MECHANISM FOR IDENTIFYING MALICIOUS CONTENT, DoS ATTACKS, AND ILLEGAL IPTV SERVICES
First Claim
1. An apparatus, comprising:
- a memory that stores a plurality of parameter characteristics; and
a processing module that monitors a first plurality of control messages sent from a first device to a second device that broadcasts a plurality of Internet protocol television (IPTV) streams via a network; and
wherein;
when at least one of the first plurality of control messages includes characteristics corresponding to at least one of the plurality of parameter characteristics, the processing module performs at least one of;
blocks any future control message sent from the first device;
blocks the plurality IPTV streams from being broadcast to the first device; and
monitors a second plurality of control messages sent from the first device to the second device; and
when the processing module monitors the second plurality of control messages sent from the second device to the first device and when at least one of the second plurality of control messages includes characteristics corresponding to at least one additional of the plurality of parameter characteristics, the processing module blocks any future control message sent from the first device.
10 Assignments
0 Petitions
Accused Products
Abstract
Mechanism for identifying malicious content, DoS attacks, and illegal IPTV services. By monitoring the characteristics of various control messages being transmitted within a network that services Internet protocol television (IPTV) content to identify suspicious behavior (e.g., such as that associated with malicious content, denial of service (DoS) attacks, IPTV service stealing, etc.). In addition to monitoring control messages within such a network, deep packet inspection (DPI) may be performed for individual packets within an IPTV stream to identify malicious content therein (e.g., worms, viruses, etc. actually within the IPTV stream itself). By monitoring control messages and/or actual IPTV content within a network (e.g., vs. at the perimeter of a network only), protection against both outside and inside attacks can be effectuated. This network level basis of operation effectively guards against promulgation of malicious content to other devices within the network.
66 Citations
20 Claims
-
1. An apparatus, comprising:
-
a memory that stores a plurality of parameter characteristics; and a processing module that monitors a first plurality of control messages sent from a first device to a second device that broadcasts a plurality of Internet protocol television (IPTV) streams via a network; and
wherein;when at least one of the first plurality of control messages includes characteristics corresponding to at least one of the plurality of parameter characteristics, the processing module performs at least one of; blocks any future control message sent from the first device; blocks the plurality IPTV streams from being broadcast to the first device; and monitors a second plurality of control messages sent from the first device to the second device; and when the processing module monitors the second plurality of control messages sent from the second device to the first device and when at least one of the second plurality of control messages includes characteristics corresponding to at least one additional of the plurality of parameter characteristics, the processing module blocks any future control message sent from the first device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An apparatus, comprising:
-
a memory that stores a plurality of parameter characteristics; and a processing module that; monitors a first plurality of control messages sent from a first device to a second device that broadcasts a plurality of Internet protocol television (IPTV) streams via a network; and performs deep packet inspection (DPI) of at least one packet within at least one of the plurality of IPTV streams; and
wherein;when at least one of the first plurality of control messages includes characteristics corresponding to at least one of the plurality of parameter characteristics, the processing module performs at least one of; isolates the first device from the network; blocks the plurality IPTV streams from being broadcast to the first device; and monitors a second plurality of control messages sent from the first device to the second device; when the processing module monitors the second plurality of control messages sent from the second device to the first device and when at least one of the second plurality of control messages includes characteristics corresponding to at least one additional of the plurality of parameter characteristics, the processing module isolates the first device from the network; and when the processing module detects an anomaly within the at least one packet in accordance with the DPI, the processing module either; removes the at least one packet from the at least one of the plurality of IPTV streams;
orblocks the at least one of the plurality of IPTV streams from being broadcast via the network by the second device. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A method, comprising:
-
monitoring a first plurality of control messages sent from a first device to a second device that broadcasts a plurality of Internet protocol television (IPTV) streams via a network; when at least one of the first plurality of control messages includes characteristics corresponding to at least one of a plurality of parameter characteristics, performing at least one of; blocking any future control message sent from the first device; blocking the plurality IPTV streams from being broadcast to the first device; and monitoring a second plurality of control messages sent from the first device to the second device; and when monitoring the second plurality of control messages sent from the second device to the first device and when at least one of the second plurality of control messages includes characteristics corresponding to at least one additional of the plurality of parameter characteristics, isolating the first device from the network. - View Dependent Claims (18, 19, 20)
-
Specification