AI/ML technique identifies pirate streams with high confidence

Sponsor ad - 728w x 90h (at 72 dpi)

By Steve Hawley, Piracy Monitor

Certain approaches toward piracy detection have gained mind-share.  One is to track the usage of credentials shared with friends and family by legitimate consumers; to detect possible theft of service when sharing falls outside of the terms of use.  Another is content modification, to detect content that’s circulating or streaming outside of its licensed channels of distribution, coupled with monitoring to detect stolen content that’s identifiable via embedded watermarks or by matching extracted fingerprints. 

Sponsor ad

But how can one identify pirate video streams without knowledge of the originating source, the intended destination; or without examining the content itself? For one answer, we can look to what’s going on in the network.  An initiative aimed at identifying artificial intelligence and machine learning (AI/ML) best practices for the cable industry is underway at SCTE, the Society of Cable Telecommunications Engineers.

I was invited to attend a late-June conference call of the SCTE’s Artificial Intelligence and Machine Learning Working Group, whose presenter that day was Matt Tooley, NCTA’s VP of Broadband Technology; on the topic of using AI and ML to detect pirate streaming.

An alternative to deep packet inspection

One of the better known techniques for traffic analysis is deep packet inspection (DPI). While DPI can be used to identify infringing content by evaluating streaming payloads, Mr Tooley noted that operators haven’t deployed DPI network-wide or at scale; for a multitude of reasons. 

As an alternative to DPI, he has been working on ways to use IP metadata to discern characteristics of IP streams without looking at the payload.  

Under that approach, machine learning can be trained to identify packet flows that look like piracy without looking at IP addresses or the packet payload.  If flows look suspicious, they can be flagged for further evaluation.  Which begs the question: what does a “packet flow that looks like piracy” look like?  As it turns out, IP flow durations, the number of packets in an IP flow, packet lengths, and inter-packet times are all indicators if they fit certain patterns.

Advantages to this approach include the fact that because it is not looking at payload, it can help identify pirate video even if it is encrypted.  It can identify pirated video that is inside an encrypted VPN tunnel as well as when the flow is encrypted using a protocol like HTTPS. 

A promising work in progress

This AI/ML approach has been implemented experimentally, but isn’t a product that a video provider can buy. It’s currently being evaluated for inclusion in a set of best practices that the SCTE is developing. 

Ongoing refinements have reduced false-positive “detections” of piracy from about half, down to about 0.2 percent, and have increased its accuracy to about 97%.  Efforts are also underway to make it more efficient computationally, and to enable it to work at scale.

Certainly, it’s an initiative to monitor, which is something we all must do when it comes to piracy.  Further details can be learned from Detecting Video Piracy with Machine Learning (2019), a paper published by SCTE, which Mr Tooley co-wrote.

[ Note: A version of this article was also published in Fierce Video ]

Print Friendly, PDF & Email
From our Sponsors