MEDIA ANALYSIS METHOD AND SYSTEM FOR LOCATING AND REPORTING THE PRESENCE OF STEGANOGRAPHIC ACTIVITY

US 20060206715A1
Filed: 05/26/2006
Published: 09/14/2006
Est. Priority Date: 12/09/2002
Status: Active Grant

First Claim

Patent Images

1. A method for detecting and analyzing sites suspected of transferring steganographic communications, the method comprising the steps of:

analyzing a targeted site for steganographic communications at the direction of a server, wherein the server directs a plurality of clients to analyze the targeted site;

directing a first client to analyze a portion of the targeted site, wherein the first client analyzes the site based on parameters provided by the server and wherein the first client returns results of the analysis to the server;

dispatching a second client from the plurality of clients to analyze a portion of the targeted site based on the results of the first client and the parameters provided by the server and wherein the second client returns results of the analysis to the server;

repeating the dispatching step for each of the plurality of clients utilized in the analysis until the parameters for analyzing the targeted site have been satisfied; and

aggregating the results from the plurality of clients and analyzing the results to determine if a steganographic communication is present.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for surreptitiously detecting and analyzing sites suspected of transferring steganographic communications, is accomplished by analyzing a targeted site for steganographic communications via a server that directs a plurality of clients to analyze the targeted site. The clients are dispatched according to the objectives of the server and the data retrieved by previous clients, which have been directed to scan the site. The client'"'"'s data is aggregated and analyzed to determine if a steganographic communication is present.

25 Citations

View as Search Results

22 Claims

1. A method for detecting and analyzing sites suspected of transferring steganographic communications, the method comprising the steps of:
- analyzing a targeted site for steganographic communications at the direction of a server, wherein the server directs a plurality of clients to analyze the targeted site;
  
  directing a first client to analyze a portion of the targeted site, wherein the first client analyzes the site based on parameters provided by the server and wherein the first client returns results of the analysis to the server;
  
  dispatching a second client from the plurality of clients to analyze a portion of the targeted site based on the results of the first client and the parameters provided by the server and wherein the second client returns results of the analysis to the server;
  
  repeating the dispatching step for each of the plurality of clients utilized in the analysis until the parameters for analyzing the targeted site have been satisfied; and
  
  aggregating the results from the plurality of clients and analyzing the results to determine if a steganographic communication is present.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 2. The method of claim 1, wherein the targeted site is chosen by at least one of randomly, from a watch list and directly targeted.
  - 3. The method of claim 2, further including the step of analyzing data in a targeted site for at lest one of statistical variations and signatures that may indicate that the data has undergone a steganographic process.
  - 4. The method of claim 3, wherein statistical variations and signatures includes at least one of increase entropy of redundant data, changes in histogram of color frequencies, alterations of a DCT coefficient histogram or other changes in characteristics of the signature of a steganographic encoding process.
  - 5. The method of claim 2, further including the step of contextual monitoring the targeted site.
  - 6. The method of claim 5, wherein the step of contextual monitoring includes at least one of updating a media file without changing of the media files name, removal of media files only, removal of branches of the targeted sites structure, or other patterns of image manipulation.
  - 7. The method of claim 1, wherein the step of dispatching clients to analyze the targeted site is performed sequentially until the server analysis parameters are satisfied.
  - 8. The method of claim 7, further including the step of analyzing data in a targeted site for at lest one of statistical variations and signatures that may indicate that the data has undergone a steganographic process.
  - 9. The method of claim 8, wherein statistical variations and signatures includes at least one of increase entropy of redundant data, changes in histogram of color frequencies and alterations of a DCT coefficient histogram.
  - 10. The method of claim 1, wherein the analysis of the targeted site includes at least one of data files, audio files, video files and graphic files.
  - 11. The method of claim 1, further including the step of;
    - decoding found steganographic communications located in the analyzing step.
  - 12. The method of claim 11, wherein the decoding step is performed by applying at least one of a known reversing steganographic techniques, exploiting weaknesses in a steganographic algorithm and brute force attack.
  - 13. The method of claim 12, further including the step of decrypting decoded steganographic communications.
  - 14. The method of claim 1, wherein the external site is at least one of an USEnews site, a Web site or a Peer-to-Peer network.
  - 15. The method of claim 1, wherein the analyzing step further includes analyzing a targeted site for steganographic communications at the direction of a server, wherein the server directs $\sum$
    - n i ⁢
      
      C n clients (where i=1, 2, 3 . . . n) to analyze the targeted site;
      
      directing client C_ito analyze a portion of the targeted site, wherein the client C_ianalyzes the site based on parameters provided by the server and wherein the client C_ireturns results of the analysis to the server;
      
      (i) directing client C_i+1to analyze a portion of the targeted site based on the results of client C_iand the parameters provided by the server and wherein the client C_i+1returns results of the analysis to the server;
      
      repeating step (i) until the parameters for analyzing the targeted site have been satisfied; and
      
      aggregating the results from the plurality of clients and analyzing the results to determine if a steganographic communication is present.
  - 16. The method of claim 15, wherein the targeted site is chosen by at least one of randomly, from a watch list and directly targeted.
  - 17. The method of claim 16, further including the step of analyzing data in a targeted site for at lest one of statistical variations and signatures that may indicate that the data has undergone a steganographic process.
  - 18. The method of claim 15, further including the step of;
    - decoding found steganographic communications located in the analyzing step.
  - 19. The method of claim 18, wherein the decoding step is performed by applying at least one of a known reversing steganographic techniques, exploiting weaknesses in a steganographic algorithm and brute force attack.
  - 20. The method of claim 19, further including the step of decrypting decoded steganographic communications.

21. A method for detecting any analyzing sites for transference of steganographic encoded data, the method comprising the steps of:
- means for detecting steganographic encoded data at a site; and
  
  means for directing a pool of distributed processors to surreptitiously surveil a site by a central processing unit, wherein each processor in the pool of distributed processors is assigned an analysis task by the central processor based on objectives of the central processors and any data retrieved by previous processors comprising the processor pool that have analyzed a portion of the site.

22. A software product on a computer readable medium capable of instructing a computer system, wherein the software product comprises:
- an instruction set to analyze a site for steganographic communications;
  
  an instruction set to communicate with and direct a plurality of client servers to aide in analyzing the site;
  
  an instruction set communicated to one of the plurality of client servers to analyze a portion of the site and return results of the analysis to a central server, wherein dispatched client server analyzes the site based on parameters provided by the central server;
  
  an instruction set dispatching subsequent client servers from the plurality of remaining client severs to analyze unanalyzed segments of the targeted site based on the results of previous client servers that have been dispatched to analyze the site and operational parameters of the central server, wherein the instruction set is repeated until the central server operational parameters are met; and
  
  an instruction set to aggregate the results from the plurality of client servers and analyzing the results to determine if steganographic encoded data is present.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Steganographic Detection Systems Incorporated
Original Assignee
Steganographic Detection Systems Incorporated
Inventors
Cowan, Willaim W., Rice, William R., Rogers, Steven

Granted Patent

US 7,644,283 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

H04L 63/0428 wherein the data content is...

H04L 63/306 intercepting packet switche...

MEDIA ANALYSIS METHOD AND SYSTEM FOR LOCATING AND REPORTING THE PRESENCE OF STEGANOGRAPHIC ACTIVITY

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

25 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

MEDIA ANALYSIS METHOD AND SYSTEM FOR LOCATING AND REPORTING THE PRESENCE OF STEGANOGRAPHIC ACTIVITY

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links