Node discovery in a networked organization

In this paper, I present a method to solve a node discovery problem in a networked organization. Covert nodes refer to the nodes which are not observable directly. They affect social interactions, but do not appear in the surveillance logs which record the participants of the social interactions. Discovering the covert nodes is defined as identifying the suspicious logs where the covert nodes would appear if the covert nodes became overt. A mathematical model is developed for the maximal likelihood estimation of the network behind the social interactions and for the identification of the suspicious logs. Precision, recall, and F measure characteristics are demonstrated with the dataset generated from a real organization and the computationally synthesized datasets. The performance is close to the theoretical limit for any covert nodes in the networks of any topologies and sizes if the ratio of the number of observation to the number of possible communication patterns is large

Analyzing covert social network foundation behind terrorism disaster

This paper addresses a method to analyze the covert social network foundation hidden behind the terrorism disaster. It is to solve a node discovery problem, which means to discover a node, which functions relevantly in a social network, but escaped from monitoring on the presence and mutual relationship of nodes. The method aims at integrating the expert investigator's prior understanding, insight on the terrorists' social network nature derived from the complex graph theory, and computational data processing. The social network responsible for the 9/11 attack in 2001 is used to execute simulation experiment to evaluate the performance of the method.Comment: 17pages, 10 figures, submitted to Int. J. Services Science

From Digital Forensics to Intelligent Forensics

In this paper we posit that current investigative techniques—particularly as deployed by law enforcement, are becoming unsuitable for most types of crime investigation. The growth in cybercrime and the complexities of the types of the cybercrime coupled with the limitations in time and resources, both computational and human, in addressing cybercrime put an increasing strain on the ability of digital investigators to apply the processes of digital forensics and digital investigations to obtain timely results. In order to combat the problems, there is a need to enhance the use of the resources available and move beyond the capabilities and constraints of the forensic tools that are in current use. We argue that more intelligent techniques are necessary and should be used proactively. The paper makes the case for the need for such tools and techniques, and investigates and discusses the opportunities afforded by applying principles and procedures of artificial intelligence to digital forensics intelligence and to intelligent forensics and suggests that by applying new techniques to digital investigations there is the opportunity to address the challenges of the larger and more complex domains in which cybercrimes are taking place

Shortlisting the influential members of criminal organizations and identifying their important communication channels

Low-level criminals, who do the legwork in a criminal organization are the most likely to be arrested, whereas the high-level ones tend to avoid attention. But crippling the work of a criminal organizations is not possible unless investigators can identify the most influential, high-level members and monitor their communication channels. Investigators often approach this task by requesting the mobile phone service records of the arrested low-level criminals to identify contacts, and then they build a network model of the organization where each node denotes a criminal and the edges represent communications. Network analysis can be used to infer the most influential criminals and most important communication channels within the network but screening all the nodes and links in a network is laborious and time consuming. Here we propose a new forensic analysis system called IICCC (Identifying Influential Criminals and their Communication Channels) that can effectively and efficiently infer the high-level criminals and short-list the important communication channels in a criminal organization, based on the mobile phone communications of its members. IICCC can also be used to build a network from crime incident reports. We evaluated IICCC experimentally and compared it with five other systems, confirming its superior prediction performance

SIIMCO: A forensic investigation tool for identifying the influential members of a criminal organization

Members of a criminal organization, who hold central positions in the organization, are usually targeted by criminal investigators for removal or surveillance. This is because they play key and influential roles by acting as commanders, who issue instructions or serve as gatekeepers. Removing these central members (i.e., influential members) is most likely to disrupt the organization and put it out of business. Most often, criminal investigators are even more interested in knowing the portion of these influential members, who are the immediate leaders of lower level criminals. These lower level criminals are the ones who usually carry out the criminal works; therefore, they are easier to identify. The ultimate goal of investigators is to identify the immediate leaders of these lower level criminals in order to disrupt future crimes. We propose, in this paper, a forensic analysis system called SIIMCO that can identify the influential members of a criminal organization. Given a list of lower level criminals in a criminal organization, SIIMCO can also identify the immediate leaders of these criminals. SIIMCO first constructs a network representing a criminal organization from either mobile communication data that belongs to the organization or crime incident reports. It adopts the concept space approach to automatically construct a network from crime incident reports. In such a network, a vertex represents an individual criminal, and a link represents the relationship between two criminals. SIIMCO employs formulas that quantify the degree of influence/importance of each vertex in the network relative to all other vertices. We present these formulas through a series of refinements. All the formulas incorporate novelweighting schemes for the edges of networks. We evaluated the quality of SIIMCO by comparing it experimentally with two other systems. Results showed marked improvement

Spam Detection Using Machine Learning and Deep Learning

Text messages are essential these days; however, spam texts have contributed negatively to the success of this communication mode. The compromised authenticity of such messages has given rise to several security breaches. Using spam messages, malicious links have been sent to either harm the system or obtain information detrimental to the user. Spam SMS messages as well as emails have been used as media for attacks such as masquerading and smishing ( a phishing attack through text messaging), and this has threatened both the user and service providers. Therefore, given the waves of attacks, the need to identify and remove these spam messages is important. This dissertation explores the process of text classification from data input to embedded representation of the words in vector form and finally the classification process. Therefore, we have applied different embedding methods to capture both the linguistic and semantic meanings of words. Static embedding methods that are used include Word to Vector (Word2Vec) and Global Vectors (GloVe), while for dynamic embedding the transfer learning of the Bidirectional Encoder Representations from Transformers (BERT) was employed. For classification, both machine learning and deep learning techniques were used to build an efficient and sensitive classification model with good accuracy and low false positive rate. Our result established that the combination of BERT for embedding and machine learning for classification produced better classification results than other combinations. With these results, we developed models that combined the self-feature extraction advantage of deep learning and the effective classification of machine learning. These models were tested on four different datasets, namely: SMS Spam dataset, Ling dataset, Spam Assassin dataset and Enron dataset. BERT+SVC (hybrid model) produced the result with highest accuracy and lowest false positive rate

Relational hyperevent models for polyadic interaction networks

Polyadic, or "multicast" social interaction networks arise when one sender addresses multiple receivers simultaneously. Currently available relational event models (REM) are not well suited to the analysis of polyadic interaction networks because they specify event rates for sets of receivers as functions of dyadic covariates associated with the sender and one receiver at a time. Relational hyperevent models (RHEM) address this problem by specifying event rates as functions of hyperedge covariates associated with the sender and the entire set of receivers. For instance, hyperedge covariates can express the tendency of senders to repeatedly address the same pairs (or larger sets) of receivers - a simple and frequent pattern in polyadic interaction data which, however, cannot be expressed with dyadic covariates. In this article we demonstrate the potential benefits of RHEMs for the analysis of polyadic social interaction. We define and discuss practically relevant effects that are not available for REMs but may be incorporated in empirical specifications of RHEM. We illustrate the empirical value of RHEM, and compare them with related REM, in a reanalysis of the canonical Enron email data