Filtering hidden data embedded in media files
First Claim
Patent Images
1. A method comprising:
- capturing network traffic by a firewall device associated with a private network, wherein the network traffic is directed to an intended recipient associated with the private network;
extracting, by the firewall device, a media file from the network traffic;
determining, by the firewall device, presence of a potentially malicious hidden data item embedded in the media file, wherein the potentially malicious hidden data item comprises encoded data within one or more of a digital watermark, steganography and a barcode;
determining whether the potentially malicious hidden data item violates a security policy of a plurality of security policies of the private network enforced by the firewall device by decoding the encoded data and applying a content filter to a result of the decoding, wherein the content filter comprises a Uniform Resource Locator (URL) filter and wherein the security policy contains information indicative of a URL known to be associated with malicious activities; and
when said determining whether the potentially malicious hidden data item violates a security policy is affirmative, then performing by the firewall device (i) blocking transmission of the media file to the intended recipient, (ii) causing the intended recipient to be alerted regarding the violated security policy and (iii) causing a network administrator of the private network to be alerted regarding the violated security policy.
0 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for filtering unsafe content at a network security appliance are provided. According to one embodiment, a network security appliance captures network traffic and extracts a media file from the network traffic. The network security appliance then determines the presence of a hidden data item embedded in the media file in a machine-readable form. When such a hidden data item is identified, the network security appliance performs one or more actions on the media file based on a predefined security policy.
-
Citations
16 Claims
-
1. A method comprising:
-
capturing network traffic by a firewall device associated with a private network, wherein the network traffic is directed to an intended recipient associated with the private network; extracting, by the firewall device, a media file from the network traffic; determining, by the firewall device, presence of a potentially malicious hidden data item embedded in the media file, wherein the potentially malicious hidden data item comprises encoded data within one or more of a digital watermark, steganography and a barcode; determining whether the potentially malicious hidden data item violates a security policy of a plurality of security policies of the private network enforced by the firewall device by decoding the encoded data and applying a content filter to a result of the decoding, wherein the content filter comprises a Uniform Resource Locator (URL) filter and wherein the security policy contains information indicative of a URL known to be associated with malicious activities; and when said determining whether the potentially malicious hidden data item violates a security policy is affirmative, then performing by the firewall device (i) blocking transmission of the media file to the intended recipient, (ii) causing the intended recipient to be alerted regarding the violated security policy and (iii) causing a network administrator of the private network to be alerted regarding the violated security policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A firewall device comprising:
-
a non-transitory storage device having embodied therein one or more routines; and one or more processors coupled to the non-transitory storage device and operable to execute the one or more routines to perform a method comprising; capturing network traffic directed to an intended recipient associated with a private network protected by the firewall device; extracting a media file from the network traffic; determining presence of a potentially malicious hidden data item embedded in the media file, wherein the potentially malicious hidden data item comprises encoded data within one or more of a digital watermark, steganography and a barcode; determining whether the potentially malicious hidden data item violates a security policy of a plurality of security policies of the private network enforced by the firewall device by decoding the encoded data and applying a content filter to a result of the decoding, wherein the content filter comprises a Uniform Resource Locator (URL) filter and wherein the security policy contains information indicative of a URL known to be associated with malicious activities; and when said determining whether the potentially malicious hidden data item violates a security policy is affirmative, then (i) blocking transmission of the media file to the intended recipient, (ii) causing the intended recipient to be alerted regarding the violated security policy and (iii) causing a network administrator of the private network to be alerted regarding the violated security policy. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeFortinet Inc.
-
Original AssigneeFortinet Inc.
-
InventorsZheng, Juneng, Yan, Guoyi
-
Primary Examiner(s)Mehrmanesh, Amir
-
Application NumberUS15/224,516Publication NumberTime in Patent Office297 DaysField of SearchNoneUS Class CurrentCPC Class CodesH04L 63/0245 Filtering by information in...H04L 63/1408 by monitoring network traff...H04L 63/1416 Event detection, e.g. attac...H04L 63/1425 Traffic logging, e.g. anoma...H04L 63/145 the attack involving the pr...H04L 63/20 for managing network securi...H04N 1/32352 Controlling detectability o...
