Pub Date : 2009-06-08DOI: 10.1109/ISI.2009.5137284
S. Chawathe
Forensic analysis of the large filesystems commonly found on current computers requires an effective method for categorizing and prioritizing files in order to avoid overwhelming the investigator. A key technique for this purpose is whitelisting files, i.e., skipping the detailed analysis of files that match files in a well known reference collection of files. Effective use of this technique requires an efficient method to match files, detecting not only exact matches, but also near matches or approximate matches. This paper outlines the requirements for such matching, formalizes them as the bounded best match and approximate bounded near-match problems, and describes methods to solve these problems. In particular, the approximate bounded near-match problem is mapped to the problem of finding near neighbors in a high-dimensional metric space and solved using locality-sensitive hashing.
{"title":"Effective whitelisting for filesystem forensics","authors":"S. Chawathe","doi":"10.1109/ISI.2009.5137284","DOIUrl":"https://doi.org/10.1109/ISI.2009.5137284","url":null,"abstract":"Forensic analysis of the large filesystems commonly found on current computers requires an effective method for categorizing and prioritizing files in order to avoid overwhelming the investigator. A key technique for this purpose is whitelisting files, i.e., skipping the detailed analysis of files that match files in a well known reference collection of files. Effective use of this technique requires an efficient method to match files, detecting not only exact matches, but also near matches or approximate matches. This paper outlines the requirements for such matching, formalizes them as the bounded best match and approximate bounded near-match problems, and describes methods to solve these problems. In particular, the approximate bounded near-match problem is mapped to the problem of finding near neighbors in a high-dimensional metric space and solved using locality-sensitive hashing.","PeriodicalId":210911,"journal":{"name":"2009 IEEE International Conference on Intelligence and Security Informatics","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116683124","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-08DOI: 10.1109/ISI.2009.5137287
Roopa Vishwanathan, Y. Huang
An important privacy issue in Location Based Services (LBS) is to hide a user's identity and location while still providing quality location based services. A user's identity can be easily hidden through anonymous web browsing services. However, a user's location can reveal a user's identity. For example, a user at home may want to ask queries such as “Find the nearest hospital around me” through a GPS enabled mobile phone but he may not be willing to dislose his own location. A common way to achieve location privacy is through cloaking, e.g. the client sends a cloaked region to the server and filters the results to find the exact answer. Recently, Private Information Retrieval has been adopted to answer private location-based queries. However, we argue that ensuring the server does not reveal more data than what is queried is important at the same time. In this paper, we propose an efficient two-level solution based on two cryptographic protocols: PIR and Oblivious Transfer. Our solution is a general-purpose one and can use either a two-level PIR [2] or it can use a combination of PIR and Oblivious Transfer [11]. Our approach provides privacy for the user/client, does not use a trusted party or anonymizer, is provably privacy-preserving, and when compared to previous approaches ensures that the server reveals as minimum data as is required, and the data that is released by the server is as fine-grained or precise as possible.
{"title":"A two-level protocol to answer private location-based queries","authors":"Roopa Vishwanathan, Y. Huang","doi":"10.1109/ISI.2009.5137287","DOIUrl":"https://doi.org/10.1109/ISI.2009.5137287","url":null,"abstract":"An important privacy issue in Location Based Services (LBS) is to hide a user's identity and location while still providing quality location based services. A user's identity can be easily hidden through anonymous web browsing services. However, a user's location can reveal a user's identity. For example, a user at home may want to ask queries such as “Find the nearest hospital around me” through a GPS enabled mobile phone but he may not be willing to dislose his own location. A common way to achieve location privacy is through cloaking, e.g. the client sends a cloaked region to the server and filters the results to find the exact answer. Recently, Private Information Retrieval has been adopted to answer private location-based queries. However, we argue that ensuring the server does not reveal more data than what is queried is important at the same time. In this paper, we propose an efficient two-level solution based on two cryptographic protocols: PIR and Oblivious Transfer. Our solution is a general-purpose one and can use either a two-level PIR [2] or it can use a combination of PIR and Oblivious Transfer [11]. Our approach provides privacy for the user/client, does not use a trusted party or anonymizer, is provably privacy-preserving, and when compared to previous approaches ensures that the server reveals as minimum data as is required, and the data that is released by the server is as fine-grained or precise as possible.","PeriodicalId":210911,"journal":{"name":"2009 IEEE International Conference on Intelligence and Security Informatics","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123146962","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-08DOI: 10.1109/ISI.2009.5137296
S. Ahmed, Ruchi Bhindwale, H. Davulcu
With the humongous amount of news stories published daily and the range of ways (RSS feeds, blogs etc) to disseminate them, even an expert at tracking new developing stories can feel the information overload. At most times, when a user is reading a news story, she would like to know “what happened before this?“ or “how things progressed after this incident?”. In this paper, we present a novel real-time yet simple method to detect and track new events related to violence and terrorism in news streams through their life over a time line. We do this by first extracting signature of the event, at microscopic level rather than topic or macroscopic level, and then tracking and linking this event with mentions of same event signature in other incoming news articles. There by forming a thread that links all the news articles that describe this specific event, with no training data used or machine learning algorithms employed. We also present our experimental evaluations conducted with Document Understand Conference (DUC) datasets that validate our observations and methodology.
{"title":"Tracking terrorism news threads by extracting event signatures","authors":"S. Ahmed, Ruchi Bhindwale, H. Davulcu","doi":"10.1109/ISI.2009.5137296","DOIUrl":"https://doi.org/10.1109/ISI.2009.5137296","url":null,"abstract":"With the humongous amount of news stories published daily and the range of ways (RSS feeds, blogs etc) to disseminate them, even an expert at tracking new developing stories can feel the information overload. At most times, when a user is reading a news story, she would like to know “what happened before this?“ or “how things progressed after this incident?”. In this paper, we present a novel real-time yet simple method to detect and track new events related to violence and terrorism in news streams through their life over a time line. We do this by first extracting signature of the event, at microscopic level rather than topic or macroscopic level, and then tracking and linking this event with mentions of same event signature in other incoming news articles. There by forming a thread that links all the news articles that describe this specific event, with no training data used or machine learning algorithms employed. We also present our experimental evaluations conducted with Document Understand Conference (DUC) datasets that validate our observations and methodology.","PeriodicalId":210911,"journal":{"name":"2009 IEEE International Conference on Intelligence and Security Informatics","volume":"167 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126231950","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-08DOI: 10.1109/ISI.2009.5137315
Jonathan White, B. Panda
In the past several years, extensive research has been performed in various honeypot technologies, including honeynets, honeywalls, and honeytokens, primarily to gather information about external threats. Little to no research has been performed on how honeytokens, pieces of digital information designed to attract and trace illicit uses of data, can be implemented to catch one of the most dangerous threats, the trusted insider. The goal of this work is to detect, identify, and confirm insider threats, specifically threats that are after personally identifiable information (PII) data.
{"title":"Implementing PII honeytokens to mitigate against the threat of malicous insiders","authors":"Jonathan White, B. Panda","doi":"10.1109/ISI.2009.5137315","DOIUrl":"https://doi.org/10.1109/ISI.2009.5137315","url":null,"abstract":"In the past several years, extensive research has been performed in various honeypot technologies, including honeynets, honeywalls, and honeytokens, primarily to gather information about external threats. Little to no research has been performed on how honeytokens, pieces of digital information designed to attract and trace illicit uses of data, can be implemented to catch one of the most dangerous threats, the trusted insider. The goal of this work is to detect, identify, and confirm insider threats, specifically threats that are after personally identifiable information (PII) data.","PeriodicalId":210911,"journal":{"name":"2009 IEEE International Conference on Intelligence and Security Informatics","volume":"18 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125215176","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-08DOI: 10.1109/ISI.2009.5137263
Stephen Kelley, M. Goldberg, M. Magdon-Ismail, Konstantin Mertsalov
This work experimentally examines different notions of stability of the behavior of individuals and groups in a network of blogs. Our experiments are conducted on data collected from LiveJournal. All stability notions aim to locate stable behavior within an individual's area, which is defined in a variety of manners. Our experiments confirm an earlier observation of the highly dynamic nature of the network. Roughly 70% of the communication of a typical week was not observed in the previous week. Depending on the definition of stability and area used, we find small, but highly stable, sets of individuals with stable behavior in the network.
{"title":"Stability of individual and group behavior in a blog network","authors":"Stephen Kelley, M. Goldberg, M. Magdon-Ismail, Konstantin Mertsalov","doi":"10.1109/ISI.2009.5137263","DOIUrl":"https://doi.org/10.1109/ISI.2009.5137263","url":null,"abstract":"This work experimentally examines different notions of stability of the behavior of individuals and groups in a network of blogs. Our experiments are conducted on data collected from LiveJournal. All stability notions aim to locate stable behavior within an individual's area, which is defined in a variety of manners. Our experiments confirm an earlier observation of the highly dynamic nature of the network. Roughly 70% of the communication of a typical week was not observed in the previous week. Depending on the definition of stability and area used, we find small, but highly stable, sets of individuals with stable behavior in the network.","PeriodicalId":210911,"journal":{"name":"2009 IEEE International Conference on Intelligence and Security Informatics","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130184133","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-08DOI: 10.1109/ISI.2009.5137293
Hsinchun Chen
Improvised explosive device web pages represent a significant source of knowledge for security organizations. In this paper, we present significant improvements to our approach to the discovery and classification of IED related web pages in the Dark Web. We present a statistical feature ranking approach to the expansion of the keyword lexicon used to discover IED related web pages, which identified new relevant terms for inclusion. Additionally, we present an improved web page feature representation designed to better capture the structural and stylistic cues revealing of genres of communication, and a series of experiments comparing the classification performance of the new representation with our existing approach.
{"title":"IEDs in the dark web: Lexicon expansion and genre classification","authors":"Hsinchun Chen","doi":"10.1109/ISI.2009.5137293","DOIUrl":"https://doi.org/10.1109/ISI.2009.5137293","url":null,"abstract":"Improvised explosive device web pages represent a significant source of knowledge for security organizations. In this paper, we present significant improvements to our approach to the discovery and classification of IED related web pages in the Dark Web. We present a statistical feature ranking approach to the expansion of the keyword lexicon used to discover IED related web pages, which identified new relevant terms for inclusion. Additionally, we present an improved web page feature representation designed to better capture the structural and stylistic cues revealing of genres of communication, and a series of experiments comparing the classification performance of the new representation with our existing approach.","PeriodicalId":210911,"journal":{"name":"2009 IEEE International Conference on Intelligence and Security Informatics","volume":"2014 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127538119","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-08DOI: 10.1109/ISI.2009.5137266
Peter Phillips, Ickjai Lee
Crime activities are geospatial phenomena and as such are geospatially, thematically and temporally correlated. Thus, crime datasets must be interpreted and analyzed in conjunction with various factors that can contribute to the formulation of crime. Discovering these correlations allows a deeper insight into the complex nature of criminal behavior. We introduce a graph based dataset representation that allows us to mine a set of datasets for correlation. We demonstrate our approach with real crime datasets and provide a comparison with other techniques.
{"title":"Mining top-k and bottom-k correlative crime patterns through graph representations","authors":"Peter Phillips, Ickjai Lee","doi":"10.1109/ISI.2009.5137266","DOIUrl":"https://doi.org/10.1109/ISI.2009.5137266","url":null,"abstract":"Crime activities are geospatial phenomena and as such are geospatially, thematically and temporally correlated. Thus, crime datasets must be interpreted and analyzed in conjunction with various factors that can contribute to the formulation of crime. Discovering these correlations allows a deeper insight into the complex nature of criminal behavior. We introduce a graph based dataset representation that allows us to mine a set of datasets for correlation. We demonstrate our approach with real crime datasets and provide a comparison with other techniques.","PeriodicalId":210911,"journal":{"name":"2009 IEEE International Conference on Intelligence and Security Informatics","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124960565","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-08DOI: 10.1109/ISI.2009.5137277
Yi-Ming Chen, Dachrahn Wu, Cheng-Kuang Wu
Terrorists tend to coordinate multiple raids which, combined with diversionary attacks are designed to divert the attention of the security forces, causing them to take a longer time to respond. This in turn enables the terrorists to cause more casualties at their primary target. It is important to efficiently reallocate the available security forces to meet these terrorist attacks, especially when the available resources are limited. In this paper we proposed two game theory-based models for the reallocation of security forces for the purpose of countering both primary and diversionary attacks in an urban environment. The first model is used each target and the “attack on hidden-object game” in which one analyzes the interaction behavior between the security force commander and the terrorists within a zero-sum game. The probability of a primary attack to this target is derived from the mixed strategy Nash equilibrium. The second model uses all these probabilities to compute the Shapley value for each target, in terms of the majority of all probabilities for primary attacks. The Shapley values are then used to create a reallocated set of the limited security forces. Experimental results show the approach proposed in this study is more efficient than the traditional method for dealing with ever more likely gunshot events.
{"title":"A game theory approach for the reallocation of security forces against terrorist diversionary attacks","authors":"Yi-Ming Chen, Dachrahn Wu, Cheng-Kuang Wu","doi":"10.1109/ISI.2009.5137277","DOIUrl":"https://doi.org/10.1109/ISI.2009.5137277","url":null,"abstract":"Terrorists tend to coordinate multiple raids which, combined with diversionary attacks are designed to divert the attention of the security forces, causing them to take a longer time to respond. This in turn enables the terrorists to cause more casualties at their primary target. It is important to efficiently reallocate the available security forces to meet these terrorist attacks, especially when the available resources are limited. In this paper we proposed two game theory-based models for the reallocation of security forces for the purpose of countering both primary and diversionary attacks in an urban environment. The first model is used each target and the “attack on hidden-object game” in which one analyzes the interaction behavior between the security force commander and the terrorists within a zero-sum game. The probability of a primary attack to this target is derived from the mixed strategy Nash equilibrium. The second model uses all these probabilities to compute the Shapley value for each target, in terms of the majority of all probabilities for primary attacks. The Shapley values are then used to create a reallocated set of the limited security forces. Experimental results show the approach proposed in this study is more efficient than the traditional method for dealing with ever more likely gunshot events.","PeriodicalId":210911,"journal":{"name":"2009 IEEE International Conference on Intelligence and Security Informatics","volume":"77 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128595007","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-08DOI: 10.1109/ISI.2009.5137267
Chyng-yang Jang, M. Stefanone
Prior research found that the majority of blogs are personal and relational in nature where bloggers reveal intimate information about themselves and target their public posts to their off-line social networks. These personal-journal style blogs expose their authors to potential privacy risks. Bloggers may choose to conceal their identities to mitigate the privacy concerns or disclose their identities for positive relational communication. This study explores the impacts of personal traits and perceived communication context on bloggers' decision of identity disclosure. Data were collected via an online survey of 148 randomly selected bloggers. Results showed that self disclosure tendency and targeting blogs at family and close friends were positive predictors to bloggers' perceived identifiability. In addition, self disclosure tendency and extraversion were found to moderate the relationship between bloggers' perceived vulnerability and identifiability. The implications on privacy management and relational communication online are discussed.
{"title":"Factors influencing Bloggers' perceived indentifiability","authors":"Chyng-yang Jang, M. Stefanone","doi":"10.1109/ISI.2009.5137267","DOIUrl":"https://doi.org/10.1109/ISI.2009.5137267","url":null,"abstract":"Prior research found that the majority of blogs are personal and relational in nature where bloggers reveal intimate information about themselves and target their public posts to their off-line social networks. These personal-journal style blogs expose their authors to potential privacy risks. Bloggers may choose to conceal their identities to mitigate the privacy concerns or disclose their identities for positive relational communication. This study explores the impacts of personal traits and perceived communication context on bloggers' decision of identity disclosure. Data were collected via an online survey of 148 randomly selected bloggers. Results showed that self disclosure tendency and targeting blogs at family and close friends were positive predictors to bloggers' perceived identifiability. In addition, self disclosure tendency and extraversion were found to moderate the relationship between bloggers' perceived vulnerability and identifiability. The implications on privacy management and relational communication online are discussed.","PeriodicalId":210911,"journal":{"name":"2009 IEEE International Conference on Intelligence and Security Informatics","volume":"50 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121249405","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2009-06-08DOI: 10.1109/ISI.2009.5137271
Huiqi Zhang, R. Dantu, João W. Cangussu
In this paper we propose a method for combining wavelet denoising and sequential approach for detecting change points on mobile phone based on detailed call records. The Minmax method is used to estimate the thresholds of frequency and call duration for denoising. This work is useful to enhance homeland security, detecting unwanted calls (e.g., spam) and commercial purposes. For validation of our results, we randomly choose actual call logs of 20 users from 100 users collected at MIT by the Reality Mining Project group for a period of 8 months. Simulation data is also used to validate the results. The experimental results show that our model achieves good performance with high accuracy.
{"title":"Change point detection based on call detail records","authors":"Huiqi Zhang, R. Dantu, João W. Cangussu","doi":"10.1109/ISI.2009.5137271","DOIUrl":"https://doi.org/10.1109/ISI.2009.5137271","url":null,"abstract":"In this paper we propose a method for combining wavelet denoising and sequential approach for detecting change points on mobile phone based on detailed call records. The Minmax method is used to estimate the thresholds of frequency and call duration for denoising. This work is useful to enhance homeland security, detecting unwanted calls (e.g., spam) and commercial purposes. For validation of our results, we randomly choose actual call logs of 20 users from 100 users collected at MIT by the Reality Mining Project group for a period of 8 months. Simulation data is also used to validate the results. The experimental results show that our model achieves good performance with high accuracy.","PeriodicalId":210911,"journal":{"name":"2009 IEEE International Conference on Intelligence and Security Informatics","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-06-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122130246","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: