System and method for passive decoding of social network activity using replica database
First Claim
1. A method for detecting suspicious social network activities of a target user, the method comprising:
- providing a social network decoding system that is communicatively coupled to a network that conveys network traffic between a plurality of users and servers of a social network;
monitoring, using a passive network probe of the social network decoding system, the network traffic between the plurality of users and the social network;
filtering the monitored network traffic to retain only network traffic related to the target user;
extracting one or more information objects corresponding to interactions between the target user and other users on the social network from the filtered network traffic;
adding the one or more information objects to a replica database;
repeating the monitoring, extracting, and adding for other sessions over a period of weeks to update the replica database with additional information objects corresponding to interactions between the target user and other users on the social network;
correlating information objects in the replica database;
constructing a data model based on the correlations, wherein the data model indicates relationships between the target user and other users of the social network;
detecting, after the construction of the data model, a change in the relationship between the target user and one of the related other users of the social network, wherein the detecting comprises determining a strength of the relationship between the target users and the one of the related other users of the social network, the strength based on interactions between the target user and the one of the related other users of the social network, and wherein the change in the relationship comprises a deletion of the one of the related other users of the social network as a contact of the target user; and
transmitting an alert to an analyst monitoring the activities of the target user without the target user'"'"'s knowledge and without the social network'"'"'s knowledge, wherein the alert is based on the detected change in the relationship and comprises an indication of suspicious activities of the target user.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for obtaining reconstructing activities of target users in social networks, such as for decoding and displaying social network sessions held by a target user, or identifying other users who are associated with the target user. This analysis is typically carried out based on passive monitoring of network traffic. A social network decoding system constructs and maintains a replica database, which mimics a portion of the user profile database maintained by the social network servers. The social network decoding system monitors network traffic between users and social network servers. Based on the monitored traffic, the system gradually constructs a replica database that attempts to replicate a portion of the social network user profile database, relating to one or more predefined target users. Using the replica database, the system is able to correlate loosely-coupled information objects, events and interactions between the target users and social network pages.
49 Citations
5 Claims
-
1. A method for detecting suspicious social network activities of a target user, the method comprising:
-
providing a social network decoding system that is communicatively coupled to a network that conveys network traffic between a plurality of users and servers of a social network; monitoring, using a passive network probe of the social network decoding system, the network traffic between the plurality of users and the social network; filtering the monitored network traffic to retain only network traffic related to the target user; extracting one or more information objects corresponding to interactions between the target user and other users on the social network from the filtered network traffic; adding the one or more information objects to a replica database; repeating the monitoring, extracting, and adding for other sessions over a period of weeks to update the replica database with additional information objects corresponding to interactions between the target user and other users on the social network; correlating information objects in the replica database; constructing a data model based on the correlations, wherein the data model indicates relationships between the target user and other users of the social network; detecting, after the construction of the data model, a change in the relationship between the target user and one of the related other users of the social network, wherein the detecting comprises determining a strength of the relationship between the target users and the one of the related other users of the social network, the strength based on interactions between the target user and the one of the related other users of the social network, and wherein the change in the relationship comprises a deletion of the one of the related other users of the social network as a contact of the target user; and transmitting an alert to an analyst monitoring the activities of the target user without the target user'"'"'s knowledge and without the social network'"'"'s knowledge, wherein the alert is based on the detected change in the relationship and comprises an indication of suspicious activities of the target user. - View Dependent Claims (2, 3, 4, 5)
-
Specification