Mechanism for identifying malicious content, DoS attacks, and illegal IPTV services
First Claim
1. An apparatus in a network for providing a plurality of Internet protocol television (IPTV) streams, comprising:
- a memory configured to store a plurality of parameter characteristics indicative of a security breach in the network; and
a processing module configured to;
receive a first plurality of control messages addressed to a first multicast group from at least one network element in the network, wherein the first plurality of control messages is operably transmitted by an authorized user device in the network to a service provider device in the network and is re-addressed by the at least one network element for transmission to the first multicast group, wherein the first multicast group includes at least the apparatus and the service provider device as destinations;
monitor the first plurality of control messages for at least one of the plurality of parameter characteristics;
determine that the first plurality of control messages displays at least one of the plurality of parameter characteristics;
perform at least one protective measurement that includes;
subscribing to a second multicast group including a plurality of IPTV streams associated with the authorized user device, wherein the second multicast group includes at least the first apparatus and the service provider device as destinations;
performing deep packet inspection (DPI) of at least one packet within at least one of the plurality of IPTV streams; and
in the event that an anomaly within the at least one packet is detected, removing the at least one packet from the at least one of the plurality of IPTV streams.
10 Assignments
0 Petitions
Accused Products
Abstract
Mechanism for identifying malicious content, DoS attacks, and illegal IPTV services. By monitoring the characteristics of various control messages being transmitted within a network that services Internet protocol television (IPTV) content to identify suspicious behavior (e.g., such as that associated with malicious content, denial of service (DoS) attacks, IPTV service stealing, etc.). In addition to monitoring control messages within such a network, deep packet inspection (DPI) may be performed for individual packets within an IPTV stream to identify malicious content therein (e.g., worms, viruses, etc. actually within the IPTV stream itself). By monitoring control messages and/or actual IPTV content within a network (e.g., vs. at the perimeter of a network only), protection against both outside and inside attacks can be effectuated. This network level basis of operation effectively guards against promulgation of malicious content to other devices within the network.
13 Citations
20 Claims
-
1. An apparatus in a network for providing a plurality of Internet protocol television (IPTV) streams, comprising:
-
a memory configured to store a plurality of parameter characteristics indicative of a security breach in the network; and a processing module configured to; receive a first plurality of control messages addressed to a first multicast group from at least one network element in the network, wherein the first plurality of control messages is operably transmitted by an authorized user device in the network to a service provider device in the network and is re-addressed by the at least one network element for transmission to the first multicast group, wherein the first multicast group includes at least the apparatus and the service provider device as destinations; monitor the first plurality of control messages for at least one of the plurality of parameter characteristics; determine that the first plurality of control messages displays at least one of the plurality of parameter characteristics; perform at least one protective measurement that includes; subscribing to a second multicast group including a plurality of IPTV streams associated with the authorized user device, wherein the second multicast group includes at least the first apparatus and the service provider device as destinations; performing deep packet inspection (DPI) of at least one packet within at least one of the plurality of IPTV streams; and in the event that an anomaly within the at least one packet is detected, removing the at least one packet from the at least one of the plurality of IPTV streams. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An apparatus in a network for providing a plurality of Internet protocol television (IPTV) streams, comprising:
-
a memory that stores a plurality of parameter characteristics; and a processing module that; monitors a first plurality of control messages sent from an authorized user device to a service provider device in the network, wherein the first plurality of control messages identifies a first multicast group that includes at least the apparatus and the service provider device as destinations and wherein at least one network element readdressed the first plurality of control messages to the first multicast group; and in the event that at least one of the first plurality of control messages includes at least one of the plurality of parameter characteristics indicating a security breach, the processing module; generates an instruction to isolate the authorized user device from the network; generates an instruction to block the plurality IPTV streams from being broadcast to the authorized user device; monitors a second plurality of control messages sent from the authorized user device to the service provider device and in the event that at least one of the second plurality of control messages includes characteristics corresponding to at least one additional of the plurality of parameter characteristics, generates an instruction to block any future control message sent from the first device; and performs deep packet inspection (DPI) of at least one packet within at least one of the plurality of IPTV streams to the authorized user device and in the event that the processing module detects an anomaly within the at least one packet in accordance with the DPI, the processing module performs at least one of;
removes the at least one packet from the at least one of the plurality of IPTV streams; and
generates an instruction to block the at least one of the plurality of IPTV streams from being broadcast via the network by the second device. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A method, comprising:
-
receiving control messages in a first multicast group by a security device that is a member of the first multicast group, wherein the control messages are transmitted from a authorized user device to a service provider device in a network for providing a plurality of Internet protocol television (IPTV) streams via the network and wherein at least one network element readdressed the first plurality of control messages to the first multicast group; monitoring a first plurality of the control messages by the security device; in the event that at least one of the first plurality of control messages includes characteristics corresponding to at least one of a plurality of parameter characteristics, performing by the security device; instructing to block any future control message sent from the first device; instructing to block the plurality IPTV streams from being broadcast to the first device; and monitoring a second plurality of control messages sent from the first device to the second device and instructing to isolate the first device from the network in the event that at least one of the second plurality of control messages includes characteristics corresponding to at least one additional of the plurality of parameter characteristics. - View Dependent Claims (18, 19, 20)
-
Specification