Catálogo de publicaciones - libros

Dr. Bhavani M. Thuraisingham is the invited keynote speaker for WISI 2006. She is a Professor at the Eric Jonsson School of Engineering and Computer Science, University of Texas at Dallas. She is also director of the Cyber Security Research Center and President of Bhavani Security Consulting.

Terrorists and extremists have become mainstream exploiters of the Internet beyond routine communication operations and dramatically increased their own ability to influence the outside world. Although this alternate side of the Internet, referred to as the “Dark Web,” has recently received extensive government and media attention, the terrorists/extremists’ Internet usage is still under-researched because of the lack of systematic Dark Web content collection and analysis methodologies. To address this research gap, we explore an integrated approach for identifying and collecting terrorist/extremist Web contents. We also propose a framework called the Dark Web Attribute System (DWAS) to enable quantitative Dark Web content analysis from three perspectives: technical sophistication, media richness, and Web interactivity. Using the proposed methodology, we collected and examined more than 200,000 multimedia Web documents created by 86 Middle Eastern multi-lingual terrorist/extremist organizations. In our comparison of terrorist/extremist Web sites to U.S. government Web sites, we found that terrorists/extremist groups exhibited similar levels of Web knowledge as U.S. government agencies. We also found that the terrorists/extremist groups are as effective as the U.S. government agencies in terms of supporting communications and interaction using Web technologies. Based on our case study results, we believe that the DWAS is an effective framework to analyze the technical sophistication of terrorist/extremist groups’ Internet usage and our Dark Web analysis methodology could contribute to an evidence-based understanding of the applications of Web technologies in the global terrorism phenomena.

Since the web is increasingly used by terrorist organizations for propaganda, disinformation, and other purposes, the ability to automatically detect terrorist-related content in multiple languages can be extremely useful. In this paper we describe a new, classification-based approach to multi-lingual detection of terrorist documents. The proposed approach builds upon the recently developed graph-based web document representation model combined with the popular C4.5 decision-tree classification algorithm. Evaluation is performed on a collection of 648 web documents in Arabic language. The results demonstrate that documents downloaded from several known terrorist sites can be reliably discriminated from the content of Arabic news reports using a simple decision tree.

In this paper, we present an investigative search tool called INEXT for searching documents relevant to some terrorism related information seeking tasks. Given a set of seed entities, INEXT conducts information extraction on the documents, and ranks them based on the amount of novel entities and relations they contain. With users interacting with INEXT throughout the search process, documents are re-ranked to identify other relevant documents based on revised document relevance scores. In this paper, we present the overall system architecture and its component modules including the named entity recognition module, entity co-reference module, domain entity and relation extraction module, document ranking module, and entity and relation annotation module. These modules are designed to address the different sub-problems in the entire search process.

This paper explores the increasing number of cybercrime cases in Taiwan and examines the demographic characteristics of the criminals responsible for the criminal activity. The report is based upon data taken from the Criminal Investigation Bureau of Taiwan cybercrime database over the interval of 1999 through 2004. The paper defines cybercrime, addresses cybercrime case statistics and examines profiles of the suspects’ characteristics. The findings show that the top five categories of crime committed over the past six years are sex trading or sex trading on the Internet, Internet fraud, larceny, cyber piracy and cyber pornography. As for the suspects’ characteristics, the findings show that 81.1% were male; 45.5% had some senior high school education exposure; 63.1% acted independently; 23.7% were currently enrolled students; and 29.1% were in the 18-23 age bracket which was the majority group. Finally, this paper proposes four recommendations to governments, society, schools, and researchers to reduce cycbercrime.

This study is intended to uncover the characteristics of computer crimes happening in Taiwan. Applying frequency distribution analysis to the 165 cases collected from the authorities concerned, we find some interesting facts with respect to the crimes’ properties. First, regarding the crimes’ features, a majority of the crimes were related to transmission of pornography and unauthorized copying of proprietary works. Most of them took place at residences. The illegal acts, mainly for profit, usually continued until they were detected. As to the criminals, most of them were male, young, unemployed and college-educated. They tended to commit the crime alone, possessed no prior records and mostly resided in urban areas. Some of them were disabled people, which could be attributed to their difficulties of being employed. The number of cases reported and investigated was increasing, yet, due to certain practical problems, such as the police agency’s limited capability over the offenses or judicial systems’ huge workload, a Funnel Effect emerged in the meantime, resulting in the loss of some cases in each processing phase. In addition, there was a propensity for the judicial system to impose lenient punishment on the violators, e.g. probation and financial penalty instead of imprisonment.

Outlier detection is a key element for intelligent financial surveillance systems which intend to identify fraud and money laundering by discovering unusual customer behaviour pattern. The detection procedures generally fall into two categories: comparing every transaction against its account history and further more, comparing against a peer group to determine if the behavior is unusual. The later approach shows particular merits in efficiently extracting suspicious transaction and reducing false positive rate. Peer group analysis concept is largely dependent on a cross-datasets outlier detection model. In this paper, we propose a cross outlier detection model based on distance definition incorporated with the financial transaction data features. An approximation algorithm accompanied with the model is provided to optimize the computation of the deviation from tested data point to the reference dataset. An experiment based on real bank data blended with synthetic outlier cases shows promising results of our model in reducing false positive rate while enhancing the discriminative rate remarkably.

With the increased usage of computer networks, network intrusions have greatly threatened the Internet infrastructures. Traditional signature-based intrusion detection often suffers from an ineffectivity to those previously “unseen” attacks. In this paper, we analyze the network intrusions from a new viewpoint based on data field and propose branch and bound tree to lessen computation complexity. Finally, we evaluated our approach over KDD Cup 1999 data set.

Keystroke dynamics-based authentication (KDA) is to verify a user’s identification using not only the password but also keystroke patterns. The authors have shown in previous research that uniqueness and consistency of keystroke patterns are important factors to authentication accuracy and that they can be improved by employing artificial rhythms and tempo cues. In this paper, we implement the pause strategy and/or auditory cues for KDA and assess their effectiveness using various novelty detectors. Experimental results show that improved uniqueness and consistency lead to enhanced authentication performance, in particular for those users with poor typing ability.

The national information security mainly depends on the security of database. Current database management system provides some security control mechanisms to ensure the data security such as access control and password protection. However, these mechanisms are not sufficient to ensure database security. This research paper presents a pinion-rack encryption/decryption model (P-R model) and its implementation issues using the field of a record from a database as the basic encryption granularity. Based on the P-R model, this paper also presents a technique of hiding concomitant information in the information system, which can be used to detect the intrusion from illegal users. The P-R model can enhance the ability to identify attacks, accelerate encryption/decryption speed, reduce response time and improve real-time efficiency by cutting the length of keys and minimizing the number of necessary encryption operations. This research paper also proposes a “keeping separately and triggering simultaneously” key management strategy to reduce the possibility of modifying sensitive data purposely by legal users.