Real-time content detection in ISP transmissions
First Claim
1. A method for operating network management apparatus to detect whether one or more items of preidentified content are present in a network traffic flow being transmitted over an Internet Service Provider (ISP) network, the network traffic flow including data traffic flows potentially carrying the preidentified content intermixed together with data traffic flows carrying other content that is to remain private, all the data in the network data traffic flows being in the form of packets having both a layer with content-free network traffic information and a layer with content information, comprising:
- providing the network management apparatus with access to the network traffic flow being transmitted over the ISP network;
providing the network management apparatus with one or more profile identification rules based solely on packet network layer traffic information to identify one or more data traffic flows that correlate with the preidentified content;
applying the one or more profile identification rules to the network traffic flow as it is being transmitted over the ISP network to select for further analysis those data traffic flows in the network traffic flow that have network layer information that satisfies one or more of the network layer profile identification rules;
storing in a database apparatus the one or more items of preidentified content whose presence in the network traffic flow being transmitted over the ISP network is to be detected;
after selecting a data traffic flow satisfying the one or more network layer profile identification rules, further analyzing the selected data traffic flow by comparing the content of the selected data flow with the preidentified content stored in the database apparatus to determine if it matches an item of preidentified content in the database apparatus; and
if the content of the selected data traffic flow is a match with an item of preidentified content in the database apparatus, taking an action in response,wherein providing the one or more profile identification rules to identify one or more data traffic flows that correlate with the preidentified content comprises adaptively creating the one or more profile identification rules by providing an initial set of network layer profile characteristics, processing data regarding the traffic flows within the ISP network by using the initial set of profile characteristics to determine an initial correlation with preidentified content, and adjusting the set of profile characteristics to improve their correlation with the preidentified content.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for detecting the transmission of preidentified content, such as copyrighted material, over an Internet Service Provider (ISP) network. A set of rules is provided to identify one or more traffic flow profiles of data streams transmitting preidentified content. Preferably the rules are adaptively created through analysis of actual ISP data in conjunction with data suggesting an initial set of profile characteristics. The rules are applied to data streams being transmitted in the ISP network, so that data streams fitting one or more of the profiles are identified. A database contains, e.g., as digital signatures or fingerprints, one or more items of content whose transmission is sought to be detected. Data streams identified as matching a profile are analyzed to determine if their content matches an item of content in the database, and if so, an action is taken which may include interrupting the transmission, suspending an ISP account, or reporting the transmission. An ISP with a system performing this method may offer services to content providers, and a plurality of ISPs may jointly use a single database of preidentified content to be compared to each ISP'"'"'s identified data streams.
14 Citations
22 Claims
-
1. A method for operating network management apparatus to detect whether one or more items of preidentified content are present in a network traffic flow being transmitted over an Internet Service Provider (ISP) network, the network traffic flow including data traffic flows potentially carrying the preidentified content intermixed together with data traffic flows carrying other content that is to remain private, all the data in the network data traffic flows being in the form of packets having both a layer with content-free network traffic information and a layer with content information, comprising:
-
providing the network management apparatus with access to the network traffic flow being transmitted over the ISP network; providing the network management apparatus with one or more profile identification rules based solely on packet network layer traffic information to identify one or more data traffic flows that correlate with the preidentified content; applying the one or more profile identification rules to the network traffic flow as it is being transmitted over the ISP network to select for further analysis those data traffic flows in the network traffic flow that have network layer information that satisfies one or more of the network layer profile identification rules; storing in a database apparatus the one or more items of preidentified content whose presence in the network traffic flow being transmitted over the ISP network is to be detected; after selecting a data traffic flow satisfying the one or more network layer profile identification rules, further analyzing the selected data traffic flow by comparing the content of the selected data flow with the preidentified content stored in the database apparatus to determine if it matches an item of preidentified content in the database apparatus; and if the content of the selected data traffic flow is a match with an item of preidentified content in the database apparatus, taking an action in response, wherein providing the one or more profile identification rules to identify one or more data traffic flows that correlate with the preidentified content comprises adaptively creating the one or more profile identification rules by providing an initial set of network layer profile characteristics, processing data regarding the traffic flows within the ISP network by using the initial set of profile characteristics to determine an initial correlation with preidentified content, and adjusting the set of profile characteristics to improve their correlation with the preidentified content. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A network management system for detecting whether one or more items of preidentified content are present in a network traffic flow being transmitted over an Internet Service Provider (ISP) network, the network traffic flow including data traffic flows potentially carrying the preidentified content intermixed together with data traffic flows carrying other content that is to remain private, all the data in the network data traffic flows being in the form of packets having both a layer with content-free network traffic information and a layer with content information, comprising:
-
means providing one or more network layer profile identification rules based solely on packet network layer traffic information to identify one or more data traffic flows that correlate with the preidentified content; means for applying the one or more network layer profile identification rules to the network traffic flow as it is being transmitted over the ISP network to select for further analysis those data traffic flows in the network traffic flow that have network layer information that satisfies one or more of the profile identification rules; a database apparatus for storing one or more items of preidentified content whose presence in the network traffic flow being transmitted over the ISP network is to be detected; means, after selecting a data traffic flow satisfying the one or more network layer profile identification rules, for further analyzing the selected data flow by comparing the content of the selected data flow with the preidentified content stored in the database apparatus to determine if it matches an item of preidentified content in the database apparatus; and means for taking an action in response if there is a positive match between the content of the selected data traffic flow and an item of preidentified content in the database apparatus, wherein the means providing one or more network layer profile identification rules to identify one or more data flows that correlate with the preidentified content comprises means for adaptively creating the one or more network layer profile identification rules by providing an initial set of network layer profile characteristics, processing data regarding the traffic flows within the ISP network by using the initial set of profile characteristics to determine an initial correlation with preidentified content, and adjusting the set of profile characteristics to improve their correlation with the preidentified content. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
Specification