System and method for passive decoding of social network activity using replica database

US 10,298,622 B2
Filed: 07/29/2013
Issued: 05/21/2019
Est. Priority Date: 07/29/2012
Status: Active Grant

First Claim

Patent Images

1. A method for detecting suspicious social network activities of a target user, the method comprising:

providing a social network decoding system that is communicatively coupled to a network that conveys network traffic between a plurality of users and servers of a social network;

monitoring, using a passive network probe of the social network decoding system, the network traffic between the plurality of users and the social network;

filtering the monitored network traffic to retain only network traffic related to the target user;

extracting one or more information objects corresponding to interactions between the target user and other users on the social network from the filtered network traffic;

adding the one or more information objects to a replica database;

repeating the monitoring, extracting, and adding for other sessions over a period of weeks to update the replica database with additional information objects corresponding to interactions between the target user and other users on the social network;

correlating information objects in the replica database;

constructing a data model based on the correlations, wherein the data model indicates relationships between the target user and other users of the social network;

detecting, after the construction of the data model, a change in the relationship between the target user and one of the related other users of the social network, wherein the detecting comprises determining a strength of the relationship between the target users and the one of the related other users of the social network, the strength based on interactions between the target user and the one of the related other users of the social network, and wherein the change in the relationship comprises a deletion of the one of the related other users of the social network as a contact of the target user; and

transmitting an alert to an analyst monitoring the activities of the target user without the target user'"'"'s knowledge and without the social network'"'"'s knowledge, wherein the alert is based on the detected change in the relationship and comprises an indication of suspicious activities of the target user.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for obtaining reconstructing activities of target users in social networks, such as for decoding and displaying social network sessions held by a target user, or identifying other users who are associated with the target user. This analysis is typically carried out based on passive monitoring of network traffic. A social network decoding system constructs and maintains a replica database, which mimics a portion of the user profile database maintained by the social network servers. The social network decoding system monitors network traffic between users and social network servers. Based on the monitored traffic, the system gradually constructs a replica database that attempts to replicate a portion of the social network user profile database, relating to one or more predefined target users. Using the replica database, the system is able to correlate loosely-coupled information objects, events and interactions between the target users and social network pages.

49 Citations

View as Search Results

5 Claims

1. A method for detecting suspicious social network activities of a target user, the method comprising:
- providing a social network decoding system that is communicatively coupled to a network that conveys network traffic between a plurality of users and servers of a social network;
  
  monitoring, using a passive network probe of the social network decoding system, the network traffic between the plurality of users and the social network;
  
  filtering the monitored network traffic to retain only network traffic related to the target user;
  
  extracting one or more information objects corresponding to interactions between the target user and other users on the social network from the filtered network traffic;
  
  adding the one or more information objects to a replica database;
  
  repeating the monitoring, extracting, and adding for other sessions over a period of weeks to update the replica database with additional information objects corresponding to interactions between the target user and other users on the social network;
  
  correlating information objects in the replica database;
  
  constructing a data model based on the correlations, wherein the data model indicates relationships between the target user and other users of the social network;
  
  detecting, after the construction of the data model, a change in the relationship between the target user and one of the related other users of the social network, wherein the detecting comprises determining a strength of the relationship between the target users and the one of the related other users of the social network, the strength based on interactions between the target user and the one of the related other users of the social network, and wherein the change in the relationship comprises a deletion of the one of the related other users of the social network as a contact of the target user; and
  
  transmitting an alert to an analyst monitoring the activities of the target user without the target user'"'"'s knowledge and without the social network'"'"'s knowledge, wherein the alert is based on the detected change in the relationship and comprises an indication of suspicious activities of the target user.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method according to claim 1, wherein the correlating comprises correlating a page of the social network with a response made to an element of the page.
  - 3. The method according to claim 1, wherein the correlating comprises correlating first and second information objects posted at different times on a page of the social network.
  - 4. The method according to claim 1, wherein the network traffic is encrypted and wherein monitoring the network traffic comprises passively receiving the network traffic without actively accessing the social network and decrypting the network traffic.
  - 5. The method according to claim 1, further comprising:
    - marking an information object of the target user for monitoring so that an alert is transmitted to the analyst when one of the related other users of the social network interacts with the information object on the social network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cognyte Technologies Israel Ltd. (Cognyte Software Ltd.)
Original Assignee
Verint Systems Limited (Verint Systems Incorporated)
Inventors
Kaushansky, Amir
Primary Examiner(s)
Hussain, Tauqir
Assistant Examiner(s)
Grijalva Lobos, Boris D

Application Number

US13/953,117
Publication Number

US 20140095700A1
Time in Patent Office

2,122 Days
Field of Search
US Class Current
CPC Class Codes

H04L 43/08   Monitoring or testing based...

H04L 63/30   for supporting lawful inter...

H04L 63/302   gathering intelligence info...

H04L 63/304   intercepting circuit switch...

H04L 63/306   intercepting packet switche...

H04L 63/308   retaining data, e.g. retain...

H04L 67/1095   Replication or mirroring of...

H04L 67/306   User profiles

H04L 67/535   Tracking the activity of th...

System and method for passive decoding of social network activity using replica database

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

49 Citations

5 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for passive decoding of social network activity using replica database

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

49 Citations

5 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links