1. Field of the Invention
The field of the invention relates to telecommunications, an in particular, to providing traffic security utilizing a dynamic vector based approach to traffic segmentation and assembly.
2. Description of the Prior Art
Session communications are often times transmitted in the form of packets having a network address, a session identifier, and a payload. Communications are frequently created in one protocol but require transport within a different protocol. In such a case, session communications in the form of packets are segmented into smaller packets, packaged sequentially into a packet data unit of another protocol, transmitted, and reassembled at the receiving end. Sometimes, individual packets are simply wrapped within another protocol and transmitted. The network address of an original packet is typically used to address the new packet data units. The ordered sequence with which the new packet data units are filled with the smaller packets creates easily identifiable data patterns that allow hackers to recreate the original packets, and thus snoop on session communications.
Often times, packets from multiple users are multiplexed onto a single VC. In these circumstances, the smaller packets of each original packet are not transmitted sequentially, but are rather interspersed with other smaller packets from other original packets. While this increases the difficulty of recreating sessions, with a reasonable amount of effort the original transmissions can be recreated by sorting the packet data units based on the network addresses that are readily identifiable within the packet data units.
Other times, packets from a single user are multiplexed over multiple VCs. In such a case, all the smaller packets of an original packet are assembled into data units assigned to the same VC. In addition, while the original packet stream may not be transmitted sequentially, all the smaller packets of each individual packet are still transmitted sequentially. Thus, the various VCs can still be illicitly monitored and the original transmissions recreated by sorting the packet data units by network address patterns and payload patterns identified within the packet data units.