FILTERING HIDDEN DATA EMBEDDED IN MEDIA FILES
First Claim
Patent Images
1. A method comprising:
- capturing network traffic, by a network security device protecting a private network, wherein the network traffic is directed to an intended recipient associated with the private network;
extracting, by an Intrusion Prevention System (IPS) engine running on the network security device, a media file from the network traffic;
determining, by the IPS engine, presence of a potentially malicious hidden data item embedded in the media file, wherein the potentially malicious hidden data item comprises encoded data within one or more of a digital watermark, steganography and a barcode;
determining, by the IPS engine, whether the potentially malicious hidden data item violates a security policy of a plurality of security policies of the private network enforced by the network security device by decoding the encoded data and applying a content filter to a result of the decoding; and
when said determining, by the IPS engine, whether the potentially malicious hidden data item violates a security policy is affirmative, then (i) blocking transmission of the media file to the intended recipient, (ii) causing the intended recipient to be alerted regarding the violated security policy or (iii) causing a network administrator of the private network to be alerted regarding the violated security policy.
0 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for filtering unsafe content by a network security device are provided. According to one embodiment, a network security device captures network traffic and extracts a media file from the network traffic. The network security device then determines the presence of a hidden data item embedded in the media file in a machine-readable form. When such a hidden data item is identified, the network security device performs one or more actions on the media file based on a predefined security policy.
-
Citations
20 Claims
-
1. A method comprising:
-
capturing network traffic, by a network security device protecting a private network, wherein the network traffic is directed to an intended recipient associated with the private network; extracting, by an Intrusion Prevention System (IPS) engine running on the network security device, a media file from the network traffic; determining, by the IPS engine, presence of a potentially malicious hidden data item embedded in the media file, wherein the potentially malicious hidden data item comprises encoded data within one or more of a digital watermark, steganography and a barcode; determining, by the IPS engine, whether the potentially malicious hidden data item violates a security policy of a plurality of security policies of the private network enforced by the network security device by decoding the encoded data and applying a content filter to a result of the decoding; and when said determining, by the IPS engine, whether the potentially malicious hidden data item violates a security policy is affirmative, then (i) blocking transmission of the media file to the intended recipient, (ii) causing the intended recipient to be alerted regarding the violated security policy or (iii) causing a network administrator of the private network to be alerted regarding the violated security policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A network security device comprising:
-
a non-transitory storage device having embodied therein one or more modules of a firewall and an Intrusion Prevention System (IPS) engine; and one or more processors coupled to the non-transitory storage device and operable to execute the one or more modules to perform a method comprising; capturing, by the firewall, network traffic directed to an intended recipient associated with a private network protected by the network security device; extracting, by the IPS engine, a media file from the network traffic; determining, by the IPS engine, presence of a potentially malicious hidden data item embedded in the media file, wherein the potentially malicious hidden data item comprises encoded data within one or more of a digital watermark, steganography and a barcode; determining, by the IPS engine, whether the potentially malicious hidden data item violates a security policy of a plurality of security policies of the private network enforced by the network security device by decoding the encoded data and applying a content filter to a result of the decoding; and when said determining, by the IPS engine, whether the potentially malicious hidden data item violates a security policy is affirmative, then (i) blocking transmission of the media file to the intended recipient, (ii) causing the intended recipient to be alerted regarding the violated security policy or (iii) causing a network administrator of the private network to be alerted regarding the violated security policy. - View Dependent Claims (16, 17, 18, 19, 20)
-
- 12. The network security device of claim 12, wherein the content filter comprises a Uniform Resource Locator (URL) filter.
Specification