By Topic

Intelligence and Security Informatics, 2007 IEEE

Date 23-24 May 2007

Filter Results

Displaying Results 1 - 25 of 85
  • [Front cover]

    Publication Year: 2007 , Page(s): i
    Save to Project icon | Request Permissions | PDF file iconPDF (411 KB)  
    Freely Available from IEEE
  • [Breaker page]

    Publication Year: 2007 , Page(s): ii
    Save to Project icon | Request Permissions | PDF file iconPDF (531 KB)  
    Freely Available from IEEE
  • [Commentary]

    Publication Year: 2007 , Page(s): iii - iv
    Save to Project icon | Request Permissions | PDF file iconPDF (131 KB) |  | HTML iconHTML  
    Freely Available from IEEE
  • Contributor listings

    Publication Year: 2007
    Save to Project icon | Request Permissions | PDF file iconPDF (27 KB)  
    Freely Available from IEEE
  • Contributor listings

    Publication Year: 2007 , Page(s): vi - viii
    Save to Project icon | Request Permissions | PDF file iconPDF (115 KB)  
    Freely Available from IEEE
  • [Society related material]

    Publication Year: 2007 , Page(s): ix - x
    Save to Project icon | Request Permissions | PDF file iconPDF (93 KB)  
    Freely Available from IEEE
  • [Commentary]

    Publication Year: 2007 , Page(s): xi
    Save to Project icon | Request Permissions | PDF file iconPDF (76 KB)  
    Freely Available from IEEE
  • Table of contents

    Publication Year: 2007 , Page(s): xiii - xvii
    Save to Project icon | Request Permissions | PDF file iconPDF (295 KB)  
    Freely Available from IEEE
  • Sequential Decision Making Algorithms for Port of Entry Inspection: Overcoming Computational Challenges

    Publication Year: 2007 , Page(s): 1 - 7
    Cited by:  Papers (2)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (671 KB) |  | HTML iconHTML  

    Following work of Stroud and Saeger and Anand et al., we formulate a port of entry inspection sequencing task as a problem of finding an optimal binary decision tree for an appropriate Boolean decision function. We report on new algorithms that are more efficient computationally than those presented by Stroud and Saeger and Anand et al. We achieve these efficiencies through a combination of specific numerical methods for finding optimal thresholds for sensor functions and a novel binary decision tree search algorithm that operates on a space of potentially acceptable binary decision trees. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Using Digital Chains of Custody on Constrained Devices to Verify Evidence

    Publication Year: 2007 , Page(s): 8 - 15
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (2737 KB) |  | HTML iconHTML  

    A digital chain of custody is an account documenting digital data at a particular place and time. This paper gives a method of validating and authenticating a digital chain of custody using an algorithm by Jakobsson and by providing a new algorithm that compliments Jakobsson's algorithm. Our method assumes specialized hardware. The physical hardware is assumed to be memory and processor constrained. Our new algorithm is an online algorithm that generates a hash chain of n hash elements without knowledge of n before it starts. At the same time, as n grows our new algorithm stores only the [log n] pebbles which are inputs for Jakobsson's amortized hash chain traversal algorithm. Jakobsson's algorithm is then used to validate hash elements and thus the digital chain of custody. The complimentary algorithm presented here is used to generate and store the hash chain. The compact representation used by these algorithms is useful to store a large digital chain of custody on a small and constrained device. Our proposed method allows the use of constrained devices to validate complex and ephemeral data such as shipping manifests and handling logs. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Approach for Discovering and Handling Crisis in a Service-Oriented Environment

    Publication Year: 2007 , Page(s): 16 - 24
    Cited by:  Papers (3)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (6851 KB) |  | HTML iconHTML  

    In an emergency situation failure to respond in a timely manner poses a significant threat. Data needed for timely response comes from various sources and sensors. These individual data streams when viewed in isolation may appear irrelevant, however, when analyzed collectively may identify potential threats. An effective and timely response also requires collaboration and information sharing among various government agencies at all levels. This collaboration information sharing among agencies can be achieved using service-oriented architecture, where agencies provide access to their information resources and applications using Web services. Each of these agencies has its own rules/policies for providing their services. It is therefore, important to verify the correctness of the emergency response processes with respect to the rules/policies of the collaborating agencies involved in the execution of such processes. In this paper we present an approach which addresses the above challenges. Specifically, the proposed approach: a) employs multi stream data mining for identification of potential threats and disambiguation of alarms; b) provides a methodology for the discovery and selection of relevant Web services; c) employs a timed automata based verification methodology for determining the correctness of emergency response processes with respect to the rules of the collaborating agencies. We provide an overview of the initial implementation of the proposed approach. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Quick Group Decision-making Planning Method for Emergency Response

    Publication Year: 2007 , Page(s): 25 - 31
    Cited by:  Papers (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (3803 KB) |  | HTML iconHTML  

    To support the group decision-making in emergency response, it is important to research on how to reach consensus quickly and reliably in the procedure of group decision-making. This paper proposes a new planning method to improve the efficiency of group decision-making based on Markov chain model and uses a real case example of New Orleans Hurricane Katrina to illustrate the usefulness and effectiveness of the proposed approach. The approach is quicker than conventional process in terms of two points. (1) It minimizes the human interventions and makes the most of computer system support to speed up the interactions between the decision-maker and the system. (2) It researches into the important hidden pattern in the group decision-making process, predicts the possible decision in the future and thus further speeds up the decision-making process. The authors hope that analysis of the dynamic procedure of decision-maker's preference adjustment will assist researchers not only in better understanding of group decision-making procedure but also in better design of Group Decision Support Systems for emergency response. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Architecture for an Automatic Customized Warning System

    Publication Year: 2007 , Page(s): 32 - 39
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (4615 KB) |  | HTML iconHTML  

    Public communication during natural and man-made disasters is a key issue that must be addressed to protect lives and properties. The choice of the best protective actions to take depends on a global situation-awareness that is not available to the general public. Emergency personnel and public authorities have the duty to inform the population before, during and after catastrophic events to support the disaster response. In this paper we describe the design and the implementation of PWS (Policy-driven Warning System), a system for public warning dissemination. PWS is not intended to replace existing systems or procedures, but to serve on top of them in order to leverage the current emergency response knowledge. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Dynamic Social Network Analysis of a Dark Network: Identifying Significant Facilitators

    Publication Year: 2007 , Page(s): 40 - 46
    Cited by:  Papers (3)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1860 KB) |  | HTML iconHTML  

    "Dark Networks" refer to various illegal and covert social networks like criminal and terrorist networks. These networks evolve over time with the formation and dissolution of links to survive control efforts by authorities. Previous studies have shown that the link formation process in such networks is influenced by a set of facilitators. However, there have been few empirical evaluations to determine the significant facilitators. In this study, we used dynamic social network analysis methods to examine several plausible link formation facilitators in a large-scale real-world narcotics network. Multivariate Cox regression showed that mutual acquaintance and vehicle affiliations were significant facilitators in the network under study. These findings provide insights into the link formation processes and the resilience of dark networks. They also can be used to help authorities predict co-offending in future crimes. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Dynamic Social Network Software Platform for Counter-Terrorism Decision Support

    Publication Year: 2007 , Page(s): 47 - 54
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (4410 KB) |  | HTML iconHTML  

    DynNetSim is a dynamic network software platform for modeling and analyzing social and other networks as they evolve over time. DynNetSim combines stochastic modeling with a behavioral simulation framework that synthesizes system dynamics and computational agent paradigms. The resulting framework provides a holistic depiction of networks responding to influences of environmental forces, trends, and disruptive events. In social networks comprised of intentional (goal-directed) entities such as terrorist groups, such responses may encompass opportunistic and adaptive behaviors. DynNetSim also enables exploration of the likely impacts of prospective strategies to change networks, such as attacking adversaries' social networks or reducing vulnerabilities in our own critical infrastructure systems. DynNetSim can enhance diverse counter-terrorism activities including intelligence analysis; critical infrastructure protection; and preparedness planning. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Terrorism and Crime Related Weblog Social Network: Link, Content Analysis and Information Visualization

    Publication Year: 2007 , Page(s): 55 - 58
    Cited by:  Papers (12)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1555 KB) |  | HTML iconHTML  

    A Weblog is a Web site where entries are made in diary style, maintained by its sole author - a blogger, and displayed in a reverse chronological order. Due to the freedom and convenience of publishing in Weblogs, this form of media provides an ideal environment as a propaganda platform for terrorist groups to promote their ideologies and as an operation platform for organizing crimes. In this work, we present a framework to analyze and visualize Weblog social network embedded beneath relevant Weblogs gathered through topic-specific exploration. Link analysis uses the relationships between bloggers to construct the Weblog social network. Content analysis associates similar blog messages to unveil implicit relationships found in the semantics to further improve the Weblog social network analysis. Users can use different interactive information visualization techniques to explore various aspects of the underlying social network at different levels of abstraction. With the capability of analyzing and visualizing Weblog social networks in terrorist and crime related matters, intelligence agencies and law enforcement will be able to have an additional tools and means to ensure the national security. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Deployment of DNIDS in Social Networks

    Publication Year: 2007 , Page(s): 59 - 65
    Cited by:  Papers (4)  |  Patents (1)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (2199 KB) |  | HTML iconHTML  

    Internet users form social networks as they communicate with each other. Computer worms and viruses exploit these social networks in order to propagate to other users. In this paper we present a new framework aimed at slowing down or even preventing the propagation of computer worms and viruses in social networks. In the first part of the framework a social network has to be derived for a given community of users. In the second part the group of users that have the highest influence on the communication in the social network has to be located. The group betweenness centrality measure is used to evaluate the influence of each candidate group. In the third part we analyze the threat propagation in the social network assuming that a distributed network intrusion detection system (DNIDS) is monitoring the traffic of the group. The analysis is performed using a network simulator that was developed for this purpose. In the fourth part a DNIDS has to be deployed on a range of ISPs in order to monitor and clean the traffic of the users belonging to the central group. We applied the new framework by deriving the social network of 1000 students, finding the most influential group of users, and analyzing the influence of the deployment of DNIDS using a simulation tool. The simulation results demonstrated the framework's ability to slow down or even prevent the propagation of threats by cleaning the traffic of central group of users. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Framework for an Adaptive Intrusion Detection System using Bayesian Network

    Publication Year: 2007 , Page(s): 66 - 70
    Cited by:  Papers (4)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (1344 KB) |  | HTML iconHTML  

    The goal of a network-based intrusion detection system (IDS) is to identify malicious behavior that targets a network and its resources. Intrusion detection parameters are numerous and in many cases they present uncertain and imprecise causal relationships which can affect attack types. A Bayesian Network (BN) is known as graphical modeling tool used to model decision problems containing uncertainty. In this paper, a BN is used to build automatic intrusion detection system based on signature recognition. The goal is to recognize signatures of known attacks, match the observed behavior with those known signatures, and signal intrusion when there is a match. A major difficulty of this system is that intrusions signatures change over the time and the system must be retrained. An IDS must be able to adapt to these changes. The goal of this paper is to provide a framework for an adaptive intrusion detection system that uses Bayesian network. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Classification of Attributes and Behavior in Risk Management Using Bayesian Networks

    Publication Year: 2007 , Page(s): 71 - 74
    Cited by:  Papers (3)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (2392 KB) |  | HTML iconHTML  

    Security administration is an uphill task to implement in an enterprise network providing secured corporate services. With the slew of patches being released by network component vendors, system administrators require a barrage of tools for analyzing the risk due to vulnerabilities in those components. In addition, criticalities in patching some end hosts raises serious security issues about the network to which the end hosts are connected. In this context, it would be imperative to know the risk level of all critical resources keeping in view the everyday emerging new vulnerabilities. We hypothesize that sequence of network actions by attackers depends on their social and attack profile (behavioral resources such as skill level, time, and attitude). To estimate the types of attack behavior, we surveyed individuals for their ability and attack intent. Using the individuals' responses, we determined their behavioral resources and classified them as having opportunist, hacker, or explorer behavior. The profile behavioral resources can be used for determining risk by an attacker having that profile. Thus, suitable vulnerability analysis and risk management strategies can be formulated to efficiently curtail the risk from different types of attackers. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Fine-Grained Reputation-based Routing in Wireless Ad Hoc Networks

    Publication Year: 2007 , Page(s): 75 - 78
    Cited by:  Papers (2)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (4960 KB) |  | HTML iconHTML  

    Mobile ad-hoc networks (MANETs) are the best choice for instant networks when no fixed infrastructure is available. MANETs can support applications in a variety of areas like emergency assistance and inter-vehicle communications. Most developed wireless ad-hoc routing protocols are designed to discover and maintain an active path from source to destination with an assumption that every node is friendly. However, it is possible that the participating nodes may be selfish or malicious. A mechanism to evaluate reputation and trust for each node is essential for the reliability of routing protocol in MANETs. We integrate reputation and trust management into routing protocols in MANETs. Reputation mechanism is based on constantly monitoring and updating first-hand and second-hand information. The nodes within the network are able to monitor their neighbors and obtain first-hand information based on the perceived behavior. Second-hand information is obtained from the sharing of first-hand information with other nodes. The nodes thus create total reputation value by a combination of firsthand and second-hand information. The total reputation value is then available to neighboring nodes for routing decisions. Dirichlet distribution is combined with Bayes theorem to provide finer granularity for nodes classification based on their behavior. Fine-grained reputation management is integrated into a routing protocol to explore the possibility and benefits on improvement of reliability in both route discovery and maintenance in MANETs. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Organizing Hot-Spot Police Patrol Routes

    Publication Year: 2007 , Page(s): 79 - 86
    Cited by:  Papers (11)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (868 KB) |  | HTML iconHTML  

    We address the problem of planning patrol routes to maximize coverage of important locations (hot spots) at minimum cost (length of patrol route). We model a road network using an edge-weighted graph in which edges represent streets, vertices represent intersections, and weights represent importance of the corresponding streets. We describe efficient methods that use this input to determine the most important patrol routes. In addition to the importance of streets (edge weights), important routes are affected by the topology of the road network. Our methods permit automation of a labor-intensive stage of the patrol-planning process and aid dynamic adjustment of patrol routes in response to changes in the input graph (as a result of a developing situation, for instance). View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Host Architecture for Automobile License Plate Recognition

    Publication Year: 2007 , Page(s): 87 - 94
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (6565 KB) |  | HTML iconHTML  

    Automobile license plate recognition (ALPR) is becoming increasingly important to homeland security and law enforcement. There are a number of commercial vendors with tag recognition hardware and software in the ALPR market. Many of these vendors have developed open tag recognition solutions that run on laptop PCs with commodity video-capture devices as peripherals. Such PC-based solutions are quite conducive to an open architecture for data transmission and sharing between applications. In this paper, we present an architecture that supports such a commodity tag recognition solution as its centerpiece. We then discuss a recent pilot project where this architecture was implemented and tested. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • A Layered Dempster-Shafer Approach to Scenario Construction and Analysis

    Publication Year: 2007 , Page(s): 95 - 102
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (7363 KB) |  | HTML iconHTML  

    The ability to support creation and parallel analysis of competing scenarios is perhaps the greatest single challenge for today's intelligence analysis systems. Dempster-Shafer theory provides an evidentiary reasoning methodology for scenario construction and analysis that offers potential advantages when compared to other approaches such as Bayesian nets as it places less conceptual load on the analyst by not requiring the complete specification of joint probability distributions. This paper presents a method that can further reduce the conceptual load by taking advantage of hierarchically structured indicators. We present a novel interface for this layered, Dempster-Shafer evidentiary reasoning approach and demonstrate the utility of this interface with reference to analysis problems focusing on comparing distinct hypotheses. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Forecasting Terrorist Groups' Warfare: Conventional to CBRN

    Publication Year: 2007 , Page(s): 103 - 106
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (284 KB) |  | HTML iconHTML  

    To forecast the spectrum of warfare that a terrorist group is likely to conduct against a specific adversary, this paper proposes an indications and warning (I&W) methodology to comprehensively and systematically map significant indicators that need to be assessed, weighed, and correlated. A key proposition in this paper is that to adequately assess the likelihood and magnitude of the types of threats posed by contemporary terrorism three issues need to be addressed. First, as mentioned above, threat assessments need to focus on three types of warfare that characterize that spectrum of terrorist operations: CLI, CHI, and CBRN. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.
  • Host Based Intrusion Detection using Machine Learning

    Publication Year: 2007 , Page(s): 107 - 114
    Cited by:  Papers (3)
    Save to Project icon | Request Permissions | Click to expandQuick Abstract | PDF file iconPDF (3403 KB) |  | HTML iconHTML  

    Detecting unknown malicious code (malcode) is a challenging task. Current common solutions, such as anti-virus tools, rely heavily on prior explicit knowledge of specific instances of malcode binary code signatures. During the time between its appearance and an update being sent to anti-virus tools, a new worm can infect many computers and cause significant damage. We present a new host-based intrusion detection approach, based on analyzing the behavior of the computer to detect the presence of unknown malicious code. The new approach consists on classification algorithms that learn from previous known malcode samples which enable the detection of an unknown malcode. We performed several experiments to evaluate our approach, focusing on computer worms being activated on several computer configurations while running several programs in order to simulate background activity. We collected 323 features in order to measure the computer behavior. Four classification algorithms were applied on several feature subsets. The average detection accuracy that we achieved was above 90% and for specific unknown worms even above 99%. View full abstract»

    Full text access may be available. Click article title to sign in or learn about subscription options.