Obfuscating network traffic from previously collected network traffic
First Claim
1. A system for generating obfuscated network traffic, the system comprising:
- a network monitor for separating a first network traffic flow into application content and network header content based on a first network model by separately extracting the application content and network header content in accordance with the first network model;
a computer-readable storage device comprising;
an application content database operative to store application content extracted from the first network traffic flow by the network monitor;
a network header content database operative to store network header content extracted from the first network traffic flow by the network monitor; and
an obfuscated network traffic database operative to store obfuscated network header content;
a masking attribute selector operative to receive an input specifying one or more network header attributes to be masked;
a data masking processor operative to;
retrieve the network header content stored in the network header content database; and
mask at least a selected portion of the network header content to generate the obfuscated network header content, wherein the data masking processor is further operative to mask the selected portion of the network header based on the input received by the masking attribute selector; and
an obfuscated network traffic request interface operative to;
receive a request for obfuscated network traffic; and
transmit the obfuscated network header content stored in the obfuscated network traffic database based upon the request for obfuscated network traffic;
where said mask is at least one of;
a bitwise operation, analyzing the IP addresses in the network header content and changing or replacing the IP addresses with a set of IP addresses, replacing one or more network priority bits of the network header content with a different but consistent set of network priority bits, replacing one or more portions of the network header content requested from the network header content database, replacing content with content stored in another database, and replacing content with randomly generated content or pseudo-randomly generated content.
1 Assignment
0 Petitions
Accused Products
Abstract
An obfuscated network traffic server is operative to generate obfuscated network traffic. The obfuscated network traffic server maintains the relationship between extracted application content and extracted network header content such that the obfuscated network traffic is indistinguishable from the monitored network traffic. The obfuscated network traffic server may include a network monitor operative to monitor network traffic and to extract application content and network header content from the monitored network traffic. The obfuscated network traffic server may also include a data masking processor operative to mask a portion of the separated application content and/or the separated network header content. The obfuscated network traffic server may further include a masking attribute selector operative to specify the attributes of the application content and/or the network header content that is to be masked.
232 Citations
20 Claims
-
1. A system for generating obfuscated network traffic, the system comprising:
-
a network monitor for separating a first network traffic flow into application content and network header content based on a first network model by separately extracting the application content and network header content in accordance with the first network model; a computer-readable storage device comprising; an application content database operative to store application content extracted from the first network traffic flow by the network monitor; a network header content database operative to store network header content extracted from the first network traffic flow by the network monitor; and an obfuscated network traffic database operative to store obfuscated network header content; a masking attribute selector operative to receive an input specifying one or more network header attributes to be masked; a data masking processor operative to; retrieve the network header content stored in the network header content database; and mask at least a selected portion of the network header content to generate the obfuscated network header content, wherein the data masking processor is further operative to mask the selected portion of the network header based on the input received by the masking attribute selector; and an obfuscated network traffic request interface operative to; receive a request for obfuscated network traffic; and transmit the obfuscated network header content stored in the obfuscated network traffic database based upon the request for obfuscated network traffic; where said mask is at least one of;
a bitwise operation, analyzing the IP addresses in the network header content and changing or replacing the IP addresses with a set of IP addresses, replacing one or more network priority bits of the network header content with a different but consistent set of network priority bits, replacing one or more portions of the network header content requested from the network header content database, replacing content with content stored in another database, and replacing content with randomly generated content or pseudo-randomly generated content. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for generating masked network traffic, the method comprising:
-
receiving extracted application content of a first network traffic flow and extracted network header content of the first network traffic flow; receiving, with a masking attribute selector, an input specifying one or more network header attributes to be masked; masking, with a data masking processor, at least a selected portion of the network header content to generate masked network header content, wherein the masking of the selected portion of the network header by the data masking processor is based on the input received by the masking attribute selector; combining the masked network header content with the separated application content based on a maintained relationship between the application content and the network header content; and transmitting the combined masked network header content and application content in response to a request for masked network traffic; where said masking comprises at least one of;
a bitwise operation, analyzing the IP addresses in the network header content and changing or replacing the IP addresses with a set of IP addresses, replacing one or more network priority bits of the network header content with a different but consistent set of network priority bits, replacing one or more portions of the network header content requested from the network header content database, replacing content with content stored in another database, and replacing content with randomly generated content or pseudo-randomly generated content. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
Specification