Fraunhofer IPK

Institut für Produktionsanlagen und Konstruktionstechnik

Digital Transformation - Englische Ausgabe 2017
PDF

Traffiic

Protects Company Networks against Misuse

Violence, extremism and child abuse: There are hardly any crimes, which are not recorded in the form of images or videos. Frequently, these data appear on the Internet and in the social media. How can companies avoid the misuse of their networks for such purposes and avoid helping the perpetrators? Fraunhofer IPK and SEC Technologies developed the Traffiic software, which recognizes such content and enables companies to prevent such misuse of their infrastructure in time.

(© Fotolia/kovaleff)

Until now, it has been difficult to put an end to the distribution of images and videos for criminal, propaganda or illegal commercial purposes via the Internet and social media platforms. This is a dilemma, especially for companies running their own networks, because network operators are held partially liable unless they can prove that reasonable preventive measures had been in place at the time of the breach. Aside from this liability, companies also suffer considerable damage to their image. What is more, before a company can implement effective defenses, the company managers must be aware of the security breach.

Traffiic »Traffiic analysis for incriminating image content« is the name of the joint software development of Fraunhofer IPK and its partner company SEC Technologies. The objective was to create a software for the recognition of the above-described content with the intent to thwart such misuse. The collaborators developed a modular system for the integration into a company network as passive component. This prevents lagging network traffic and the hardware requirements are a minimum. At the core of the software is a data extraction module. In the event the module flags network misuse, the network operator receives a message immediately and is able to stop the network invasion.

Intelligent and Adaptive Analysis

For the analysis of image data, Fraunhofer IPK developed an innovative system for the recognition of child abuse scenes. The software designers used a series of different and specifically learned classifiers so that the recognition rates are high at low error rates. For example, the first classifier leads to the recognition of erotic images. This »positive« find then activates another classifier, which is designed to recognize the abuse of a child. To develop these features, the software engineers collaborated tightly with Dr. Franz Fotr, an Austrian court-certified IT expert specialized in forensic work.  By comparison with image hashing procedures, which store a unique fingerprint for every file for the purpose of remembering an image, using the mentioned approach allows the recognition and classification of unknown images.

Aside from image data, the software also processes file names. Robust searches for pertinent keywords allow the recognition of deliberately misspelled words such as »g1rl«, which are often used to circumvent software based on simple keyword recognition. The Traffiic software is also able to recognize image groups. For this feature, the software correlates image information, file names and eXIF information.

The correct evaluation of distinctive content

For this project, SEC Technologies developed solutions for the detection of data security-relevant events in IT networks. The data extraction module enables the software to identify image and video data in network transmissions. These data are then extracted and stored for analysis. The implementation emphasized modular design criteria. In this modular system, intercommunication takes place via SQL databases. This design allows the quick addition of new modules. Other advantages are the ability to distribute data via several computers and independence from operating systems. 

Along with the extraction of pure image and video data, review of the image source is crucial. Using prior data analyses, the module for the assessment of network sources evaluates the reputation of a target system by way of analyzing and correlating various network-oriented data sources such as Who-is-Database and IP Reputation Services. The determined reputation of a data source, together with the analysis of the image improves the quality of the overall data analysis.

Diagram of the content analysis (top); operating mode of the software while monitoring the company networks (bottom)

Your contact

Dr.-Ing. Bertram Nickolay

Phone: +49 30 39006-201

bertram.nickolay(at)ipk.fraunhofer.de

Hier finden Sie alle Ausgaben der FUTUR aus den Jahrgängen 2011 bis heute. Klicken Sie links auf »Frühere Ausgaben« und wählen Sie das gewünschte Heft.