[특허]System and method for identifying communication session participants based on traffic patterns

System and method for identifying communication session participants based on traffic patterns 원문보기

IPC분류정보
국가/구분	United States(US) Patent 등록
국제특허분류(IPC7판)	H04L-029/08 H04L-012/851 H04L-012/859
출원번호	US-0084408 (2016-03-29)
등록번호	US-10142426 (2018-11-27)
우선권정보	IL-238001 (2015-03-29)
발명자 / 주소	Zlatokrilov, Haim
출원인 / 주소	VERINT SYSTEMS LTD.
대리인 / 주소	Meunier Carlin & Curfman
인용정보	피인용 횟수 : 0 인용 특허 : 31

초록 ▼

A monitoring system monitors traffic flows that are exchanged over a communication network. The system characterizes the flows in terms of their temporal traffic features, and uses this characterization to identify communication devices that participate in the same communication session. By identifying the communication devices that serve as endpoints in the same session, the system establishes correlations between the users of these communication devices. The monitoring system characterizes the flows using traffic features such as flow start time, flow end time, inter-burst time and burst size, and/or statistical properties of such features. The system typically generates compressed-form representations (“signatures”) for the traffic flows based on the temporal traffic features, and finds matching flows by finding similarities between signatures.

대표청구항 ▼

1. A method for identifying communication devices that serve as endpoints in the same communication session and for establishing correlations between the users of the communication devices, the method comprising: monitoring a plurality of traffic flows exchanged over a communication network;determining respective temporal traffic features for the monitored traffic flows;identifying communication devices that participate in a same communication session, by finding a match among respective temporal traffic features of the traffic flows exchanged by the communication devices;wherein determining the temporal traffic features comprises generating a respective compressed-form signature for each of the traffic flows, and wherein finding the match comprises comparing among signatures of at least some of the traffic flows exchanged by the communication devices; andwherein finding the match comprises matching the temporal traffic features between an inbound traffic flow of a first communication device and an outbound traffic flow of a second communication device. 2. The method according to claim 1, wherein the temporal traffic features depend on at least one feature type selected from a group of types consisting of start time, end time, inter-burst time, burst size and overall data volume. 3. The method according to claim 1, wherein identifying the communication devices comprises detecting the match even though the communication devices communicate via at least one intermediary server. 4. The method according to claim 3, wherein the intermediary server performs transcoding among the traffic flows of the communication devices. 5. The method according to claim 1, wherein identifying the communication devices comprises selecting a subset of the traffic flows that are associated with a given application type, and searching for the match only among the traffic flows in the subset. 6. The method according to claim 1, and comprising reaffirming the match by matching the temporal traffic features between an outbound traffic flow of the first communication device and an inbound traffic flow of the second communication device. 7. The method according to claim 1, wherein finding the match comprises matching activity periods in a first traffic flow with silence periods in a second traffic flow. 8. The method according to claim 1, wherein identifying the communication devices comprises finding multiple matches among the communication devices over multiple communication sessions. 9. The method according to claim 1, wherein determining the temporal traffic features and finding the match are performed independently of content of the traffic flows. 10. The method according to claim 1, wherein at least some of the traffic flows are encrypted. 11. Apparatus for identifying communication devices that serve as endpoints in the same communication session and for establishing correlations between the users of the communication devices, the apparatus comprising: an interface, which is configured to monitor a plurality of traffic flows exchanged over a communication network;a processor, which is configured to determine respective temporal traffic features for the monitored traffic flows, and to identify communication devices that participate in a same communication session, by finding a match among the temporal traffic features of the traffic flows exchanged by the communication devices;wherein the processor is configured to generate a respective compressed-form signature for each of the traffic flows, and to find the match by comparing among signatures of at least some of the traffic flows exchanged by the communication devices; andwherein the processor is configured to find the match by matching the temporal traffic features between an inbound traffic flow of a first communication device and an outbound traffic flow of a second communication device. 12. The apparatus according to claim 11, wherein the processor is configured to find the match even though the communication devices communicate via at least one intermediary server. 13. The apparatus according to claim 12, wherein the intermediary server performs transcoding among the traffic flows of the communication devices. 14. The apparatus according to claim 11, wherein the processor is configured to select a subset of the traffic flows that are associated with a given application type, and to search for the match only among the traffic flows in the subset. device and an outbound traffic flow of a second communication device. 15. The apparatus according to claim 11, wherein the processor is configured to reaffirm the match by matching the temporal traffic features between an outbound traffic flow of the first communication device and an inbound traffic flow of the second communication device. 16. The apparatus according to claim 11, wherein the processor is configured to find multiple matches among the communication devices over multiple communication sessions.

이 특허에 인용된 특허 (31)

Kalinichenko, Michael, Application of nested behavioral rules for anti-malware processing.
상세보기
Hicks, Matthew J.; Bieda, Teresa M., Automated workflow generation.
상세보기
Cowan, Joe; Esposito, Robert Edward; Dawson, Travis Edward; Ranjan, Supranamaya, Botnet beacon detection.
상세보기
Njemanze, Hugh S.; Kothari, Pravin S.; Dash, Debabrata; Wang, Shijie, Correlation engine with support for time-based rules.
상세보기
Rubin, Gregory A., Detection of and responses to network attacks.
상세보기
Jordan, Christopher J., Device, system and method for defending a computer network.
상세보기
Swanson Daniel R. (Dallas TX) Moen Jerry M. (Plano TX) Tate Bradley M. (Carrollton TX), Event surveillance system.
상세보기
McFadden, Brian D., Flexible rule-based communication system and method for controlling the flow of and access to information between computer users.
상세보기
Liang,Yung Chang, Innoculation of computing devices against a selected computer virus.
상세보기
Ranjan, Supranamaya, Machine learning based botnet detection using real-time extracted traffic features.
상세보기
Ranjan, Supranamaya; Chen, Feilong, Machine learning based botnet detection with dynamic adaptation.
상세보기
Moisand, Jerome Pascal; Onishi, Steven; Kokot, Mathias; DeRuijter, Denis Henk, Managing a network flow using application classification information and active signaling relay.
상세보기
Barger, Richard, Method and apparatus for disrupting the command and control infrastructure of hostile programs.
상세보기
Zolotov, Moshe, Method and system for creating real time integrated Call Details Record (CDR) databases in management systems of telecommunication networks.
상세보기
Amit,Noah; Amit,Yoni; Eadan,Zvi, Method of surveilling internet communication.
상세보기
Blair, Christopher Douglas; Keenan, Roger Louis, Signal monitoring apparatus analyzing voice communication content.
상세보기
Christopher Douglas Blair GB; Roger Louis Keenan GB, Signal monitoring apparatus for analyzing communications.
상세보기
Blair,Christopher Douglas, System and method for analysing communication streams.
상세보기
Blair, Christopher Douglas, System and method for analysing communications streams.
상세보기
Zaitsev, Oleg V., System and method for establishing rules for filtering insignificant events for analysis of software program.
상세보기
Crosbie,Mark; Shepley,Rosemarie; Kuperman,Benjamin; Frayman,Leonard L., System and method for host and network based intrusion detection and response.
상세보기
Rockwood, Troy Dean, System and method for interactive correlation rule design in a network security system.
상세보기
Rozman, Allen F.; Cioffi, Alfonso J., System and method for protecting a computer system from malicious software.
상세보기
Rozman, Allen F.; Cioffi, Alfonso J., System and method for protecting a computer system from malicious software.
상세보기
Rozman, Allen F.; Cioffi, Alfonso J., System and method for protecting a computer system from malicious software.
상세보기
Rozman, Allen F.; Cioffi, Alfonso J., System and method for protecting a computer system from malicious software.
상세보기
Klinker,Eric; Johnson,Jeremy; Sequiera,Allwyn, System and method to assure network service levels with intelligent routing.
상세보기
Honig,Andrew; Howard,Andrew; Eskin,Eleazar; Stolfo,Salvatore J., System and methods for adaptive model generation for detecting intrusions in computer systems.
상세보기
Dewey, David Bryan; Freeman, Robert G.; Griswold, Paul Elliott, System, method and program product for detecting computer attacks.
상세보기
Nachenberg, Carey S., Using temporal attributes to detect malware.
상세보기
Blair,Christopher Douglas; Keenan,Roger Louis, Voice interaction analysis module.
상세보기

내보내기 메뉴

내보내기 구분

파일저장
인쇄
메일전송

구성항목

기본정보
상세정보

관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표IPC

저장형식

Text(ASCII format)
Excel format
PIAS분석(.xls)

메일정보

받는사람 (필수): @
보내는사람 (선택): @
제목
내용: KISTI 검색결과 이메일 서비스

안내

총 건의 자료가 검색되었습니다.

다운받으실 자료의 인덱스를 입력하세요. (1-10,000)

검색결과의 순서대로 최대 10,000건 까지 다운로드가 가능합니다.

데이타가 많을 경우 속도가 느려질 수 있습니다.(최대 2~3분 소요)

다운로드 파일은 UTF-8 형태로 저장됩니다.
파일의 내용이 제대로 보이지 않을실 때는 웹브라우저 상단의 보기 -> 인코딩 -> 자동선택 여부를 확인하십시오.

Text(ASCII format)
Excel format

AI-Helper ※ AI-Helper는 을 사용합니다.

AI-Helper

안녕하세요, AI-Helper입니다. 좌측 "선택된 텍스트"에서 텍스트를 선택하여 요약, 번역, 용어설명을 실행하세요.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.

IPC	Description
A	생활필수품
A62	인명구조; 소방(사다리 E06C)
A62B	인명구조용의 기구, 장치 또는 방법(특히 의료용에 사용되는 밸브 A61M 39/00; 특히 물에서 쓰이는 인명구조 장치 또는 방법 B63C 9/00; 잠수장비 B63C 11/00; 특히 항공기에 쓰는 것, 예. 낙하산, 투출좌석 B64D; 특히 광산에서 쓰이는 구조장치 E21F 11/00)
A62B-1/08	.. 윈치 또는 풀리에 제동기구가 있는 것

연합인증

System and method for identifying communication session participants based on traffic patterns 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

이 특허에 인용된 특허 (31)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트

내보내기 구분	파일저장 인쇄 메일전송
구성항목	기본정보 상세정보 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표IPC 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 공고번호, 공고일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표출원인, 출원인국적, 출원인주소, 발명자, 발명자E, 발명자코드, 발명자주소, 발명자 우편번호, 발명자국적, 대표IPC, IPC코드, 요약, 미국특허분류, 대리인주소, 대리인코드, 대리인(한글), 대리인(영문), 국제공개일자, 국제공개번호, 국제출원일자, 국제출원번호, 우선권, 우선권주장일, 우선권국가, 우선권출원번호, 원출원일자, 원출원번호, 지정국, Citing Patents, Cited Patents
저장형식	Text(ASCII format) Excel format PIAS분석(.xls)
메일정보	받는사람 (필수) @ 보내는사람 (선택) @ 제목 내용 KISTI 검색결과 이메일 서비스
안내	총 건의 자료가 검색되었습니다. 다운받으실 자료의 인덱스를 입력하세요. (1-10,000) 검색결과의 순서대로 최대 10,000건 까지 다운로드가 가능합니다. 데이타가 많을 경우 속도가 느려질 수 있습니다.(최대 2~3분 소요) 다운로드 파일은 UTF-8 형태로 저장됩니다. 파일의 내용이 제대로 보이지 않을실 때는 웹브라우저 상단의 보기 -> 인코딩 -> 자동선택 여부를 확인하십시오. ~ Text(ASCII format) Excel format

연합인증

System and method for identifying communication session participants based on traffic patterns 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

전체(0) 논문(0) 특허(0) 보고서(0)

전체(0) 논문(0) 특허(0) 보고서(0)

이 특허에 인용된 특허 (31)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트