Intelligence and Security Informatics
Preface
ISI 2003 Organizing Committee
Table of Contents
Using Support Vector Machines for Terrorism Information Extraction
1 Introduction
1.1 Motivation
1.2 Research Objectives and Contributions
1.3 Paper Outline
2 Related Work
3 Problem Definition
4 Proposed Method
4.1 Overview
4.2 Feature Acquisition
4.3 Extraction Model Construction
5 Experiments and Results
5.1 Datasets
5.2 Results
6 Conclusions
References
Criminal Incident Data Association Using the OLAP Technology
1 Introduction
2 Brief Review of OLAP and OLAP-Based Data Mining
3 Method
3.1 Rationale
3.2 Definitions
3.3 Outlier Score Function (OSF) and the Crime Association Method
4 Application
4.1 Attribute Selection
4.2 Evaluation Criteria
4.3 Result and Comparison
5 Conclusion
References
Names: A New Frontier in Text Mining
1 Introduction
2 Database Name Matching
3 Named Entity Extraction
4 Intra- and Inter-document Coreference
5 Name Text Mining Support for Visualization, Link Analysis, and Deception Detection
6 Procedure for a Name Extraction and Matching Text Mining Module
7 Research Issues
8 Conclusion
References
Appendix: Comparison of LAS MetaMatch( Search Engine Returns with SQL-Soundex Returns
Web-Based Intelligence Reports System
1 System Concept
2 Objectives
3 Relationships to Other Systems and Sources of Information
3.1 Calls for Service
3.2 Messages
4 PPDR System Architecture
5 PPDR Structural WEB Design
5.1 System Security
5.2 Regular Reports
5.3 AD HOC Reports
5.4 Public Reports
5.5 CAD/MDT Messages Reports
5.6 Updater™s Block
5.7 Administrative Functionality
Fig. 9. Edit and Update Response Time
6 Database Solutions
6.1 Multiple Databases
6.2 Summary Tables
6.3 File Storage and Messages MetaDatabase
7 Data Transition
8 Conclusion
References
Authorship Analysis in Cybercrime Investigation
1 Introduction
2 Literature Review
2.1 Authorship Analysis
2.2 Feature Selection
2.3 Techniques for Authorship Analysis
3 Applying Authorship Analysis in Cybercrime Investigation
4 Experiment Evaluation
4.1 Testbed
4.2 Implementation
4.3 Experiment Design
4.4 Results & Analysis
5 Conclusion & Future Work
References
Behavior Profiling of Email
1 Introduction
1.1 Applying Behavior-Based Detection to Email Sources
1.2 EMT as an Analyst Workbench for Interactive Intelligence Investigations
2 EMT Features
2.1 Attachment Models
2.2 Email Content and Classification
2.3 Account Statistics and Alerts
2.4 Group Communication Models: Cliques
3 Conclusion
References
Detecting Deception through Linguistic Analysis
1 Introduction
2 Background
3 Method
4 Results
4.1 Individual Cue Analysis
4.2 Cluster Analysis by C4.5
5 Discussion
Acknowledgement
References
Appendix: Individual Cue Comparisons by Modality and Deception Condition*
A Longitudinal Analysis of Language Behavior of Deception in E-mail
1 Introduction
2 Theoretical Foundation and Hypotheses
2.1 Media Richness Theory
2.2 Interpersonal Deception Theory (IDT)
2.3 Interpersonal Adaptation Theory (IAT)
2.4 Hypotheses
3 Method
3.1 Experiment Design
3.2 Independent Variables
3.3 Dependent Variables
4 Results
4.1 Repeated Measures Analyses
4.2 Analyses of Variance
5 Discussion
6 Conclusion
Acknowledgement & Disclaimer. Portions of this research were supported by funding from the U.S. Air Force Office of Scientific Research under the U.S. Department of Defense University Research Initiative (Grant #F49620-01-1-0394). The views, opinions, and/or findings in this report are those of the authors and should not be construed as an official Department of Defense position, policy, or decision.
References
Evacuation Planning: A Capacity Constrained Routing Approach
1 Introduction
2 Problem Formulation
3 Capacity Constrained Routing Approach
3.1 Single-Route Capacity Constrained Routing Approach
3.2 Multiple-Route Capacity Constrained Routing Approach
4 Comparison and Cost Models of the Two Algorithms
5 Solution Quality and Performance Evaluation
5.1 Experiment Design
5.2 Experiment Setup and Results
6 Conclusion and Future Work
References
Locating Hidden Groups in Communication Networks Using Hidden Markov Models
1 Introduction
1.1 Example
2 Probabilistic Setup
2.1 The Maximum Likelihood Approach
2.2 General Maximum Likelihood Formulation
3 Concluding Remarks
References
Automatic Construction of Cross-Lingual Networks of Concepts from the Hong Kong SAR Police Department
1 Introduction
2 Automatic Construction of Parallel Corpus
2.1 Title Alignment
2.2 Experiment
3 A Corpus-Based Approach: Automatic Cross-Lingual Concept Space Generation
3.1 Automatic English Phrase Extraction
3.2 Chinese Phrase Extraction
3.2.1 Automatic Phrase Selection
3.2.2 Co-occurrence Weight
3.2.3 The Hopfield Network Algorithm
4 Concept Space Evaluation
4.1 Experimental Design
4.2 Experimental Result
4.3 Evaluation Provided by 10 Graduate Subjects
4.4 Translation Ability of the Concept Space
5 Conclusion
References
Decision Based Spatial Analysis of Crime
1 Introduction
2 Problem Statement
3 Model Development
3.1 Spatial Choice Patterns
3.2 Specification of Prior Probability
3.3 Spatial Misspecification
3.4 Clustering Methods
4 Application of Spatial Choice Model for Real Crime Analysis
4.1 Crime Data Set
4.2 Feature Selection by Similarities
4.3 Model Estimation and Prediction
4.4 Model Comparisons
5 Conclusion
References
CrimeLink Explorer: Using Domain Knowledge to Facilitate Automated Crime Association Analysis
1 Introduction
2 Literature Review
2.1 Link Analysis
2.2 Domain Knowledge Incorporation Approaches
2.3 Shortest-Path Algorithms
3 System Design
3.1 Crime Incident Reports
3.2 Concept Space Approach
3.3 Heuristic Approach
3.4 Association Path Search
3.5 User Interface
4 System Evaluation
5 Conclusions and Future Work
References
A Spatio Temporal Visualizer for Law Enforcement
1 Introduction
2 Background and Motivation
3 Literature Review
3.1 Periodic Data Visualization Tools
3.2 Timeline Tools
3.3 Crime Mapping Tools
4 Features of STV
4.1 Technologies Used
4.2 Components
Control Panel. The control panel (figure 1.c) maintains central control over temporal aspects of the data.
Periodic View. The main purpose of the periodic view (figure 1.d) is to give the crime analyst a quick and easy way to search for crime patterns.
Timeline View. The timeline view (figure 1.a) is a 2D timeline with a hierarchical display of the data in the form of a tree.
GIS View. The GIS view (figure 1.b) displays a map of the city of Tucson on which incidents can be represented as points of a specific color.
5 A Crime Analysis Example
6 Lessons Learned
6.1 Current Strengths of STV
6.2 Areas of Improvement for STV
7 Conclusions and Future Directions
References
Tracking Hidden Groups Using Communications
1 Introduction
2 Detecting Frequent Patterns
3 Visual Exploration
4 Related Work
5 Conclusion
References
Examining Technology Acceptance by Individual Law Enforcement Officers: An Exploratory Study
1 Introduction
2 Literature Review and Motivation
3 Overview of COPLINK Technology
4 Research Model and Hypotheses
5 Instrument Development and Validation
6 Data Analysis Results
7 Discussion
References
Appendix: Listing of Questions Items
"Atrium" - A Knowledge Model for Modern Security Forces in the Information and Terrorism Age
1 Introduction
2 The "Atrium" as Colleague and Institutional Memory
3 The Core ΠMain Operational Knowledge Creation and Application Hierarchies
4 The Task Forces ΠResponses in Knowledge Creation and Security Applications
5 Advantages ΠSurprise-Oriented, Scalable Knowledge-Enabled Institutions
References
Untangling Criminal Networks: A Case Study
1 Introduction
2 Related Work
2.1 Network Creation
2.2 Structural Analysis
Discovery of Patterns of Interaction. Patterns of interaction between subgroups can be discovered using an SNA approach called blockmodel analysis [2]. Given a partitioned network, blockmodel analysis determines the presence or absence of an association between a pair of subgroups by comparing the density of the links between them at a predefined threshold value. In this way, blockmodeling introduces summarized individual interaction details into interactions between groups so that the overall structure of the network becomes more apparent.
2.3 Network Visualization
3 System Architecture
3.1 Network Creation Component
3.2 Structural Analysis Component
Centrality Measures. We used all three centrality measures to identify central members in a given subgroup. The degree of a node could be obtained by counting the total number of links it had to all the other group members. A node™s score of betweenness and closeness required the computation of shortest paths (geodesics) using Dijkstra™s algorithm [7].
Blockmodeling. At a given level of a cluster hierarchy, we compared between-group link densities with the network™s overall link density to determine the presence or absence of between-group relationships.
3.3 Network Visualization Component
4 Case Study
4.1 Data Preparation
4.2 Result Validation
Detection of Subgroups. Since our system could partition a network into subgroups at different levels of granularity, we selected the partition that the crime investigators considered to be closest to their knowledge of the network organizations. The result showed that our system could detect subgroups from a network correctly:
4.3 Usefulness of System
5 Conclusions and Future Work
Acknowledgement. This project has primarily been funded by the National Science Foundation (NSF), Digital Government Program, fiCOPLINK Center: Information and Knowledge Management for Law Enforcement,fl #9983304, July, 2000-June, 2003 and the NSF Knowledge Discovery and Dissemination (KDD) Initiative. Special thanks go to Dr. Ronald Breiger from the Department of Sociology at the University of Arizona for his kind help with the initial design of the research framework. We would like also to thank the following people for their support and assistance during the entire project development and evaluation processes: Dr. Daniel Zeng, Michael Chau, and other members at the University of Arizona Artificial Intelligence Lab. We also appreciate important analytical comments and suggestions from personnel from the Tucson Police Department: Lieutenant Jennifer Schroeder, Sergeant Mark Nizbet of the Gang Unit, Detective Tim Petersen, and others.
References
Addressing the Homeland Security Problem: A Collaborative Decision-Making Framework
1 Introduction
2 Research Foundations
3 Argument Structure and Connectionism
3.1 Argument Structure
3.2 The Connectionist Formalism
4 Inference Rules
4.1 Transitive Sequence
4.2 Common Successor
4.3 Common Predecessor
4.4 Argument Consistency
5 Computational Analysis
5.1 An Example
6 Effects of Information and Argument Reliability
7 Conclusion
References
Collaborative Workflow Management for Interagency Crime Analysis
1 Introduction
2 Characteristics of Crime Analysis Process: A Field Study
2.1 Crime Analysis Processes in a Major Police Department
2.2 The Need for Greater Support in Collaborative Workflow
3 A Conceptual Model of Collaborative Workflow for Interagency Crime Analysis
4 A Collaborative Workflow Management System for Interagency Crime Analysis
4.1 A Three-Layer Framework
4.2 Web Services Enabled System Architecture for Interagency Crime Analysis Workflow
5 Event-Based Workflow and Event Management Language
5.1 Meta-level and Instance-Level Workflow Models
5.2 A Workflow Event Language and Associated Operators
5.3 Uniqueness of Event-Based Workflows
6 Conclusions
References
COPLINK Agent: An Architecture for Information Monitoring and Sharing in Law Enforcement
1 Introduction
2 Research Background
2.1 Information Systems in the Law Enforcement Domain
2.2 Information Monitoring and Sharing
3 Research Questions
4 COPLINK Agent System Architecture
4.1 System Architecture Overview
4.2 Searching and Monitoring Module
4.3 Collaboration Module
4.4 Alerting Module
5 Sample User Sessions with COPLINK Agent
5.1 Searching and Collaborating
5.2 Information Monitoring
5.3 Managing Search Sessions
6 Evaluation
6.1 Methodology
6.2 Participants
6.3 Data Collection Procedures
6.4 Summary of Evaluation Study
6.5 Discussions
7 Conclusions and Future Directions
Acknowledgement. The work described in this report was substantially supported by the following grants: (1) NSF Digital Government Program, fiCOPLINK Center: Information and Knowledge Management for Law Enforcement,fl #9983304, July 2000ŒJune 2003; (2) National Institute of Justice, fiCOPLINK: Database Integration and Access for a Law Enforcement Intranet,fl July 1997ŒJanuary 2000; (3) NSF/CISE/CSS, fiAn Intelligent CSCW Workbench: Personalization, Visualization, and Agents,fl #9800696, June 1998ŒJune 2001. We also would like to thank all of the personnel from TPD who participated in this study. In particular, we would like to thank Lt. Jenny Schroeder, Det. Tim Petersen, and Dan Casey. Lastly, we also would like to thank members of the COPLINK Team at the University of Arizona and Knowledge Computing Corporation (KCC) for their support.
References
Active Database Systems for Monitoring and Surveillance
1 Introduction
2 Background and Related Research
3 The Proposal
3.1 Extended Triggers
3.2 Implementation
4 Conclusion and Further Research
References
Integrated "Mixed" Networks Security Monitoring - A Proposed Framework
1 Introduction
2 Security Overview
3 Conceptual Model
3.1 Obtainment of Security Data
3.2 Standardization of Data
3.3 Calculation of the Overall System Score
3.4 Structure of Web-Based Interface
4 Conclusions
References
Bioterrorism Surveillance with Real-Time Data Warehousing
1 The Threat of Bioterrorism
2 Bioterrorism Surveillance Systems
2.1 Multidimensional Indicators
2.2 Real-Time Information
2.3 Pattern Recognition and Alarm Thresholds
3 The Decision Making Context
4 Flash Data Warehousing
5 Demonstration Bioterrorism Surveillance System in Florida
5.1 Bioterrorism Threat Indicators
5.2 Real-Time Data Feeds
5.3 Pattern Recognition and Alarm Thresholds
5.4 Surveillance Dashboards
6 Conclusions
References
Privacy Sensitive Distributed Data Mining from Multi-party Data
1 Introduction
2 Privacy Preserving Correlation Computation and Orthogonal Matrices
3 Random Projection Matrices for Correlation Computation
4 Computing Correlation from Distributed Data
5 Experimental Results
6 Conclusions and Future Work
References
PROGENIE: Biographical Descriptions for Intelligence Analysis
1 Introduction
2 Motivation and Relevance
3 System Description
4 Final Remarks
References
Scalable Knowledge Extraction from Legacy Sources with SEEK
1 Introduction
2 Overview of the SEEK Approach
3 Conclusion
References
"TalkPrinting": Improving Speaker Recognition by Modeling Stylistic Features
1 Introduction
2 Overview of Task and Baseline System
3 High-Level Speaker Features
4 Results
5 Effect of Test Segment Duration
6 Conclusions
Acknowledgments. This work was funded by a KDD supplement to NSF IRI-9619921. We thank Gary Kuhn for helpful discussion and technical suggestions.
References
Emergent Semantics from Users' Browsing Paths
1 Introduction
2 Our Approach
3 Preliminary Results
References
Designing Agent99 Trainer: A Learner-Centered, Web-Based Training System for Deception Detection
1 Introduction
2 Background
3 System Design and Development
4 Experiment
5 Results and Discussion
References
Training Professionals to Detect Deception
1 Introduction
2 Study Design and Procedures
3 Findings
4 Discussion
References
An E-mail Monitoring System for Detecting Outflow of Confidential Documents
1 Introduction
2 Our Approach
3 Experimental Results
4 Conclusions
Acknowledgements. The present research was conducted by the research fund of Dankook University in 2003.
References
Intelligence and Security Informatics: An Information Economics Perspective
1 Introduction
2 Incentives and Credibility of Information Sources
3 Conclusion
References
An International Perspective on Fighting Cybercrime
1 Introduction
2 An Overview of Cybercrime
3 Fighting Cybercrime in Different Countries
3.1 Within-Country Strategy
3.2 Across-Country Strategy: Collaborative Fighting of Cybercrime
4 Recommendations
5 Conclusions and the Future
References
Hiding Traversal of Tree Structured Data from Untrusted Data Stores
Criminal Record Matching Based on the Vector Space Model
Database Support for Exploring Criminal Networks
Hiding Data and Code Security for Application Hosting Infrastructure
Secure Information Sharing and Information Retrieval Infrastructure with GridIR
Semantic Hacking and Intelligence and Security Informatics (Extended Abstract)
References
Author Index