Fabrizio Albertetti, Paul Cotofrei, Lionel Grossrieder, O. Ribaux, K. Stoffel
Grouping events having similarities has always been interesting for analysts. Actually, when a label is put on top of a set of events to denote they share common properties, the automation and the capability to conduct reasoning with this set drastically increase. This is particularly true when considering criminal events for crime analysts, conjunction, interpretation and explanation can be key success factors to apprehend criminals. In this paper, we present the CriLiM methodology for investigating both serious and high-volume crime. Our artifact consists in implementing a tailored computerized crime linkage system, based on a fuzzy MCDM approach in order to combine spatio-temporal, behavioral, and forensic information. As a proof of concept, series in burglaries are examined from real data and compared to expert results.
{"title":"The CriLiM Methodology: Crime Linkage with a Fuzzy MCDM Approach","authors":"Fabrizio Albertetti, Paul Cotofrei, Lionel Grossrieder, O. Ribaux, K. Stoffel","doi":"10.1109/EISIC.2013.17","DOIUrl":"https://doi.org/10.1109/EISIC.2013.17","url":null,"abstract":"Grouping events having similarities has always been interesting for analysts. Actually, when a label is put on top of a set of events to denote they share common properties, the automation and the capability to conduct reasoning with this set drastically increase. This is particularly true when considering criminal events for crime analysts, conjunction, interpretation and explanation can be key success factors to apprehend criminals. In this paper, we present the CriLiM methodology for investigating both serious and high-volume crime. Our artifact consists in implementing a tailored computerized crime linkage system, based on a fuzzy MCDM approach in order to combine spatio-temporal, behavioral, and forensic information. As a proof of concept, series in burglaries are examined from real data and compared to expert results.","PeriodicalId":229195,"journal":{"name":"2013 European Intelligence and Security Informatics Conference","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115755527","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
There will always be a security gap between our ability to secure our networks and the actual level of security needed. When securing our networks we need good intelligence to direct our efforts and focus on the right spots. We need to find those spots and they can be found, with the right tools. Survival time is a method that provides possibilities to make decisions concerning information security risks based on true knowledge and hard facts, in a repeatable and scientific manner. This presented work aim to investigate the possibility to use survival time of an unprotected system as an intelligence source and measure the current survival time for a given unprotected system. By the deployment of a decoy, an unprotected system, data is captured and collected through port monitoring. Mainly focus lie on building a time curve presenting the estimated time for an unprotected public system to get detected on the Internet and the elapsed time hence the system gets attacked.
{"title":"A Pilot Study of Using Honeypots as Cyber Intelligence Sources","authors":"U. Bilstrup, M. Rosenberg","doi":"10.1109/EISIC.2013.56","DOIUrl":"https://doi.org/10.1109/EISIC.2013.56","url":null,"abstract":"There will always be a security gap between our ability to secure our networks and the actual level of security needed. When securing our networks we need good intelligence to direct our efforts and focus on the right spots. We need to find those spots and they can be found, with the right tools. Survival time is a method that provides possibilities to make decisions concerning information security risks based on true knowledge and hard facts, in a repeatable and scientific manner. This presented work aim to investigate the possibility to use survival time of an unprotected system as an intelligence source and measure the current survival time for a given unprotected system. By the deployment of a decoy, an unprotected system, data is captured and collected through port monitoring. Mainly focus lie on building a time curve presenting the estimated time for an unprotected public system to get detected on the Internet and the elapsed time hence the system gets attacked.","PeriodicalId":229195,"journal":{"name":"2013 European Intelligence and Security Informatics Conference","volume":"55 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116463870","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Inferring public opinion regarding an issue or event by analyzing social media content is of great interest to security analysts but is also technically challenging to accomplish. This paper presents a new method for estimating sentiment and/or emotion expressed in social media which addresses the challenges associated with Web-based analysis. We formulate the problem as one of text classification, model the data as a bipartite graph of documents and words, and construct the sentiment/emotion classifier through a combination of semi-supervised learning and graph transduction. Interestingly, the proposed approach requires no labeled training documents and is able to provides accurate text classification using only a small lexicon of words of known sentiment/ emotion. The classification algorithm is shown to outperform state of the art methods on a benchmark task involving sentiment analysis of online consumer product reviews. We illustrate the utility of the approach for security informatics through two case studies, one examining the possibility that online sentiment about suicide bombing predicts bombing event frequency, and one investigating public sentiment about vaccination and its implications for population health and security.
{"title":"Analyzing Social Media Content for Security Informatics","authors":"R. Colbaugh, K. Glass","doi":"10.1109/EISIC.2013.14","DOIUrl":"https://doi.org/10.1109/EISIC.2013.14","url":null,"abstract":"Inferring public opinion regarding an issue or event by analyzing social media content is of great interest to security analysts but is also technically challenging to accomplish. This paper presents a new method for estimating sentiment and/or emotion expressed in social media which addresses the challenges associated with Web-based analysis. We formulate the problem as one of text classification, model the data as a bipartite graph of documents and words, and construct the sentiment/emotion classifier through a combination of semi-supervised learning and graph transduction. Interestingly, the proposed approach requires no labeled training documents and is able to provides accurate text classification using only a small lexicon of words of known sentiment/ emotion. The classification algorithm is shown to outperform state of the art methods on a benchmark task involving sentiment analysis of online consumer product reviews. We illustrate the utility of the approach for security informatics through two case studies, one examining the possibility that online sentiment about suicide bombing predicts bombing event frequency, and one investigating public sentiment about vaccination and its implications for population health and security.","PeriodicalId":229195,"journal":{"name":"2013 European Intelligence and Security Informatics Conference","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128808531","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Ala Berzinji, Frzand Sherko Abdullah, Ali Hayder Kakei
Nowadays using the Social Networking Sites (SNS) especially Facebook by terrorist groups to spread their ideas among people has grown. In this work we try to monitor those groups by Facebook Operation techniques and then apply an algorithm to detect most active node in the group that can recruit most nodes on Facebook. The algorithm works on centralities to find out the node that is most central in the group.
{"title":"Analysis of Terrorist Groups on Facebook","authors":"Ala Berzinji, Frzand Sherko Abdullah, Ali Hayder Kakei","doi":"10.1109/EISIC.2013.53","DOIUrl":"https://doi.org/10.1109/EISIC.2013.53","url":null,"abstract":"Nowadays using the Social Networking Sites (SNS) especially Facebook by terrorist groups to spread their ideas among people has grown. In this work we try to monitor those groups by Facebook Operation techniques and then apply an algorithm to detect most active node in the group that can recruit most nodes on Facebook. The algorithm works on centralities to find out the node that is most central in the group.","PeriodicalId":229195,"journal":{"name":"2013 European Intelligence and Security Informatics Conference","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125340567","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Reconstruction and Exploration (R&E) is an approach developed to support after-action reviews in military and emergency response exercises. With the development of new technology and software, data sets grow larger and more complex in many domains, increasing the need for visual exploration approaches such as R&E. This paper briefly presents the R&E approach and introduces it to the criminology community. Three areas within the field are discussed that may benefit from using structured approaches to data collection and presentation such as R&E: (1) vicarious learning, (2) police intelligence operations, and (3) evidence presentation in trials. In conclusion, the approach looks promising as a complement to existing methods in criminology, and further investigations are recommended to clarify needs, possibilities and challenges ahead.
{"title":"Reconstruction and Exploration: Applications in Criminology","authors":"Dennis Andersson, Mirko Thorstensson","doi":"10.1109/EISIC.2013.42","DOIUrl":"https://doi.org/10.1109/EISIC.2013.42","url":null,"abstract":"Reconstruction and Exploration (R&E) is an approach developed to support after-action reviews in military and emergency response exercises. With the development of new technology and software, data sets grow larger and more complex in many domains, increasing the need for visual exploration approaches such as R&E. This paper briefly presents the R&E approach and introduces it to the criminology community. Three areas within the field are discussed that may benefit from using structured approaches to data collection and presentation such as R&E: (1) vicarious learning, (2) police intelligence operations, and (3) evidence presentation in trials. In conclusion, the approach looks promising as a complement to existing methods in criminology, and further investigations are recommended to clarify needs, possibilities and challenges ahead.","PeriodicalId":229195,"journal":{"name":"2013 European Intelligence and Security Informatics Conference","volume":"91 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-08-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116649873","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: