Presentation is loading. Please wait.

Presentation is loading. Please wait.

INTERACTIVE ANALYSIS OF COMPUTER CRIMES PRESENTED FOR CS-689 ON 10/12/2000 BY NAGAKALYANA ESKALA.

Published byAgnes Clark Modified over 8 years ago

Similar presentations

Presentation on theme: "INTERACTIVE ANALYSIS OF COMPUTER CRIMES PRESENTED FOR CS-689 ON 10/12/2000 BY NAGAKALYANA ESKALA."— Presentation transcript:

1 INTERACTIVE ANALYSIS OF COMPUTER CRIMES PRESENTED FOR CS-689 ON 10/12/2000 BY NAGAKALYANA ESKALA

2 OUTLINE Crime analysis is a critical component of modern policing, and law enforcement agencies are increasingly using computerized analysis tools. The system which I am going to propose adapts computerized techniques for analyzing conventional crimes for use by law enforcement agencies in the Internet age.

3 OVERVIEW Motivation Background Analysis Framework Deliverables

4 MOTIVATION The increase in computer crimes over the past decade requires enhanced and sophisticated crime analysis tools to address new types of crimes. Further “Internet time” requires crime analysis at faster rates and in significantly smaller time interval

5 Attack Sophistication vs. Intruder Technical Knowledge

6

7 GOAL The proposed Crime analysis system can link criminal activities by location, time and method; it also can detect significant changes in criminal activity and discover criminal preferences to aid in predicting future threats.

8 BACKGROUND Our framework is based mainly on both University of Virginia’s Regional Crime Analysis Program (RECAP) and John Howard’s (Professor, Carnegie Mellon University) security recommendations. Recap users can link related records, analyze trends in space and time, detect changes in those trends, and look for areas with a high density of criminal events called “Hot spots”

9 Recap’s Components

10 ANALYSIS FRAMEWORK Clustering and Associating Computer Crimes Data association Concept hierarchies Adjusting Weight Importance Preference Discovery Crime Prediction and Threat assessment Multiagent modeling

11 Data Association To automate identifying the associated set of incidents we use Data Association methodology. Depends on the measure of similarity Defines the limits of an investigation Provides insights into crime prevention measures

12 denote the similarity of attribute k between criminal incident records A and B and wk denote the weighing attribute of k. So we compute the Total Similarity Measure, TSM(A,B) between records A and B as a weighed sum of the attribute similarity measure : Analysts define the relevant attributes collected in incident reports, then they standardize the values they obtain from different agencies

13 Concept hierarchies Used to Link the values in different reports Define an association function. Use crime analysis data to develop mappings from the values in each report to a real number in the interval [0,1]. For ex. Lets say that the attribute method of solicitation has three categorical values: email, chat room and mail. Analysis reveals that solicitation in chat room has 0.7 similarity with a solicitation by email and that a solicitation by mail has a 0.001 similarity with either of the other two methods.

14 Adding Weight Importance We first optimize the weights in the equation using cases that we know are associated. Essentially we solve for the values of the weights wk in the equation that minimize the classification error where this error is computed as the number of times we fail to join the incidents that should be joined or times we join incidents that should not be joined.

15 Investigators cluster the results of the total similarity measure to estimate the number of individuals or groups involved in cyber attacks. We hierarchical agglomerative method with complete linkage. In this method: if the similarity index of two entities is greater than a certain fixed value, or cut off value, the entities from a cluster if one or both of the entities is a cluster, then all of the entities in both of the clusters have a similarity index that is greater than the cut off value

16 Preference Discovery A major goal of crime analysis is to understand the criminal processes at work in a region well enough to allow proactive policing activities. This means discovering areas and persons under threat and taking action to reduce the threat. The following figure shows the basic components of preference discovery approach.

17 Shows relationship between the incident time, incident location, and clusters developed in feature space

18 From the basic components of the approach, we observe criminal incidents in time and across the network topology, and we map these incidents into a feature space, which is defined by the relevant attributes of all incidents. We develop a density estimate for the decision surface, which represents the criminal’s preference for specific attributes, across feature space. These surfaces then become the basis for modeling a criminal’s behavior in future attacks.

19 Crime Prediction and Threat Assessment This integrates all the pieces into one system. The database derived from multiple agency databases is the basis for the analysis. We employ data association to group incidents and use feature selection to select a set of features of the preference discovery. These methods then generate the decision models for the criminal agents in our simulations.

20

21 Multi agent modeling Multi agent models provide an effective tool for predicting the behavior of computer criminals. These models use artificial agents, which can interact with their environment and with each other. To construct a multi agent model to simulate computer crime, we derive the number and type of agents from the raw data audit, then we derive the criminal’s preferences from the raw data. We use derived preferences to create the criminal agents.

22 Conclusion Our analysis method uses data association to determine the number of criminal agents, then it uses feature selection to determine the preference of the identified agents. Since this method is automatable, analysts can use it in situations in which there is a vast wealth of data. Thus, this method is particularly useful in the computer crime domain, where data collection is relatively easy but data analysis is more difficult

23 Deliverables Security personnel can use this method as the data source for a multiagent model that simulates future attacks without exposing new systems to the outside world. Analysts can estimate no. of attackers to predict future attacks

Download ppt "INTERACTIVE ANALYSIS OF COMPUTER CRIMES PRESENTED FOR CS-689 ON 10/12/2000 BY NAGAKALYANA ESKALA."

Similar presentations

Data Mining in Computer Games By Adib Adam Hussain & Mohammed Sarfraz.

Data Mining in Computer Games By Adib Adam Hussain & Mohammed Sarfraz.
We’ve got what it takes to take what you got! NETWORK FORENSICS.

We’ve got what it takes to take what you got! NETWORK FORENSICS.
An Approach to Evaluate Data Trustworthiness Based on Data Provenance Department of Computer Science Purdue University.

An Approach to Evaluate Data Trustworthiness Based on Data Provenance Department of Computer Science Purdue University.
Data Mining and Intrusion Detection

Data Mining and Intrusion Detection
Managing Data Resources

Managing Data Resources
Report on Intrusion Detection and Data Fusion By Ganesh Godavari.

Report on Intrusion Detection and Data Fusion By Ganesh Godavari.
Chapter 6 Database Design

Chapter 6 Database Design
File Systems and Databases

File Systems and Databases
/department of mathematics and computer science Visualization of Transition Systems Hannes Pretorius Visualization Group

/department of mathematics and computer science Visualization of Transition Systems Hannes Pretorius Visualization Group
Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.

Mining Behavior Models Wenke Lee College of Computing Georgia Institute of Technology.
Machine Learning as Applied to Intrusion Detection By Christine Fossaceca.

Machine Learning as Applied to Intrusion Detection By Christine Fossaceca.
Police Technology Chapter Twelve

Police Technology Chapter Twelve
6 Chapter 6 Database Design Hachim Haddouti. 6 2 Hachim Haddouti and Rob & Coronel, Ch6 In this chapter, you will learn: That successful database design.

6 Chapter 6 Database Design Hachim Haddouti. 6 2 Hachim Haddouti and Rob & Coronel, Ch6 In this chapter, you will learn: That successful database design.
Managing Data Resources. File Organization Terms and Concepts Bit: Smallest unit of data; binary digit (0,1) Byte: Group of bits that represents a single.

Managing Data Resources. File Organization Terms and Concepts Bit: Smallest unit of data; binary digit (0,1) Byte: Group of bits that represents a single.
Business Intelligence in Crime Ji Zhang Lucas Matecki Lamont Davis Jenny Brunnert.

Business Intelligence in Crime Ji Zhang Lucas Matecki Lamont Davis Jenny Brunnert.
Introduction to Systems Analysis and Design

Introduction to Systems Analysis and Design
Science and Engineering Practices

Science and Engineering Practices
Pixel Visualization of keyword search results in large email databases. Jay Koven Fall 2013.

Pixel Visualization of keyword search results in large databases. Jay Koven Fall 2013.
Computational Thinking Related Efforts. CS Principles – Big Ideas  Computing is a creative human activity that engenders innovation and promotes exploration.

Computational Thinking Related Efforts. CS Principles – Big Ideas  Computing is a creative human activity that engenders innovation and promotes exploration.
Intelligence and Security Informatics Collaborative Workflow Management for Interagency Crime Analysis J. Leon Zhao, Henry H. Bi, and Hsinchun Chen Department.

Intelligence and Security Informatics Collaborative Workflow Management for Interagency Crime Analysis J. Leon Zhao, Henry H. Bi, and Hsinchun Chen Department.

Similar presentations

Ads by Google