Systems and methods for efficient keyword spotting in communication traffic

US 9,053,211 B2
Filed: 06/03/2010
Issued: 06/09/2015
Est. Priority Date: 06/03/2009
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

identifying substrings from within keywords, wherein each keyword comprises a string;

caching a set of flags, each flag indicating whether a respective substring from the identified substrings occurs in one or more of the keywords, in an internal cache memory of a processor device;

identifying, using the processor device, locations in input data in which the substrings occur by comparing the input data with the cached flags; and

searching at the identified locations for occurrences of the keywords, so as to find at least one of the keywords in the input data wherein each flag indicates whether the respective substring occurs in at least one of multiple predefined offsets within the one or more keywords, wherein the input data comprises received communication network traffic,wherein the input data further comprises multiple data packets, wherein identifying the locations comprises identifying a subset of the data packets in which the substrings occur, and wherein searching at the identified locations comprises searching in the identified subset of the data packets; and

further wherein incoming Real Time Protocol (RTP) traffic, traffic that is identified as being encrypted, or traffic associated with any other suitable application or protocol is discarded.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems related to keyword searching processes. A list of keywords may be first represented by a set of short substrings. The substrings are selected such that an occurrence of a substring indicates a possible occurrence of one or more of the keywords. Input data may be initially pre-processed, so as to identify locations in the input data in which the substrings occur. Then, the identified locations are searched for occurrences of the actual keywords. The pre-processing scheme enables the keyword search process to search only in the identified locations of the substrings instead of over the entire input data.

150 Citations

14 Claims

1. A method, comprising:
- identifying substrings from within keywords, wherein each keyword comprises a string;
  
  caching a set of flags, each flag indicating whether a respective substring from the identified substrings occurs in one or more of the keywords, in an internal cache memory of a processor device;
  
  identifying, using the processor device, locations in input data in which the substrings occur by comparing the input data with the cached flags; and
  
  searching at the identified locations for occurrences of the keywords, so as to find at least one of the keywords in the input data wherein each flag indicates whether the respective substring occurs in at least one of multiple predefined offsets within the one or more keywords, wherein the input data comprises received communication network traffic,wherein the input data further comprises multiple data packets, wherein identifying the locations comprises identifying a subset of the data packets in which the substrings occur, and wherein searching at the identified locations comprises searching in the identified subset of the data packets; and
  
  further wherein incoming Real Time Protocol (RTP) traffic, traffic that is identified as being encrypted, or traffic associated with any other suitable application or protocol is discarded.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method according to claim 1, wherein caching the flags and identifying the locations comprise executing software code by the processor device.
  - 3. The method according to claim 1, wherein the processor device comprises hardware-implemented logic, and wherein caching the flags and identifying the locations are performed by the hardware-implemented logic.
  - 4. The method according to claim 1, wherein the substrings comprise n-bit prefixes of the keywords.
  - 5. The method according to claim 1, and comprising receiving communication traffic from a communication network and extracting the input data from the communication traffic.
  - 6. The method according to claim 1, and comprising storing at least a part of the input data that includes the identified locations in a memory, wherein searching for the occurrences comprises searching for the occurrences in at least the part of the input data stored in the memory.
  - 7. The method according to claim 1, and comprising, responsively to finding one or more of the keywords in the input data, performing at least one action selected from a group of actions consisting of:
    - issuing an alert;
      
      presenting a part of the input data in which the keywords were found; and
      
      blocking a communication flow in which the keywords were found.

8. Apparatus, comprising:
- an interface, which is configured to receive input data; and
  
  a hardware processor, which comprises an internal cache memory and is configured to identify substrings from within keywords, wherein each keyword comprises a string, to cache in the internal cache memory a set of flags, such that each flag indicates whether a respective substring occurs in one or more of the keywords, to identify locations in the input data in which the substrings occur by comparing the input data with the cached flags, and to search at the identified locations for occurrences of the keywords, so as to find at least one of the keywords in the input data wherein each flag indicates whether the respective substring occurs in at least one of multiple predefined offsets within the one or more keywords, wherein the input data comprises received communication network traffic,wherein the input data further comprises multiple data packets, wherein identifying the locations comprises identifying a subset of the data packets in which the substrings occur, and wherein searching at the identified locations comprises searching in the identified subset of the data packets, and further wherein incoming Real Time Protocol (RTP) traffic, traffic that is identified as being encrypted, or traffic associated with any other suitable application or protocol is discarded.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The apparatus according to claim 8, wherein the processor is configured to run software code that caches the flags and identifies the locations.
  - 10. The apparatus according to claim 8, wherein the processor comprises hardware-implemented logic, which is operative to cache the flags and identify the locations.
  - 11. The apparatus according to claim 8, wherein the substrings comprise n-bit prefixes of the keywords.
  - 12. The apparatus according to claim 8, wherein the interface is configured to receive communication traffic from a communication network and to extract the input data from the communication traffic.
  - 13. The apparatus according to claim 8, and comprising a memory, wherein the interface is configured to store at least a part of the input data that includes the identified locations in the memory, and wherein the processor is configured to search for the occurrences in at least the part of the input data stored in the memory.
  - 14. The apparatus according to claim 8, wherein the processor is configured to perform, responsively to finding one or more of the keywords in the input data, at least one action selected from a group of actions consisting of:
    - issuing an alert;
      
      presenting a part of the input data in which the keywords were found; and
      
      blocking a communication flow in which the keywords were found.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cognyte Technologies Israel Ltd. (Cognyte Software Ltd.)
Original Assignee
Verint Systems Limited (Verint Systems Incorporated)
Inventors
Goldfarb, Eithan, Altman, Yuval, Horovitz, Itsik, Yaari, Gur
Primary Examiner(s)
Rashid, Harunur

Application Number

US12/792,796
Publication Number

US 20100313267A1
Time in Patent Office

1,832 Days
Field of Search

726 22- 23
US Class Current

1/1
CPC Class Codes

G06F 16/90344   by using string matching te...

H04L 63/00   Network architectures or ne...

H04L 63/30   for supporting lawful inter...

H04L 63/306   intercepting packet switche...

Systems and methods for efficient keyword spotting in communication traffic

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

150 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for efficient keyword spotting in communication traffic

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

150 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links