-
Notifications
You must be signed in to change notification settings - Fork 0
System, method and program product for detecting Wi Fi networked camera feed monitor status
Figure (1)
Figure (2)
Figure (3)
Figure (4)
Figure (5)
Figure (6)
This project relates generally to detecting if WiFi networked camera’s feed is being monitored. More specifically, it’s an alarm system, method and program for detecting the status of the camera feed monitoring.
There currently exist methods for detecting system intrusions on a network. However, intrusion detection systems focus on detecting network attacks and network vulnerability exploitation. They do not offer the capability of monitoring camera systems status on a network. If intrusion was not detected on the network, a malicious attacker can monitor the camera feeds on a network either externally or internally. Methods and systems are therefore needed the permit the monitoring of the view of status of networked cameras at all times.
In its broadest interpretation, this disclosure describes methods and systems for detecting camera feed intrusions on a switched network by intercepting the camera traffic using a computing machine residing on the switched network. A program running on the computing machine hosts a detection module and interfacing module with the system user. A detection method that runs on the hosting program looks at intercepted traffic and determines whether the networked camera is being viewed or not based on traffic bandwidth and network frames pattern. Based on the detection results, the detection method alarms the system user when camera feed is being intercepted.
Figure 1 describes a classical network setup where there is an internet facing device, a switched network and multiple network devices connected to the switched network. A Wi-Fi network is created by a Wi-Fi enabled device. The camera monitoring system resides in the switched network and is connected to the switching device via an Ethernet port and is assigned an IP address automatically by DHCP. The user is required to configure Wi-Fi on the monitoring Wi-Fi interface on the camera monitoring system.
Figure 2 describes the system user interaction with the monitoring system, methods and programs. The users are able to configure Wi-Fi on the monitoring system, view available devices, and select a device to monitor.
Figure 3 describes the process of user setting up Wi-Fi on monitoring system by interacting with the interfacing module. The interfacing module stores the configuration in a file and returns the status of the file to the user.
Figure 4 describes the process of the user viewing available networked camera devices to monitor. The Detection module scans the network for available devices and runs an OS finger print on the devices and returns the list to the users.
Figure 5 describes the process of user requesting device ‘X’ to be monitored. System user sends the request for the device to be added. The interfacing module delivers the request to the detection module. The detection module adds the device to the configuration files and returns access information and connection status to the user.
Figure 6 describes the method for detecting monitor status of the monitored network camera. The detection module reads the configuration files and intercept network frames on the configured Wi-Fi interface. The frames are then filtered to include only frames emitting from the monitored devices. Another filter runs on the frames to pick only frames with data fields that are filled with camera frames. Cameras send the picture frames data field length 255 bytes. After filtering the frames, if the frames count is bigger than zero, then the camera is sending frames of pictures over the network, and a device is receiving those frames either internally or externally to the network. An alarm is sent if a viewer is detected.
In Figure 1, a classical Wi-Fi network setup is required on a local area network. There are multiple network devices connected to a switched network which is routed to the internet via a routing device. The switching device enables a Wi-Fi network to be on the same subnet as the wired network. A camera monitoring system, method and program is connected to the Ethernet ports of the Wi-Fi switching device for configuration purposes. In Figure 2, once the system for monitoring is connected to the Ethernet port. A web listener starts and listens to http requests from the user. Those requests are to configure Wi-Fi on the monitoring system, view available devices to monitor and to select a device to monitor. The monitoring computing machine runs a web server and listens to these requests and stores the data in a configuration file on the computing machine. In Figure 3, a computing machine used by the system user runs a web browser to interact with the interfacing module. A user sends an HTTP post to configure Wi-Fi on the monitoring system by sending the Wi-Fi Service Set Identifier and pre-shared key. The interfacing module adds to the configuration file the Wi-Fi required data to connect and establishes a connection using the Wi-Fi interface on the computing machine running the monitoring system. The interfacing module then returns access information and connection status to the user using an HTTP reply.
In Figure 4, a computing machine used by the system user runs a web browser to interact with the interfacing module. A user sends an HTTP post to list out devices on the network that can be monitored. The interfacing module requests a mapping from the detection module. The detection module maps the network and the operating systems running on the devices and returns a list of devices to the interfacing module. The interfacing module then returns the list to the user’s browser using an HTTP reply.
In Figure 5, a computing machine used by the system user runs a web browser to interact with the interfacing module. A user sends an HTTP post to add a given device to monitored. The interfacing module adds the device to the configuration files. The interfacing module then returns to the user’s access information and connection status using an HTTP reply.
In Figure 6, the detection module continuously runs. On every run, the detection method runs. It starts by cleaning up old captured dumps, and reads the configuration files. The detection method then starts intercepting frames on Wi-Fi configured interface. The packets are then filtered to remove devices that are not targeted to be monitored. Frames with data length less than 255 bytes are dropped. If the number of filtered frames is larger than zero, a user is detected and an alarm is sent to the users, otherwise the detection method runs again.