The present invention relates generally to a payload inspection system uses scanning techniques to identify computer software code or hidden data embedded in data communication streams without the use of a prior knowledge of the characteristics or signature of the code and without disclosure of the messages or meaning of the data communications stream.
As computer systems became a fixture in homes, office, governmental organizations, and myriad other enterprises, computer networks are increasingly exposed to malicious software distributed over digital networks. Malicious software, commonly known as malware, is software intended to damage or disrupt computers, data networks, and hardware using computer processors that can access the digital data network. Damages include erasure or theft of data, while disruptions can include theft of computer processor time, memory and network resources, propagation of malware, and installation of undesired software. Types of malware include computer worms, viruses, Trojan horses, adware, rootkits among others.
Use of ‘firewalls’ and signature-based malware scanning both at edge (where a distinct, “protected” local network can be segmented from the broader public network) and at the computerized device (e.g. workstations, PCs, mobile phones, computer processor-equipped devices) allows some defense against malware that has previously been identified. Currently there are no reliable means to detect and immediately neutralize cyber threats previously undetected or identified. Known as ‘zero-day’ exploits because they operate without incurring reaction or remediation for indeterminate, often extended periods of time. As a result, zero-day threats bring the potential of significant risks and damage, and allow the attacks the time to continually change the nature and form of the exploit.
One method of gaining ingress into a firewall-protected network is by use of steganographically hidden coding. Steganography, which originally referred to the science of concealing messages within images, now includes messages hidden in image, audio and other data files sent in digital data communications. Besides executable software, steganography technique may also be used to conceal stolen data in transport.