Research Project: Intelligent Internet Surveillance

The World Wide Web provides corporate and individuals a brand new platform for ideas and resources exchange. No one can deny the benefits and convenience that come along. However, the Internet has also fostered a new set of online crimes like copyright infringement. To this end, Center for Information Security and Cryptography (CISC) has launched a series of Internet Surveillance research.

BitTorrent Monitoring System

In 2007, the Customs and Excise Department of HKSAR adopted the BitTorrent Monitoring System (BTM) developed by CISC. BTM is a software system, designed for monitoring illegal BT traffics. This software has been deployed to monitor the BT-related sub-forums in a number of public discussion forums, where actual BT users communicate and distribute torrent files. A rule-based alerting system, which supports keyword search, has been employed to locate the first uploaders in BT networks.

Monitoring the Foxy network

Recently, a number of documents containing personal data or sensitive information have been shared in an unbridled manner over the Foxy network (a popular P2P network in Chinese regions). These incidents have urged us to develop an investigation model for tracing suspicious P2P activities. Unfortunately, hindered by the distributed design and anonymous nature of these networks, P2P investigation can be practically difficult and complicated. In this research, we observe the behaviors of these networks and proposed some heuristic rules for identifying the first uploader of a shared file. The rules have been demonstrated to be applicable to some simulated cases. This work can provide a foundation for future development in P2P file-sharing networks investigation.


Overview of the simplified Foxy investigation model. (a) In normal situation, queries received by Foxy clients are having different patterns. (b) During the burst out, the same pattern queries are received and found to be originated from different leaf nodes. (c) The monitoring nodes use the same query and submitted back to the Foxy network. (d) The query arrives at the uploader, it returns the full name of the file, its IP address in the QH2 packet.

Internet Surveillance with Image Analysis Technologies

The BTM project has been proved to be a successful and practical tool for monitoring of illegitimate Internet information that is text-based in nature. However, the monitoring of multimedia information (such as, pornographic photos, specific human faces or logos) cannot be automatically detected and presented a technical challenge to law enforcement. As Internet contents to date are very varied, many of them are multimedia like pictures or videos, image analysis techniques can be very helpful for Internet surveillance as today's content on the Internet are multimedia in nature. For example, hundreds of thousands of images are uploaded to public forums everyday. It is impossible to monitor the contents of the Internet manually when most of the information is embedded with text as well as images and photos. Also, some people may try to propagate messages relating to taboo topics with text embedded in images. In this project, an Internet surveillance system supporting image analysis is to be developed. With such system, real-time detection of these illegitimate images can be performed around the clock.