Filtering hidden data embedded in media files
First Claim
Patent Images
1. A method comprising:
- capturing network traffic by a network security appliance associated with a protected network, wherein the network traffic is originated by a source external to the protected network and is directed to an intended recipient associated with the protected network;
extracting, by the network security appliance, a media file from the network traffic;
determining, by the network security appliance, presence of a potentially malicious hidden data item embedded in the media file in a form of encoded data within one or more of a digital watermark, steganography and a barcode by decoding the encoded data by a decoding module of the network security appliance;
determining whether the decoded data violates one or more security policies of a plurality of security policies of the network appliance by applying a Uniform Resource Locator (URL) filter to the decoded data by a content inspection engine of the network security appliance; and
when said determining whether the decoded data violates one or more security policies is affirmative, then protecting the intended recipient against the potentially malicious hidden data item by the network security appliance performing one or more of (i) blocking transmission of the media file to the intended recipient, (ii) causing the intended recipient to be alerted regarding the potentially malicious hidden data item and (iii) causing a network administrator of the protected network to be alerted regarding the potentially malicious hidden data item.
0 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for filtering unsafe content at a network security appliance are provided. According to one embodiment, a network security appliance captures network traffic and extracts a media file from the network traffic. The network security appliance then determines the presence of a hidden data item embedded in the media file in a machine-readable form. When such a hidden data item is identified, the network security appliance performs one or more actions on the media file based on a predefined security policy.
-
Citations
16 Claims
-
1. A method comprising:
-
capturing network traffic by a network security appliance associated with a protected network, wherein the network traffic is originated by a source external to the protected network and is directed to an intended recipient associated with the protected network; extracting, by the network security appliance, a media file from the network traffic; determining, by the network security appliance, presence of a potentially malicious hidden data item embedded in the media file in a form of encoded data within one or more of a digital watermark, steganography and a barcode by decoding the encoded data by a decoding module of the network security appliance; determining whether the decoded data violates one or more security policies of a plurality of security policies of the network appliance by applying a Uniform Resource Locator (URL) filter to the decoded data by a content inspection engine of the network security appliance; and when said determining whether the decoded data violates one or more security policies is affirmative, then protecting the intended recipient against the potentially malicious hidden data item by the network security appliance performing one or more of (i) blocking transmission of the media file to the intended recipient, (ii) causing the intended recipient to be alerted regarding the potentially malicious hidden data item and (iii) causing a network administrator of the protected network to be alerted regarding the potentially malicious hidden data item. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A network security appliance comprising:
-
a non-transitory storage device having embodied therein instructions representing a security application; and one or more processors coupled to the non-transitory storage device and operable to execute the security application to perform a method comprising; capturing network traffic associated with a protected network protected by the network security appliance, wherein the network traffic is originated by a source external to the protected network and is directed to an intended recipient associated with the protected network; extracting a media file from the network traffic; determining presence of a potentially malicious hidden data item embedded in the media file in a form of encoded data within one or more of a digital watermark, steganography and a barcode by decoding the encoded data by a decoding module of the security application; determining whether the decoded data violates one or more security policies of a plurality of security policies of the network appliance by applying a Uniform Resource Locator (URL) filter to the decoded data by a content inspection engine of the security application; and when said determining whether the decoded data violates one or more security policies is affirmative, then protecting the intended recipient against the potentially malicious hidden data item by one or more of (i) blocking transmission of the media file to the intended recipient, (ii) causing the intended recipient to be alerted regarding the potentially malicious hidden data item and (iii) causing a network administrator of the protected network to be alerted regarding the potentially malicious hidden data item. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification