System and method for interception of IP traffic based on image processing
First Claim
1. A method comprising:
- monitoring, by an interface operatively coupled to a processor of a first computing system, using a Man in The Middle (MITM) protocol, remote communication sessions conducted in a communication network, wherein each monitored communication session comprises an exchange of communication traffic exchanged between communication terminals of the communication network;
extracting, by the processor of the first computing system, a digital image and a first and second communication identifiers from a monitored communication session, wherein the first communication identifier identifies at least one of the communication terminals of the monitored communication session, wherein the second identifier is an application-layer communication identifier comprising an e-mail address or chat nickname used in the monitored communication session;
detecting, by the processor of the first computing system, whether a known target individual appears in the extracted image, wherein the detecting comprises comparing, by the processor, the extracted image to images previously identified as being of the known target individual; and
upon the detection identifying that the known target individual appears in the extracted image;
establishing, by the processor of the first computing system, a correlation between the known target individual and the extracted communication identifiers, andreporting to a second computing system, by the processor of the first computing, the established correlation, wherein the second computing system is separate from the first computing system, and wherein the second computing system is configured to utilize the reported established correlation to track subsequent communication sessions that include the first or second communication identifiers, wherein the correlation between the known target individual and the communication identifiers is not known to the second computing system prior to the first computing system reporting the correlation to the second computing system.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for monitoring communication traffic in communication networks, such as Internet Protocol (IP) traffic transferred over the Internet or over a wireless network. The disclosed techniques identify communication traffic that is associated with target individuals, by extracting digital images from the traffic and recognizing target individuals who appear in the images. A correlation system monitors communication sessions that are conducted in a communication network to identify known target individuals who appear in images. Upon recognizing a target individual in an image extracted from a certain session, the system correlates this target user with one or more of the communication identifiers used in the session. The system automatically identifies IP addresses or other identifiers that are used by target individuals, and enable subsequent tracking of such identifiers.
-
Citations
18 Claims
-
1. A method comprising:
-
monitoring, by an interface operatively coupled to a processor of a first computing system, using a Man in The Middle (MITM) protocol, remote communication sessions conducted in a communication network, wherein each monitored communication session comprises an exchange of communication traffic exchanged between communication terminals of the communication network; extracting, by the processor of the first computing system, a digital image and a first and second communication identifiers from a monitored communication session, wherein the first communication identifier identifies at least one of the communication terminals of the monitored communication session, wherein the second identifier is an application-layer communication identifier comprising an e-mail address or chat nickname used in the monitored communication session; detecting, by the processor of the first computing system, whether a known target individual appears in the extracted image, wherein the detecting comprises comparing, by the processor, the extracted image to images previously identified as being of the known target individual; and upon the detection identifying that the known target individual appears in the extracted image; establishing, by the processor of the first computing system, a correlation between the known target individual and the extracted communication identifiers, and reporting to a second computing system, by the processor of the first computing, the established correlation, wherein the second computing system is separate from the first computing system, and wherein the second computing system is configured to utilize the reported established correlation to track subsequent communication sessions that include the first or second communication identifiers, wherein the correlation between the known target individual and the communication identifiers is not known to the second computing system prior to the first computing system reporting the correlation to the second computing system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus comprising:
-
an interface, which is connected to a communication network and is configured to monitor remote communication sessions conducted in the network using a Man in The Middle (MITM) protocol, wherein each monitored communication session comprises an exchange of communication traffic exchanged between communication terminals of the communication network; and a processor operatively coupled to the interface, which is configured to; extract from a monitored communication session, a digital image and a first and second communication identifier, wherein the first communication identifier identifies at least one of the communication terminals of the monitored communication session, wherein the second identifier is an application-layer communication identifier comprising an e-mail address or chat nickname used in the monitored communication session; detect whether a known target individual appears in the extracted image, wherein the detection comprises comparing the extracted image to images previously identified as being of the known target individual; and upon detecting that the known target individual appears in the extracted image, establish a correlation between the known target individual and the extracted communication identifiers, and report the established correlation to a computing system that is separate from the apparatus, wherein the computing system is configured to utilize the communication identifier of the reported established correlation to track subsequent communication sessions that include the first or second communication identifiers, wherein the correlation between the known target individual and the communication identifiers is not known to the computing system prior to the apparatus reporting the correlation to the computing system. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A computer software product, the product comprising a tangible non-transitory computer-readable medium, in which program instructions are stored, which instructions, when read by a first computing system, cause the first computing system to:
-
monitor, using a Man in the Middle (MITM) protocol, remote communication sessions conducted in a communication network, wherein each monitored communication session comprises an exchange of communication traffic exchanged between communication terminals of the communication network; extract from a monitored communication session, a digital image and a first and second communication identifier, wherein the first communication identifier identifies at least one of the communications terminals of the monitored communication session, wherein the second identifier is an application-layer communication identifier comprising an e-mail address or chat nickname used in the monitored communication session; detect whether a known target individual appears in the extracted image, wherein the detecting comprises comparing the extracted image to images previously identifies as being of the known target individual; and upon the detection identifying that the known target individual appears in the extracted image, establish a correlation between the known target individual and the extracted communication identifiers, and report the established correlation to a second computing system that is separate from the first computing system, wherein the second computing system is configured to utilizes the reported established correlation to track communication subsequent sessions that include the first or second communication identifiers, wherein the correlation between the known target individual and the communication identifiers is not known to the second computing system prior to the first computing system reporting the correlation to the second computing system.
-
Specification