Filtering hidden data embedded in media files
First Claim
Patent Images
1. A method comprising:
- capturing, by a network security appliance, network traffic;
extracting, by the network security appliance, a media file from the network traffic;
determining, by the network security appliance, presence of a hidden data item embedded in the media file encoded within a barcode;
when said determining is affirmative, then;
identifying existence of a Uniform Resource Locator (URL) within the hidden data item by decoding the hidden data item by a decoding module of the network security appliance implementing a barcode reader supporting multiple barcode formats;
when said identifying is affirmative, then determining whether the URL is associated with malicious activities or is associated with or redirects to a website blocked by a security policy of the network appliance, referred to as a Malware URL, by applying a website filter to the URL by a content inspection engine of the network security appliance; and
when the website filter determines the URL to be a Malware URL, then protecting the intended recipient of the network traffic against the Malware URL by blocking transmission of the media file to the intended recipient by the network security appliance.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for filtering unsafe content at a network security appliance are provided. According to one embodiment, a network security appliance captures network traffic and extracts a media file from the network traffic. The network security appliance then determines the presence of a hidden data item embedded in the media file in a machine-readable form. When such a hidden data item is identified, the network security appliance performs one or more actions on the media file based on a predefined security policy.
-
Citations
12 Claims
-
1. A method comprising:
-
capturing, by a network security appliance, network traffic; extracting, by the network security appliance, a media file from the network traffic; determining, by the network security appliance, presence of a hidden data item embedded in the media file encoded within a barcode; when said determining is affirmative, then; identifying existence of a Uniform Resource Locator (URL) within the hidden data item by decoding the hidden data item by a decoding module of the network security appliance implementing a barcode reader supporting multiple barcode formats; when said identifying is affirmative, then determining whether the URL is associated with malicious activities or is associated with or redirects to a website blocked by a security policy of the network appliance, referred to as a Malware URL, by applying a website filter to the URL by a content inspection engine of the network security appliance; and when the website filter determines the URL to be a Malware URL, then protecting the intended recipient of the network traffic against the Malware URL by blocking transmission of the media file to the intended recipient by the network security appliance. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A network security appliance comprising:
-
a non-transitory storage device having embodied therein instructions representing a security application; and one or more processors coupled to the non-transitory storage device and operable to execute the security application to perform a method comprising; capturing network traffic; extracting a media file from the network traffic; determining presence of a hidden data item embedded in the media file encoded within a barcode; when said determining is affirmative, then; identifying existence of a Uniform Resource Locator (URL) within the hidden data item by decoding the hidden data item by a decoding module of the security application implementing a barcode reader supporting multiple barcode formats; when said identifying is affirmative, then determining whether the URL is associated with malicious activities or is associated with or redirects to a website blocked by a security policy of the network appliance, referred to as a Malware URL, by applying a website filter to the URL by a content inspection engine of the security application; and when the website filter determines the URL to be a Malware URL, then protecting the intended recipient of the network traffic against the Malware URL by blocking transmission of the media file to the intended recipient. - View Dependent Claims (8, 9, 10, 11, 12)
-
Specification