Catálogo de publicaciones - libros

The security community has used psychological research on attacker personalities, but little work has been done to investigate the personalities of the defenders. We surveyed 43 security professionals using a Five Factor Model-based test to reveal common dominant traits. We found that our sampled population demonstrated that they were highly dutiful, achievement-striving, and cautious; in addition, they were high in morality and cooperation, but low in imagination. We conclude that many of these characteristics are appropriate for security professionals, although the low scores in the “openness to experience” domain may indicate difficulties in devising new security defense methods and in anticipating new forms of attack. This potentially leaves large organizations and nation-states vulnerable to attacks.

While businesses have been extensively using data mining to pursue everlasting prosperity, we seldom consider this technique in public affairs. The government holds a large quantity of data that are records of official operations or private information of the people. These data can be used for increasing benefits of the people or enhancing the efficiency of governmental operations. In this paper we will apply this technique to the data of stolen automobiles to explore the unknown knowledge hidden in the data and provide this knowledge to transportation, insurance as well as law enforcement for decision supports. The data we use are abstracted from 378 thousand records of stolen automobiles in the past eleven years in Taiwan. After constructing a data warehouse, we apply the technique of classification, association rule, prediction, data generalization and summarization-based characterization to discover new knowledge. Our results include the understanding of automotive theft, possibility of finding stolen automobiles, intrigue in theft claims, etc. The knowledge we acquired is useful in decision support, showing the applicability of data mining in public affairs. The experience we gathered in this study would help the use of this technique in other public sectors. Along with the research results, we suggest the law enforcement to consider data mining as a new means to investigate criminal cases, to set up a team of criminal data analysis, to launch a new program to crack down automotive thefts, and to improve the quality of criminal data management.

During recent years, the empirical research on corruption has grown considerably. Possible links between government corruption and terrorism have attracted an increasing interest in this research field. Most of the existing literature discusses the topic from a socio-economical perspective and only few studies tackle this research field from a data mining point of view. In this paper, we apply data mining techniques onto a cross-country database linking macro-economical variables to perceived levels of corruption. In the first part, self organizing maps are applied to study the interconnections between these variables. Afterwards, support vector machines are trained on part of the data and used to forecast corruption for other countries. Large deviations for specific countries between these models’ predictions and the actual values can prove useful for further research. Finally, projection of the forecasts onto a self organizing map allows a detailed comparison between the different models’ behavior.

Identity crime has increased enormously over the recent years. Spike detection is important because it highlights sudden and sharp rises in intensity relative to the current identity attribute value (which can be indicative of abuse). This paper proposes the new spike analysis framework for monitoring sparse personal identity streams. For each identity example, it detects spikes in single attribute values and integrates multiple spikes from different attributes to produce a numeric suspicion score. Although only temporal representation is examined here, experimental results on synthetic and real credit applications reveal some conditions on which the framework will perform well.

We present a framework for discovering positive associations in urban crime datasets using hierarchical clustering and an association test based on a hybrid minimum bounding circle and average bounding circle approach. We justify the virtue of our framework by comparing its computational speed and quality of associations using real crime datasets.

Intelligence operation against the terrorist network has been studied extensively with the aim to mine the clues and traces of terrorists. The contributions of this paper include: (1) introducing a new approach to classify terrorists based on Gene Expression Programming (GEP); (2) analyzing the characteristics of the terrorist organization, and proposing an algorithm called Create Virtual Community (CVC) based on tree-structure to create a virtual community; (3) proposing a formal definition of Virtual Community (VC) and the VCCM Mining algorithm to mine the core members of a virtual community. Experimental results demonstrate the effectiveness of VCCM Mining.

The importance of kernel-level security mechanisms such as a file system and access control has been increasingly emphasized as weaknesses in user-level applications. However, when using only access control, including role-based access control (RBAC), a system is vulnerable to a low-level or physical attack. In addition, when using only a cryptographic file system, a system also has a weakness that it is unable to protect itself. To overcome these vulnerabilities, we integrated a cryptographic file system into the access control, and developed a prototype.

As various computers are connected into a world wide network, software is a target of copyright pirates, attackers, or even terrorists, as a result, software protections become a more and more important issue for software users and developers. There are some technical measures for software protections, such as hardware-based protections and software-based techniques [1], etc. Software obfuscation [2] is one of these measures to protect software from unauthorized modification by making software more obscure so that it is hard for potential attackers to understand the obfuscated software. There are several algorithms of software obfuscation such as layout transformation, computation transformation, ordering transformation, and data transformation [2]. Variable transformation is a major method of data transformation to transform software into a new semantically equivalent one that is hard for attackers to understand the true meaning of variables in software.

Private/personal information is defined as any linguistic expression that has referent(s) of type natural person. Private information can be classified as: (1) atomic private information is an assertion that has a single human referent, and (2) compound private information is an assertion that has more than one human referent. If p is a piece of atomic private information of person v, then p is proprietary private information of v, and v is its. A refers to any agent that knows, stores, or owns the information [2].

Typical uses of watermarks include copyright protection and disabling unauthorized access to content. Especially, copyright protection watermarks embed some information in the data to identify the copyright holder or content provider, while receiver-identifying watermarking, commonly referred to as fingerprinting, embeds information to identify the receiver of that copy of the content. Thus, if an unauthorized copy of the content is recovered, extracting the fingerprint will show who the initial receiver was [1][2]. In this paper we generalize our previous work [3] of a video fingerprinting system to identify the source of illegal copies. This includes a logo embedding technique, generalization of the distribution system and detailed investigation of the robustness against collusion attacks.