Fig 3 - uploaded by Mehmed Kantardzic
Content may be subject to copyright.
Different Interesting Connections
Source publication
Association rule mining is an important data analysis tool that can be applied with success to a variety of domains. However, most association rule mining algorithms seek to discover statistically signifl- cant patterns (i.e. those with considerable support). We argue that, in law-enforcement, intelligence and counterterrorism work, sometimes it is...
Context in source publication
Context 1
... o n , which are not connected among them). Three example topologies are given in Figure 3, assuming that all connections are found interesting (the original graph G on the left, the resulting G to its right). Given two arbitrary objects o 1 and o 2 in graph G, the question Is there a connection between o 1 and o 2 , and if so, what is its nature? ...
Similar publications
Association Rules Mining is one of the popular techniques used in data mining. Positive association rules are very useful in correlation analysis and decision making processes. In educational context, determine a “right” program to the students is very unclear especially when their chosen programs are not selected. In this case, normally they will...
![Figure 1. Proxy server communication Source: [4]](profile/Meenu-Gupta-8/publication/318492816/figure/fig1/AS:631671556689922@1527613643245/Proxy-server-communication-Source-4_Q320.jpg)
Introduction: Traffic accidents are an undesirable burden on society.
Every year around one million deaths and more than ten million injuries are reported
due to traffic accidents. Hence, traffic accidents prevention measures must
be taken to overcome the accident rate. Different countries have different geographical
and environmental conditions an...
Citations
... Integration of Big Data internal systems with highly sophisticated Link Analysis capabilities seems to enhance the success rate in foiling terrorist activities-an example is British police forces' efforts against organized crime. 35 But these automatic systems are not infallible; when they have been wrong or did not help to target suspects, usually as a result of lack of targeted information, failures in preventing terrorism have resulted. The November 2015 terrorist attacks in Paris that killed 130 people are a good example. ...
... Any errors in data are to be examined taking into consideration the context of the domains; some may be true errors and therefore removed, whereas other errors may be regarded as interesting anomalies. Link mining applications have been shown to be highly effective in addressing many important business issues such as money laundering (Kirkland et al., 1999), telephone fraud detection (Fawcett and Provost 1999), crime detection (Sparrow 1991), terrorism (Badia andKantardzic 2005, Skillicorn 2004), the financial domain (Creamer and Stolfo 2009), social networks and health care problems (Provana et al., 2010, Wadhah et al., 2011. The identification of anomalies is affected by various factors, many of which are of interest for practical applications. ...
This survey introduces the emergence of link mining and its relevant application to detect anomalies which can include events that are unusual, out of the ordinary or rare, unexpected behaviour, or outliers.
... Link mining is a newly developed research area, bringing together research insights from the fields of web mining, graph theory and machine learning. Link mining applications have been shown to be highly effective in addressing many important business issues such as telephone fraud detection (Fawcett & Provost, 1999), crime detection (Sparrow, 1991), money laundering (Kirkland et al., 1999), terrorism (Badia & Kantardzic, 2005;Skillicorn, 2004), financial applications (Creamer & Stolfo, 2009), social networks and health care problems (Provana et al., 2010;Wadhah et al., 2012). The trend in the building and use of link mining models for critical business, law enforcement and scientific decision support applications are expected to grow. ...
This survey introduces the emergence of link mining and its relevant application to detect
anomalies which can include events that are unusual, out of the ordinary or rare, unexpected
behaviour, or outliers.
... Another crucial barrier for any investigation decision-support system is identity disambiguation problem that is commonly encountered in intelligence data analysis (Badia and Kantardzic 2005;Pantel 2006; Wang et al. 2005). In particular, a modest resolution used within the previous crime investigation systems (Keppens et al. 2005;Shen et al. 2006) is to assume that the identities of any involving instances (e.g., person, object, place, and organization) are globally unambiguous. ...
... To achieve a decision support system that is truly effective to battle real crimes within highly deceptive environment, a verification mechanism is required to handle the identity problem, (Badia and Kantardzic 2005;Pantel 2006;Wang et al. 2005) thereby refining the quality of hypothesized scenarios. This analytical process is crucial as falsified identity has become the common denominator of all serious crime such as mafia trafficking, fraud, and money laundering. ...
Given a set of collected evidence and a predefined knowledge base, some existing knowledge-based approaches have the capability of synthesizing plausible crime scenarios under restrictive conditions. However, significant challenges arise for problems where the degree of precision of available intelligence data can var y greatly, often involving vague and uncertain infor mation. Also, the issue of identity disambiguation gives rise to another crucial barrier in crime investigation. That is, the generated crime scenarios may often refer to unknown referents (such as a person or certain objects), whereas these seemingly unrelated referents may actually, be relevant to the common revealed. Inspired by such obser vation, this article presents a fuzzy compositional modeler to represent, reason, and propagate inexact infor mation to support automated generation of crime scenarios. Further, the article of fers a link-based approach to identifying potential duplicated referents within the generated scenarios. The applicability of this work is illustrated by means of an example for discovering unforseen crime scenarios.
... Intuitively, despite using distinct false identities, each terrorist normally exhibits unique relations with other entities involved in legitimate activities found in any open or modern society -making use of mobile phones, public transportation and financial systems. Link analysis techniques have proven effective for identity problems (Badia and Kantardzic 2005;Boongoen and Shen 2008b;Hsiung et al 2005;Pantel 2006) by exploiting link information instead of content-based information, which is typically unreliable due to intentional deception, translation and data-entry errors (Wang et al 2005(Wang et al , 2006. Recently, link analysis has also been employed by Argentine intelligence organizations for analyzing Iranian-Embassy telephone records. ...
... To overcome this limitation, the link-based approach has been proposed, taking into account the relations amongst examined names. Many existing link-based methods (Badia and Kantardzic 2005;Boongoen and Shen 2008b;Hsiung et al 2005;Pantel 2006) to false identity detection have employed the intuition that a person (including criminal and terrorist) naturally possesses a unique pattern of relations to other information entities, such as vehicles, bank cards, telephone numbers, email accounts and friends. Thus, false identity may be discovered using a link-based similarity measure which is estimated over the link network of the kind presented in Fig 2. Given such a graphical representation of intelligence data that entails the activities of suspected identities, it is possible to hypothesize that 'Identity A' and 'Identity B' may actually refer to the same person. ...
Combating the identity problem is crucial and urgent as false identity has become a common denominator of many serious crimes, including mafia trafficking and terrorism. Without correct identification, it is very difficult for law enforcement authority to intervene, or even trace terrorists’ activities. Amongst several identity attributes, personal names are commonly, and effortlessly, falsified or aliased by most criminals. Typical approaches to detecting the use of false identity rely on the similarity measure of textual and other content-based characteristics, which are usually not applicable in the case of highly deceptive, erroneous and unknown descriptions. This barrier can be overcome through analysis of link information displayed by the individual in communication behaviours, financial interactions and social networks. In particular, this paper presents a novel link-based approach that improves existing techniques by integrating multiple link properties in the process of similarity evaluation. It is utilised in a hybrid model that proficiently combines both text-based and link-based measures of examined names to refine the justification of their similarity. This approach is experimentally evaluated against other link-based and text-based techniques, over a terrorist-related dataset, with further generalization to a similar problem occurring in publication databases. The empirical study demonstrates the great potential of this work towards developing an effective identity verification system. EPSRC
... Data mining helps in extracting useful and invaluable information from database. Detecting unusual communication patterns in various means and channels of communications represents an important class of application directly relevant to security informatics (Badia and Kantardzic, 2005). E-mail has become one of today's standard means of communication. ...
Email has become one of the fastest and most economical forms of communication. However, the increase of email users has resulted in the dramatic increase of suspicious emails during the past few years. This paper proposes to apply classification data mining for the task of suspicious email detection based on deception theory. In this paper, email data was classified using four different classifiers (Neural Network, SVM, Naïve Bayesian and Decision Tree). The experiment was performed using weka on the basis of different data size by which the suspicious emails are detected from the email corpus. Experimental results show that simple ID3 classifier which make a binary tree, will give a promising detection rates.
... Data mining has recently attracted considerable attention from database practitioners and researchers because of its applicability in many areas such as decision support, market strategy, financial forecasts, etc. Combining techniques from the fields like Statistics, Machine learning, Databases, etc. Data mining helps in extracting useful and invaluable information from database. Detecting unusual communication patterns in various means and channels of communications represents an important class of application directly relevant to security informatics [2]. ...
This paper proposes a new method to detect unusual and deceptive communication in email data. Deception theory suggests that deceptive writing is characterized by reduced frequency of first person pronouns and exclusive words and elevated frequency of negative emotion words and action verbs. We apply this model of deception to the set of Email dataset, then applied ID3 algorithm to generate the decision tree .The decision tree that is generated is used to test the email as deceptive or not. In particular we are interested in detecting fraudulent and possibly criminal behavior from such data.
... The multiple occurrences of an identical link are captured in the weight of the link. For each of exposition, we denote this graph using matrix M = (m ij ), i, j = 1, …, N. The following example illustrates an email graph constructed from the following emails: (1, [2] [3]), (2, [3] [4] [5]), (2, [1] [4]), (3, [5]), (3, [1] [2] [5]). ...
... The multiple occurrences of an identical link are captured in the weight of the link. For each of exposition, we denote this graph using matrix M = (m ij ), i, j = 1, …, N. The following example illustrates an email graph constructed from the following emails: (1, [2] [3]), (2, [3] [4] [5]), (2, [1] [4]), (3, [5]), (3, [1] [2] [5]). ...
In many security informatics applications, it is important to monitor traffic over various communication channels and efficiently identify those communications that are unusual for further investigation. This paper studies such anomaly detection problems using a graph-theoretic link prediction approach. Data from the publicly-available Enron email corpus were used to validate the proposed approach.
... Thus, the fraud detection problems is a special type of data mining problem. These types of problems are known as problems with rare and unbalanced patterns (number of fraud training cases is much smaller than the number of or normal cases) that is only now starting to gain attention [Weiss, 2004;Lin, Chalupsky, 2003;Rattigan, Jensen, 2005;Getoor, 2003;Badia, Kantardzic, 2005]. ...
... The filtering we have described herein can be viewed as part of the general area called discovering interesting patterns found by using association rules. Badia and Kantardzic [2005] noted that most association rule mining algorithms seek to discover statistically significant patterns (i.e. those with considerable support). ...
The classical statistical correlation is an efficient technique for linking simple numerical data sets via a single correlation coefficient. The modern schemes for money laundering, financial fraud are becoming very sophisticated and are changed all the time. To be able to discover such schemes we need to deal simultaneously with a diverse set of numeric and non-numeric data types that include different numeric data types, ordered sets, graph structures, texts, schemes, plans, and other information. Often any individual evidence does not reveal a suspicious pattern and does not guide investigation in forensic accounting. In contrast correlation of two or more evidences with each other and background knowledge can reveal a suspicious pattern. A new area of Link Discovery (LD) emerged recently is a promising new area for such tasks. This paper outlines design of such a new technique called Hybrid Evidence Correlation (HEC). It combines first-order logic (FOL), probabilistic semantic inference (PSI) and negative rules for designing HEC to deal with rare suspicious patterns. The approach is illustrated with an example of discovery of suspicious patterns. Computational efficiency of the algorithm is justified by a computational experiment. Conceptual advantages of the algorithm such as completeness have been reported in previous mathematical analysis of the base concepts of the algorithm. The approach was successfully tested for detecting transactions fraud on synthetic data. Data contained several attributes of a transaction such as seller, buyer, types of buyer and seller, sold item, amount, price and date.
... Intuitively, despite using distinct false identities, each terrorist normally exhibits unique relations with other entities involving in legitimate activities found in any open or modern society, making use of mobile phones, public transportation and financial systems. Link analysis techniques have proven effective for identity problems (Badia & Kantardzic 2005), (Hsiung et al. 2005) by exploiting link information instead of content-based information, which is typically unreliable due to intentional deception, translation and data-entry errors (Wang et al. 2005). Recently, link analysis is also employed by Argentine intelligence organizations to analyzing Iranian-Embassy telephone records in such a way to make a circumstantial case that the Iranian Embassy had been involved in the July 18, 1994, terror bombing of a Jewish community centre (Porter 2008). ...
Combating identity fraud is crucial and urgent as false identity has become the common denominator of all serious crime, including mafia trafficking and terrorism. Typical approaches to detecting the use of false identity rely on the similarity measure of textual and other content-based characteristics, which are usually not applicable in the case of deceptive and erroneous description. This barrier can be overcome through link information presented in communication behaviors, financial interactions and social networks. Quantitative link-based similarity measures have proven effective for identifying similar problems in the Internet and publication domains. However, these numerical methods only concentrate on link structures, and fail to achieve accurate and coherent interpretation of the information. Inspired by this observation, this paper presents a novel qualitative similarity measure that makes use of multiple link properties to refine the underlying similarity estimation process and consequently derive semantic-rich similarity descriptors. The approach is based on order-of-magnitude reasoning. Its applicability and performance are experimentally evaluated over a terrorism-related dataset, and further generalized with publication data.
