The Digital Single Market Strategy for Europe defines as one of its objectives the fight against illegal content online. In general, this notion of digital piracy is defined as „the act of reproducing, using, or distributing information products, in digital formats and/or using digital technologies, without the authorization of their legal owners.“1 It is recognized that the most relevant subjects intermediating access to content online or the „key gatekeepers of the internet“2 are online platforms. As the Commission states, „theprinciple, enshrined in the e-Commerce Directive, that Internet intermediary service providers should not be liable for the content that they transmit, store or host, as long as they act in a strictly passive manner has underpinned the development of the Internet in Europei“5 At the same time, if illegal content is identified, the relevant subjects are required to act to remove or disable access to such content. However, the process of removal or of disabling access to illegal content online is not without its flaws – it can be slow, ineffective, lacking transparency and a uniform approach within the European Union.

One of the types of illegal content often made available on the internet without the authorization of the relevant right-holders is content that infringes intellectual property rights, such as copyright. Despite of some efforts on the national level, no uniform approach on how to prevent the upload of protected subject-matter or the process of its subsequent removal or disabling of access to it after its provision online has been established. The absence of a uniform approach as well as the increased relevance of this issue in recent years (as presented by the Commission that included fight against illegal content online in the II. Pillar of its Digital Single Market Strategy for Europe) are reasons why the authors of this paper decided to examine this issue more closely.

To formalize the scope of our work, two research questions are stated:

a) How proactive measures can be implemented by online platforms?

b) What changes brings the new Article 17 of the proposed Directive on copyright in the Digital Single Market?

This paper is organised into five sections. Section 1 provides a brief definition of the term ‚online platforms‘. Section 2 examines the existing liability regime of online platforms, specifically focusing on the interpretation of one of the liability exemptions – hosting. The following Section 5 outlines the activities of the Commission in this area in recent years. Section 4 discusses the adoption of proactive voluntary measures by online platforms. The last Section analyses Article 17 of the Copyright proposal and the relevant changes it proposes.

All the mentioned data is flowing continuously to the central security unit. In this type of big data application, it is not necessary to process entire data at once. Most of big data applications are just streaming current data to processing units [1]. This type of processing is called Stream Processing. It allows applications to efficiently exploit a limited form of parallel processing, without explicitly managing allocation, synchronisation or communication among these units [2].

This paper aims to design and implement a real-time classification of a threat. Threat profiling consists of extracting behaviour characteristics of detected threats and clustering them into distinct groups called profiles and subsequently classifying any incoming threats into the predefined profiles. To achieve this aim, we build on the research of attacker profiling in [3]. Mentioned research is comparing several methods for creating clusters of a threat. They found that partitioning around medoids (PAM) clustering method will act with good results. Also, they reasonably discuss the number of searching clusters and seven clusters acted with cleaner results – internal measures and stability measure in combination witch external facts indicated seven as an appropriate number of clusters. The problem identifies in the research is that the potential attack is revealed with a considerable time delay. A status alert that includes two-week data is not as relevant as an alert about current activity. We extend the profile of attackers used in this way in order to classify attackers in real-time using a streaming approach. The principle of current processing is data stream processing and verification of fulfilment of conditions of set computational models. This type of processing performs the data calculations within a short time after receiving the data. Usually, it takes from milliseconds to minutes. Profiles adapting to the new incoming threats in real-time is an active research area proposed in the reviewed literature. Based on the above, we state the following research sub-goals:

• design a model for real-time profiling, and
• design and implement a system for real-time profiling.

This paper is organised into five sections. Section II focuses on the review of the published papers on profiling and related topics. Section III outlines the dataset. Section IV focuses on the design and implementation of a system for real-time profiling. In Section V, we outline the model of real-time profiling, including aggregation, classification, model actualisation and results. The last section contains conclusions and suggestions for the future research.