Method for identifying and blocking embedded communications
First Claim
Patent Images
1. A method for identifying embedded communications in a communication network, the method comprising:
- establishing a baseline checksum failure rate measurement for packets communicated in accordance with a specified communication protocol in a predetermined route in a transport layer of the communication network;
monitoring traffic on the predetermined route in the transport layer of the communication network to detect checksum failures of the packets;
establishing a current checksum failure rate measurement based on the detected checksum failures;
comparing the current checksum failure rate measurement with the baseline checksum failure rate measurement;
when the current checksum failure rate measurement is greater than the baseline checksum failure rate measurement, determining an embedded communication of covert data is being communicated in the specified communication protocol; and
blocking the embedded communication in the transport layer of the communication network by discarding packets having a detected checksum failure.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and system for steganography and steganalytic techniques are provided for effecting embedded communications in a variety of communication environments. One aspect may include an embedded transmitter for inserting embedded data into a packet and an embedded receiver for receiving the packet via, for example, a packetized communication network such as the Internet. Various aspects of the present invention provide robust communications with optimized throughput and may include various error handlers to maximize performance and ensure transfer of incorrupt data. A method for identifying and blocking embedded communications is also provided.
76 Citations
4 Claims
-
1. A method for identifying embedded communications in a communication network, the method comprising:
-
establishing a baseline checksum failure rate measurement for packets communicated in accordance with a specified communication protocol in a predetermined route in a transport layer of the communication network; monitoring traffic on the predetermined route in the transport layer of the communication network to detect checksum failures of the packets; establishing a current checksum failure rate measurement based on the detected checksum failures; comparing the current checksum failure rate measurement with the baseline checksum failure rate measurement; when the current checksum failure rate measurement is greater than the baseline checksum failure rate measurement, determining an embedded communication of covert data is being communicated in the specified communication protocol; and blocking the embedded communication in the transport layer of the communication network by discarding packets having a detected checksum failure. - View Dependent Claims (2, 3, 4)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current Assigneethe united states of america as represented by the secretary of the navy
-
Original Assigneethe united states of america as represented by the secretary of the navy
-
InventorsGeissler, William Karl, McEachen, John Colin
-
Primary Examiner(s)Etienne, Ario
-
Assistant Examiner(s)Shiu, Ho
-
Application NumberUS12/757,429Time in Patent Office1,131 DaysField of SearchNoneUS Class Current709/235CPC Class CodesH04L 1/0061 Error detection codesH04L 1/0079 Formats for control data H0...H04L 1/1664 the supervisory signal bein...H04L 1/1854 Scheduling and prioritising...H04L 69/16 Implementation or adaptatio...H04L 69/161 Implementation details of T...H04L 69/163 In-band adaptation of TCP d...
