Presentation is loading. Please wait.

Presentation is loading. Please wait.

Social Networks and Surveillance: Evaluating Suspicion by Association Ryan P. Layfield Dr. Bhavani Thuraisingham Dr. Latifur Khan Dr. Murat Kantarcioglu.

Published byBertha Greer Modified over 8 years ago

Similar presentations

Presentation on theme: "Social Networks and Surveillance: Evaluating Suspicion by Association Ryan P. Layfield Dr. Bhavani Thuraisingham Dr. Latifur Khan Dr. Murat Kantarcioglu."— Presentation transcript:

1 Social Networks and Surveillance: Evaluating Suspicion by Association Ryan P. Layfield Dr. Bhavani Thuraisingham Dr. Latifur Khan Dr. Murat Kantarcioglu The University of Texas at Dallas {layfield, bxt043000, lkhan, muratk}@utdallas.edu

2 Overview  Introduction ► Our Goal ► System Design ► Social Networks ► Threat Detection ► Correlation Analysis  The Experiment ► Setup ► Current Results ► Issues ► Future Work

3 Introduction  Automated message surveillance is essential to communication monitoring ► Widespread use of electronic communication ► Exponential data growth ► Impossible to sift through all ‘by hand’  Going beyond basic surveillance ► Identifying groups rather than individuals ► Monitoring conversations rather than messages

4 Our Goal  Design new techniques and apply existing algorithms to… ► Create a machine-understandable model of existing social networks ► Identify abnormal conversations and behavior ► Monitor a given communications system in real-time ► Continuously learn and adapt to a dynamic environment

5 System Design  Three major components: ► Social Network Modeler ► Initial Activity Detector ► Correlated Activity Investigator

6 Social Networks  Individuals engaged in suspicious or undesirable behavior rarely act alone  We can infer than those associated with a person positively identified as suspicious have a high probability of being either: ► Accomplices (participants in suspicious activity) ► Witnesses (observers of suspicious activity)  Making these assumptions, we create a context of association between users of a communication network

7 Social Networks  Within our model: ► Every node is a unique user ► Every message creates or strengthens a link between nodes  Over time, the network changes ► Frequent communication leads to stronger links ► Intermittent messaging implies weakening social ties  The strength of the link implies how strong an association between individuals is  From this data, we can theoretically identify ► Hubs ► Groups ► Liaisons

8 Social Networks

9 Threat Detection  Every message sent is scrutinized in the interest of identifying suspicious communication ► Keywords analysis ► Prior context (i.e. previous message content)  When a detection algorithm yields a strong result, a token is created ► The token is created at the origin and passed to the recipient(s) ► Existing tokens, if any, are cloned instead  The result is a web that potentially reflects the dissemination of suspicious information activity

10 Correlation Analysis  Future messages with similar suspicious topics are not always identifiable with the same ‘initial’ techniques ► Quick replies ► Pronoun use ► Assumption that recipient is aware of topic  If a token is present at the sender when a message is sent: ► Message token is associated with and new message are analyzed ► If analysis yields a strong match, the token is further cloned and passed to recipient

11 The Experiment  A rare set of words shared between two or more messages are candidates for keyword analysis, but they are not always easily sifted from ‘noise’  Noise within text-based messages comes in a variety of forms ► Misspelled words ► Unusual word choice ► Incompatible variations of the same language (i.e. British vs. American English) ► Unexpected language  However, we do not want to eliminate potential keywords ► Document names ► Terminology specific to a subject ► ‘Buzz’ words

12 The Experiment  We proposed an experiment that attempts to eliminate false positives due to noisy data while strengthening and expanding our correlation techniques

13 Setup  Tools ► Running word ‘rank’ database ► Implementation of word set theory infrastructure ► JAMA Matrix Library  Singular Value Decomposition  Our Approach ► Apply SVD noise filtering based on 100 messages ► Analyze word frequency correlation between current message and prior suspicious messages ► Generate a score based on the results

14 Setup  Construct a matrix based on the last 100 messages words messages More common Less common

15 Setup  Decompose and rebuild U VTVT  A Eliminate ‘weak’ singular values

16 Setup Pulled from messages j and k ‘Raw’ total score for word w i Pulled from ‘running’ word database Counts only intersection of words Predefined fixed threshold

17 Current Results  Method is not currently accurate  Large fluctuations ► Correlation easily swayed by plethora of common words ► Uncommon words not given enough weight

18 Current Results 1000 messages evaluated, first 100 used to seed word ranks.

19 Issues  Word frequencies fluctuate wildly during beginning of experiment (0.0 – 10.0+)  Extreme cost for current construction methods and computation  Filtering context limited to recent global history  Affected by large bodies of text

20 Future Work  Tap potential of existing matrix for further analysis  Adaptive filtering feedback algorithms  Speed improvements to accommodate real-time streams  Flexible communication platform monitoring  Addition of pipe architecture for modular threat detection and correlation

Download ppt "Social Networks and Surveillance: Evaluating Suspicion by Association Ryan P. Layfield Dr. Bhavani Thuraisingham Dr. Latifur Khan Dr. Murat Kantarcioglu."

Similar presentations

Beyond Keyword Filtering for Message and Conversation Detection David Skillicorn School of Computing, Queen’s University Math and CS, Royal Military College.

Beyond Keyword Filtering for Message and Conversation Detection David Skillicorn School of Computing, Queen’s University Math and CS, Royal Military College.
Sensor-Based Abnormal Human-Activity Detection Authors: Jie Yin, Qiang Yang, and Jeffrey Junfeng Pan Presenter: Raghu Rangan.

Sensor-Based Abnormal Human-Activity Detection Authors: Jie Yin, Qiang Yang, and Jeffrey Junfeng Pan Presenter: Raghu Rangan.
WWW 2014 Seoul, April 8 th SNOW 2014 Data Challenge Two-level message clustering for topic detection in Twitter Georgios Petkos, Symeon Papadopoulos, Yiannis.

WWW 2014 Seoul, April 8 th SNOW 2014 Data Challenge Two-level message clustering for topic detection in Twitter Georgios Petkos, Symeon Papadopoulos, Yiannis.
Pete Bohman Adam Kunk.  Introduction  Related Work  System Overview  Indexing Scheme  Ranking  Evaluation  Conclusion.

Pete Bohman Adam Kunk.  Introduction  Related Work  System Overview  Indexing Scheme  Ranking  Evaluation  Conclusion.
/ Where innovation starts 1212 Technische Universiteit Eindhoven University of Technology 1 Incorporating Cognitive/Learning Styles in a General-Purpose.

/ Where innovation starts 1212 Technische Universiteit Eindhoven University of Technology 1 Incorporating Cognitive/Learning Styles in a General-Purpose.
Site Level Noise Removal for Search Engines André Luiz da Costa Carvalho Federal University of Amazonas, Brazil Paul-Alexandru Chirita L3S and University.

Site Level Noise Removal for Search Engines André Luiz da Costa Carvalho Federal University of Amazonas, Brazil Paul-Alexandru Chirita L3S and University.
Information Retrieval in Practice

Information Retrieval in Practice
Search Engines and Information Retrieval

Search Engines and Information Retrieval
NaLIX: A Generic Natural Language Search Environment for XML Data Presented by: Erik Mathisen 02/12/2008.

NaLIX: A Generic Natural Language Search Environment for XML Data Presented by: Erik Mathisen 02/12/2008.
6/16/20151 Recent Results in Automatic Web Resource Discovery Soumen Chakrabartiv Presentation by Cui Tao.

6/16/20151 Recent Results in Automatic Web Resource Discovery Soumen Chakrabartiv Presentation by Cui Tao.
Information Retrieval in Practice

Information Retrieval in Practice
© 2005 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 5 Making Systematic Observations.

© 2005 The McGraw-Hill Companies, Inc., All Rights Reserved. Chapter 5 Making Systematic Observations.
Overview of Search Engines

Overview of Search Engines
Lecture 11 Intrusion Detection (cont)

Lecture 11 Intrusion Detection (cont)
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
Annual SERC Research Review - Student Presentation, October 5-6, 2011 1 Extending Model Based System Engineering to Utilize 3D Virtual Environments Peter.

Annual SERC Research Review - Student Presentation, October 5-6, Extending Model Based System Engineering to Utilize 3D Virtual Environments Peter.
1. Introduction Generally Intrusion Detection Systems (IDSs), as special-purpose devices to detect network anomalies and attacks, are using two approaches.

1. Introduction Generally Intrusion Detection Systems (IDSs), as special-purpose devices to detect network anomalies and attacks, are using two approaches.
Network Design Essentials. Guide to Networking Essentials, Fifth Edition2 Contents 1. Examining the Basics of a Network Layout 2. Understanding Standard.

Network Design Essentials. Guide to Networking Essentials, Fifth Edition2 Contents 1. Examining the Basics of a Network Layout 2. Understanding Standard.
Introduction The large amount of traffic nowadays in Internet comes from social video streams. Internet Service Providers can significantly enhance local.

Introduction The large amount of traffic nowadays in Internet comes from social video streams. Internet Service Providers can significantly enhance local.
Chapter 2 Network Design Essentials Instructor: Nhan Nguyen Phuong.

Chapter 2 Network Design Essentials Instructor: Nhan Nguyen Phuong.

Similar presentations

Ads by Google