one first artificial intelligence (AI) model on the data set is run, for a first time period, to output first predictions. Additionally, at least one second AI model on the data set is run, for a second time period that is less than the first time period, to output second predictions. A first probability of the first predictions and an error of the second predictions are calculated. Further, a second probability of the first predictions is calculated based on the first probability and the error. A representative AI model of the at least one first AI model is selected based on the second probability. Show less

Abstract
A system, method, and computer program product are provided for determining a network situation in a communication network. In use, at least one threshold value of at least one operational parameter of a communication network is obtained, the at least one operational parameter representing at least one operational status of at least one of a computational device or a communication device. Additionally, log data of the communication network is obtained, the log data containing at… Show more

Abstract
A system, method, and computer program product are provided for determining a network situation in a communication network. In use, at least one threshold value of at least one operational parameter of a communication network is obtained, the at least one operational parameter representing at least one operational status of at least one of a computational device or a communication device. Additionally, log data of the communication network is obtained, the log data containing at least one value of the at least one operational parameter reported by at least one network entity of the communication network. The at least one value of the at least one operational parameter of the log data is compared with a corresponding threshold value of the at least one threshold value to form a detection of a network situation. Further, the detection of the network situation is reported if the at least one value of the at least one operational parameter of the log data traverses the corresponding threshold value of the at least one threshold value. Show less

Abstract
A system, method, and computer program product are provided for automatically negotiating at least one network service provided by at least one network to at least one computing device. In use, for at least one network service provided by at least one network communicatively coupled to at least one computing device, a required element is determined. A service request is formed based on the required element. The service request is communicated to at least one negotiating device… Show more

Abstract
A system, method, and computer program product are provided for automatically negotiating at least one network service provided by at least one network to at least one computing device. In use, for at least one network service provided by at least one network communicatively coupled to at least one computing device, a required element is determined. A service request is formed based on the required element. The service request is communicated to at least one negotiating device separate from the at least one computing device, the at least one negotiating device associated with at least one of a managing computing device of the at least one network or a second negotiating device. A service proposal, including a proposed element, is received from the at least one negotiating device. The service proposal is evaluated based on the required element. Show less

Abstract
A system, method, and computer program product are provided for mitigating falsified log data provided to an AI-learning system. In use, from an artificial intelligence (AI) analysis system, suspicious data of a predicted situation is received. Additionally, event log data associated with the predicted situation is received. Simulated log data is created based on the event log data. The simulated log data is sent to the AI analysis system. Imitation data of the predicted situation… Show more

Abstract
A system, method, and computer program product are provided for mitigating falsified log data provided to an AI-learning system. In use, from an artificial intelligence (AI) analysis system, suspicious data of a predicted situation is received. Additionally, event log data associated with the predicted situation is received. Simulated log data is created based on the event log data. The simulated log data is sent to the AI analysis system. Imitation data of the predicted situation is received from the AI analysis system. The imitation data of the predicted situation is compared with the suspicious data of a predicted situation to verify the event log data. When the imitation data matches the suspicious data, at least one the suspicious data or an originator of the suspicious data are authenticated. Show less

Abstract
A system, method, and computer program product are provided for operating multi-feed of log data in an AI-managed communication system. In use, an identification of at least one artificial intelligence (AI) system and an identification of at least one AI model of a plurality of AI models used by the AI system are obtained. Additionally, a stream of log data is received, and a log data feed adapted to the AI model is created. Further, the log data feed is communicated using a… Show more

Abstract
A system, method, and computer program product are provided for operating multi-feed of log data in an AI-managed communication system. In use, an identification of at least one artificial intelligence (AI) system and an identification of at least one AI model of a plurality of AI models used by the AI system are obtained. Additionally, a stream of log data is received, and a log data feed adapted to the AI model is created. Further, the log data feed is communicated using a corresponding AI model of the plurality of AI models. Show less

Abstract
A system, method, and computer program product are provided for verifying virtual network function (VNF) package and/or network service definition integrity. In use, a system identifies a virtual network function package or a network service definition for performing integrity verification. The system computes a unique identifier of the VNF package or the network service definition that allows verification of an integrity of the VNF package or the network service definition. The… Show more

Abstract
A system, method, and computer program product are provided for verifying virtual network function (VNF) package and/or network service definition integrity. In use, a system identifies a virtual network function package or a network service definition for performing integrity verification. The system computes a unique identifier of the VNF package or the network service definition that allows verification of an integrity of the VNF package or the network service definition. The system stores the unique identifier in a blockchain or a shared database. The system provides the VNF package or the network service definition to an entity such that the entity is capable of verifying the integrity of the VNF package or the network service definition by using the unique identifier of the VNF package or the network service definition from the blockchain or the shared database. Show less

Abstract
A system, method, and computer program product are provided for preparing a multi-stage framework for artificial intelligence (AI) analysis. In use, a first set of monitoring rules used by at least one network entity of a communication network is defined. First event log data of first network activity is collected based on the first monitoring rules, and at least one first network situation is defined. Additionally, at least one first AI model is computed based on the first event… Show more

Abstract
A system, method, and computer program product are provided for preparing a multi-stage framework for artificial intelligence (AI) analysis. In use, a first set of monitoring rules used by at least one network entity of a communication network is defined. First event log data of first network activity is collected based on the first monitoring rules, and at least one first network situation is defined. Additionally, at least one first AI model is computed based on the first event log data and the at least one first network situation. A second set of monitoring rules used by the at least one network entity is defined. Second event log data of the first network activity is collected based on the second monitoring rules. Further, at least one second AI model is computed based on the second event log data and the at least one first network situation. Show less

Abstract
A system, method, and computer program product are provided for mitigating an attack on a communication network, the attack causing repetitive reconfiguration of at least a part of the communication network. In use, using a communication management system, one or more configuration changes to a communication network are recorded. Each of the one or more configuration changes are associated with at least one rule, and each of the one or more configuration changes based on the at… Show more

Abstract
A system, method, and computer program product are provided for mitigating an attack on a communication network, the attack causing repetitive reconfiguration of at least a part of the communication network. In use, using a communication management system, one or more configuration changes to a communication network are recorded. Each of the one or more configuration changes are associated with at least one rule, and each of the one or more configuration changes based on the at least one rule is determined. The at least one rule is associated with at least one event, and the at least one event is processed, resulting in an effect to the communication network. Additionally, at least one reconfiguration pattern is determined. Further, it is determined that the at least one reconfiguration pattern is repeated, and an attack to the communication network is mitigated. Show less

Abstract
A system, method, and computer program product are provided for implementing a marketplace for edge computing. In use, a service request is received, at a network communication operator, from a first entity, the service request comprising an edge computing operator of an edge computing service, wherein the first entity is one of a request originator, a customer using a software service, a software service operator providing the software service, or a cloud computing operator… Show more

Abstract
A system, method, and computer program product are provided for implementing a marketplace for edge computing. In use, a service request is received, at a network communication operator, from a first entity, the service request comprising an edge computing operator of an edge computing service, wherein the first entity is one of a request originator, a customer using a software service, a software service operator providing the software service, or a cloud computing operator providing a computing service to the software service. Additionally, the service request is distributed to at least one second entity, using the network communication operator, wherein the at least one second entity includes at least one of a first request mediator or a second request mediator. Further, the service request is distributed, using the network communication operator, to the edge computing operator. Show less

Abstract
A system, method, and computer program product are provided for training an AI-based network management system, in accordance with one embodiment. In use, log data and first network configuration data are received for a first configuration of a communication network. Additionally, second network configuration data is received for a second configuration of the communication network. Further, simulated log data is produced for the second configuration of the communication network… Show more

Abstract
A system, method, and computer program product are provided for training an AI-based network management system, in accordance with one embodiment. In use, log data and first network configuration data are received for a first configuration of a communication network. Additionally, second network configuration data is received for a second configuration of the communication network. Further, simulated log data is produced for the second configuration of the communication network, based on the log data and the second network configuration data. Show less

Abstract
A system, method, and computer program product are provided for damping a feedback load-change in a communication network managed by an automatic network management system. In use, a first load change of a first communication network is determined of a first communication network. Additionally, a first configuration change is determined of a first communication network based on the first load change of the first communication network. A first tag record is created of the first… Show more

Abstract
A system, method, and computer program product are provided for damping a feedback load-change in a communication network managed by an automatic network management system. In use, a first load change of a first communication network is determined of a first communication network. Additionally, a first configuration change is determined of a first communication network based on the first load change of the first communication network. A first tag record is created of the first communication network based on the first load change of the first communication network and the first configuration change of the first communication network. The first tag record of the first communication network is communicated to a second communication network. Show less

Abstract
A system, method, and computer program product are provided for evaluating confidence level of predicting a network situation in a communication network managed using artificial intelligence. In use, for a configuration of a communication network, at least one network situation is determined requiring a change of the configuration of the communication network. A minimal configuration time period is determined required to implement the change of the configuration of the communication… Show more

Abstract
A system, method, and computer program product are provided for evaluating confidence level of predicting a network situation in a communication network managed using artificial intelligence. In use, for a configuration of a communication network, at least one network situation is determined requiring a change of the configuration of the communication network. A minimal configuration time period is determined required to implement the change of the configuration of the communication network. Additionally, a detection entity including a first classifier is determined that includes one or more event log data associated with the configuration of the communication network, and that further includes a prediction of an occurrence of a particular network situation of the at least one network situation. Further, a first confidence level of the detection entity is determined, the first confidence level representing, at least in part, a probability of the prediction. Show less

Abstract
A system, method, and computer program product are provided for operating a multi-stage artificial intelligence (AI) analysis in a communication network. In use, first log data of network activity of the communication network is acquired based on a first set of monitoring rules. A network situation is detected in log data by an artificial intelligence (AI) system using an AI-model. A confidence level is computed associated with the detection of the network situation. Additionally… Show more

Abstract
A system, method, and computer program product are provided for operating a multi-stage artificial intelligence (AI) analysis in a communication network. In use, first log data of network activity of the communication network is acquired based on a first set of monitoring rules. A network situation is detected in log data by an artificial intelligence (AI) system using an AI-model. A confidence level is computed associated with the detection of the network situation. Additionally, it is determined whether the confidence level surpasses a predefined value, and when it is determined that the confidence level does not surpass the predefined value, second log data of the network activity of the communication network is acquired based on an additional set of monitoring rules. Further, the detection of the network situation, the computation of the confidence level, and the determination whether the confidence level surpasses the predefined level are each repeated. Show less

Abstract
A system, method, and computer program product are provided for improving a quality of experience based on artificial intelligence. In use, a first network provider associated with a first user is determined. Additionally, a first parameter of the first user using the first network provider is determined, and a second parameter, of the first user using a second network provider is determined. Moreover, it is determined that the second parameter exceeds the first parameter, and based… Show more

Abstract
A system, method, and computer program product are provided for improving a quality of experience based on artificial intelligence. In use, a first network provider associated with a first user is determined. Additionally, a first parameter of the first user using the first network provider is determined, and a second parameter, of the first user using a second network provider is determined. Moreover, it is determined that the second parameter exceeds the first parameter, and based on the determination that the second parameter exceeds the first parameter, a recommendation is received to switch from the first network provider to the second network provider. Further, a first input is received to switch from the first network provider to the second network provider, and a device is reconfigured to switch from the first network provider to the second network provider. Show less

Abstract
As described herein, a system, method, and computer program are provided for splitting and distributing a privileged software system into dependent components in order to deliver better security. In use, a privilege system is separated into n components of at least three components, wherein each of the n components runs on a separate machine, and a number up to t components may be controlled in an adversarial manner without compromising the privilege system, t components being at… Show more

Abstract
As described herein, a system, method, and computer program are provided for splitting and distributing a privileged software system into dependent components in order to deliver better security. In use, a privilege system is separated into n components of at least three components, wherein each of the n components runs on a separate machine, and a number up to t components may be controlled in an adversarial manner without compromising the privilege system, t components being at least two components and less than the n components. A power of a privilege is distributed among the n components. Additionally, one or more actions are performed within the privileged system. Show less

Abstract
A system, method and computer program product are provided for providing security in Network Function Virtualization (NFV) -based communication networks and Software Defined Networks (SDNs). In use, the system implements one or more network changes or security configuration changes to the NFV-based communication network or SDN to change the attack plane. In one embodiment, implementing one or more network changes or security configuration changes to an NFV-based communication… Show more

Abstract
A system, method and computer program product are provided for providing security in Network Function Virtualization (NFV) -based communication networks and Software Defined Networks (SDNs). In use, the system implements one or more network changes or security configuration changes to the NFV-based communication network or SDN to change the attack plane. In one embodiment, implementing one or more network changes or security configuration changes to an NFV-based communication network or SDN may occur periodically to change the attack surface. In another embodiment, based on the detection of a malicious or suspicious event, it may happen that one or more network changes or security configuration changes are implemented to the NFV-based communication network or SDN to change the attack surface. Show less

Abstract
A system, method, and computer program product are provided for determining dynamic subnetworks in a communication network. In use, a plurality of network entities of a communication network is determined. Additionally, measurements of an amount of interaction between pairs of network entities of the plurality of network entities are collected. Further, at least one division characteristic is determined, and an intersection between the measurements and the at least one division… Show more

Abstract
A system, method, and computer program product are provided for determining dynamic subnetworks in a communication network. In use, a plurality of network entities of a communication network is determined. Additionally, measurements of an amount of interaction between pairs of network entities of the plurality of network entities are collected. Further, at least one division characteristic is determined, and an intersection between the measurements and the at least one division characteristic is determined. Moreover, at least one border of a subnetwork of the communication network is determined, where the at least one border is based on the intersection. Show less

Abstract
A system, method, and computer program product are provided for a determining a network situation in a communication network. In use, at least one threshold value of at least one operational parameter of a communication network is obtained, the at least one operational parameter representing at least one operational status of at least one of a computational device or a communication device. Additionally, log data of the communication network is obtained, the log data containing at… Show more

Abstract
A system, method, and computer program product are provided for a determining a network situation in a communication network. In use, at least one threshold value of at least one operational parameter of a communication network is obtained, the at least one operational parameter representing at least one operational status of at least one of a computational device or a communication device. Additionally, log data of the communication network is obtained, the log data containing at least one value of the at least one operational parameter reported by at least one network entity of the communication network. The at least one value of the at least one operational parameter of the log data is compared with a corresponding threshold value of the at least one threshold value to form a detection of a network situation. Further, the detection of the network situation is reported if the at least one value of the at least one operational parameter of the log data traverses the corresponding threshold value of the at least one threshold value. Show less

Abstract
A system, method, and computer program product are provided for automatically pruning rules in an AI-based network management system. In operation, a network configuration identifier is defined for a configuration of a communication network in an AI-based network management system. Log data is collected of the communication network, and the log data is associated with the network configuration identifier. Next, training data is created for a first AI-engine for the network… Show more

Abstract
A system, method, and computer program product are provided for automatically pruning rules in an AI-based network management system. In operation, a network configuration identifier is defined for a configuration of a communication network in an AI-based network management system. Log data is collected of the communication network, and the log data is associated with the network configuration identifier. Next, training data is created for a first AI-engine for the network configuration identifier, based on the log data associated with the network configuration identifier. The one or more rules are associated with the network configuration identifier. Additionally, at least one rule of the one or more rules are provided to a second AI-engine used by the AI-based network management system. Show less

Abstract
A system, method, and computer program product are provided for automatic labeling of training and testing data in a communication system. In use, log data of a communication network is received, the log data including one or more parameters associated with an operation of network entities and a time of reporting. Additionally, the log data is stored in a log data set. At least one definition of at least one network situation is received. Further, a scan of the log data set by the… Show more

Abstract
A system, method, and computer program product are provided for automatic labeling of training and testing data in a communication system. In use, log data of a communication network is received, the log data including one or more parameters associated with an operation of network entities and a time of reporting. Additionally, the log data is stored in a log data set. At least one definition of at least one network situation is received. Further, a scan of the log data set by the time range is restricted and values of the one or more parameters of a first entry of the log data are compared with the at least one condition. It is determined that the values satisfy the at least one condition, whereupon, a first detected network situation is determined, the first entry of the log data is selected, and the first entry of the log data is automatically labeled. Show less

A system, method, and computer program product are provided for augmenting a physical network system utilizing a network function virtualization orchestrator (NFV-O). In use, data traffic is monitored utilizing a Network Function Virtualization Orchestrator (NFV-O) module associated with at least a portion of a physical network system, the NFV-O module being operable to manage data flow associated with one or more Virtual Network Functions (VNFs) and one or more physical elements of the… Show more

A system, method, and computer program product are provided for augmenting a physical network system utilizing a network function virtualization orchestrator (NFV-O). In use, data traffic is monitored utilizing a Network Function Virtualization Orchestrator (NFV-O) module associated with at least a portion of a physical network system, the NFV-O module being operable to manage data flow associated with one or more Virtual Network Functions (VNFs) and one or more physical elements of the physical network system. Additionally, it is determined whether flow of the data traffic should be modified based on at least one of a traffic load or a traffic type utilizing the NFV-O module integrated in the physical network system. Further, at least a portion of the data traffic is directed from at least one of the physical elements to at least one of the VNFs when it is determined that the flow of the data traffic should be modified. Show less

Abstract
A system, method, and computer program product are provided for isolating services of a communication network in response to a distributed denial of service attack. In use, an indication of a detection of a distributed denial of service (DDoS) attack directed at one or more resources of a communication network is received. Additionally, at least one first network service associated with the communication network that is subject to the DDoS attack is identified. Further, the at least… Show more

Abstract
A system, method, and computer program product are provided for isolating services of a communication network in response to a distributed denial of service attack. In use, an indication of a detection of a distributed denial of service (DDoS) attack directed at one or more resources of a communication network is received. Additionally, at least one first network service associated with the communication network that is subject to the DDoS attack is identified. Further, the at least one first network service associated with the communication network that is subject to the DDoS attack is isolated. Show less

Abstract
A system, method, and computer program product are provided for preparing multi-feed of log data in an AI-managed communication system. In use, log data of a communication network is obtained and a plurality of artificial intelligence (AI) models are obtained. The log data is analyzed with a first AI model of the plurality of AI models to detect at least one occurrence of a respective classifier. A first confidence level for the first AI model is computed. A reduced log data feed is… Show more

Abstract
A system, method, and computer program product are provided for preparing multi-feed of log data in an AI-managed communication system. In use, log data of a communication network is obtained and a plurality of artificial intelligence (AI) models are obtained. The log data is analyzed with a first AI model of the plurality of AI models to detect at least one occurrence of a respective classifier. A first confidence level for the first AI model is computed. A reduced log data feed is formed by eliminating at least one parameter from the log data. Further, a second confidence level for the first AI model is calculated by repeating the analysis of the log data, the computation of the first confidence level, and the formation of the reduced log data feed until at least one: the second confidence level is lower than the first confidence level, or the second confidence level reaches a threshold. Show less

Abstract
A system, method, and computer program product are provided for automatic reconfiguration of a communication network. In use, a scoring function, a scoring goal, and data of a first network situation of a communication network are obtained. An initial network entity associated with the first network situation, and an initial parameter associated with the first network situation are selected. Additionally, a migration of the initial network entity is planned to prevent the initial… Show more

Abstract
A system, method, and computer program product are provided for automatic reconfiguration of a communication network. In use, a scoring function, a scoring goal, and data of a first network situation of a communication network are obtained. An initial network entity associated with the first network situation, and an initial parameter associated with the first network situation are selected. Additionally, a migration of the initial network entity is planned to prevent the initial parameter from reaching a predefined threshold to form a network reconfiguration. Further, a score value of the network reconfiguration using the scoring function is computed, and it is determined that the score value does not match the scoring goal. Moreover, the method is repeated until the score value matches the scoring goal. Show less

Abstract
A system, method, and computer program product are provided for providing security in Network Function Virtualization (NFV) based communication networks and Software Defined Networks (SDNs). In use, a system implements one or more network changes or security configuration changes to an NFV based communication network or a SDN to change an attack surface. In one embodiment, implementing the one or more network changes or security configuration changes to the NFV based communication… Show more

Abstract
A system, method, and computer program product are provided for providing security in Network Function Virtualization (NFV) based communication networks and Software Defined Networks (SDNs). In use, a system implements one or more network changes or security configuration changes to an NFV based communication network or a SDN to change an attack surface. In one embodiment, implementing the one or more network changes or security configuration changes to the NFV based communication network or the SDN may occur periodically to change the attack surface. In another embodiment, implementing the one or more network changes or the security configuration changes to the NFV based communication network or the SDN to change the attack surface may occur based on detection of a malicious event or a suspicious event. Show less

Abstract
A system, method, and computer program product are provided for automatically certifying a Virtual Network Function (VNF) for use in a Network Function Virtualization based (NFV-based) communication network. In use, an online automated VNF certification system receives information associated with at least one VNF. Further, the online automated VNF certification system performs a first level of certification for the at least one VNF by validating metadata corresponding to the… Show more

Abstract
A system, method, and computer program product are provided for automatically certifying a Virtual Network Function (VNF) for use in a Network Function Virtualization based (NFV-based) communication network. In use, an online automated VNF certification system receives information associated with at least one VNF. Further, the online automated VNF certification system performs a first level of certification for the at least one VNF by validating metadata corresponding to the information associated with the at least one VNF. Additionally, the online automated VNF certification system performs a second level of certification for the at least one VNF, including testing deployment based functionality associated with the at least one VNF and validating results of testing the deployment based functionality. Still yet, the online automated VNF certification system performs a third level of certification for the at least one VNF by executing one or more test cases associated with the at least one VNF and validating results of executing the one or more test cases. Moreover, the online automated VNF certification system identifies the at least one VNF as certified as a result of performing the third level of certification for the at least one VNF. Show less

Abstract
A system, method and computer program product are provided for augmenting a physical system utilizing a network function virtualization coordinator (NFV-O). In use, data traffic is monitored with a network function virtualization coordinator (NFV-O) module associated with at least a portion of a physical network system, the NFV-O module operable to manage data flows associated with one or more Virtual Network Functions (VNFs) and one or more physical elements of the physical network… Show more

Abstract
A system, method and computer program product are provided for augmenting a physical system utilizing a network function virtualization coordinator (NFV-O). In use, data traffic is monitored with a network function virtualization coordinator (NFV-O) module associated with at least a portion of a physical network system, the NFV-O module operable to manage data flows associated with one or more Virtual Network Functions (VNFs) and one or more physical elements of the physical network system. Additionally, determining, with the NFV-O module integrated in the physical network system, whether a flow of the data traffic should be modified based on at least one of a traffic load or a traffic type. Further, directing at least a portion of the data traffic from at least one of the physical elements to at least one of the VNFs when it is determined that the flow of the data traffic should be modified. Show less

Abstract
According to one aspect of the present invention there is provided a system, method, and computer program product for recovering from a network failure in a communication network using network function virtualization (NFV-based network), the method including: selecting a first network component of the NFV-based network, detecting at least one probable failure of the first network component, selecting a second network component to be used for replacing the instance of the VNF in the… Show more

Abstract
According to one aspect of the present invention there is provided a system, method, and computer program product for recovering from a network failure in a communication network using network function virtualization (NFV-based network), the method including: selecting a first network component of the NFV-based network, detecting at least one probable failure of the first network component, selecting a second network component to be used for replacing the instance of the VNF in the first network component prior to a failure of the first network component, and securing at least one resource of the selected second network component for the other instance of the VNF and maintaining, in the selected second network component, an updated copy of data associated with the instance of the VNF in the first network component. Show less

Abstract
A system, method, and computer program product are provided for product/service design and creation. In use, at least one new resource is identified in a master catalog. The at least one resource is tested. Additionally, the at least one resource is released for service generation. Further, at least one service is generated utilizing the at least one resource. The at least one service is stored in the master catalog. In addition, the at least one service is released for product… Show more

Abstract
A system, method, and computer program product are provided for product/service design and creation. In use, at least one new resource is identified in a master catalog. The at least one resource is tested. Additionally, the at least one resource is released for service generation. Further, at least one service is generated utilizing the at least one resource. The at least one service is stored in the master catalog. In addition, the at least one service is released for product generation. Furthermore, at least one product is generated utilizing the at least one service. The at least one product is stored in the master catalog. Moreover, the at least one product is presented for sale. Show less

Abstract
According to an aspect of the present invention, it provides for virtualizing (communication network based on NFV) system of the communication information, method and computer program product in a communication network using network function, this method comprises: sending the communication of the first instance from the communication network based on NFV, the first instance is transmitter；And the communication is received by the second instance of the communication network based on… Show more

Abstract
According to an aspect of the present invention, it provides for virtualizing (communication network based on NFV) system of the communication information, method and computer program product in a communication network using network function, this method comprises: sending the communication of the first instance from the communication network based on NFV, the first instance is transmitter；And the communication is received by the second instance of the communication network based on NFV, the second instance is receiver；Wherein the communication bag includes: identifying the transmitter of the communication, and the receiver of the identification communication；Identify function associated with the communication network based on NFV；And authorization is associated with the function by one or more of the transmitter and the receiver. Show less

Abstract
A system, method, and computer program product are provided for reducing common work of components in a Network Function Virtualization based (NFV-based) communication network. In use, at least one virtual network function (VNF) capable of being used in a chain of virtual network functions in a network function virtualization based network is identified. Additionally, the at least one virtual network function is configured to utilize a control component, the control component being… Show more

Abstract
A system, method, and computer program product are provided for reducing common work of components in a Network Function Virtualization based (NFV-based) communication network. In use, at least one virtual network function (VNF) capable of being used in a chain of virtual network functions in a network function virtualization based network is identified. Additionally, the at least one virtual network function is configured to utilize a control component, the control component being capable of being enabled or disabled and being operable to perform one or more functions associated with the at least one virtual network function. Show less

Abstract
A system, method, and computer program product are provided for preserving service continuity in a Network Function Virtualization based (NFV-based) communication network. In use, a first virtual network function (VNF) instance associated with a first VNF in a first hardware unit in a Network Function Virtualization based (NFV-based) communication network is identified. Additionally, a second VNF instance on a second hardware unit is instantiated, the second VNF instance being… Show more

Abstract
A system, method, and computer program product are provided for preserving service continuity in a Network Function Virtualization based (NFV-based) communication network. In use, a first virtual network function (VNF) instance associated with a first VNF in a first hardware unit in a Network Function Virtualization based (NFV-based) communication network is identified. Additionally, a second VNF instance on a second hardware unit is instantiated, the second VNF instance being compatible with the first VNF instance. Further, communication directed to the first VNF instance is diverted to the second VNF instance on the second hardware unit, in response to initiating the second VNF instance on a second hardware unit. Show less

Abstract
A system, method, and computer program product are provided for migrating availability of a resource type in a communication network using network function virtualization, comprising: selecting a resource type; selecting a first section of the network where demand for the resource type is expected to grow; selecting a second section of the network where demand for the resource type is expected to be stable relative to the first section; selecting a third section of the network… Show more

Abstract
A system, method, and computer program product are provided for migrating availability of a resource type in a communication network using network function virtualization, comprising: selecting a resource type; selecting a first section of the network where demand for the resource type is expected to grow; selecting a second section of the network where demand for the resource type is expected to be stable relative to the first section; selecting a third section of the network communicatively coupled to the first and second sections, the third section comprising higher availability of the resource type than the first section; migrating a first virtual network function (VNF) instance from the third section to the first section; and migrating a second virtual network function instance from the second section to the third section. Show less

Abstract
A system, method, and computer program product are provided for implementing a virtual obfuscation service in a network. In use, an obfuscation service component is initiated in a network system including one or more virtual services, the obfuscation service component including at least one of: at least one first obfuscation service component associated with a physical portion of the network system or at least one second obfuscation service component associated with a cloud-based… Show more

Abstract
A system, method, and computer program product are provided for implementing a virtual obfuscation service in a network. In use, an obfuscation service component is initiated in a network system including one or more virtual services, the obfuscation service component including at least one of: at least one first obfuscation service component associated with a physical portion of the network system or at least one second obfuscation service component associated with a cloud-based virtual portion of the network system. Further, communication to be sent from the physical portion of the network system to the cloud-based virtual portion of the network system is identified. Additionally, the communication is directed from the physical portion of the network system to the first obfuscation service component associated with the physical portion of the network system. Furthermore, the communication is sent from the first obfuscation service component associated with the physical portion of the network system to the second obfuscation service component associated with the cloud-based virtual portion of the network system. Show less

Abstract
A system, method, and computer program product are provided for providing feedback indicating an impact of user directives on a software system. In use, user input associated with a software system is received. Additionally, an impact of the user input on the software system is determined. Further, feedback is provided indicating the impact of the user input on the software system.

Abstract
According to one aspect of the present invention there is provided a system, method, and computer program product for recovering a structure of network function virtualization orchestration (NFV-O) domains, including: providing an initial structure of NFV-O domains, the initial structure representing assignment of network resources to the domains; providing a current structure of NFV-O domains, the current structure representing a modification of the initial structure due to… Show more

Abstract
According to one aspect of the present invention there is provided a system, method, and computer program product for recovering a structure of network function virtualization orchestration (NFV-O) domains, including: providing an initial structure of NFV-O domains, the initial structure representing assignment of network resources to the domains; providing a current structure of NFV-O domains, the current structure representing a modification of the initial structure due to reassignment of network resources between the domains; identifying at least one network resource reassigned by at least a first domain to at least a second domain; and instructing the at least second domain to surrender the network resource to the at least first domain; wherein the at least one network resource is a part of a communication network using network function virtualization (NFV-based network) orchestration; and wherein the NFV-based network comprises a plurality of network resources assigned to domains managed by respective NFV-O modules. Show less

Abstract
A system, method, and computer program product are provided for automatically certifying a Virtual Network Function (VNF) for use in a Network Function Virtualization based (NFV-based) communication network. In use, an online automated VNF certification system receives information associated with at least one VNF. Further, the online automated VNF certification system performs a first level of certification for the at least one VNF by validating metadata corresponding to the… Show more

Abstract
A system, method, and computer program product are provided for automatically certifying a Virtual Network Function (VNF) for use in a Network Function Virtualization based (NFV-based) communication network. In use, an online automated VNF certification system receives information associated with at least one VNF. Further, the online automated VNF certification system performs a first level of certification for the at least one VNF by validating metadata corresponding to the information associated with the at least one VNF. Additionally, the online automated VNF certification system performs a second level of certification for the at least one VNF, including testing deployment based functionality associated with the at least one VNF and validating results of testing the deployment based functionality. Still yet, the online automated VNF certification system performs a third level of certification for the at least one VNF by executing one or more test cases associated with the at least one VNF and validating results of executing the one or more test cases. Moreover, the online automated VNF certification system identifies the at least one VNF as certified as a result of performing the third level of certification for the at least one VNF. Show less

Abstract
A system, method, and computer program product are provided for coordinating a plurality of networks based on network function virtualization (NFV). This includes controlling, by a first network function virtualization based communication network (NFV-based network), a resource provided by a second NFV-based network, comprising: communicating a request for a resource control, the request being transmitted by the first NFV-based network to the second NFV-based network; communicating… Show more

Abstract
A system, method, and computer program product are provided for coordinating a plurality of networks based on network function virtualization (NFV). This includes controlling, by a first network function virtualization based communication network (NFV-based network), a resource provided by a second NFV-based network, comprising: communicating a request for a resource control, the request being transmitted by the first NFV-based network to the second NFV-based network; communicating an authorization for the request for the resource control, the authorization being received by the first NFV-based network from the second NFV-based network; and communicating a control instruction associated with the resource, the control instruction being associated with the authorization, and the control instruction being transmitted by the first NFV-based network to the second NFV-based network. Show less

Abstract
A system, method, and computer program product are provided for tag based testing of virtual services. In use, an original portion of a system within a network in which to implement at least one modification is identified, the original portion of the system including a first virtual service and a second virtual service. Additionally, the original portion of the system is duplicated implemented within the network to form an updated portion of the system. Both the original portion and… Show more

Abstract
A system, method, and computer program product are provided for tag based testing of virtual services. In use, an original portion of a system within a network in which to implement at least one modification is identified, the original portion of the system including a first virtual service and a second virtual service. Additionally, the original portion of the system is duplicated implemented within the network to form an updated portion of the system. Both the original portion and the updated portion share a single instance of a third service. The updated portion is then tested by processing the same data through the original portion, including the single instance of the third service, and through the updated portion, including the single instance of the third service, and comparing the outputs thereof. Show less

Abstract
A system, method, and computer program product are provided for managing hierarchy and optimization in network function virtualization based networks. In use, a first hardware unit of a plurality of hardware units associated with a network function virtualization (NFV) based communication network is identified, the first hardware unit being identified based on a first load characteristic associated with the first hardware unit. Further, a first virtual network function (VNF)… Show more

Abstract
A system, method, and computer program product are provided for managing hierarchy and optimization in network function virtualization based networks. In use, a first hardware unit of a plurality of hardware units associated with a network function virtualization (NFV) based communication network is identified, the first hardware unit being identified based on a first load characteristic associated with the first hardware unit. Further, a first virtual network function (VNF) instance associated with the first hardware unit is identified, the first VNF instance being associated with usage of at least one service. Additionally, at least one traffic route associated with the first VNF instance is identified, the at least one traffic route being associated with usage of the at least one service. Furthermore, a second hardware unit for handling at least a portion of a workload associated with the at least one service is identified, the second hardware unit being identified based on a second load characteristic associated with the second hardware unit, and the second hardware unit being capable of utilizing the at least one traffic route. Still yet, a second VNF instance is initiated in the second hardware unit. Moreover, at least part of the at least one service is migrated from the first VNF instance to the second VNF instance without disrupting the service. Show less

Abstract
A system, method, and computer program product are provided for testing virtual services. In use, at least a portion of a system to implement at least one modification is identified, the system including a plurality of services and the modification including one or more of an addition of at least one new virtual service or an update of at least one existing virtual service. Further, the at least one modification is implemented to the at least a portion of the system to generate an… Show more

Abstract
A system, method, and computer program product are provided for testing virtual services. In use, at least a portion of a system to implement at least one modification is identified, the system including a plurality of services and the modification including one or more of an addition of at least one new virtual service or an update of at least one existing virtual service. Further, the at least one modification is implemented to the at least a portion of the system to generate an updated portion of the system and an original portion of the system, the updated portion of the system including the one or more of the addition of the at least one new virtual service or the update of at least one existing virtual service. Additionally, the updated portion of the system is tested by: receiving input data associated with the updated portion of the system; duplicating the input data to generate a first input data and a second input data; processing the first input data with the updated portion of the system and processing the second input data with the original portion of the system; and comparing at least a portion of an output from the updated portion of the system with at least a portion of an output from the original portion of the system. Show less

Abstract
A system, method, and computer program product are provided that utilize a decoy in response to a distributed denial of service attack in a communication network. In use, a distributed denial of service (DDoS) attack directed at one or more resources of a communication network is detected. Additionally, at least one first communication channel associated with the communication network that is subject to the DDoS attack is identified. Further, at least one second communication… Show more

Abstract
A system, method, and computer program product are provided that utilize a decoy in response to a distributed denial of service attack in a communication network. In use, a distributed denial of service (DDoS) attack directed at one or more resources of a communication network is detected. Additionally, at least one first communication channel associated with the communication network that is subject to the DDoS attack is identified. Further, at least one second communication channel to implement functionality of the at least one first communication channel is initiated, while maintaining the at least one first communication channel subject to the DDoS attack to use as a decoy for the DDoS attack. Moreover, the at least one second communication channel is utilized to implement the functionality of the at least one first communication channel while the at least one first communication channel subject to the DDoS attack is used as the decoy for the DDoS attack. Show less

Abstract
A system, method, and computer program product are provided for providing security in a Network Function Virtualization based (NFV-based) communication network. In operation, a security attack is identified. Additionally, a first hardware unit attacked by the security attack is identified. Further, a hardware unit in which to initiate a security defense software program is identified. Moreover, the security defense software program is initiated in the identified hardware unit.

Abstract
A system, method, and computer program product are provided for planning distribution of one or more network resources in a Network Function Virtualization based (NFV-based) communication network. In use, at least one Virtual Network Function (VNF) instance of a VNF is migrated between processing units in a NFV-based communication network, according to a change of load. Further, a lack of at least one network resource associated with at least one network node is reported for… Show more

Abstract
A system, method, and computer program product are provided for planning distribution of one or more network resources in a Network Function Virtualization based (NFV-based) communication network. In use, at least one Virtual Network Function (VNF) instance of a VNF is migrated between processing units in a NFV-based communication network, according to a change of load. Further, a lack of at least one network resource associated with at least one network node is reported for planning distribution of one or more network resources in the NFV-based communication network, the missing network resource at least partially limiting migration of one or more VNF instances. Show less

Abstract
A system, method, and computer program product are provided for instructing a virtual network function (VNF) to operate in accordance with one of a plurality of function definitions. In use, a virtual service including a plurality of VNFs is identified, the virtual service being a virtual service in a Network Function Virtualization (NFV-based) communication network, and at least one of the plurality of VNFs being capable of operating based on any one of a plurality of function… Show more

Abstract
A system, method, and computer program product are provided for instructing a virtual network function (VNF) to operate in accordance with one of a plurality of function definitions. In use, a virtual service including a plurality of VNFs is identified, the virtual service being a virtual service in a Network Function Virtualization (NFV-based) communication network, and at least one of the plurality of VNFs being capable of operating based on any one of a plurality of function definitions. Additionally, information associated with a current operation of the virtual service is received. Furthermore, it is determined which one of the plurality of function definitions the at least one of the plurality of VNFs is to operate, based on at least one of a plurality of policies and the information. Moreover, the at least one of the plurality of VNFs is automatically instructed to operate in accordance with the determined one of the plurality of function definitions. Show less

Abstract
A system, method, and computer program product are provided for selecting at least one new physical element and/or virtual element for use in a system including a network function virtualization orchestrator (NFV-O). In use, information corresponding to data traffic associated with a network system including an NFV-O module is identified, the NFV-O module being operable to manage data flow associated with one or more Virtual Network Functions (VNFs) and one or more physical elements… Show more

Abstract
A system, method, and computer program product are provided for selecting at least one new physical element and/or virtual element for use in a system including a network function virtualization orchestrator (NFV-O). In use, information corresponding to data traffic associated with a network system including an NFV-O module is identified, the NFV-O module being operable to manage data flow associated with one or more Virtual Network Functions (VNFs) and one or more physical elements of the network system. Additionally, an overall expected usage of the network system is determined based on the information corresponding to the data traffic. Further a cost of implementing at least one of one or more new physical elements or one or more VNFs is determined, based on the overall expected usage. Moreover, at least one of the one or more new physical elements or the one or more VNFs to implement in the network system is selected based at least partially on the determined cost of implementing the one or more new physical elements and the cost of implementing the one or more VNFs. Show less

Abstract
According to one aspect of the present invention there is provided a system, method, and computer program product for communicating information in a communication network using network function virtualization (NFV-based communication network), the method including: sending a communication from a first entity of the NFV-based communication network, the first entity being a sender, and receiving the communication by a second entity of the NFV-based communication network, the second… Show more

Abstract
According to one aspect of the present invention there is provided a system, method, and computer program product for communicating information in a communication network using network function virtualization (NFV-based communication network), the method including: sending a communication from a first entity of the NFV-based communication network, the first entity being a sender, and receiving the communication by a second entity of the NFV-based communication network, the second entity being a receiver, where the communication includes: an identification of the sender of the communication, and an identification of the receiver of the communication, an identification of a function associated with the NFV-based communication network, and an authorization associating one or more of the sender and the receiver with the function. Show less

Abstract
A system, method, and computer program product are provided for augmenting a physical network system utilizing a network function virtualization orchestrator (NFV-O). In use, data traffic is monitored utilizing a Network Function Virtualization Orchestrator (NFV-O) module associated with at least a portion of a physical network system, the NFV-O module being operable to manage data flow associated with one or more Virtual Network Functions (VNFs) and one or more physical elements of… Show more

Abstract
A system, method, and computer program product are provided for augmenting a physical network system utilizing a network function virtualization orchestrator (NFV-O). In use, data traffic is monitored utilizing a Network Function Virtualization Orchestrator (NFV-O) module associated with at least a portion of a physical network system, the NFV-O module being operable to manage data flow associated with one or more Virtual Network Functions (VNFs) and one or more physical elements of the physical network system. Additionally, it is determined whether flow of the data traffic should be modified based on at least one of a traffic load or a traffic type utilizing the NFV-O module integrated in the physical network system. Further, at least a portion of the data traffic is directed from at least one of the physical elements to at least one of the VNFs when it is determined that the flow of the data traffic should be modified. Show less

Abstract
According to one aspect of the present invention there is provided a system, method, and computer program product for deploying a plurality of virtual network function (VNF) instances in a communication network using network function virtualization (NFV-based network), where the network includes a plurality of computing-related units and communication links in-between, the method including: determining at least one performance value for at least one of the computing-related units… Show more

Abstract
According to one aspect of the present invention there is provided a system, method, and computer program product for deploying a plurality of virtual network function (VNF) instances in a communication network using network function virtualization (NFV-based network), where the network includes a plurality of computing-related units and communication links in-between, the method including: determining at least one performance value for at least one of the computing-related units and communication links, determining at least one performance requirement for at least one of the VNF instances, and associating the at least one VNF instance with at least one of the computing-related units and the communication links according to the at least one performance requirement and the at least one performance value. Show less

Abstract
A system, method, and computer program product are provided for resource conversion in network function virtualization based networks. In use, a first resource of a first type is identified in a first hardware unit, the first resource at least potentially having insufficient availability and being associated with a Network Function Virtualization based (NFV-based) communication network. Additionally, a second resource of a second type is identified, the second resource being… Show more

Abstract
A system, method, and computer program product are provided for resource conversion in network function virtualization based networks. In use, a first resource of a first type is identified in a first hardware unit, the first resource at least potentially having insufficient availability and being associated with a Network Function Virtualization based (NFV-based) communication network. Additionally, a second resource of a second type is identified, the second resource being associated with the first hardware unit, the second resource being identified as sufficiently available. Further, a third resource of the first type is identified, the third resource being associated with a second hardware unit, the second hardware unit being associated with the second resource, the third resource being identified as sufficiently available. Show less

Abstract
A system, method, and computer program product are provided for testing composite services in a communication network utilizing test data. In use, test data is sent to a composition of virtual services to test at least a portion of the composition of virtual services, the composition of virtual services including at least one first virtual service and at least one second virtual service chained such that the test data is received by the at least one first virtual service and an… Show more

Abstract
A system, method, and computer program product are provided for testing composite services in a communication network utilizing test data. In use, test data is sent to a composition of virtual services to test at least a portion of the composition of virtual services, the composition of virtual services including at least one first virtual service and at least one second virtual service chained such that the test data is received by the at least one first virtual service and an output of the at least one first virtual service is input to the at least one second virtual service, and at least a portion of the test data being configured such that at least a portion of the output of the at least one first virtual service is the same as the test data input to the at least one first virtual service. Additionally, a first output is received from the at least one second virtual service, the first output including a result of the output of the at least one first virtual service being input to the at least one second virtual service. Further, the test data is sent as an input to at least one third virtual service, the at least one third virtual service including the same functionality as the at least one second virtual service. In addition, a second output is received from the at least one third virtual service, the second output including a result of the test data being input to the at least one third virtual service including the same functionality as the at least one second virtual service. Moreover, the first output from the at least one second virtual service is compared with the second output from the at least one third virtual service including the same functionality as the at least one second virtual service to test the at least a portion of the composition of virtual services. Show less

Abstract
A system, method, and computer program product are provided for performing preventative maintenance in a Network Function Virtualization based (NFV-based) communication network. In use, a first potential fault is identified in a first resource in an NFV-based communication network. Additionally, a first time for maintaining the first resource is identified to prevent an occurrence of the first potential fault. Further, a second resource is identified for replacing the first resource… Show more

Abstract
A system, method, and computer program product are provided for performing preventative maintenance in a Network Function Virtualization based (NFV-based) communication network. In use, a first potential fault is identified in a first resource in an NFV-based communication network. Additionally, a first time for maintaining the first resource is identified to prevent an occurrence of the first potential fault. Further, a second resource is identified for replacing the first resource during the first time. Show less

Abstract
A system, method, and computer program product are provided for product/service design and creation. In use, at least one new resource is identified in a master catalog. The at least one resource is tested. Additionally, the at least one resource is released for service generation. Further, at least one service is generated utilizing the at least one resource. The at least one service is stored in the master catalog. In addition, the at least one service is released for product… Show more

Abstract
A system, method, and computer program product are provided for product/service design and creation. In use, at least one new resource is identified in a master catalog. The at least one resource is tested. Additionally, the at least one resource is released for service generation. Further, at least one service is generated utilizing the at least one resource. The at least one service is stored in the master catalog. In addition, the at least one service is released for product generation. Furthermore, at least one product is generated utilizing the at least one service. The at least one product is stored in the master catalog. Moreover, the at least one product is presented for sale. Show less

A system, method, and computer program product are provided for testing at least a portion of a Network Function Virtualization based (NFV-based) communication network utilizing at least one virtual service testing element. In use, at least one virtual service testing element is instantiated, the at least one virtual service testing element being operable for testing at least a portion of a NFV-based communication network including a plurality of virtual services. Further, at least one time to… Show more

A system, method, and computer program product are provided for testing at least a portion of a Network Function Virtualization based (NFV-based) communication network utilizing at least one virtual service testing element. In use, at least one virtual service testing element is instantiated, the at least one virtual service testing element being operable for testing at least a portion of a NFV-based communication network including a plurality of virtual services. Further, at least one time to implement the at least one virtual service testing element is identified such that the at least one virtual service testing element tests the at least a portion of the NFV-based communication network by: sending a known test case communication from the at least one virtual service testing element as an input to an ingress point of the at least a portion of the NFV-based communication network; receiving a result of the input as an output at an egress point of the at least a portion of the NFV-based communication network; and analyzing the result to determine whether at least a portion of the NFV-based communication network is performing as expected. Show less

Abstract
A system, method, and computer program product are provided for routing traffic to a service in a network including at least one virtual network service. In use, data traffic directed to at least one first component in a network system is received. Further, one or more second components capable of handling the data traffic are identified based on information associated with the data traffic, the one or more second components including one or more virtual services or one or more… Show more

Abstract
A system, method, and computer program product are provided for routing traffic to a service in a network including at least one virtual network service. In use, data traffic directed to at least one first component in a network system is received. Further, one or more second components capable of handling the data traffic are identified based on information associated with the data traffic, the one or more second components including one or more virtual services or one or more physical services. Additionally, at least one of the one or more second components is selected to receive the data traffic, based on criteria associated with the at least one of the one or more second components and the information associated with the data traffic. Moreover, the data traffic is sent to the at least one of the one or more second components. Show less

Abstract
According to one aspect of the present invention there is provided a system, method, and computer program product for recovering from a network failure in a communication network using network function virtualization (NFV-based network), the method including: selecting a first network component of the NFV-based network, detecting at least one probable failure of the first network component, identifying at least one virtual network function (VNF) instance using the first network… Show more

Abstract
According to one aspect of the present invention there is provided a system, method, and computer program product for recovering from a network failure in a communication network using network function virtualization (NFV-based network), the method including: selecting a first network component of the NFV-based network, detecting at least one probable failure of the first network component, identifying at least one virtual network function (VNF) instance using the first network component, selecting a second network component to be used by same VNF for replacing the VNF instance in the first network component when the first network component is faulty, and securing at least one resource of the second network component for the VNF. Show less

Abstract
A system, method, and computer program product are provided for providing security in a Network Function Virtualization based (NFV-based) communication network. In operation, a security attack is identified. Additionally, a first hardware unit attacked by the security attack is identified. Further, a hardware unit in which to initiate a security defense software program is identified. Moreover, the security defense software program is initiated in the identified hardware unit.

Abstract
A system, method, and computer program product are provided for managing hierarchy and optimization in network function virtualization based networks. In use, a first hardware unit of a plurality of hardware units associated with a network function virtualization (NFV) based communication network is identified, the first hardware unit being identified based on a first load characteristic associated with the first hardware unit. Further, a first virtual network function (VNF)… Show more

Abstract
A system, method, and computer program product are provided for managing hierarchy and optimization in network function virtualization based networks. In use, a first hardware unit of a plurality of hardware units associated with a network function virtualization (NFV) based communication network is identified, the first hardware unit being identified based on a first load characteristic associated with the first hardware unit. Further, a first virtual network function (VNF) instance associated with the first hardware unit is identified, the first VNF instance being associated with usage of at least one service. Additionally, at least one traffic route associated with the first VNF instance is identified, the at least one traffic route being associated with usage of the at least one service. Furthermore, a second hardware unit for handling at least a portion of a workload associated with the at least one service is identified, the second hardware unit being identified based on a second load characteristic associated with the second hardware unit, and the second hardware unit being capable of utilizing the at least one traffic route. Still yet, a second VNF instance is initiated in the second hardware unit. Moreover, at least part of the at least one service is migrated from the first VNF instance to the second VNF instance without disrupting the service. Show less

Abstract
A system, method, and computer program product are provided for preserving service continuity in a Network Function Virtualization based (NFV-based) communication network. In use, a first virtual network function (VNF) instance associated with a first VNF in a first hardware unit in a Network Function Virtualization based (NFV-based) communication network is identified. Additionally, a second VNF instance on a second hardware unit is instantiated, the second VNF instance being… Show more

Abstract
A system, method, and computer program product are provided for preserving service continuity in a Network Function Virtualization based (NFV-based) communication network. In use, a first virtual network function (VNF) instance associated with a first VNF in a first hardware unit in a Network Function Virtualization based (NFV-based) communication network is identified. Additionally, a second VNF instance on a second hardware unit is instantiated, the second VNF instance being compatible with the first VNF instance. Further, communication directed to the first VNF instance is diverted to the second VNF instance on the second hardware unit, in response to initiating the second VNF instance on a second hardware unit. Show less

ABSTRACT
A method for resolving disputes between users in network communications using digital arbitration. The method comprising the steps of agreeing on a contract between the users and choosing a set of arbitrators; appealing to the arbitrators by a first user, if he/she suspects the second user violates the agreement; and giving the information needed to reconstruct a resource of the second user, if a large enough number of arbitrators agree that the second user actually violated the… Show more

ABSTRACT
A method for resolving disputes between users in network communications using digital arbitration. The method comprising the steps of agreeing on a contract between the users and choosing a set of arbitrators; appealing to the arbitrators by a first user, if he/she suspects the second user violates the agreement; and giving the information needed to reconstruct a resource of the second user, if a large enough number of arbitrators agree that the second user actually violated the agreement. Show less