The importance of fraud detection techniques from the Enron case and the T.J. Maxx data breach

This thesis examines the issue of fraud detection and its causes and solutions. After a description of two fraudulent cases Enron scandal (internal fraud), and T.J. Maxx Data Breach (external fraud), it discusses the causes of these two fraud cases using Cressey’s “fraud triangle” theory and Albrecht’s three-stage theory. It then describes various fraud detection techniques in internal and external fraud. Finally, the recommendations for the improvements of both internal and external fraud detection systems are explained

Survey on detecting and preventing web application broken access control attacks

Web applications are an essential component of the current wide range of digital services proposition including financial and governmental services as well as social networking and communications. Broken access control vulnerabilities pose a huge risk to that echo system because they allow the attacker to circumvent the allocated permissions and rights and perform actions that he is not authorized to perform. This paper gives a broad survey of the current research progress on approaches used to detect access control vulnerabilities exploitations and attacks in web application components. It categorizes these approaches based on their key techniques and compares the different detection methods in addition to evaluating their strengths and weaknesses. We also spotted and elaborated on some exciting research gaps found in the current literature, Finally, the paper summarizes the general detection approaches and suggests potential research directions for the future

Identification of Informativeness in Text using Natural Language Stylometry

In this age of information overload, one experiences a rapidly growing over-abundance of written text. To assist with handling this bounty, this plethora of texts is now widely used to develop and optimize statistical natural language processing (NLP) systems. Surprisingly, the use of more fragments of text to train these statistical NLP systems may not necessarily lead to improved performance. We hypothesize that those fragments that help the most with training are those that contain the desired information. Therefore, determining informativeness in text has become a central issue in our view of NLP. Recent developments in this field have spawned a number of solutions to identify informativeness in text. Nevertheless, a shortfall of most of these solutions is their dependency on the genre and domain of the text. In addition, most of them are not efficient regardless of the natural language processing problem areas. Therefore, we attempt to provide a more general solution to this NLP problem. This thesis takes a different approach to this problem by considering the underlying theme of a linguistic theory known as the Code Quantity Principle. This theory suggests that humans codify information in text so that readers can retrieve this information more efficiently. During the codification process, humans usually change elements of their writing ranging from characters to sentences. Examples of such elements are the use of simple words, complex words, function words, content words, syllables, and so on. This theory suggests that these elements have reasonable discriminating strength and can play a key role in distinguishing informativeness in natural language text. In another vein, Stylometry is a modern method to analyze literary style and deals largely with the aforementioned elements of writing. With this as background, we model text using a set of stylometric attributes to characterize variations in writing style present in it. We explore their effectiveness to determine informativeness in text. To the best of our knowledge, this is the first use of stylometric attributes to determine informativeness in statistical NLP. In doing so, we use texts of different genres, viz., scientific papers, technical reports, emails and newspaper articles, that are selected from assorted domains like agriculture, physics, and biomedical science. The variety of NLP systems that have benefitted from incorporating these stylometric attributes somewhere in their computational realm dealing with this set of multifarious texts suggests that these attributes can be regarded as an effective solution to identify informativeness in text. In addition to the variety of text genres and domains, the potential of stylometric attributes is also explored in some NLP application areas---including biomedical relation mining, automatic keyphrase indexing, spam classification, and text summarization---where performance improvement is both important and challenging. The success of the attributes in all these areas further highlights their usefulness

A Logical Architecture for Active Network Management

This paper focuses on improving network management by exploiting the potential of “doing” of the Active Networks technology, together with the potential of “planning,” which is typical of the artificial intelligent systems. We propose a distributed multiagent architecture for Active Network management, which exploits the dynamic reasoning capabilities of the Situation Calculus in order to emulate the reactive behavior of a human expert to fault situations. The information related to network events is generated by programmable sensors deployed across the network. A logical entity collects this information, in order to merge it with general domain knowledge, with a view to identifying the root causes of faults, and to deciding on reparative actions. The logical inference system has been devised to carry out automated isolation, diagnosis, and even repair of network anomalies, thus enhancing the reliability, performance, and security of the network. Experimental results illustrate the Reasoner capability of correctly recognizing fault situations and undertaking management actions

Opnet, Arne, and the Classroom

This paper examines OPNET Technology, Inc\u27s management programs, and Regis University\u27s Academic Research Network (ARNe) needs to find out which OPNET programs can meet the needs of ARNe. The method used was to examine ARNe\u27s needs, and research Microsoft\u27s SMF/MOF management framework, research OPNET\u27s program and module offerings, research OPNET\u27s University Program, and research how OPNET\u27s programs are used at some other universities. The research was used to create a match up between Microsoft\u27s Service Management Functions and OPNET\u27s programs and modules. And it was used to create a list of textbooks, labs, and lab manuals that would work with OPNET\u27s IT Guru and Modeler in a classroom to help teach networking theory. The examination was combined with the research to create an evaluation criteria matrix from which project recommendations could be drawn. The conclusion was that the following OPNET Technology programs and modules could be of benefit to Regis University\u27s ARNe - ACE, Automation module, Commander, DAC module, Flow Analysis module, IT Sentinel, IT Guru, NetDoctor, Report Server, and VNE Server

Machine Learning to Improve Security Operations Centers

Since the onset of the internet, the world has embraced this new technology and used it to collectively advance Humanity. Companies have followed the trend from the physical to the digital world, taking with them all their associated value. In order to safeguard this value, security needed to evolve, with enterprises employing departments of highly trained professionals. Nevertheless, the ever increasing amount of information in need of evaluation by these professionals requires the deployment of automation techniques, aiding in data analysis and bulk task processing, to reduce detection time and as such improve mitigation. This work proposes a novel tool designed to help in attack detection and alert aggregation, by leveraging machine learning techniques. The proposed solution is described in full and showcased using real data from an example implementation.Desde o aparecimento da internet, esta nova tecnologia tem sido usada para avançar a Humanidade. O mercado seguiu as tendências, passando do mundo físico para o digital e levando consigo todo o seu valor associado. De forma a salvaguardar este valor, a segurança precisou de se adaptar, com empresas a dedicarem departamentos inteiros com esse objetivo. No entanto, a quantidade cada vez mais elevada de informação a analisar exige o desenvolvimento de técnicas automáticas de processamento de dados e execução de tarefas em massa, para diminuir o tempo de deteção de ataques permitindo uma mitigação mais ágil dos mesmos. Este trabalho propõe uma ferramenta projetada para ajudar na deteção de ataques e agregação de alertas, usando técnicas de inteligência artificial. A solução proposta é descrita na íntegra e apresentada usando dados reais aplicados a uma implementação de exemplo

Review of Web Mapping: Eras, Trends and Directions

Web mapping and the use of geospatial information online have evolved rapidly over the past few decades. Almost everyone in the world uses mapping information, whether or not one realizes it. Almost every mobile phone now has location services and every event and object on the earth has a location. The use of this geospatial location data has expanded rapidly, thanks to the development of the Internet. Huge volumes of geospatial data are available and daily being captured online, and are used in web applications and maps for viewing, analysis, modeling and simulation. This paper reviews the developments of web mapping from the first static online map images to the current highly interactive, multi-sourced web mapping services that have been increasingly moved to cloud computing platforms. The whole environment of web mapping captures the integration and interaction between three components found online, namely, geospatial information, people and functionality. In this paper, the trends and interactions among these components are identified and reviewed in relation to the technology developments. The review then concludes by exploring some of the opportunities and directions