Systems and methods for identifying message payload bit fields in electronic communications
First Claim
1. A computer-implemented method for identifying message payload bit fields in electronic communications, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- monitoring, at the computing device, messages transmitted via a network;
selecting, at the computing device, a plurality of messages transmitted via the network, each of the plurality of messages comprising an identical message identifier corresponding to a specified message type having a payload;
determining, at the computing device, for each bit position in the payload of the specified message type, a quasi-entropy value based on a proportion of occurrences of a first bit value and a proportion of occurrences of a second bit value at each corresponding bit position in the plurality of messages;
identifying, at the computing device, at least one continuous bit field based on bit flip rate values in the payload;
identifying, at the computing device, at least one of a near-random/periodic bit field and a constant bit field within the specified message type based on the determined quasi-entropy values, wherein identifying the near-random/periodic bit field comprises identifying a bit field comprising a plurality of adjacent bit positions each having a quasi-entropy value of 1 and wherein identifying the constant bit field comprise identifying a bit field comprising a plurality of adjacent bit positions each having a quasi-entropy value of 0;
detecting, at the computing device, at least one additional message of the specified message type transmitted via the network; and
identifying, at the computing device, at least one anomaly in at least one of the at least one of the near-random/periodic bit field and the constant bit field of the at least one additional message.
2 Assignments
0 Petitions
Accused Products
Abstract
The disclosed computer-implemented method for identifying message payload bit fields in electronic communications may include (i) monitoring messages transmitted via a network, (ii) selecting a plurality of messages transmitted via the network, each of the plurality of messages comprising an identical message identifier corresponding to a specified message type having a payload, (iii) determining for each bit position in the payload of the specified message type, a quasi-entropy value based on a proportion of occurrences of a first bit value and a proportion of occurrences of a second bit value at each corresponding bit position in the plurality of messages, and (iv) identifying at least one of a near-random bit field, a periodic bit field, and a constant bit field within the specified message type based on the determined quasi-entropy values. Various other methods, systems, and computer-readable media are also disclosed.
62 Citations
20 Claims
-
1. A computer-implemented method for identifying message payload bit fields in electronic communications, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
-
monitoring, at the computing device, messages transmitted via a network; selecting, at the computing device, a plurality of messages transmitted via the network, each of the plurality of messages comprising an identical message identifier corresponding to a specified message type having a payload; determining, at the computing device, for each bit position in the payload of the specified message type, a quasi-entropy value based on a proportion of occurrences of a first bit value and a proportion of occurrences of a second bit value at each corresponding bit position in the plurality of messages; identifying, at the computing device, at least one continuous bit field based on bit flip rate values in the payload; identifying, at the computing device, at least one of a near-random/periodic bit field and a constant bit field within the specified message type based on the determined quasi-entropy values, wherein identifying the near-random/periodic bit field comprises identifying a bit field comprising a plurality of adjacent bit positions each having a quasi-entropy value of 1 and wherein identifying the constant bit field comprise identifying a bit field comprising a plurality of adjacent bit positions each having a quasi-entropy value of 0; detecting, at the computing device, at least one additional message of the specified message type transmitted via the network; and identifying, at the computing device, at least one anomaly in at least one of the at least one of the near-random/periodic bit field and the constant bit field of the at least one additional message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A system for identifying message payload bit fields in electronic communications, the system comprising:
-
a monitoring module, stored in memory, that monitors, at a computing device, messages transmitted via a network; a selecting module, stored in memory, that selects, at the computing device, a plurality of messages transmitted via the network, each of the plurality of messages comprising an identical message identifier corresponding to a specified message type having a payload; a determining module, stored in memory, that determines, at the computing device, for each bit position in the payload of the specified message type, a quasi-entropy value based on a proportion of occurrences of a first bit value and a proportion of occurrences of a second bit value at each corresponding bit position in the plurality of messages; an identifying module, stored in memory, that; identifies, at the computing device, at least one continuous bit field based on bit flip rate values in the payload; identifies, at the computing device, at least one of a near-random/periodic bit field and a constant bit field within the specified message type based on the determined quasi-entropy values, wherein identifying the near-random/periodic bit field comprises identifying a bit field comprising a plurality of adjacent bit positions each having a quasi-entropy value of 1 and wherein identifying the constant bit field comprise identifying a bit field comprising a plurality of adjacent bit positions each having a quasi-entropy value of 0; detects, at the computing device, at least one additional message of the specified message type transmitted via the network; and identifies, at the computing device, an anomaly in at least one of the at least one of the near-random/periodic bit field and the constant bit field of the at least one additional message; and at least one physical processor that executes the monitoring module, the selecting module, the determining module, and the identifying module. - View Dependent Claims (19)
-
-
20. A non-transitory computer-readable medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
-
monitor messages transmitted via a network; select a plurality of messages transmitted via the network, each of the plurality of messages comprising an identical message identifier corresponding to a specified message type having a payload; determine, for each bit position in the payload of the specified message type, a quasi-entropy value based on a proportion of occurrences of a first bit value and a proportion of occurrences of a second bit value at each corresponding bit position in the plurality of messages; identify at least one continuous bit field based on bit flip rate values in the payload; identify at least one of a near-random/periodic bit field and a constant bit field within the specified message type based on the determined quasi-entropy values, wherein identifying the near-random/periodic bit field comprises identifying a bit field comprising a plurality of adjacent bit positions each having a quasi-entropy value of 1 and wherein identifying the constant bit field comprise identifying a bit field comprising a plurality of adjacent bit positions each having a quasi-entropy value of 0; detect at least one additional message of the specified message type transmitted via the network; and identify an anomaly in at least one of the at least one of the near-random/periodic bit field and the constant bit field of the at least one additional message.
-
Specification