Abstract: System traffic may be arranged into different categories (e.g., control data, user data, and pilot data). For each category, one or more OFDM symbols of the proper sizes may be selected for use based on the expected payload size for the traffic in that category. For example, control data may be transmitted using OFDM symbols of a first size, user data may be transmitted using OFDM symbols of the first size and a second size, and pilot data may be transmitted using OFDM symbols of a third size or the first size. In one exemplary design, a small OFDM symbol is utilized for pilot and for transport channels used to send control data, and a large OFDM symbol and the small OFDM symbol are utilized for transport channels used to send user data.

Abstract: A media object authentication system uses layers of security features based on digital watermarks embedded in media objects. The system generates a first digital watermark with a message payload carrying data about the object, such as a hash of text data printed on the object. The first digital watermark is combined with a content signature derived from features of the media object, such as frequency domain attributes, edge attributes, or other filtered version of the media signal (e.g., image photo on a secure document) on the media object. This combination forms a new digital watermark signal that is embedded in the host media object. To verify the object, the digital watermark payload is extracted and compared with the data about the object. The combined digital watermark and content signature is also evaluated to authenticate the media signal on the media object.

Abstract: The present invention relates to a method and apparatus based on Bloom filters for detecting predefined signatures (a string of bytes) in a network packet payload. A Bloom filter is a data structure for representing a set of strings in order to support membership queries. Hardware Bloom filters isolate all packets that potentially contain predefined signatures. Another independent process eliminates false positives produced by the Bloom filters. The system is implemented on a FPGA platform, resulting in a set of 10,000 strings being scanned in the network data at the line speed of 2.4 Gbps.

Abstract: According to one aspect, a method of switching a first gateway from a voice mode to a facsimile mode comprises: configuring the first gateway to the voice mode for communication with a second gateway over a packet network, receiving a plurality of data packets from the second gateway over the packet network, analyzing one or more of the plurality of data packets, such as UDP packets, and configuring the first gateway to the facsimile mode if the analyzing determines that the one or more of the plurality of data packets carry facsimile data packets. The analyzing may include calculating a length of the UDP payload in accordance with UDPTL packet structure, and deciding the UDP payload includes a UDPTL packet if the calculated length is equal to UDP payload length, as indicated in the UDP header.

Abstract: This paper shows three approaches for detecting steganograms with low change density. MP3Stego is a steganographic algorithm with a very low embedding rate. The attack presented here is a statistical analysis of block sizes. It is able to detect 0.001 % of steganographic payload in MP3 files. The second approach is the use of hash functions to combine sample categories for the chi-square attack. One of these hash functions enables us to detect about 0.2 bits per pixel in true colour images. Another algorithm (Hide) was presented at the last workshop and constructed to be secure against visual and statistical chi-square attacks. The detection method for Hide combines the three colour components of each pixel to recognise an increased number of neighbour colours.

Abstract: A method and a network for a universal transfer mode (UTM) of transferring data packets at a regulated bit rate are disclosed. The method defines a protocol that uses an adaptive packet header to simplify packet routing and increase transfer speed. The protocol supports a plurality of data formats, such as PCM voice data, IP packets, ATM cells, frame relay and the like. The network preferably includes a plurality of modules that provide interfaces to various data sources. The modules are interconnected by an optic core with adequate inter-module links with preferably no more than two hops being required between any origination/destination pair of modules. The adaptive packet header is used for both signaling and payload transfer. The header is parsed using an algorithm to determine its function. Rate regulation is accomplished using each module control element and egress port controllers to regulate packet transfer. The protocol enables the modules to behave as a single distributed switch capable of multi-terabit transfer rates. The advantage is a high speed distributed switch capable of serving as a transfer backbone for substantially any telecommunications service.

Abstract: An initiator agent and target agent exchange measurement and response messages to determine the performance of a network supporting communication between the initiator agent and the target agent. The initiator agent creates and transmits measurement packets in a measurement packet group to the target agent. The measurement packet include one or more performance metrics created by the initiator agent such as timestamp information and sequencing information. The target agent receives the measurement packets, perform calculations of network performance metrics in generates corresponding response packets that are forwarded back to the initiator agent. The initiator agent receives the response packets and uses parameter information contained therein to calculate network link performance metrics such as one-way and round-trip packet latency of measurement and response packets as well as packet loss performance metrics for one-way and round-trip packet propagation between the initiator and target agents. Payload data within the measurement and response packets simulates application data traffic.

Abstract: The Motion Picture Experts Group (MPEG) Committee (ISO/IEC JTC1/SC29 WG11) is a working group in ISO that produced the MPEG-4 standard. MPEG defines tools to compress content such as audio-visual information into elementary streams. This specification defines a simple, but generic RTP payload format for transport of any non- multiplexed MPEG-4 elementary stream.

Abstract: GMPLS-based labeled optical burst switching (LOBS) networks are being considered as the next-generation optical Internet. GMPLS includes wavelength switching next to label and fiber (space) switching. We present a new concept of optically labeling bursts of packets suitable for LOBS networks supported by GMPLS. It is based on angle modulation, which enables control information to modulate the phase or frequency of the optical carrier, while payload data are transmitted via intensity modulation (IM). In particular, the optical label is orthogonally modulated, with respect to the payload, using either frequency shift keying or differential phase shift keying. We present a performance analysis of the modulation schemes by means of simulations where the influence of the payload IM extinction ratio and laser linewidth are investigated. In addition, the transmission performance of an IM/FSK combined modulated signal is experimentally validated at 10 Gb/s, demonstrating at the same time an FSK label swapping operation. Finally, a suitable optical label-controlled switch design is proposed that takes advantage of these novel labeling techniques, and efficiently combines widely tunable, fast switching lasers and SOA-MZI wavelength converters with an arrayed waveguide grating router.

Abstract: A method and apparatus is disclosed herein for a rule processor for conducting contextual searches, the processor comprising a plurality of input payload search registers, search execution engine coupled to the plurality of search registers to perform one or more contextual searches on content in the search registers by via parallel pattern matching in response to executing rules specifying the one or more searches, and presenting one or more patterns to the content in the search registers.

Abstract: A cell multiplexing apparatus including call monitors and multiplexers. The call monitors monitor a plurality of channels for their call setting status and select at least two channels for which the same cell may be assembled, i.e., for which the destination of the calls is the same. The multiplexers receive audio information or information already assembled in asynchronous transfer mode (ATM) cells from the channels selected by the call monitors, and disassemble and multiplex the received information for assembly into the payload of a new ATM cell.

Abstract: Methods and apparatus are provided for communicating an audio stream. A perceptual mask is estimated for an audio stream, based on the perceptual threshold of the human auditory system. A hidden sub-channel is dynamically allocated substantially below the estimated perceptual mask based on the characteristics of the audio stream, in which additional payload is transmitted. The additional payload can be related to components of the audio stream that would not otherwise be transmitted in a narrowband signal, or to concurrent services that can be accessed while the audio stream is being transmitted. A suitable receiver can recover the additional payload, whereas the audio stream will be virtually unaffected from a human auditory standpoint when received by a traditional receiver. A coding scheme is also provided in which a portion of a codec is used to code an upper-band portion of an audio stream, while the narrowband portion is left uncoded.

Abstract: Techniques for transferring a serialized image of data for an XML construct includes selecting a first format from multiple different XML serialization formats that represent, in a database system, data for XML constructs as a series of data units, such as a series of bytes representing characters, or a series of bits, bytes or octets representing binary values. A message is generated that includes a payload and a payload type field. The payload includes particular serialized data that represents particular data for a particular XML construct in the first format. The type field includes data that indicates the first format. The message is sent from a sending component of the database system to a different receiving component of the database system. These techniques allow the format selection to be based on characteristics of the sending or receiving components to make better use of the resources available to the two components.

Abstract: Packet routing via payload inspection at routers in a core of a distributed network for use in distributing content according to quality of service guarantees. Packets contain subjects and attributes in addition to routing information. The subjects correspond with particular types of content for subscriptions, and the attributes encapsulate the data or content. The subscriptions are associated with particular quality of service guarantees or levels of service. The routers store filters corresponding with subscriptions to content. Upon receiving a packet, a router inspects the payload section of the packet containing the attributes in order to retrieve the attributes and match them to the filters for the subscriptions. If the attributes satisfies a filter, the packet is routed to the next link in accordance with the quality of service guarantee associated with that filter. If the attributes do not satisfy any of the filters injected to and stored at the router, the router discards the packet. These routing decisions are distributed among routers in the network core.

Abstract: An RFID system includes transponders transmitting or receiving packetized data in standard form in lieu of custom format for applications executable in a mobile device or network. Tag data may be packetized in any of several standard formats. Each format includes a layer to identify packet format. In one embodiment, a tag contains a standard UDP header with a checksum and payload data. The application opens a socket to listen to UDP connections. The device transmits a RF signal activating tags which transmit UDP packets to a RFID reader in the device. The packets are passed to an IP stack which strips away the UDP header and validity of the checksum verified. If verified, the device transmits the payload to an application running in the device or a network, otherwise, the IP stack notifies the tag the transmission failed and requests re-transmissions which are repeated until a successful transmission occurs.

Abstract: In a distributed network having a number of server computers and associated client devices, method of creating an anti-computer virus agent is described As a method, the inoculation is carried out by parsing a selected computer virus into a detection module that identifies a selected one of the client devices as a target client device, an infection module that causes the virus to infect those target client devices not infected by the selected virus, and a viral code payload module that infects the targeted client device modifying the infection module to infect those computers already infected by the selected virus; and incorporating inoculation viral code in the payload module that acts to prevent further infection by the selected virus

Abstract: A packet compression system of this invention includes: a reception unit for receiving at least one uncompressed packet, the uncompressed packet including a header and a payload of a second OSI layer, the payload of the second OSI layer including a header and a payload of a third OSI layer, the payload of the third OSI layer including a header and a payload of a fourth OSI layer, the payload of the fourth OSI layer including a codec signal; a compression unit for generating a compressed packet in which at least one the codec signal is inserted into the payload of the second layer without interposition of the third OSI layer and the fourth OSI layer by deleting the header of the third OSI layer and the header of the fourth OSI layer from the uncompressed packet; and a transmission unit for transmitting the compressed packet.

Abstract: Due to quantization error, bit-replacement, or truncation, most data embedding techniques proposed so far lead to distortions in the original image. These distortions create problems in some areas such as medical, astronomical, and military imagery. Lossless watermarking is an exact restoration approach for recovering the original image from the watermarked image. In this paper we present a novel reversible watermarking technique with higher embedding capacity considering the Human Visual System (HVS). During embedding we detect the textured blocks, extract LSBs of the pixel-values from these textured blocks considering the HVS and concatenate the authentication information with the compressed bit-string. We then replace the LSBs of the textured blocks considering the HVS with this bit-string. Since we consider the HVS while extracting LSBs and embedding the payload, the distortions in the resulting watermarked image are completely reversible and imperceptible. We present experimental results to demonstrate the utility of our proposed algorithm.

Abstract: To explore mission-critical information, an adversary using active traffic analysis attacks injects probing traffic into the victim network and analyzes the status of underlying payload traffic. Active traffic analysis attacks are easy to deploy and hence become a serious threat to mission critical applications. This paper suggests statistical pattern recognition as a fundamental technology to evaluate effectiveness of active traffic analysis attacks and corresponding countermeasures. Our evaluation shows that sample entropy of ping packets' round trip time is an effective feature statistic to discover the payload traffic rate. We propose simple countermeasures that can significantly reduce the effectiveness of ping-based active traffic analysis attacks. Our experiments validate the effectiveness of this scheme, which can also be used in other scenarios.

Abstract: A method of data communication. The method includes transmitting a control message identifying missing data as lost by the transmitter prior to the expiration of a timer. The missing data may include at least one data packet such that the control message identifies the at least one missing data packet. The control message may include a field and/or an acknowledge sequence number for identifying the missing data packet. The control message also may include a packet data unit having a dummy payload and/or a zero payload. The control message communicates to the receiver that the transmitter has aborted the transmission and/or retransmission of the one or more missing data packets. The control message may be communicated to the receiver over the same data channel used for transmitting the data packets, or alternatively, a wholly different channel than the data channel.

Abstract: A novel orthogonal optical labelling scheme based on an RZ-DPSK payload and an intensity modulated label is proposed. Label insertion, erasure and transmission over a 50 km singlemode fibre link of a 40 Gbit/s RZ-DPSK payload together with an optical 2.5 Gbit/s IM label are experimentally demonstrated for the first time.

Abstract: ICMP traffic is ubiquitous to almost TCP/IP based network. As such, many network devices consider ICMP traffic to be benign and will allow it to pass through, unmolested. So, attackers can generate arbitrary information tunneling in the payload of ICMP packets. To detect a ICMP covert channel, we used SVM which has excellent performance in pattern classification problems. Our experiments showed that the proposed method could detect the ICMP covert channel from normal ICMP traffic using SVM.

Abstract: We report on a new approach to all-optical subcarrier labeling based on sideband generation through carrier-suppression of the payload. The experimental transmission over 50-km standard fiber of a 10-Gb/s payload data multiplexed with a synchronized 1.25-Gb/s subcarrier label is carried out with less than 1-dB receiver power penalty, clearly demonstrating the feasibility of this sideband optical labeling scheme. The requirements to the modulation index and dc bias along with the limitation of the input extinction ratio are discussed.

Abstract: A method for compressing information is provided that includes receiving a plurality of bits associated with a communications flow and tracking a state of a channel associated with the communications flow. A payload may be determined for a portion of the communications flow based on the state of the channel. The payload may then be communicated to a next destination.

Abstract: In a synchronous multiplex network including a plurality of multiplex transmission apparatuses, an overhead is passed through intervening multiplex transmission apparatuses such that administration and maintenance operation information is transmitted and received through the overhead between arbitrary multiplex transmission apparatuses. The multiplex transmission apparatus receives a multiplexed signal comprising a payload having a plurality of main signals multiplexed therein and overhead bytes including a plurality of administration and maintenance operation information, performs termination processing for the administration and maintenance operation information and transmission processing for the payload, thereafter converts the multiplexed signal into a different multiplexed signal comprising a payload which has been processed for transmission and a plurality of administration and maintenance operation information, and transmits the different multiplexed signal.

Abstract: A method for transporting packets through an electronic internetwork is provided. The electronic network includes a plurality of nodes, and the transportation unit a frame. A frame is transported from a source node to one or more destination nodes. A frame comprises a payload. The payload of the frame includes one or more headers and one or more packets associated with each header. A source address is an address corresponding to the address of the source node of a packet, and a destination address is an address corresponding to the address of the destination node of a packet. A current node is a node processing a particular frame in the electronic internetwork. Each of the headers includes a destination address field that indicates the destination address of the associated packets. Headers provide mechanism for simplified routing and extracting packets.

Abstract: 0-7803-7651-X/03/$17.00 © 2003 IEEE IEEEAC paper #1027, Updated November, 2002 Abstract --This paper presents the results of embedding a covert audio message in a cover audio signal for battlefield communication using steganography. Representing the covert message in a compressed or coded form, typically in the standard Global System for Mobile communication halfrate code (GSM 06.20), tones are added to the cover utterance in accordance with the coded bits. Based on the psychoacoustical masking property of the human auditory system, the added tones are set at very low power levels relative to the cover audio frames. The low power levels ensure that the tones are inaudible in the message-embedded stego signal. Besides imperceptibility in hearing, the spectrogram of the stego signal also conceals the existence of embedded information. Both of these features render the detection of embedding in the stego signal difficult to accomplish. Oblivious detection of the stego signal, instead of escrow detection, yields the embedded information accurately. By incorporating spread-spectrum techniques, the hidden message can be made further secure from unauthorized detection and modification. While the payload capacity of the proposed technique is low, the embedded information may be robust for retaining data under attack.

Abstract: Offline crane maneuvers, resulting in zero residual payload swing, have been explored previously using parameterized sets of basis functions. Assumptions usually included an ideal servo response and symmetric inputs. Nonsymmetric maneuvers, in general, do not have closed-form basis function solutions. Actuator dynamics further complicate maneuver generation by introducing nonlinearities such as saturation. One way to circumvent saturation is to constrain crane operation below the saturation levels of the actuators. This limits the set of available maneuvers and can lead to slower, more costly crane operation. This work explores the effects of a common servo nonlinearity, velocity saturation, on the swing-free maneuver generation process. A method is presented for maneuver generation that exploits speed saturation while still yielding near swing-free payload motion. An optimization code is used to generate basis function parameters where the cost function includes the speed saturation effects via a simulation of the payload dynamics. Experimental results using a 1/16th scale crane are presented to illustrate the method.

Abstract: Aspects of the method and system for converting a DSS transport stream to a DVB transport stream include encapsulating at least a prefix portion and a payload portion of a DSS transport packet into at least a header portion and a payload portion of a DVB transport packet. At least a portion of the prefix portion and the payload portion of the DSS transport packet may be mapped into at least a portion of the header portion and the payload portion of the DVB transport packet. At least a portion of the payload of the DSS transport packet may be aligned with at least a portion of the payload portion of the DVB transport packet.