Although the traditional strategies for cyber defense in use today are necessary to mitigate broad ranges of common threats, they are not well-suited to protect against a persistent antagonist with access to advanced system exploitation techniques and knowledge of existing but yet undiscovered software vulnerabilities. Addressing the threat caused by such antagonists requires a fast and offensive Cyber Counterintelligence (CCI) process, and a more efficient inter-organizational information exchange. This paper proposes a framework for offensive CCI based on technical tools and techniques for data mining, anomaly detection, and extensive sharing of cyber threat data. The framework is placed within the distinct context of military intelligence, in order to achieve a holistic, offensive and target-centric view of future CCI. The main contributions offered are (i) a comprehensive process that bridges the gap between the various actors involved in CCI, (ii) an applied technical architecture to support detection and identification of data leaks emanating from cyber espionage, and (iii) deduced intelligence community requirements.
{"title":"Towards Offensive Cyber Counterintelligence: Adopting a Target-Centric View on Advanced Persistent Threats","authors":"J. Sigholm, Martin Bang","doi":"10.1109/EISIC.2013.37","DOIUrl":"https://doi.org/10.1109/EISIC.2013.37","url":null,"abstract":"Although the traditional strategies for cyber defense in use today are necessary to mitigate broad ranges of common threats, they are not well-suited to protect against a persistent antagonist with access to advanced system exploitation techniques and knowledge of existing but yet undiscovered software vulnerabilities. Addressing the threat caused by such antagonists requires a fast and offensive Cyber Counterintelligence (CCI) process, and a more efficient inter-organizational information exchange. This paper proposes a framework for offensive CCI based on technical tools and techniques for data mining, anomaly detection, and extensive sharing of cyber threat data. The framework is placed within the distinct context of military intelligence, in order to achieve a holistic, offensive and target-centric view of future CCI. The main contributions offered are (i) a comprehensive process that bridges the gap between the various actors involved in CCI, (ii) an applied technical architecture to support detection and identification of data leaks emanating from cyber espionage, and (iii) deduced intelligence community requirements.","PeriodicalId":229195,"journal":{"name":"2013 European Intelligence and Security Informatics Conference","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133545104","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
D. L. Tower, M. Jensen, Norah E. Dunbar, A. Elkins
Most efforts at improving deception detection involve either the examination of a suspect's behavioral and physiological cues or are aimed at improving the ability of an interviewer to distinguish between truth and deception. The research presented here employs a dyadic approach to deception detection. This is a relatively novel method which utilizes the complex interplay and mutual influence between the deceiver and the receiver by examining the relationship between interactional synchrony and deception. This field experiment uses criminal interviews of both guilty (deceptive) and innocent (truthful) suspects to explore the impact of deception on different measures of vocalic and linguistic synchrony. Preliminary results indicate that deceivers may strategically synchronize to the interviewer in an attempt to allay suspicion.
{"title":"Don't Lie to Me: The Impact of Deception on Vocalic and Linguistic Synchrony","authors":"D. L. Tower, M. Jensen, Norah E. Dunbar, A. Elkins","doi":"10.1109/EISIC.2013.67","DOIUrl":"https://doi.org/10.1109/EISIC.2013.67","url":null,"abstract":"Most efforts at improving deception detection involve either the examination of a suspect's behavioral and physiological cues or are aimed at improving the ability of an interviewer to distinguish between truth and deception. The research presented here employs a dyadic approach to deception detection. This is a relatively novel method which utilizes the complex interplay and mutual influence between the deceiver and the receiver by examining the relationship between interactional synchrony and deception. This field experiment uses criminal interviews of both guilty (deceptive) and innocent (truthful) suspects to explore the impact of deception on different measures of vocalic and linguistic synchrony. Preliminary results indicate that deceivers may strategically synchronize to the interviewer in an attempt to allay suspicion.","PeriodicalId":229195,"journal":{"name":"2013 European Intelligence and Security Informatics Conference","volume":"442 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134276723","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Despite over a century of research, the study of text classification is still chaotic. We examine the parameters at hand, and discuss some things that have been researched, and some things that have not.
{"title":"The Past, Present and Future of Text Classification","authors":"Niklas Zechner","doi":"10.1109/EISIC.2013.61","DOIUrl":"https://doi.org/10.1109/EISIC.2013.61","url":null,"abstract":"Despite over a century of research, the study of text classification is still chaotic. We examine the parameters at hand, and discuss some things that have been researched, and some things that have not.","PeriodicalId":229195,"journal":{"name":"2013 European Intelligence and Security Informatics Conference","volume":"109 4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134557985","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper, we present an analysis tool that is developed to support the process of generating and evaluating a large set of hypotheses. The computer tool is to a large extent based on two established analytical methods, Morphological Analysis and Analysis of Competing Hypotheses, and aims to facilitate the analysis by offering support for organizing and visualizing information. In particular, the tool provides support for efficient management of links between evidence and hypotheses. By linking evidence directly to elements of a morphological chart, the analyst can work directly with sets of hypotheses and thereby significantly decrease the number of manual steps necessary to complete the analysis.
{"title":"A Tool for Generating, Structuring, and Analyzing Multiple Hypotheses in Intelligence Work","authors":"T. Gustavi, Maja Karasalo, Christian Mårtenson","doi":"10.1109/EISIC.2013.11","DOIUrl":"https://doi.org/10.1109/EISIC.2013.11","url":null,"abstract":"In this paper, we present an analysis tool that is developed to support the process of generating and evaluating a large set of hypotheses. The computer tool is to a large extent based on two established analytical methods, Morphological Analysis and Analysis of Competing Hypotheses, and aims to facilitate the analysis by offering support for organizing and visualizing information. In particular, the tool provides support for efficient management of links between evidence and hypotheses. By linking evidence directly to elements of a morphological chart, the analyst can work directly with sets of hypotheses and thereby significantly decrease the number of manual steps necessary to complete the analysis.","PeriodicalId":229195,"journal":{"name":"2013 European Intelligence and Security Informatics Conference","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127968636","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
It has long been hypothesized that the ability to deceive depends on personality - some personality types are `better' at deceiving in that their deception is harder to recognize. In this work, we evaluate how the pattern of personality of a speaker affects the effectiveness of machine learning models for deception detection in transcripts of oral speech. We trained models to classify as deceptive or not deceptive statements issued in Court by Italian speakers. We then used a system for automatic personality recognition to generate hypotheses about the personality of these speakers, and we clustered the subjects on the basis of their personality traits. It turned out that deception detection models perform differently depending on the patterns of personality traits which characterize the speakers. This suggests that speakers who show certain types of personality also have a communication style in which deception can be detected more, or less, easily.
{"title":"The Effect of Personality Type on Deceptive Communication Style","authors":"Tommaso Fornaciari, Fabio Celli, Massimo Poesio","doi":"10.1109/EISIC.2013.8","DOIUrl":"https://doi.org/10.1109/EISIC.2013.8","url":null,"abstract":"It has long been hypothesized that the ability to deceive depends on personality - some personality types are `better' at deceiving in that their deception is harder to recognize. In this work, we evaluate how the pattern of personality of a speaker affects the effectiveness of machine learning models for deception detection in transcripts of oral speech. We trained models to classify as deceptive or not deceptive statements issued in Court by Italian speakers. We then used a system for automatic personality recognition to generate hypotheses about the personality of these speakers, and we clustered the subjects on the basis of their personality traits. It turned out that deception detection models perform differently depending on the patterns of personality traits which characterize the speakers. This suggests that speakers who show certain types of personality also have a communication style in which deception can be detected more, or less, easily.","PeriodicalId":229195,"journal":{"name":"2013 European Intelligence and Security Informatics Conference","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117065895","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In this paper we describe how Bayesian Principal Anomaly Detection (BPAD) can be used for detecting long and short term trends and anomalies in geographically tagged alarm data. We elaborate on how the detection of such deviations can be used for high-lighting suspected criminal behavior and activities. BPAD has previously been successively deployed and evaluated in several similar domains, including Maritime Domain Awareness, Train Fleet Maintenance, and Alarm filtering. Similar as for those applications, we argue in the paper that the deployment of BPAD in area of crime monitoring potentially can improve the situation awareness of criminal activities, by providing automatic detection of suspicious behaviors, and uncovering large scale patterns.
{"title":"A Bayesian Parametric Statistical Anomaly Detection Method for Finding Trends and Patterns in Criminal Behavior","authors":"A. Holst, B. Bjurling","doi":"10.1109/EISIC.2013.19","DOIUrl":"https://doi.org/10.1109/EISIC.2013.19","url":null,"abstract":"In this paper we describe how Bayesian Principal Anomaly Detection (BPAD) can be used for detecting long and short term trends and anomalies in geographically tagged alarm data. We elaborate on how the detection of such deviations can be used for high-lighting suspected criminal behavior and activities. BPAD has previously been successively deployed and evaluated in several similar domains, including Maritime Domain Awareness, Train Fleet Maintenance, and Alarm filtering. Similar as for those applications, we argue in the paper that the deployment of BPAD in area of crime monitoring potentially can improve the situation awareness of criminal activities, by providing automatic detection of suspicious behaviors, and uncovering large scale patterns.","PeriodicalId":229195,"journal":{"name":"2013 European Intelligence and Security Informatics Conference","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117175084","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In large-scale sensor networks, adversaries may capture and compromise several of the sensors. Compromised nodes can be used by adversaries to generate many false messages which waste the batteries of sensor nodes and the bandwidth of the sensor network. Many works aim to detect a false event in-network even if many nodes are compromised. Certain existing methods can achieve this, but, they cannot be used in a situation where the location of the sink changes. We propose a new method that resiliently detects false messages, even when there are a large number of compromised nodes and that can handle situations where the location of the sink changes. By preloading a legitimate combination of keys (LCK) on sensor nodes before deployment, the nodes can detect false events created from false combinations of keys. Our mathematical analysis and the simulations we conducted prove the effectiveness of our method.
{"title":"False Event Detection for Mobile Sinks in Wireless Sensor Networks","authors":"Y. Sei, Akihiko Ohsuga","doi":"10.1109/EISIC.2013.15","DOIUrl":"https://doi.org/10.1109/EISIC.2013.15","url":null,"abstract":"In large-scale sensor networks, adversaries may capture and compromise several of the sensors. Compromised nodes can be used by adversaries to generate many false messages which waste the batteries of sensor nodes and the bandwidth of the sensor network. Many works aim to detect a false event in-network even if many nodes are compromised. Certain existing methods can achieve this, but, they cannot be used in a situation where the location of the sink changes. We propose a new method that resiliently detects false messages, even when there are a large number of compromised nodes and that can handle situations where the location of the sink changes. By preloading a legitimate combination of keys (LCK) on sensor nodes before deployment, the nodes can detect false events created from false combinations of keys. Our mathematical analysis and the simulations we conducted prove the effectiveness of our method.","PeriodicalId":229195,"journal":{"name":"2013 European Intelligence and Security Informatics Conference","volume":"2014 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127541157","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Whatever the future holds in terms of new regulations and processes, the trend will be to record and secure border crossings for an increasing share of eligible passengers. In order for this trend to be derived into effective and efficient execution as well as for passengers to experience a fluent journey despite this increase of security requirements, performing an identification of passengers through a unique identifier, providing facilitated and automated checks and being capable to identify and then trace persons of interest will be needed and very valuable tracks to follow in order to achieve these objectives. The extent and pace to which these tracks will be followed and soundly articulated together will define how smartly the borders will be managed in the future.
{"title":"Managing the Border, Smartly","authors":"Sandrine Trochu, O. Touret","doi":"10.1109/EISIC.2013.72","DOIUrl":"https://doi.org/10.1109/EISIC.2013.72","url":null,"abstract":"Whatever the future holds in terms of new regulations and processes, the trend will be to record and secure border crossings for an increasing share of eligible passengers. In order for this trend to be derived into effective and efficient execution as well as for passengers to experience a fluent journey despite this increase of security requirements, performing an identification of passengers through a unique identifier, providing facilitated and automated checks and being capable to identify and then trace persons of interest will be needed and very valuable tracks to follow in order to achieve these objectives. The extent and pace to which these tracks will be followed and soundly articulated together will define how smartly the borders will be managed in the future.","PeriodicalId":229195,"journal":{"name":"2013 European Intelligence and Security Informatics Conference","volume":"47 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122220903","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Criminal network investigation involves a number of complex knowledge management tasks and both humans and software tools play a central role in performing such tasks. The paper presents issues for future criminal network investigation tools. The research agenda is inspired partly by previous research from the hypertext field on how to build tools to structure, visualize, and manage knowledge and partly from previous research from the intelligence and security informatics field on tool support for criminal network investigation. Crime Fighter is used as an example to explore the limitations of current criminal network investigation tools and to propose issues that needs to be addressed by future tools.
{"title":"Issues for the Next Generation of Criminal Network Investigation Tools","authors":"U. Wiil","doi":"10.1109/EISIC.2013.9","DOIUrl":"https://doi.org/10.1109/EISIC.2013.9","url":null,"abstract":"Criminal network investigation involves a number of complex knowledge management tasks and both humans and software tools play a central role in performing such tasks. The paper presents issues for future criminal network investigation tools. The research agenda is inspired partly by previous research from the hypertext field on how to build tools to structure, visualize, and manage knowledge and partly from previous research from the intelligence and security informatics field on tool support for criminal network investigation. Crime Fighter is used as an example to explore the limitations of current criminal network investigation tools and to propose issues that needs to be addressed by future tools.","PeriodicalId":229195,"journal":{"name":"2013 European Intelligence and Security Informatics Conference","volume":"72 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129518021","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
The recovery of data from mobile phones is a very specialist and evolving field, which can make considerable assistance in the prosecution of criminal cases. Data can include not just call history or text messages but, as mobile phones become more smart, it can also include internet web pages, chat data, social media files and other application data. In this paper we present an open-source toolkit has been developed to improve workflow for forensic analysts and to aid Android OS mobile phone forensics. This toolkit has been designed to automatically extract and handle all data extracted from the devices so that vital intelligence can be searched and identified quickly, accurately and efficiently. This paper describes and presents the features of this toolkit.
{"title":"Forensic Data Recovery from Android OS Devices: An Open Source Toolkit","authors":"Patrick Dibb, Mohammad Hammoudeh","doi":"10.1109/EISIC.2013.58","DOIUrl":"https://doi.org/10.1109/EISIC.2013.58","url":null,"abstract":"The recovery of data from mobile phones is a very specialist and evolving field, which can make considerable assistance in the prosecution of criminal cases. Data can include not just call history or text messages but, as mobile phones become more smart, it can also include internet web pages, chat data, social media files and other application data. In this paper we present an open-source toolkit has been developed to improve workflow for forensic analysts and to aid Android OS mobile phone forensics. This toolkit has been designed to automatically extract and handle all data extracted from the devices so that vital intelligence can be searched and identified quickly, accurately and efficiently. This paper describes and presents the features of this toolkit.","PeriodicalId":229195,"journal":{"name":"2013 European Intelligence and Security Informatics Conference","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131856450","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: