Method for identifying and blocking embedded communications
First Claim
1. A method for identifying embedded communications in a communication network, the method comprising:
- establishing a baseline checksum failure rate measurement for packets communicated in accordance with a specified communication protocol in a predetermined route in a transport layer of the communication network;
monitoring traffic on the predetermined route in the transport layer of the communication network to detect checksum failures of the packets;
establishing a current checksum failure rate measurement based on the detected checksum failures;
comparing the current checksum failure rate measurement with the baseline checksum failure rate measurement;
when the current checksum failure rate measurement is greater than the baseline checksum failure rate measurement, determining an embedded communication of covert data is being communicated in the specified communication protocol; and
blocking the embedded communication in the transport layer of the communication network by discarding packets having a detected checksum failure.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and system for steganography and steganalytic techniques are provided for effecting embedded communications in a variety of communication environments. One aspect may include an embedded transmitter for inserting embedded data into a packet and an embedded receiver for receiving the packet via, for example, a packetized communication network such as the Internet. Various aspects of the present invention provide robust communications with optimized throughput and may include various error handlers to maximize performance and ensure transfer of incorrupt data. A method for identifying and blocking embedded communications is also provided.
76 Citations
4 Claims
-
1. A method for identifying embedded communications in a communication network, the method comprising:
-
establishing a baseline checksum failure rate measurement for packets communicated in accordance with a specified communication protocol in a predetermined route in a transport layer of the communication network; monitoring traffic on the predetermined route in the transport layer of the communication network to detect checksum failures of the packets; establishing a current checksum failure rate measurement based on the detected checksum failures; comparing the current checksum failure rate measurement with the baseline checksum failure rate measurement; when the current checksum failure rate measurement is greater than the baseline checksum failure rate measurement, determining an embedded communication of covert data is being communicated in the specified communication protocol; and blocking the embedded communication in the transport layer of the communication network by discarding packets having a detected checksum failure. - View Dependent Claims (2, 3, 4)
-
Specification