An innovative knowledge-based methodology for terrorist detection by using Web traffic content as the audit information is presented. The proposed methodology learns the typical behavior (‘profile’) of terrorists by applying a data mining algorithm to the textual content of terror-related Web sites. The resulting profile is used by the system to perform real-time detection of users suspected of being engaged in terrorist activities. The Receiver-Operator Characteristic (ROC) analysis shows that this methodology can outperform a command based intrusion detection system.replicas patek philippe

Download PDF

References

1. Balasubramaniyan, J.S., Garcia-Fernandez, J.O., Isacoff, D., Spafford, E., Zamboni, D.(1998) An architecture for intrusion detection using autonomous agents, Proceedings 14th Annual Computer Security Applications Conference, IEEE Comput. Soc, Los Alamitos, CA, USA,xiii+365, pp. 13-24.
2. Boger, Z., Kuflik, T., Shoval, P., Shapira, B.(2001) Automatic keyword identification by artificial neural networks compared to manual identification by users of filtering systems, Information Processing and Management, 37:187-198.
3. Corbin, J. (2002) Al-Qaeda: In Search of the Terror Network that Threatens the World, Thunder’s Mouth Press / Nation Books, New York.
4. Debar, H., Dacier, H., Dacier, M., Wespi, A. (1999) Towards a taxonomy of intrusiondetectionsystems, Computer Networks, 31, pp. 805–822.
5. Han, J., Kamber, M. (2001) Data Mining: Concepts and Techniques, Morgan Kaufmann. Ingram,
6. M. (2001) Internet privacy threatened following terrorist attacks on US, URL: http://www.wsws.org/articles/2001/sep2001/isps24.shtml
7. Jain, A.K., Murty, M.N., Flynn, P.J. (1999) Data Clustering: A Review, ACM ComputingSurveys, 31, 3:264-323.
8. Karypis, G. (2002) CLUTO - A Clustering Toolkit, Release 2.0, University of Minnesota, URL:http://www.users.cs.umn.edu/~karypis/cluto/download.html.
9. Kelley, J. (2002) Terror Groups behind Web encryption, USA Today, URL: http://www.apfn.org/apfn/WTC_why.htm
10. Last, M., Shapira, B., Elovici, Y. Zaafrany, O., Kandel, A. (2001) Content-Based Methodology for Anomaly Detection on the Web, submitted to AWIC'03, Atlantic Web Intelligence Conference, Madrid, Spain.
11. Lemos, R. (2002) what are the real risks of cyber terrorism? ZDNet, URL: http://zdnet.com.com/2100-1105-955293.html.
12. Pierrea, S., Kacanb, C., Probstc, W. (2000) An agent-based approach for integrating user profileinto a knowledge management process, Knowledge-Based Systems, 13:307-314.
13. Provost, F., Fawcett, T. (2001). Robust Classification for Imprecise Environments. MachineLearning 42,3:203-231.
14. Richards, K. (1999) Network Based Intrusion Detection: A Review of Technologies, Computers& Security, 18:671-682.
15. Salton, G. (1989) Automatic Text Processing: the Transformation, Analysis, and Retrieval ofInformation by Computer, Addison-Wesley, Reading.
16. Salton, G., Wong, A., Yang C.S.A. (1975) Vector Space Model for Automatic Indexing,Communications of the ACM , 18: 613-620.
17. Schenker, A., Last, M., Bunke, H., Kandel, A. (2003) Clustering of Web Documents using a Graph Model, to appear in: Web Document Analysis: Challenges and Opportunities, eds: A. Antonacopoulos, J Hu. World Scientific.
18. Sequeira, K., Zaki, M. (2002) ADMIT: Anomaly-based Data Mining for Intrusions, Proceedings of SIGKDD 02, pp. 386-395, ACM.
19. Shapira, B., Shoval, P., Hanani, U. (1997) Stereotypes in Information Filtering Systems,Information Processing & Management, 33, 3:273-287.
20. Spafford, E.H., Zamboni, D. (2000) Intrusion detection using autonomous agents, ComputerNetworks, 34:547-570.

Back