Conference Program - eisic

Academic Sponsors

Jointly organized with

The International Symposium on Open Source Intelligence and Web Mining 2011 (OSINT-WM 2011)

Technical co-sponsorship

Industry Sponsors

Local Organizer

Conference

Program

2

EISIC 2011 -

Hellenic American University 156 Hanover Street, Manchester, NH, USA Tel: +1 603 645 1800 http://www.hauniv.us

University of Southern Denmark Campusvej 55, DK-5230 Odense M, Denmark Odense, Denmark Tel.: +45 6550 1000 http://www.sdu.dk

University of Arizona Tucson AZ 85721, USA Tel: +1 520 621 2211 http:// www.arizona.edu

The Institute of Electrical and Electronics Engineers Computer Society 2001 L Street N.W., Suite 700 Washington, DC 20036-4928, USA Tel: +1 202 371 0101 http://www.computer.org

Springer-Verlag GmbH, Heidelberg, Zweigniederlassung der Springer-Verlag GmbH, Berlin Tiergartenstrasse 17, D-69121 Heidelberg, Germany Tel.: +49 (0) 6221 487 0 http://www.springer.com


Conference Sponsors

Academic Sponsors

Technical co-sponsorship

Industry Sponsors

Local Organizer

3

OSINT-WM 2011 -

European Commission - Joint Research Centre Institute for the Protection & Security of the Citizen (IPSC) Global Security and Crisis Management Unit Via E. Fermi, 2749 I-21027 Ispra (VA), ITALY Tel. +39 0332 785696 Fax. +39 0332 785154 http://globesec.jrc.ec.europa.eu/

Open Source Intelligence Branch, Ministry of Defence Hague, Netherlands 2597 PC The Hague, The Netherlands Tel.: +31 70 441 90 10


University of Southern Denmark Campusvej 55, DK-5230 Odense M, Denmark Odense, Denmark Tel.: +45 6550 1000 http://www.sdu.dk

2500 University Drive NW, Calgary, AB, Canada T2N 1N4 Tel.: +1 (403) 220-5110 http://www.ucalgary.ca


Symposium Sponsors

OSINT-WM 2011 Sponsors

Academic Sponsors

Local Organizer

EISIC 2011 -

4

Conference Secretariat

Conference registration takes place at the Conference Secretariat located at the lobby of the Titania Conference Center, 10th Floor, during the following days and hours:

Monday 8:00 – 17:00 Tuesday 8:00 – 16:30 Wednesday 9:30 – 15:00

The conference registration fee includes participation in all keynote speeches, parallel sessions, coffee breaks and lunches, conference proceedings in CD and one ticket for the Reception & Gala Dinner on cruise.

Table of Contents

EISIC 2011 Sponsors 2 OSINT-WM 2011 Sponsors 3 Conference Secretariat & Floor Plan 4 EISIC 2011 Conference Organization 5 EISIC 2011 Program Committee 7 OSINT-WM 2011 Conference Organization 9 OSINT-WM 2011 Program Committee 10 EISIC 2011 Message from the General Chairs 11 EISIC 2011 Message from the Program Co-Chairs 12 OSINT-WM 2011 Message from the General Chairs 13 OSINT-WM 2011 Message from the Program Chairs 14 EISIC 2011 Program at a Glance 15 OSINT-WM 2011 Program at a Glance 16 EISIC 2011 Keynote Speeches 17 OSINT-WM 2011 Keynote Speeches 23 EISIC 2011 Detailed Program 28 OSINT-WM 2011 Detailed Program 31 EISIC 2011 Abstracts 33 EISIC 2011 Posters 49 OSINT-WM 2011 Abstracts 51 Information for the Participants 58 Reception & Gala Dinner 59 Conference Venue 60 Athens Center Map & Photos 61 EISIC 2012 Call for Papers 66

Venue Floor Plan

Table of Contents

EISIC 2011 -

5

Steering Committee

Hsinchun Chen, University of Arizona, AZ, USA (Chair)

Triant Flouris, Hellenic American University, NH, USA

Uffe Kock Wiil, University of Southern Denmark, Denmark

Panagiotis Karampelas, Hellenic American University, NH, USA

Nasrullah Memon, University of Southern Denmark, Denmark

David L. Hicks, Aalborg University, Denmark

Gerhard Wagner, Joint Research Center—European Commission, Italy

Honorary General Chairs

Hsinchun Chen, University of Arizona, AZ, USA (Chair)

George J. Hagerty, Hellenic American University, NH, USA

Conference Organization

EISIC 2011 -

6

General Chairs


Panagiotis Karampelas, Hellenic American University, NH, USA

Program Chairs


Daniel Zeng, Chinese Academy of Sciences, China University of Arizona, AZ, USA

Publication Chair

Pir Abdul Rasool Qureshi, University of Southern Denmark, Denmark

Local Arrangement Chair

Christos Pavlatos, Hellenic American University, NH, USA

Conference Organization Conference Organization Conference Organization

EISIC 2011 -

7

Abdul Rehman Abbasi Karachi Institute of Power Engineering (KINPOE) Karachi, Pakistan

Walid-Khalid Abu-Dalbouh University of Jordan, Jordan

Rajendra Akerkar Vestlandsforsking, Sogndal, Norway

Carlo Aliprandi Synthema srl, Italy

Naveen Ashish UC-Irvine, USA

Claus Atzenbeck German University Cairo, Egypt

Valentina Emilia Balas Aurel Vlaicu University of Arad, Romania

Guido Barbian Leuphana University of Lueneburg, Germany

Clive Best OSVision, UK

Lorraine Bowman‐Grieve Leeds Trinity University College, UK

Denis Caleta Slovenian Armed Forces for Counterterrorism, Slovenia

Barbara Carminati University of Insubria, Italy

Jean-Hugues Chauchat University Lyon2, France

Raphael Cohen-Almagor The University of Hull, UK

Maura Conway Dublin City University, Dublin, Ireland

Pietro Costanzo Fondazione FORMIT, Rome, Italy

James Danowski University of Illinois, Chicago, USA

Jeroen De‐Knijf University of Antwerp, Belgium

Mandeep Dhami University of Cambridge, UK

Alexandros Dimopoulos National Technical University of Athens (NTUA), Greece

Peter Dolog Aalborg University, Denmark

Dejing Dou University of Oregon, USA

Mauro Dragoni Fondazione Bruno Kessler (FBK-DKM Group), Trento, Italy

Sumeet Dua Louisiana Tech University, USA

Artur Dubrawski Carnegie Mellon University, USA

Stefania Ducci Research Institute for European and American Studies (RIEAS)

Els Enhus Vrije Universitet, Brussels, Belgium

Triant Flouris Hellenic American University, NH, USA

Brian Francis Lancaster University, UK

Uwe Glässer Simon Fraser University, Canada

Richard Goebel Institute of Information Systems, Hof University, Germany

Ayla Göl Aberystwyth University, UK

Mark K. Goldberg Rensselaer Polytechnic Institute, USA

David Hicks Aalborg University, Denmark

Rahat Iqbal Coventry University, UK

Jason Jung Yeungnam University, Republic of Koria

Panagiotis Kalagiakos Hellenic American University, NH, USA

Panagiotis Karampelas Hellenic American University, NH, USA

Siddharth Kaza Towson University, USA

Czeslaw Kazimierczak CSC Denmark A/S, Denmark

Uffe Kock Wiil University of Southern Denmark

Paul Maddrell Center for Intelligence and International Security Studies, Aberystwyth University, UK

Stephen Marrin Brunel University, UK

Byron Marshall Oregon State University, USA

Gorazd Meško Faculty of Criminal Justice and Security, University of Maribor , Slovenia

Fatma Mili Oakland University, Australia

Program Committee

EISIC 2011 -

8

Fredrick Mtenzi Dublin Institute of Technology, Ireland

Mahesh Nalla School of Criminal Justice, Michigan State University

Federico Neri Synthema S.r.l., Italy

Sarwat Nizamani University of Southern Denmark, Denmark

Darko Obradovic German Institute of Artificial Intelligence, Germany

José‐Angel Olivas‐Varela UCLM Spain

Daniel Olmedilla De La Calle Telefonica R&D, Spain

Chris Pallaris i-intelligence, Switzerland

Maria Papadaki University of Plymouth, UK

Joon S. Park Syracuse University, USA

Joe Parry i2 Group, UK

Christos Pavlatos Hellenic American University, NH, USA

Jakub Piskorski Polish Academy of Sciences, Poland

Daniela Pisoiu Hamburg University, Germany

Christian Probst Denmark Technical University

Guangzhi Qu Oakland University, Michigan, USA

Pir Abdul Rasool Qureshi University of Southern Denmark, Denmark

Victor Ralevich Sheridan Institute of Technology and Advanced Learning, Canada

Christopher Rhodes Imperial College London, UK

Mahmood H Shah Cranfield University, UK

Zubair Ahmed Shaikh National University, Pakistan

Abdul Ahad Siddiqi Taibah University, Madinah, Kingdom of Saudi Arabia

Eric Sifford Military Intelligence at US Army, USA

Gerardo Simari University of Maryland, USA

David Skillicorn Queen's University, Canada

Amy Sliva Northeastern University, USA

Kristina Soukupova I3CAS, U.K

Richard Stiennon IT‐Harvest, UK

VS Subrahmanian University of Maryland, USA

Jerzy Surma Warsaw School of Economics, Poland

Pontus Svenson Swedish Defence Research Agency, Sweden

I-Hsien Ting National University of Kaohsiung, Taiwan

Hannu Toivonen University of Helsinki, Finland

Róbyn Török Macquarie University, Australia

Guy‐De Tré Gent University, Belgium

Tatiana Tropina Max-Planck-Institut für ausländisches und internationales Strafrecht, Germany

Stefanos Vrochidis Aristotle University of Thessaloniki, Greece

Mohd Helmy Abd Wahab Universiti Tun Hussein Onn, Malaysia

Christopher Yang Drexel University, USA

Slawomir Zadrozny Polish Academy of Sciences, Poland

Abbas Zaidi George Mason University, USA

Manzar Jameel Zaidi National Counter Terrorism Authority, Pakistan

Allessandro Zanasi European Security Research and Innovation Forum

Nan Zhang The George Washington University, USA

Lina Zhou University of Maryland, USA

Yongluan Zhou University of Southern Denmark, Denmark

William Zhu Univ. of Electronic Science and Tech. of China, China

Iryna Zolotaryova Kharkiv National University of Economics, Ukraine

Program Committee

OSINT-WM 2011 -

9

Honorary General Chairs

Delilah Al Khudhairy, Head of Unit Global Security and Crisis Management, IPSC, European Commission Joint Research Centre

Lars Dyhr, Head of Department, The Maersk Mc-Kinney Moller Institute, University of Southern Denmark

General Chairs

Arno H.P. Reuser, Head, Bureau Open Source Intelligence (OSINT), Ministry of Defence, The Netherlands

Gerhard Wagner, Institute for the Protection and Security of the Citizen (IPSC), European Commission Joint Research Centre


Program Chairs


Reda Alhajj, University of Calgary, Canada

Web Developer

Muniba Shaikh, University of Southern Denmark, Denmark

Conference Organization

OSINT-WM 2011 -

10

William Mitchell, Dept. of Joint Operations, Royal Danish Defence College, Denmark

Pontus Svenson, FOI Sweden

Panagiotis Karampelas, Hellenic American University, USA

Uffe Kock Wiil, University of Southern Denmark

Faraz Rasheed, University Calgary

Yin-Fu Huang, National Yunlin University of Science and Technology, Taiwan

Hasan Davulcu, Arizona State University, USA

Valentina E. Balas, Aurel Vlaicu University of Arad, Romania

Mahmoud Shafik, University of Derby, UK

Guido Barbian, Leuphana University Lueneburg, Germany

Mike Bourassa, Defence Research and Development, Canada

James Danowski, University of Illinois at Chicago, USA

Shong Gao, University Calgary, Canada

Omair Shafiq, University Calgary, Canada

Muhammad Adnan, University Calgary, Canada

Sarah Aghakhani, University Calgary, Canada

Joel Brynielsson, FOI Sweden

Fernando Berzal, University of Granada, Spain.

Amy Sliva, University of Maryland Institute for Advanced Computer Studies (UMIACS), USA

Artur Dubrawski, Auton Lab, Carnegie Mellon University, Pittsburgh USA

Richard Colbaugh, New Mexico Institute of Mining and Technology, USA

Panagiotis Kalagiakos, Advanced Technological Institute of Athens, Greece

Nicoletta Calzolari, ILC – CNR, Pisa, Italy

Lisa Kaati, Uppsala University, Sweden

Valeria Quochi, ILC-CNR, Italy

Program Committee

EISIC 2011 -

11

Welcome to the 2011 European Intelligence and Security Informatics Conference (EISIC 2011) – the first

conference in a new European conference series on Intelligence and Security Informatics.

The goal of EISIC 2011 is to gather people from previously disparate communities to provide a stimulating forum

for exchange of the latest ideas and results in the area of Intelligence and Security Informatics. We have worked

to bring together academic researchers (in information technologies, computer science, public policy, and social

and behavioral studies), law enforcement and intelligence experts, as well as information technology companies,

industry consultants, and practitioners in the involved fields.

It is our great pleasure to announce three very prominent keynote speakers at the conference. Professor

Hsinchun Chen (University of Arizona, USA) will speak about “Dark Web: Exploring and Mining the Dark Side of

the Web”, Professor Bhavani Thuraisingham (UT Dallas, USA) will speak about “Data Mining for Malicious Code

Detection and Security Applications”, and Professor Patricia L. Brantingham (Simon Fraser University, Canada) will

speak about “Computational Criminology”.

It takes an enormous effort to start a new conference series. It requires work and support from many people and

organizations. We wish to thank all the volunteers who helped organize this conference. In particular, we wish to

thank the program chairs, Nasrullah Memon and Daniel Zeng, who together with the program committee created

a great technical program. Last but not least, we wish to thank the Publications Chair, Pir Abdul Rasool Qureshi,

and the Local Arrangements Chair, Christos Pavlatos.

The conference would not have been possible without sponsors. The conference is organized in collaboration

with IEEE Computer Society’s Technical Committee on Security and Privacy (technical co-sponsorship). We would

like to thank all the academic and industrial sponsors for supporting this event: Hellenic American University,

University of Southern Denmark, University of Arizona, and Springer.

Welcome to Athens. We sincerely hope that you will enjoy your stay in Greece!

The EISIC conference series will continue next year with EISIC 2012 to be held in August 2012 in Odense,

Denmark. We hope to meet you all again next year in Odense!

Uffe Kock Wiil

Counterterrorism Research Lab

University of Southern Denmark

Panagiotis Karampelas

Hellenic American University

New Hampshire, USA

Message from the General Chairs

EISIC 2011 -

12

Intelligence and Security Informatics (ISI) is an interdisciplinary research field that focuses on the development,

use, and evaluation of advanced information technologies, including methodologies, model sand algorithms,

systems, and tools, for local, national, and international security related applications. Over the past eight years,

the ISI research community has matured and delivered an impressive array of research results that are both

technically innovative and practically relevant.

An important ISI community building mechanism has been academic conferences. The annual ISI conference

series (http://www.isiconference.org) was first started in Tucson, Arizona in 2003 and 2004. With sponsorship by

the IEEE Intelligent Transportation System Society, ISI 2005, ISI 2006, ISI 2007, ISI 2008, ISI 2009, ISI 2010, and ISI

2011 were held in Atlanta, Georgia; San Diego, California; New Brunswick, New Jersey; Taipei, Taiwan; Dallas,

Texas; Vancouver, Canada; and Beijing, respectively. These conferences have provided stimulating forums to

gather people from previously disparate communities including those from academia, government, and industry.

Regional ISI conferences such as the Pacific Asia ISI (PAISI) workshop series have also attracted a lot of audience

and made an impact.

The 2011 European ISI Conference (EISIC 2011) is the second ISI conference organized by the European ISI

community. The first one, branded as EuroISI, was held in 2008 in Denmark. The European ISI conference series is

positioned as the premier technical conference on counterterrorism and computational criminology in Europe.

EISIC 2011 is co-sponsored by Hellenic American University, University of Southern Denmark, and University of

Arizona. It has also received technical co-sponsorship from the IEEE Computer Society and industry sponsorship

from Springer. We would like to express our sincere gratitude to these sponsors.

EISIC 2011 received 111 submissions from 41 countries. The acceptance rate for regular papers is 27%. The

program committee is very pleased with the technical quality of the accepted papers. The three-day conference

program includes paper presentation sessions, a poster session, a plenary panel, and OSINT-WM 2011

Symposium. The technical program of the main conference includes 26 regular papers, 18 short papers, 5 poster

papers.

We are grateful to the Program Committee members and external reviewers who provided high-quality and

constructive review comments. We would like to express our gratitude to all authors for contributing their high-

quality work and session chairs for coordinating the exciting and interesting sessions. Our special thanks go to the

publication chair Pir Abdul Rasool Qureshi, who put forth a lot of effort in preparing the proceedings. Our sincere

gratitude goes to Professor Hsinchun Chen, Panagiotis Karampelas and Uffe Kock Wiil for their advice and

leadership in the EISIC Conference series.

Nasrullah Memon Daniel Zeng EISIC 2011 Program Co-Chairs

Message from the Program Co-Chairs

OSINT-WM 2011 -

13

Over the past decade, we have witnessed an enormous increase of data available from a multitude of open

sources; this calls for new research on how to cope with these new amounts of data. Especially the Open Source

Intelligence (OSINT) community faces tough challenges on how to retrieve, extract, and analyze data to gain

insights from public sources. Each of these three core processes is the subject of ongoing research resulting in

specialized tools and techniques.

Also, the last year shows an increasing dependency of more and more people on fewer and fewer information

providers, as well as, due to the information revolution and the advance of cheaper data communication and

increased mobile use of computerized devices, what some call Collaborative Intelligence. Smart, intelligent

phones, PDA’s, tablet PC’s and the like allow the general public to collect intelligence themselves and publish it

quickly, often before the ‘official’ press or agencies get the chance to cover the story. This leads to a enormous

stream of un-validated information of unknown authenticity, making validation of information difficult.

The aim of the International Symposium on Open Source Intelligence and Web Mining (OSINT-WM) is to provide

an international forum for researchers, professionals, and industrial practitioners to share their knowledge. We

believe that such an exchange of the latest research results and insights from practitioners has the potential to

cross-fertilize equally the scientific community, the industry, and the user community of OSINT tools and

techniques.

Organizing such a symposium would not be possible without the help and dedicated work of many individuals.

First and foremost we wish thank the two Program Chairs, Nasrullah Memon and Reda Alhajj. We also wish to

thank the Publications Chair, Pir Abdul Rasool Qureshi, and the Web Developer, Muniba Shaikh. Last but not least,

we wish to thank the Local Arrangement Chair, Christos Pavlatos.

In 2008 and 2009, OSINT-WM was co-hosted with the International Conference on Information Visualization. Last

year it was held in conjunction with the 2010 International Conference on Advances in Social Networks Analysis

and Mining (ASONAM). This year we have decided to co-locate the event with the European Intelligence and

Security Informatics Conference (EISIC 2011). We do believe that this is a perfect match and that OSINT-WM has

now finally found its true home. The symposium has received support from numerous organizations, such as the

Hellenic American University in New Hampshire, University of Southern Denmark, University of Calgary, the Open

Source Intelligence Branch of the Dutch Ministry of Defense, and the Joint Research Centre, European

Commission.

Welcome to Athens, we hope that you enjoy the symposium and your stay in Greece.

In 2012, OSINT-WM will again be held in conjunction with EISIC, which will take place in Odense, Denmark in

August 2012. We hope to see you next year in Odense also.

Arno H.P. Reuser Senior Policy Advisor for Open Source Intelligence Ministry of Defense, The Netherlands

Gerhard Wagner IPSC - Global Security and Crisis Management Unit Joint Research and Management Unit European Commission

Uffe Kock Wiil Counterterrorism Research Lab University of Southern Denmark

Message from the General Chairs

OSINT-WM 2011 -

14

OSINT-WM 2011 has established itself as a leading venue in the area of open source intelligence and web mining.

When we started as part of the Information Visualisation conference in UK several years ago, we were not

expecting to build this reputation and interest so quickly. We believe it was a right decision to go with ASONAM

2010 in Odense, Denmark where the attendees enjoyed a number of high quality contributions in addition to the

keynote speeches given by leading researchers in the field. For 2011 we had a long discussion whether to move

with ASONAM 2011 to Taiwan or to stay in Europe. After a long debate we decided to go to Athens, Greece where

the first ASONAM was held in 2009. Europe is the house of a large number of researchers who are interested in

open source intelligence. There are also a number of organizations who are closely related to OSINT. The number

and quality of submissions we received from Europe and North America confirm OSINT-WM as a leading venue

with increasing interest from academia, public institutes and the industry.

Speakers at OSINT-WM 2011 will address challenging and important aspects of interest to practitioners and

researchers with a specific focus on the emerging trends and industry needs associated with open source

intelligence and web mining.

This year, we continue to keep the tradition of high quality symposium and to maintain the acceptance rate of

27%. The success would have not been possible without the full support of a strong international program

committee that was expanded this year to include more research leaders who all worked extremely hard to

evaluate the submitted papers and to provide extensive constructive feedback that has helped the authors to

improve their research papers.

Participants will enjoy a condensed program which includes 17 papers of high quality including one industry

paper. In addition, participants will enjoy a very rich social program that will allow them to take a wonderful break

and socialize with their peers with the hope to establish strong social networks in the field of OSINT-WM. The

manuscripts reflect the evolving state of the art discoveries. Each contributor to OSINT-WM 2011 does indeed

add fresh views and thoughts, challenges our beliefs, and encourages further exploration and innovation on our

part. We are grateful to each participant for providing the opportunity to share the invaluable ideas.

With the hope that OSINT-WM will open even wider awareness of knowledge, we welcome you to the TITANIA

Hotel in Athens, Greece where you will enjoy the wonderful program of OSINT-WM 2011 and encourage you to

start working on your submission to OSINT-WM 2012; we look forward to meeting you in Odense, Denmark in

September 2012 to enrich OSITN-WM 2012 with your discoveries and achievements.

Please do not hesitate to share with us your thoughts and feedback which will definitely help us preparing the

best for OSINT-WM 2012.

Reda Alhajj and Nasrullah Memon OSINT-WM Program Co-Chairs

Message from the Program Co-Chairs

EISIC 2011 –

15

Monday, September 12, 2011 08:00-09:00 Registration 09:00-09:30 Opening: Welcome Session Room: Socratis 09:30-10:30 Keynote: Data Mining for Malicious Code Detection and Security Applications Room: Socratis Speaker: Bhavani Thuraisingham 10:30-11:00 Coffee Break / Poster Session Foyer

11:00-13:00 Session: Terrorism Informatics I Room: Socratis

Session: Computational Criminology I Room: Platon 13:00-14:00 Lunch Break Vergina, 1

st Floor

14:00-15:30 Session: Terrorism Informatics II Room: Socratis

Session: Computational Criminology II Room: Platon 15:30-16:00 Coffee Break / Poster Session Foyer

16:00-17:00 Session: Terrorism Informatics III Room: Socratis

Session: Digital Forensics Room: Platon

Tuesday, September 13, 2011 08:00-09:00 Registration 09:00-10:00 Keynote: Dark Web: Exploring and Mining the Dark Side of the Web Room: Socratis

Speaker: Hsinchun Chen

10:00-11:00 Session: Terrorism Informatics IV Room: Socratis

Session: Terrorism Informatics V Room: Platon 11:00-11:30 Coffee Break Foyer

11:30-13:00 Session: Social Networks Analysis I Room: Socratis

Session: Information Sharing and Data/Text Mining Room: Platon 13:00-14:00 Lunch Break Vergina, 1

st Floor

14:00-15:00 Session: Infra Structure Protection and Information Systems Security I Room: Socratis

Session: Computational Criminology III Room: Platon 15:00-15:30 Coffee Break Foyer 15:30-16:30 Session: Infra Structure Protection and Information Systems Security II Room: Socratis 18:00-24:00 Social Event: Buses to Piraeus Port / Dinner on Cruise

Wednesday, September 14, 2011 09:30-10:00 Registration 10:00-11:00 Keynote: Computational Criminology Room: Socratis

Speaker: Patricia L. Brantingham

11:00-11:30 Coffee Break Foyer

11:30-13:00 Session: Social Networks Analysis II Room: Socratis

Session: Enterprise Risk Management and Information Systems Security Room: Platon 13:00-14:00 Lunch Break Vergina, 1

st Floor

14:00-15:00 Closing Session: Paper Awards Room: Socratis

Program at a glance

OSINT-WM 2011 -

16

Monday, September 12, 2011 08:00-09:00 Registration 09:00-09:30 Opening: Welcome Session Room: Socratis 09:30-10:30 Keynote: Data Mining for Malicious Code Detection and Security Applications Room: Socratis Speaker: Bhavani Thuraisingham 10:30-11:00 Coffee Break / Poster Session Foyer 11:00-12:00 OSINT-WM 2011 Inaugural Talk: Desktop Text Mining for Open Source Intelligence Room: Solon Speaker: Gerhard Wagner 12:00-13:00 Keynote: Visualisation for Decision Makers Room: Solon Speaker: Joseph Parry 13:00-14:00 Lunch Break Vergina, 1

st Floor

14:00-15:30 Investigative Methods/Case Studies Room: Solon 15:30-16:00 Coffee Break / Poster Session Foyer 16:00-17:00 Session: Text Mining Room: Solon

\

Tuesday, September 13, 2011 08:00-09:00 Registration 09:00-10:00 Keynote: Dark Web: Exploring and Mining the Dark Side of the Web Room: Socratis

Speaker: Hsinchun Chen

10:00-11:00 Keynote: Discovering complex networks of events and relations in News Surveillance Room: Solon

Speaker: Roman Yangarber

11:00-11:30 Coffee Break Foyer 11:30-13:00 Social Network Analysis Room: Solon 13:00-14:00 Lunch Break Vergina, 1

st Floor

14:00-15:00 Web Mining I Room: Solon 15:00-15:30 Coffee Break Foyer

15:30-16:30 Web Mining II Room: Solon

OSINT-WM Industry Session Room: Platon 18:00-24:00 Social Event: Buses to Piraeus Port / Reception & Gala Dinner on Cruise

Wednesday, September 14, 2011 09:30-10:00 Registration 10:00-11:00 Keynote: Computational Criminology Room: Socratis

Speaker: Patricia L. Brantingham

11:00-11:30 Coffee Break Foyer 11:30-12:30 Keynote: Who, What, When, Where and How: Semantics Helps Connect the Dots Room: Solon

Speaker: Gianluca Sensidoni

12:30-13:00 Session: Open Source Intelligence Room: Solon 13:00-14:00 Lunch Break Vergina, 1

st Floor

14:00-15:00 Closing Session: Paper Awards Room: Socratis

Program at a glance

EISIC 2011 – Keynote Speeches

17

Dr. Bhavani Thuraisingham

Louis A. Beecherl, Jr. Distinguished Professor, Director of the Cyber Security Research Center, Department of Computer Science, Eric Jonsson School of Engineering and Computer Science, The University of Texas at Dallas, Richardson, Texas Website: http://www.utdallas.edu/~bxt043000/

09:30-10:30 Monday, 12 September 2011 Room: Socratis Chair: Panagiotis Karampelas

"Data Mining for Malicious Code Detection and Security Applications"

Abstract

Data mining is the process of posing queries and extracting patterns, often previously unknown from large

quantities of data using pattern matching or other reasoning techniques. Data mining has many applications in

security including for national security as well as for cyber security. The threats to national security include

attacking buildings, destroying critical infrastructures such as power grids and telecommunication systems. Data

mining techniques are being investigated to find out who the suspicious people are and who is capable of carrying

out terrorist activities. Cyber security is involved with protecting the computer and network systems against

corruption due to Trojan horses, worms and viruses. Data mining is also being applied to provide solutions such as

intrusion detection and auditing.

The first part of the presentation will discuss my joint research with Prof. Latifur Khan and our students at the

University of Texas at Dallas on data mining for cyber security applications. For example, anomaly detection

techniques could be used to detect unusual patterns and behaviors. Link analysis may be used to trace the viruses

to the perpetrators. Classification may be used to group various cyber attacks and then use the profiles to detect

an attack when it occurs. Prediction may be used to determine potential future attacks depending in a way on

information learned about terrorists through email and phone conversations. Data mining is also being applied for

intrusion detection and auditing. Other applications include data mining for malicious code detection such as

worm detection and managing firewall policies.

This second part of the presentation will discuss the various types of threats to national security and describe

data mining techniques for handling such threats. Threats include non real-time threats and real-time threats. We

need to understand the types of threats and also gather good data to carry out mining and obtain useful results.

The challenge is to reduce false positives and false negatives.

The third part of the presentation will discuss some of the research challenges. We need some form of real-time

data mining, that is, the results have to be generated in real-time, we also need to build models in real-time for

real-time intrusion detection. Data mining is also being applied for credit card fraud detection and biometrics-

related applications. While some progress has been made on topics such as stream data mining, there is still a lot

of work to be done here. Another challenge is to mine multimedia data including surveillance video. Finally, we

need to maintain the privacy of individuals. Much research has been carried out on privacy-preserving data

mining.

In summary, the presentation will provide an overview of data mining, the various types of threats and then

discuss the applications of data mining for malicious code detection and cyber security. Then we will discuss the

consequences to privacy.

EISIC 2011 - Keynote Speeches

18

Bhavani Thuraisingham, Ph.D. biography

Dr. Bhavani Thuraisingham is the Louis A. Beecherl, Jr. Distinguished Professor in the Erik Jonsson School of

Engineering and Computer Science at The University of Texas at Dallas (UTD) effective September 2010. She

joined UTD in October 2004 as a Professor of Computer Science and Director of the Cyber Security Research

Center which conducts research in data security and privacy, social media, data mining and semantic web. The

Center also hosts the newly created Assured Information Sharing Institute with funding from a DoD MURI project.

She is an elected Fellow of three professional organizations: the IEEE (Institute for Electrical and Electronics

Engineers), the AAAS (American Association for the Advancement of Science) and the BCS (British Computer

Society). She is the recipient of numerous prestigious awards including the IEEE Computer Society’s 1997

Technical Achievement Award for “outstanding and innovative contributions to secure data management.”

Prior to joining UTD, Dr. Thuraisingham was an IPA (Intergovernmental Personnel Act) at the National Science

Foundation (NSF) in Arlington, VA, from the MITRE Corporation for three years. At NSF she established the Data

and Applications Security Program and co-founded the Cyber Trust theme and was involved in interagency

activities in data mining for counter-terrorism. She worked at MITRE in Bedford, MA between January 1989 and

September 2001, first in the Information Security Center and later as a department head in Data and Information

Management as well as Chief Scientist in Data Management in the Intelligence and Air Force centers. At MITRE

she led large concurrent team research and development efforts on data management, data mining and data

security for NSA, AFRL, SPAWAR, CECOM and CIA. She also served as a technical consultant in information security

and data management to the Department of Defense, the Department of Treasury and the Intelligence

Community for over 10 years and served as an expert consultant to the Department of Justice on software

research credit cases. Thuraisingham’s industry experience includes six years of research and development as well

as technology transfer at Control Data Corp. and Honeywell Inc. in Minneapolis.

Dr. Thuraisingham’s work in data management, data mining and data security has resulted in over 100 journal

articles, over 200 refereed conference papers and workshops, three US patents and several IP disclosures. She is

the author of ten books including one on data mining for counter-terrorism, another on Database and

Applications Security and a third on Secure Semantic Service-Oriented Information Systems. She has given over 70

keynote presentations and has given invited talks at the White House Office of Science and Technology Policy and

at the United Nations on Data Mining for counter-terrorism. She has been an instructor at AFCEA’s (Armed Forces

Communications and Electronics Association) Professional Development Center since 1998 with students from

the DoD, DHS, FBI and the Intelligence Community. She served on panels for the Air Force Scientific Advisory

Board and the National Academy of Sciences including one on protecting children from inappropriate content on

the Internet chaired by Hon. Dick Thornburgh (former US Attorney General) in 2000. During her six years at UTD,

Dr. Thuraisingham has established and leads a strong research program in Assured Information Sharing and Data

Mining with funding from agencies such as NSF, AFOSR, IARPA, NGA, NASA, ONR, ARO and NIH as well as

corporations such as Raytheon Inc. She teaches courses in data and applications security, trustworthy semantic

services and digital forensics and collaborates with the DFW corporations as well as North Texas Regional

Computer Forensics Laboratory for student projects.

Dr. Thuraisingham is the founding president of “Bhavani Security Consulting, LLC” a company providing services in

consulting and training in Information Technology to the US federal government. She is also the founder and a

member of the board of directors of “Infosec Analytics, LLC”, a spin-off company from UTD developing tools in

malware detection and information sharing. She was educated in the United Kingdom both at the University of

Bristol and the University of Wales with degrees in Mathematics and Computer Science and she recently

completed a Certificate in Terrorism Studies from St. Andrews University, Scotland.


19

Dr. Hsinchun Chen

Director, Artificial Intelligence Lab, University of Arizona; IEEE/AAAS Fellow Website: http://mis.eller.arizona.edu/faculty/hchen.asp

09:00-10:00 Tuesday, 13 September 2011 Room: Socratis Chair: Nasrullah Memon

"Dark Web: Exploring and Mining the Dark Side of the Web"

Abstract

This talk will review the emerging research in Terrorism Informatics based on a web mining perspective. Recent

progress in the internationally renowned Dark Web project will be reviewed, including: deep/dark web spidering

(web sites, forums, Youtube, virtual worlds), web metrics analysis, dark network analysis, web-based authorship

analysis, and sentiment and affect analysis for terrorism tracking. In collaboration with selected international

terrorism research centers and intelligence agencies, the Dark Web project has generated one of the largest

databases in the world about extremist/terrorist-generated Internet contents (web sites, forums, blogs, and

multimedia documents). Dark Web research has received significant international press coverage, including:

Associated Press, USA Today, The Economist, NSF Press, Washington Post, Fox News, BBC, PBS, Business Week,

Discover magazine, WIRED magazine, Government Computing Week, Second German TV (ZDF), Toronto Star, and

Arizona Daily Star, among others. Recent Dark Web research includes: (1) epidemiological and social network

modeling of internet radicalization and violent intents; (2) Dark Web Forum Portal and Video Portal for

researchers and analysts; and (3) Geopolitical Web research of social media and news tracking for multi-cultural

at-risk regions.

Hsinchun Chen, Ph.D. (Biosketch)

Dr. Hsinchun Chen is McClelland Professor of Management Information Systems at the University of Arizona. He

received the B.S. degree from the National Chiao-Tung University in Taiwan, the MBA degree from SUNY Buffalo,

and the Ph.D. degree in Information Systems from the New York University. Dr. Chen had served as a Scientific

Counselor/Advisor of the National Library of Medicine (USA), Academia Sinica (Taiwan), and National Library of

China (China). Dr. Chen is a Fellow of IEEE and AAAS. He received the IEEE Computer Society 2006 Technical

Achievement Award and the INFORMS Design Science Award in 2008. He has the h-index of 56. He is

author/editor of 20 books, 25 book chapters, 210 SCI journal articles, and 140 refereed conference articles

covering Web computing, search engines, digital library, intelligence analysis, biomedical informatics,

data/text/web mining, and knowledge management. His recent books include: Infectious Disease Informatics

(2010); Mapping Nanotechnology Knowledge and Innovation (2008), Digital Government: E-Government

Research, Case Studies, and Implementation (2007); Intelligence and Security Informatics for International

Security: Information Sharing and Data Mining (2006); and Medical Informatics: Knowledge Management and

Data Mining in Biomedicine (2005), all published by Springer. Dr. Chen was ranked #8 in publication productivity

in Information Systems (CAIS 2005) and #1 in Digital Library research (IP&M 2005) in two bibliometric studies. He

is Editor in Chief (EIC) of the new ACM Transactions on Management Information Systems (ACM TMIS) and

Springer Intelligence and Security Informatics (ISI) Journal, and the Associate EIC of the IEEE Intelligent Systems.

He serves on ten editorial boards including: ACM Transactions on Information Systems, IEEE Transactions on

Systems, Man, and Cybernetics, Journal of the American Society for Information Science and Technology, Decision

Support Systems, and International Journal on Digital Library. He has been an advisor for major NSF, DOJ, NLM,


20

DOD, DHS, and other international research programs in digital library, digital government, medical informatics,

and national security research. Dr. Chen is founding director of Artificial Intelligence Lab and Hoffman E-

Commerce Lab. The UA Artificial Intelligence Lab, which houses 20+ researchers, has received more than $30M in

research funding from NSF, NIH, NLM, DOD, DOJ, CIA, DHS, and other agencies (90 grants, 40 from NSF). Dr. Chen

has also produced 25 Ph.D. students who are placed in major academic institutions around the world. The

Hoffman E-Commerce Lab, which has been funded mostly by major IT industry partners, features one of the most

advanced e-commerce hardware and software environments in the College of Management. Dr. Chen is

conference co-chair of ACM/IEEE Joint Conference on Digital Libraries (JCDL) 2004 and has served as the

conference/program co-chair for the past eight International Conferences of Asian Digital Libraries (ICADL), the

premiere digital library meeting in Asia that he helped develop. Dr. Chen is also (founding) conference co-chair of

the IEEE International Conferences on Intelligence and Security Informatics (ISI) 2003-present. The ISI conference,

which has been sponsored by NSF, CIA, DHS, and NIJ, has become the premiere meeting for international and

homeland security IT research. Dr. Chen’s COPLINK system, which has been quoted as a national model for public

safety information sharing and analysis, has been adopted in more than 3500 law enforcement and intelligence

agencies. The COPLINK research had been featured in the New York Times, Newsweek, Los Angeles Times,

Washington Post, Boston Globe, and ABC News, among others. The COPLINK project was selected as a finalist by

the prestigious International Association of Chiefs of Police (IACP)/Motorola 2003 Weaver Seavey Award for

Quality in Law Enforcement in 2003. COPLINK research has recently been expanded to border protection

(BorderSafe), disease and bioagent surveillance (BioPortal), and terrorism informatics research (Dark Web),

funded by NSF, DOD, CIA, and DHS. In collaboration with selected international terrorism research centers and

intelligence agencies, the Dark Web project has generated one of the largest databases in the world about

extremist/terrorist-generated Internet contents (web sites, forums, blogs, and multimedia documents). Dark Web

research supports link analysis, content analysis, web metrics analysis, multimedia analysis, sentiment analysis,

and authorship analysis of international terrorism contents. The project has received significant international

press coverage, including: Associated Press, USA Today, The Economist, NSF Press, Washington Post, Fox News,

BBC, PBS, Business Week, Discover magazine, WIRED magazine, Government Computing Week, Second German

TV (ZDF), Toronto Star, and Arizona Daily Star, among others. Dr. Chen is also a successful entrepreneur. He is the

founder of the Knowledge Computing Corporation (KCC), a university spin-off IT company and a market leader in

law enforcement and intelligence information sharing and data mining. KCC was acquired by a major private

equity firm for $40M in the summer of 2009 and merged with I2, the industry leader in crime analytics. Dr. Chen

has also received numerous awards in information technology and knowledge management education and

research including: AT&T Foundation Award, SAP Award, the Andersen Consulting Professor of the Year Award,

the University of Arizona Technology Innovation Award, and the National Chiao-Tung University Distinguished

Alumnus Award. He was also named Distinguished Alumnus by SUNY Buffalo. Dr. Chen had served as a keynote or

invited speaker in major international security informatics, medical informatics, information systems, knowledge

management, and digital library conferences and major international government meetings (NATO, UN, EU, FBI,

CIA, DOD, DHS). He is a Distinguished/Honorary Professor of several major universities in Taiwan and China

(including Chinese Academy of Sciences and Shanghai Jiao Tong University) and was named the Distinguished

University Chair Professor of the National Taiwan University. Dr. Chen had recently served as the Program Chair of

the International Conference on Information Systems (ICIS) 2009, held in Phoenix, Arizona.


21

Patricia L. Brantingham

Director, ICURS Institute University Professor of Computational Criminology, School of Criminology; Simon Fraser University Website: http://www.sfu.ca/icurs/members.html

10:00-11:00 Wednesday, 14 September 2011 Room: Socratis Chair: Uffe Kock Wiil

"Computational Criminology"

Abstract

Crime and terrorism in the 21st century call for advancement in the modeling and simulation of criminal events in

the complex environment. This presentation reviews the field of computational criminology, an emerging blend of

criminology, computer science and applied mathematics. Modern concerns about public safety and security

include a focus on a range of events from less serious everyday crimes like shoplifting through to personal violent

crimes like homicide and ultimately to terrorism. Underlying all of these events is a decision process or chain of

steps in target identification, steps that focus first on rough and vague decisions and move towards the precise.

Minor and major crimes involve people moving about in a known space in identifiable patterns to find

weaknesses.

The field of computational criminology involves using computational power to identify: (1) patterns and emerging

patterns; (2) crime generators and crime attractors; (3) terrorist, organized crime and gang social and spatial

networks as well as co-offending networks; and, (4) cybercrime. Algorithms are developed using computational

topology, hyper-graphs, SNA, KDD, agent based simulations, dynamic information systems analysis and more.

This presentation is designed to provide information about crime pattern theory, pattern identification and

research in computational criminology. It is designed to identify research areas of potential interest to

participants at the conference. Computational criminology is an emerging field that is opening doors for new and

innovative approaches. The presentation will show how people (offenders and non-offenders) move about in

space with a routine time and location chronologies (in physical and internet space). Anchor points develop;

primary routes emerge. Navigation and rules for navigation shape both commuting patterns; shopping patterns;

web sites-forums, blogs, and shared information; and crime and terrorism patterns. Crime and terrorism are not

random; they appear to follow rules similar to those in many types of non-criminal behavior. Better

understanding these rules and developing appropriate algorithms for identifying risky areas is the continuing

focus of computational criminology.

Patricia Brantingham, Ph.D.

Patricia Brantingham is the RCMP University Professor of Computational Criminology and the founder and

Director of the Institute of Canadian Urban Research Studies (ICURS). Dr. Brantingham is also a professor in the

School of Criminology and an associate member of the School of Computing Science at Simon Fraser University.

ICURS has memoranda of understanding for joint research with 13 university research centers that range

internationally from Australia to the United Kingdom and to Chile. There are special research arrangements with

the RCMP, government ministries and other institutes and research centers at Simon Fraser University. Her goal is

to continue interdisciplinary research between computing science, applied mathematics and criminology to

address the complex dynamics of urban living and associated crime and safety.


22

ICURS is the archive for police and urban data for British Columbia, providing a research base for collective efforts

to model better crime occurrences, offender activity patterns as well as develop effective tools for policy and

planning in the justice system. The archive provides the basis for new approaches to understanding crime

patterns.

ICURS has 28 university members. Research topics at ICURS include: computational criminology, crime analysis

and criminal justice system policy analysis. Specific research use mathematical and computing science techniques

such as: Policy Simulation Models; Crime Pattern Theory (perception, cognition, similarity and classification

algorithms); Computational Topology (crime analysis, latent links, hot spots); Data Quality (fuzzy logic, dynamic

acceptable ranges of values; software agents; statistical techniques); Data Mining (algorithms relevant to Public

Safety, the Justice System and Emergency Preparedness (decision trees, neural networks, SNA); Urban

Morphology (directionality, navigation, road networks, connectivity; primitive rule models)

Professor Brantingham developed, with her husband Paul Brantingham, Crime Pattern Theory and Environmental

Criminology as well as major research on patterns of individual and aggregate crime patterns. She has over 10

books and monographs and 100 articles.

OSINT-WM 2011 – Keynote Speeches

23

Gerhard Wagner

European Commission - Joint Research Centre Institute for the Protection & Security of the Citizen (IPSC) Global Security and Crisis Management Unit

11:00-12:00 Monday, 12 September 2011 Room: Solon Chair: Reda Alhajj

"Desktop Text Mining for Open Source Intelligence"

Abstract

The use of the Internet permeates more and more areas of our daily life. People share and use information in

forums and social networks in ways unimaginable just a few years ago. This fantastic medium with global reach,

easy access and fast information propagation is, unfortunately, also often a tool for illegal activities. Especially in

areas like commercial fraud a huge increase of criminal acts can be observed.

To meet these challenges, law enforcement authorities need to build and reinforce capabilities in the domain of

OSINT. Characteristics of the Internet like the volume of available data, the plurality of languages and the speed of

change make it difficult for public authorities to keep pace.

The OPTIMA group of the Joint Research Centre (JRC) does research in the field of open source information

extraction and text mining. As part of this research it develops tools which can be used in operational settings. As

part of its mission to provide scientific and technical support to EU policies, these tools are provided to law

enforcement authorities in Member States of the European Union.

The first part of the talk will give an overview of our research in information extraction and text mining.

Furthermore, our desktop text mining tool, EMM OSINT Suite, which is in use by law enforcement authorities in

Europe, will be presented. Our "lessons learned" with relevance to the research community will be shared. The

second part will discuss the impact of general trends in internet technology and research on our work now and in

the future.

Biographical details

Gerhard Wagner works for the European Commission's Joint Research Centre in Ispra, Italy. He belongs to the

Open Source Text Information Mining and Analysis (OPTIMA) research group. The OPTIMA research group

belongs to the GlobeSec unit of the Institute for the Protection and Security of the Citizen (IPSC).

Gerhard is responsible for the design and development of the EMM OSINT Suite software which is based on

OPTIMA's research results in Text Mining and Information Extraction. By providing this tool to OSINT analysts in

law enforcement and public institutions a quick transfer of research results in practical use is achieved. This

supports the EU policies to increase the capabilities in the field of OSINT across Europe.

Before joining the European Commission, Gerhard worked as as a IT-consultant in the private industry helping

clients embrace distributed systems based on Internet standards. He holds a Master's degree in Informatics

(Diplom-Informatiker) from the University of Koblenz-Landau, Germany.

OSINT-WM 2011 - Keynote Speeches

24

Joe Parry

Head Visual and Design Analysis Cambridge UK

12:00-13:00 Monday, 12 September 2011 Room: Solon Chair: Gerhard Wagner

"Visualisation for Decision-Makers"

Abstract

How should we communicate the results of our analysis to decision-makers? This talk will argue that

visualisations and infographics can play a very important role, not only for analytical processes of data analysts,

but also for explaining our analytical results to decision-makers at the highest of levels. Some care must be taken

to avoid various common pitfalls when designing such visuals: the talk will cover bad examples as well as good in

order to uncover design guidelines and practical advice for those wishing to pursue a more visual approach.

Biographical Details

Joe Parry has worked on visualization and graphics systems for intelligence work for the last thirteen years.

During that time he has done software development, design, systems architecture and more experimental

research projects. He has worked with the intelligence communities of the UK, US and other countries. His

recent professional interests include social network analysis and web-based visualisation systems. This year he

started his own software company which is producing what he hopes will be part of a new wave of investigation

software.


25

Roman Yangarber

Professor Department of Computer Science University of Helsinki Website: http://www.cs.helsinki.fi/Roman.Yangarber

10:00-11:00 Tuesday, 13 September 2011 Room: Solon Chair: Triant Flouris

"Discovering complex networks of events and relations in News Surveillance"

Abstract

When faced with the need for analyzing vast streams of on-line text data, we require methods that go well

beyond keyword-based queries.

Large-scale surveillance of on-line news streams requires an understanding of the text on a deeper level than is

afforded by names and keywords alone, it becomes essential to understand complex interactions among the

entities relationships and events.

We will discuss the interplay between two aspects of this kind of deep analysis:

a. how to extract knowledge from text "upstream” and b. how that knowledge may be utilized in downstream applications.

We will use as live examples several systems in different application domains: cross-border crime and security,

epidemiological surveillance, and business intelligence.

We will present the experiences from the development of such systems and from interaction with real-world

users, who are experts in their respective domains.

Brief Bio

Roman Yangarber obtained his MS and PhD (2000) at New York University (NYU), in Computer Science with

concentration on Natural Language Processing. Prior to moving to Helsinki, Finland in 2004, he held the post of

Assistant Research Professor at the Courant Institute of Mathematical Sciences, NYU, where he specialized in

computational linguistics, focusing on machine learning algorithms for acquisition of semantic knowledge from

plain text. In particular, the focus is on obtaining knowledge from large news streams. Roman Yangarber has

been an organizer, editorial board member, and program committee member for a large number scientific

events, conferences, organizations, and journals, and has served on evaluation panels for the US National Science

Foundation. He has over 60 publications in international conferences, journals, and book chapters. Since coming

to the Department of Computer Science, University of Helsinki, he has held the post of Acting Professor, and at

present leads two nationally-funded research projects, and participates in two others (EU- and nationally-funded),

in which he supervises MS and PhD students, in text mining and computational linguistics. He is Principal

Investigator of the PULS Project: text analysis for surveillance of news media.

EISIC 2011 – Detailed Program

26

Gianluca Sensidoni

Manager Intelligence Division Expert System s.P.A Modena – Italy

11:30-12:30 Wednesday, 14 September 2011 Room: Solon Chair: Panagiotis Karampelas

"Who, What, When, Where and How: Semantics Help Connect the Dots"

Abstract

Intelligence analysts must be able to foresee or imagine how one or more evidence streams, often with many

missing elements, overlap or may fold into one another to form a complete picture. But the reality is, even really

good human analysts cannot juggle more than 50-60 data points—events, names, places, times, dates and all the

connections between them—at once.

Good technology that mimics the same approach has no such limitations. Allowing such a system to build the

larger picture—to connect the dots—through trial and error, quickly and repeatedly with an analyst reviewing

that picture for plausibility, internal consistency and impact, is a more effective approach than adding a small

army of new analysts to the problem.

Organizations are increasingly turning to semantic technology to help them manage, integrate and gain

intelligence from the multiple streams of unstructured data and information they manage daily. Unlike keyword

and statistic/algorithm based technologies, semantic technology is unique in its ability to go beyond the limits of

other technologies and approach the automatic understanding of a text. While semantic web, or Web 3.0

technology is quickly eclipsing first-generation, keyword based index search systems and second generation social

media interaction, the transition is far from complete. Nowhere is this technology more useful than in the

national intelligence space. In this session you will learn:

- How to leverage semantic technology to bring information and intelligence from around the web, inside your operation.

- How semantic technology can improve on your traditional data management methods through better data identification, classification, mapping and evaluation.

- Semantic Web technology can provide a window into how people, places, things and events come together into both threats and opportunities.

- How adding a semantic layer to your existing intelligence platform supports the strategic process of intelligence gathering and data analysis.

- How semantics can help in cyber security and threat detection with semantic-based classification, filtering, data mining, and meta-tagging to expose non-obvious relationships.

Short biography:

Gianluca Sensidoni is the Manager, Intelligence Division of Expert System, the leading semantic software provider.

Gianluca is focused on managing partnerships and projects for Homeland Security and Open Source Intelligence

where he has directly contributed to successful software implementations for the public administration market

and for leading international companies in the oil and energy, automotive and security industries. His experience

includes an extensive background in technology management and overseeing quality control and customer

satisfaction throughout the project lifecycle.


27

Prior to his tenure at Expert System, Gianluca was a Technical Project Leader at Siemens Informatica SpA where

he led business planning and coordination efforts for strategic consulting and technology projects in the areas of

customer relationship management, enterprise application integration, knowledge management, remote device

controlling, lawful interception management, and trouble ticket and workforce management. Gianluca holds a

Masters in eBusiness from the CEFRIEL (Politecnico di Milano). He also received a Masters from the ISCTI

(Comunication Ministry) and holds a degree in Engineering Management from the University of Rome Tor

Vergata.


28

Monday, September 12, 2011 08:00-09:00 Registration 09:00-09:30 Opening: Welcome Session Room: Socratis 09:30-10:30 Keynote: Data Mining for Malicious Code Detection and Security Applications Speaker: Bhavani Thuraisingham, Room: Socratis, Chair: Panagiotis Karampelas 10:30-11:00 Coffee Break / Poster Session 11:00-13:00 Session: Terrorism Informatics I

Ro

om

Socr

atis

Chair: Hsinchun Chen

Engineering Situation Analysis Decision Support Systems Roozbeh Farahbod, Vladimir Avram, Uwe Glässer, and Adel Guitouni

Law Enforcement Ontology for Identification of Related Information of Interest Across Free Text Docouments James R. (Bob) Johnson, Anita Miller, and Latifur Khan

Cybercrime: Awareness and Fear: Slovenian Perspectives Gorazd Mesko and Igor Bernik

U.S. and EU Legislation on Cybercrime Mike Redford

11:00-13:00 Session: Computational Criminology I

Ro

om

Pla

ton

Chair: Panagiotis Karampelas

Testing Elderly People’s Fear of Crime Using a Virtual Environment Andrew J. Park, Eunju Hwang, Valerie Spicer, Connie Cheng, Patricia L. Brantingham, and Andrew Sixsmith

Analyzing an Offender’s Journey to Crime: A Criminal Movement Model (CriMM) Natalia Iwanski, Richard Frank, Vahid Dabbaghian, Andrew Reid,and Patricia Brantingham

The Online Institution: Psychiatric Power as an Explanatory Model for the Normalisation of Radicalisation and Terrorism Robyn Torok

Finding Criminal Attractors Based on Offenders’ Directionality of Crimes Richard Frank, Martin A. Andresen, Connie Cheng, and Patricia Brantingham

13:00-14:00 Lunch Break Vergina, 1

st Floor

14:00-15:30 Session: Terrorism Informatics II

Ro

om

Socr

atis

Chair: Bhavani Thuraisingham

On Refining Real-Time Multilingual News Event Extraction through Deployment of Cross-Lingual Information Fusion Techniques Jakub Piskorski, Jenya Belayeva, and Martin Atkinson

CrimeFighter Investigator: A Novel Tool for Criminal Network Investigation Rasmus Rosenqvist Petersen and Uffe Kock Wiil

The Dark Net: Self-Regulation Dynamics of Illegal Online Markets for Identities and Related Services Frank Wehinger

Toward Systematic Integration of Security Policies into Web Services Azzam Mourad, Hadi Otrok, and Sara Ayoubi

14:00-15:30 Session: Computational Criminology II

Ro

om

Pla

ton

Chair: Uwe Glasser

The Distribution of Event Complexity in the British Columbia Court System: An Analysis Based on the CourBC Analytical System Paul Brantingham, Amir H. Ghaseminejad, and Patricia Brantingham

Web Network and Content Changes Associated with the 2011 Muslim Middle-East and North African Early Uprisings: A Naturalistic Field Experiment James A. Danowski and Han Woo Park

An Approach to Intelligent Information Fusion in Sensor Saturated Urban Environments Charalampos Doulaverakis, Nikolaos Konstantinou, Thomas Knape, Ioannis Kompatsiaris, and John Soldatos

15:30-16:00 Coffee Break / Poster Session 16:00-17:00 Session: Terrorism Informatics III

Ro

om

Socr

atis

Chair: Panagiotis Kalagiakos

Capture-Recapture Method for Estimating the Number of Problem Drug Users: The Case of the Netherlands M. Temürhan, R. Meijer, S. Choenni, M. van Ooyen-Houben, G. Cruts, and M. van Laar

Terrorism, Threat and Time: The Mediating Effect of Terrorist Threat on Public Willingness to Forego Civil Liberties Dale Elvy

16:00-17:00 Session: Digital Forensics

Ro

om

Pla

ton

Chair: Clive Best

Digital Forensic Readiness: An Insight into Governmental and Academic Initiatives Antonis Mouhtaropoulos, Marthie Grobler and Chang-Tsun Li

Trees Cannot Lie: Using Data Structures for Forensics Purposes Peter Kieseberg, Sebastian Schrittwieser, Martin Mulazzani, Markus Huber, and Edgar Weippl


29

Tuesday, September 13, 2011 08:00-09:00 Registration 09:00-10:00 Keynote: Dark Web: Exploring and Mining the Dark Side of the Web

Speaker: Hsinchun Chen, Room: Socratis, Chair: Nasrullah Memon

10:00-11:00 Session: Terrorism Informatics IV

Ro

om

Socr

atis

Chair: Anita Miller

Minimizing the Average Number of Inspections for Detecting Rare Items in Finite Populations André J. Hoogstrate and Chris A.J. Klaassen

A Computationally-Enabled Analysis of Lashkar-e-Taiba Attacks in Jammu and Kashmir A. Mannes, J. Shakarian, A. Sliva, and V.S. Subrahmanian

Forecasting the Locational Dynamics of Transnational Terrorism: A Network Analytic Approach Bruce A. Desmarais and Skyler J. Cranmer

10:00-11:00 Session: Terrorism Informatics V

Ro

om

Pla

ton

Chair: Pontus Svenson

Challenges in Open Source Intelligence Clive Best

Web Analytics for Security Informatics Kristin Glass and Richard Colbaugh

11:00-11:30 Coffee Break 11:30-13:00 Session: Social Networks Analysis I

Ro

om

Socr

atis

Chair: Martin Atkinson

A Method for Community Detection in Uncertain Networks Johan Dahlin and Pontus Svenson

Strategies to Disrupt Online Child Pornography Networks Kila Joffres, Martin Bouchard, Richard Frank, and Bryce Westlake

Multi-relational Network Analysis for Covert Organizations Duo-Yong Sun, Shu-Quan Guo, Xiao-Peng Liu, and Jiang Li

11:30-13:00 Session: Information Sharing and Data/Text Mining

Ro

om

Pla

ton

Chair: Andre Hoogstrate

Evolution of Terrorist Network Using Clustered Approach: A Case Study Sarwat Nizamani and Nasrullah Memon

Harvesting Information from Heterogeneous Sources Pir Abdul Rasool Qureshi, Nasrullah Memon, Uffe Kock Wiil, Panagiotis Karampelas,and Jose Ignacio Nieto Sancheze

Statistical Model for Content Extraction Pir Abdul Rasool Qureshi and Nasrullah Memon


st Floor

14:00-15:00 Session: Infrastructure Protection and Information Systems Security I

Ro

om

Socr

atis

Chair: Richard Colbaugh

Public-Private Resilience: State vs. Private Conceptions of Security Risk Management in Danish Cyber-based Critical Infrastructures Søren Matz

Change Blindness in Intelligence: Effects of Attention Guidance by Instructions Ulrik Spak and Mats Lind

14:00-15:00 Session: Computational Criminology III

Ro

om

Pla

ton

Chair: Patricia Brantingham

Localisation of Threat Substances in Urban Society—LOTUS: Tomorrow’s System for Finding Illicit Manufacturing of Drugs and Home Made Explosives Hans Önnerud, Sara Wallin, and Henric Östmark A Psychological Perspective on Virtual Communities Supporting Terrorist and Extremist Ideologies as a Tool for Recruitment Lorraine Bowman-Grieve Extraction and Recognition of the Vehicle License Plate for Passing under Outside Environment Seyed Hamidreza Mohades Kasaei and Seyed Mohammadreza Mohades Kasaei

15:00-15:30 Coffee Break 15:30-16:30 Session: Infrastructure Protection and Information Systems Security II

Ro

om

Socr

atis

Chair: Lorraine Bowman-Grieve

Mechanisms of Polymorphic and Metamorphic Viruses Xufang Li, Peter K.K. Loh, and Freddy Tan

Global Defense Policy System of Laws: Graph Theory Approach to Balance of Power Theory Newton Howard

Automation Possibilities in Information Security Management Raydel Montesino and Stefan Fenz

18:00-24:00 Social Event: Buses to Piraeus Port / Reception & Gala Dinner on Cruise


30

Wednesday, September 14, 2011 09:30-10:00 Registration 10:00-11:00 Keynote: Computational Criminology

Speaker: Patricia L. Brantingham, Room: Socratis, Chair: Uffe Kock Wiil

11:00-11:30 Coffee Break 11:30-13:00 Session: Social Networks Analysis II

Ro

om

Socr

atis

Chair: Triant Flouris

Detecting Hidden Friendship in Online Social Network Guido Barbian

Extraction Distractions: A Comparison of Social Network Model Construction Methods James F. Morris, Keith Anthony, Kevin T. Kennedy and Richard F. Deckro

Social Tension Detection and Intention Recognition Using Natural Language Semantic Analysis: On the Material of Russian-Speaking Social Networks and Web Forums Olga Vybornova, Ivan Smirnov, Ilya Sochenkov, Alexander Kiselyov, Ilya Tikhomirov, Natalya Chudova, Yulia Kuznetsova, and Gennady Osipov

The Need to Introduce a New Tactical Telecommunication System in the Slovenian Army Mihael Plevnik and Iztok Podbregar

11:30-13:00 Session: Enterprise Risk Management and Information Systems Security

Ro

om

Pla

ton

Chair: Guido Barbian

Two Novel 802.1x Denial of Service Attacks Abdulrahman Alruban and Emlyn Everitt

SVM Based Scheme for Predicting Number of Zombies in a DDoS Attack P.K. Agrawal, B.B. Gupta, and Satbir Jain

A Comparative Study of Distributed Denial of Service Attacks, Intrusion Tolerance and Mitigation Techniques Anupama Mishra, B.B. Gupta, and R.C. Joshi


st Floor

14:00-15:00 Closing Session: Paper Awards Room Socratis

Monday, September 12, 2011 Coffee breaks

EISIC 2011 Poster Session

Foye

r

Analysis of the Financial Crisis of 2007-2009 and Its Impact on Terrorism Irina Sakharova

Decision Support System for Intelligence Analysts Peter Eachus and Ben Short

Information Fusion for Port Security Decision Support Robert Forsgren, Andreas Horndahl, Pontus Svenson, and Edward Tjörnhammar

The Media: A Terrorist Tool or a Silent Ally? Chaditsa Poulatova

Video Analytics: Opportunity or Spoof Story? The State of the Art of Intelligent Video Surveillance Massimiliano Argiolu and Fabio Bisogni

OSINT-WM 2011 – Detailed Program

31

Monday, September 12, 2011 08:00-09:00 Registration 09:00-09:30 Opening: Welcome Session Room: Socratis 09:30-10:30 Keynote: Data Mining for Malicious Code Detection and Security Applications Speaker: Bhavani Thuraisingham, Room: Socratis, Chair: Panagiotis Karampelas 10:30-11:00 Coffee Break / Poster Session 01:00-12:00 OSINT-WM 2011 Inaugural Talk: Desktop Text Mining for Open Source Intelligence Speaker: Gerhard Wagner, Room: Solon, Chair: Reda Alhajj 12:00-13:00 Keynote: Visualisation for Decision-Makers Speaker: Joe Parry, Room: Solon, Chair: Gerhard Wagner 13:00-14:00 Lunch Break Vergina, 1

st Floor

14:00-15:30 Session: Investigative Methods/Case Studies

Ro

om

Solo

n

Chair: Bénédicte Goujon

Analysis of Competing Hypothesis for Investigating Lone Wolf Terrorist Lisa Kaati and Pontus Svenson

Dealing with Lashkar-e-Taiba: A Multi-player Game-Theoretic Perspective John P. Dickerson, Aaron Mannes, and V.S. Subrahmanian

Node Removal in Criminal Networks Rasmus Rosenqvist Petersen, Christopher J. Rhodes, and Uffe Kock Wiil

A Framework for Internal Identity Theft Prevention in Retail Industry Mahmood Shah and Romanus Izuchukwu Okeke

15:30-16:00 Coffee Break / Poster Session 16:00-17:00 Session: Text Mining

Ro

om

Solo

n

Chair: Lisa Kaati

Text Mining for Opinion Target Detection Bénédicte Goujon

Agile Sentiment Analysis of Social Media Content for Security Informatics Applications Richard Colbaugh and Kristin Glass

Tuesday, September 13, 2011 08:00-09:00 Registration 09:00-10:00 Keynote: Dark Web: Exploring and Mining the Dark Side of the Web

Speaker: Hsinchun Chen, Room: Socratis, Chair: Nasrullah Memon

10:00-11:00 Keynote: Discovering complex networks of events and relations in News Surveillance

Speaker: Roman Yangarber, Room: Solon, Chair: Triant Flouris

11:00-11:30 Coffee Break 11:30-13:00 Session: Social Network Analysis

Ro

om

Solo

n

Chair: Mehmood Hussain Shah

A System for Ranking Organizations Using Social Scale Analysis Sukru Tikves, Sujogya Banerjee, Hamy Temkit, Sedat Gokalp, Hasan Davulcu, Arunaba Sen, Steven Corman, Mark Woodward, Inayah Rochmaniyah, and Ali Amin

Changes in Muslim Nations’ Centrality Mined from Open-Source World Jihad News: A Comparison of Networks in Late 2010, Early 2011, and Post-Bin Laden James A. Danowski

Trust Centrality in Online Social Networks Guido Barbian

A Recommendation Model For Social Resource Sharing Systems Based on Tripartite Graph Clustering Yonca Üstünbas and Sule Gündüz Ögüdücü


st Floor

14:00-15:00 Session: Web Mining I

Ro

om

Solo

n

Chair: James Danowski

Retrieving Representative Structures from XML Documents Using Clustering Techniques Yin-Fu Huang and Po-Lun Liou

Focused Crawling Using Name Disambiguation on Search Engine Results Nicolas Martin and Khaled Khelif

15:00-15:30 Coffee Break

OSINT-WM 2011 – Detailed Program

32

15:30-16:30 Session: Web Mining II

Ro

om

Solo

n

Chair: Uffe Kock Wiil

Detecting Emergent Conflicts through Web Mining and Visualization Fredrik Johansson, Joel Brynielsson, Pontus Hörling, Michael Malm, Christian Mårtenson, Staffan Truvé, and Magnus Rosell

IQ—A Web Mining Tool Clive Best and David Horby

A Hybrid Framework for Building a Web-Page Recommender System Vasileios Anastopoulos, Panagiotis Karampelas, Panagiotis Kalagiakos, and Reda Alhajj

15:30-16:30 Session: OSINT-WM Industry Session

Ro

om

Pla

ton

Chair: Federico Neri & Alessandro Zanasi

Virtual Weapons for Real Wars: Text Mining Social Media in Exotic Languages and the EU Security Research Effort Alessandro Zanasi

Technology vs. Infoxication - the Challenges of Obtaining Intelligence from the Buzz Alejandro Fernández-Cernuda Díaz

18:00-24:00 Social Event: Buses to Piraeus Port / Dinner on Cruise

Wednesday, September 14, 2011 09:30-10:00 Registration 10:00-11:00 Keynote: Computational Criminology

Speaker: Patricia L. Brantingham, Room: Socratis, Chair: Uffe Kock Wiil

11:00-11:30 Coffee Break 11:30-12:30 Keynote: Who, What, When, Where and How: Semantics Helps Connect the Dots

Speaker: Gianluca Sensidoni, Room: Solon, Chair: Panagiotis Karampelas

12:30-13:00 Session: Open Source Intelligence

Ro

om

Solo

n Chair: Joel Brynielsson

Interestingness—Directing Analyst Focus to Significant Data M. Bourassa, J. Fugère, and D. Skillicorn

.


st Floor

14:00-15:00 Closing Session: Paper Awards Room Socratis

EISIC 2011 – Conference Abstracts

33

Session: Terrorism Informatics I

11:00-13:00 Monday, September 12, 2011 Room: Socratis Chair: Hsinchun Chen

Paper I Full

Engineering Situation Analysis Decision Support Systems Roozbeh Farahbod, Vladimir Avram, Uwe Glässer, and Adel Guitouni This paper explores a new approach to model-driven engineering (MDE) of situation analysis decision support systems for Marine Safety & Security Operations. Realistic situation analysis scenarios routinely deal with complex dynamic situations involving multiple mobile agents and events distributed in space and time. The work presented here builds on Abstract State Machine (ASM) modeling paired with CoreASM tool support to analyze and validate ASM models experimentally. The proposed approach facilitates analysis of the problem space and supports reasoning about design decisions and conformance criteria so as to ensure they are properly established and well understood prior to building the system. We provide an extension to CoreASM for the Marine Safety & Security domain, specifically for capturing rendezvous scenarios and illustrate the application of the proposed modeling approach using sample scenarios.

Paper II Full

Law Enforcement Ontology for Identification of Related Information of Interest Across Free Text Docouments James R. (Bob) Johnson, Anita Miller, and Latifur Khan A law enforcement ontology that incorporates extensions such as Thesauri, specialized rules, abductive hypothesis and process modeling for expansion of extracted entity phrases, is described. The ontology is part of a project to facilitate automated, reliable identification of related information of interest found in law enforcement-related free-text documents. Results of testing on a complex, real-world law enforcement dataset show that the addition of the ontology significantly improves the expanded entity phrase extraction used for the identification of related information of interest in free-text documents and merits additional expansion. Future work will add semantic inference and insertion functions and extend the specialized rules and abductive hypotheses components.

Paper III Full

Cybercrime: Awareness and Fear: Slovenian Perspectives Gorazd Mesko and Igor Bernik In this paper the Slovene perspective on the perception of cybercrime in terms of awareness and fear is presented. On the basis of theoretical knowledge the online survey has been prepared and conducted. The results of the perception of cyber crime and its understanding have been analyzed. The results and their interpretations are the basis for further work with the cyberspace users. Based on the results some guidelines on how to raise awareness, reduce risk and thereby reduce the fear of cyber crime in Slovenia are given

Paper IV Full

U.S. and EU Legislation on Cybercrime Mike Redford The advent of Internet technologies has created global cybercrime problems. Cybercrimes affect all of us at the time when online transactions are in billions of dollars per year and cybercriminals are costing e-commerce billions of dollars in damages [1]. These are the components of cybercrime through which cybercriminals have perpetrated these areas: hacking, distributed denial-of-service, phishing, spoofing, identity theft and credit card fraud which have increased in frequency over time. As e-commerce and online businesses are dominating today’s business world and as new technologies emerges cybercrime has a bigger impact on the global economy. The U.S. legal systems and law enforcement agencies seem to be lagging behind in their efforts to capture and prosecute cybercriminals. This paper reviews both U.S. and EU cyber legislations and how effective they are in controlling cybercrimes. The factors affecting U.S. from taking a leadership role in fighting cybercrime is reviewed. EU legislations are compared to see if U.S. can benefit from EU Convention approach.


34

Session: Computational Criminology I

11:00-13:00 Monday, September 12, 2011 Room: Platon Chair: Panagiotis Karampelas

Paper I Full

Testing Elderly People’s Fear of Crime Using a Virtual Environment Andrew J. Park, Eunju Hwang, Valerie Spicer, Connie Cheng, Patricia L. Brantingham, and Andrew Sixsmith The fear of crime refers to the fear of being a victim of potential crimes. This fear often restricts normal daily activities and lowers the quality of life. For elderly people, fear of crime has a practical effect on their activities. Thus, the study of the fear of crime has been one of the important subjects in the victimization study. However, since there was no common agreement on the definition of the fear of crime among researchers, the methodological issues of measuring the fear of crime have been debated for decades. The methods that are most frequently used in measuring fear of crime are victimization surveys and interviews. These methods have inherent limitations of measuring fear of crime particularly with elderly people. This paper explores a new way of measuring fear of crime using a virtual environment from the behavioural aspects. The case study shows the research experiments with the elderly people who make a choice of routes in the virtual environment that replicates the Vancouver Chinatown. The experimental results suggest that this new method of measuring fear of crime using a virtual environment has many benefits particularly when it is used with elderly people. The limitations of this method and the future research are discussed.

Paper II Full

Analyzing an Offender’s Journey to Crime: A Criminal Movement Model (CriMM) Natalia Iwanski, Richard Frank, Vahid Dabbaghian, Andrew Reid,and Patricia Brantingham In the current study we develop a Criminal Movement Model (CriMM) to investigate the relationship between simulated travel routes of offenders along the physical road network and the actual locations of their crimes in the same geographic space. With knowledge of offenders’ home locations and the locations of major attractors, we are able to model the routes that offenders are likely to take when travelling from their home to an attractor by employing variations of Dijkstra’s shortest path algorithm. With these routes plotted, we then compare them to the locations of crimes committed by the same offenders. This model was applied to five attractor locations within the Greater Vancouver Regional District (GVRD) in the province of British Columbia, Canada. Information about offenders in these cities was obtained from five years worth of real police data. After performing a small-scale analysis for each offender to investigate how far off their shortest path they go to commit crimes, we found that a high percentage of crimes were located along the paths taken by offenders in the simulations. Aggregate analysis was also performed to observe travel patterns in different areas of the cities and how they relate to the amount of crime in each neighborhood. The results are discussed in relation to both theory and potential policy implications.

Paper III Full

The Online Institution: Psychiatric Power as an Explanatory Model for the Normalisation of Radicalisation and Terrorism Robyn Torok While the use of the internet and social media as a tool for extremists and terrorists has been well documented, understanding the mechanisms at work has been much more elusive. This paper begins with a grounded theory approach guided by Foucault’s analytic framework on psychiatric power that utilizes both terrorism cases and extremist social media groups to develop an explanatory model of radicalization. Preliminary hypotheses are developed, explored and refined in order to develop a comprehensive model which is then presented. This model utilizes and applies concepts from Foucault’s psychiatric power including the use of discourse and networked power relations in order to normalize and modify thoughts and behaviors. The internet is conceptualized as an institution in which this framework of power operates and seeks to recruit and radicalize. Overall, findings suggest that psychiatric power is a well suited, yet partial model of explaining the process of online radicalization


35

Paper IV Full

Finding Criminal Attractors Based on Offenders’ Directionality of Crimes Richard Frank, Martin A. Andresen, Connie Cheng, and Patricia Brantingham According to Crime Pattern Theory, individuals all have routine daily activities which require frequent travel between several nodes, with each being used for a different purpose, such as home, work or shopping. As people move between these nodes, their familiarity with the spatial area around the nodes, as well as between nodes, increases. Offenders have the same spatial movement patterns and Awareness Spaces as regular people, hence according to theory an offender will commit the crimes in their own Awareness Space. This idea is used to predict the location of the nodes within the Awareness Space of offenders. The activities of 57,962 offenders who were charged or charges were recommended against them were used to test this idea by mapping their offense locations with respect to their home locations to determine the directions they move. Once directionality to crime was established for each offender, a unique clustering technique, based on K-Means, was used to calculate their Cardinal Directions through which the awareness nodes for all offenders were calculated. It was found that, by looking at the results of various clustering parameters, offenders tend to move towards central shopping areas in a city, and commit crimes along the way. Almost all cluster centers were within one kilometer of a shopping center. This technique of finding Criminal Attractors allows for the reconstruction of the spatial profile of offenders, which allows for narrowing the possible suspects for new crimes


36

Session: Terrorism Informatics II

14:00-15:30 Monday, September 12, 2011 Room: Socratis Chair: Bhavani Thuraisingham

Paper I Full

On Refining Real-Time Multilingual News Event Extraction through Deployment of Cross-Lingual Information Fusion Techniques Jakub Piskorski, Jenya Belayeva, and Martin Atkinson Nowadays, many influential security-related facts are reported multiple times by different sources and in different languages. Therefore, in the recent years, the research on advancing event extraction technology shifted from classical single-document extraction toward cross-document information aggregation and fact validation. However, relatively little work has been reported on cross-lingual information fusion in this area. This paper presents the results of some preliminary experiments on deploying cross-lingual information fusion techniques for refining the results of a large-scale multilingual news event extraction system. The first technique is based on fusing the responses of the mono-lingual event extraction systems, whereas the second one uses state-of-the-art machine translation to convert all news articles reporting on a given event into one common language and subsequently applies the corresponding mono-lingual event extraction system on the translated articles. An evaluation of the aforementioned techniques on a news article corpus, whose articles refer to 523 real-world crisis-related events (violent events, man-made and natural disasters), revealed that the descriptions of circa 10% of the events could be refined through fusing the event descriptions returned by the mono-lingual event extraction systems. The overall gain in recall and precision against the best mono-lingual system was 6,4% and 4,8% respectively. The second approach, based on machine translation, turned to perform significantly worse compared to the former technique and the best mono-lingual system (English).

Paper II Short

CrimeFighter Investigator: A Novel Tool for Criminal Network Investigation Rasmus Rosenqvist Petersen and Uffe Kock Wiil Criminal network investigation involves a number of complex tasks and faces many problems. Overall tasks include collection, processing, and analysis of information, in which analysis is the key to successful use of information; it transforms raw data into intelligence. Problems such as information abundance or scarcity and information complexity are typically resolved by adding more manpower resources, inhibiting information sharing. This paper presents a novel tool that supports a human-centered, target-centric model for criminal network investigation. The developed tool provides more comprehensive support for analysis tasks than existing tools.

Paper III Short

The Dark Net: Self-Regulation Dynamics of Illegal Online Markets for Identities and Related Services Frank Wehinger Identity data, e.g. data to gain online access to computers, bank accounts, and credit card data, are traded in online marketplaces. This paper investigates the functioning of illegal online markets. These markets lack state regulation and the means to enforce agreements and the paper shows that they use alternative mechanisms to create trust among market participants. The sales outlets of illegal online markets are able to self-regulate the market and should be considered as a major device that makes cyber crime profitable.

Paper IV Short

Toward Systematic Integration of Security Policies into Web Services Azzam Mourad, Hadi Otrok, and Sara Ayoubi In this paper, we introduce our approach for the automatic generation of BPEL (Business Process Execution Language) aspects from security policies. It is based on a synergy between policies, Aspect-Oriented Programming (AOP) and composition of web services. Our proposed approach allows first to transform security policies into BPEL aspects. Then, the generated aspects are weaved in the BPEL process of the composed web services at runtime. The main contributions of our approach are: (1) Describing dynamic security policies, (2) generating automatically the BPEL aspects, (3) separating the business and security concerns of composite web services, and hence developing them separately (4) allowing the modification of the dynamic security features and web services composition at run time and (5) providing modularity for modeling cross-cutting concerns between web services.


37

Session: Computational Criminology II

14:00-15:30 Monday, September 12, 2011 Room: Platon Chair: Uwe Glasser

Paper I Full

The Distribution of Event Complexity in the British Columbia Court System: An Analysis Based on the CourBC Analytical System Paul Brantingham, Amir H. Ghaseminejad, and Patricia Brantingham This paper reports an exploratory research on the distribution of event complexity in the British Columbia court system. Analysis of event distribution shows that the frequency of events sharply decreases with the increase in the number of persons and counts. The most frequently observed type of event is the event that has one person involved with one count. The number of events observed sharply declines when we query for events with a larger number of people involved or more counts charged. It is found that the number of events observed exponentially decreases when more complex events comprising more counts are analyzed. The same exponential decrease is observed for events with two or more people. This means that, in general, the least complex events are the most frequently observed ones. The events with more than one person involved have a mode of two counts. A first approximation model for the distribution of the load on the system based on different levels of complexity is proposed. The proposed model can be used for and be evaluated by predicting the load distribution in the BC criminal court system.

Paper II Full

Web Network and Content Changes Associated with the 2011 Muslim Middle-East and North African Early Uprisings: A Naturalistic Field Experiment James A. Danowski and Han Woo Park This research gathered web network top-level domain (tld) interlinkage among Muslim Middle East and North African Nations (MMENANs) in December 2010 and in April 2011, constituting before and after measures with respect to the 2011 Muslim Middle-East (MMENA) uprisings between these time points. This constitutes a naturalistic field experiment, with the uprisings occurring before April serving as the treatment condition. Evidence found that the MMENA uprisings are associated with increased presence of radical Islamist concepts on the MMENANs web domains, associating the terms: jihad, infidels, sharia, civil society, and democracy in a non-Western perspective. MMENANs that became more central in the network and therefore more powerful after the early uprisings may exert greater influence on other nations to increase presence of radical Islamist concepts in their web domains or to create hyperlinks to other nations’ pages already having such content. Organizations increasing in network indegree after the uprisings are accumulating more web capital based on their domains being increasingly linked from other MMENANs. Increased indegree MMENANs are perhaps serving as more active incubators or breeders of the ideology concepts in their web domains. They have increased numbers of links from other MMENAs that increase the diffusion of these concepts. MMENANs that increased in network outdegree after the uprisings have societal members who are reaching out more to link with web content in other MMENANs. This may indicate they are seeking to more effectively develop their domestic religious/political constellation of concepts They would perhaps be most likely to have internal growth in popularity of the ideology and may reach critical mass to increase their own national anchoring of the ideology and associated practices.

Paper III Full

An Approach to Intelligent Information Fusion in Sensor Saturated Urban Environments Charalampos Doulaverakis, Nikolaos Konstantinou, Thomas Knape, Ioannis Kompatsiaris, and John Soldatos This paper introduces a novel sensor information fusion system enabling security and surveillance in large scale sensor saturated urban environments. The system is built over state-of-the art sensor networks middleware and provides information fusion at multiple layers. A distinguishing characteristic of the system is that it support seamless integration with semantic web middleware (including ontologies and inference mechanisms), which enable intelligent high-level accurate reasoning. This is a key functionality for efficient surveillance in large scale environment, where manual inspection of individual tracking systems becomes extremely resourceful and overall impractical. A proof-of-concept implementation of the system manifests its benefits and technical challenges, while also outlining lessons learnt.


38

Session: Terrorism Informatics III

16:00-17:00 Monday, September 12, 2011 Room: Socratis Chair: Panagiotis Kalagiakos

Paper I Full

Capture-Recapture Method for Estimating the Number of Problem Drug Users: The Case of the Netherlands M. Temürhan, R. Meijer, S. Choenni, M. van Ooyen-Houben, G. Cruts, and M. van Laar In this paper, two methods have been compared to estimate the number of problem drug users (PDU): the treatment multiplier (TM) method and the capture-recapture (CRC) method using national police register data and data from probation services and treatment institutes for addiction. This paper introduces the CRC method as a more practical alternative to the TM method, with similar results.

Paper II Full

Terrorism, Threat and Time: The Mediating Effect of Terrorist Threat on Public Willingness to Forego Civil Liberties Dale Elvy Public trust in government efforts to combat terrorism is of central importance to policy makers and terrorists alike. Undermining the public’s confidence in its government is a central aim of any strategy of terrorism, while public support is critical to securing funding for, and acceptance of, counterterrorism measures. This article uses two national surveys of Australians, carried out over the last four years, to study the role of public confidence in government through the willingness of citizens to allow the police to search, without a court order, the homes of suspected terrorists, the impact of perceived personal threat, and the probability of future terrorist attacks on Australia. The results indicate that there is a strong relationship between public fear of terrorism, and the willingness of the public to allow the erosion of civil liberties for increased security, leading to the conclusion that the greater the perceived personal threat of terrorism the public has, the more likely the public is to accept infringements of civil liberties, which could undermine the existing arrangements of liberal democracy and potentially play into terrorist aims, while the perceived probability of a future terrorist attack on domestic soil acts as a significant mediating factor, which decreases during periods with no high-visibility terrorist attacks.


39

Session: Digital Forensics

16:00-17:00 Monday, September 12, 2011 Room: Platon Chair: Clive Best

Paper I Full

Digital Forensic Readiness: An Insight into Governmental and Academic Initiatives Antonis Mouhtaropoulos, Marthie Grobler and Chang-Tsun Li Digital Forensics is a discipline that primarily focuses on the post-incident side of an investigation. However, during the last decade, there is a considerable amount of research that considers proactive measures taken by an organization. Such measures comprise a digital forensic readiness plan. This paper first presents research initiatives on forensic readiness across the public sector and the academia, and then critically evaluates their motivations and objectives by pointing out gaps that need bridging. Lastly, it informally proposes steps to guide the formulation of a forensic readiness policy.

Paper II Short

Trees Cannot Lie: Using Data Structures for Forensics Purposes Peter Kieseberg, Sebastian Schrittwieser, Martin Mulazzani, Markus Huber, and Edgar Weippl Today’s forensic techniques for databases are primarily focused on logging mechanisms and artifacts accessible in the database management systems (DBMSs). While log files, plan caches, cache clock hands, etc. can reveal past transactions, a malicious administrator’s modifications might be much more difficult to detect, because he can cover his tracks by also manipulating the log files and flushing transient artifacts such as caches. The internal structure of the data storage inside databases, however, has not yet received much attention from the digital forensic research community. In this paper, we want to show that the diversity of B+-Trees, a widely used data structure in today’s database storage engines, enables a deep insight of the database’s history. Hidden manipulations such as predated INSERT operations in a logging database can be revealed by our approach. We introduce novel forensic techniques for B+-Trees that are based on characteristics of the tree structure and show how database management systems would have to be modified to even better support tree forensic techniques.


40

Session: Terrorism Informatics IV

10:00-11:00 Tuesday, September 13, 2011 Room: Socratis Chair: Anita Miller

Paper I Short

Minimizing the Average Number of Inspections for Detecting Rare Items in Finite Populations André J. Hoogstrate and Chris A.J. Klaassen Frequently one has to search within a finite population for a single particular individual or item with a rare characteristic. Whether an item possesses the characteristic can only be determined by inspection. The availability of additional information about the items in the population opens the way to more effective inspection than just random or complete inspection of the population. We will assume that the available information allows for the assignment to all items within the population of a prior probability on whether or not it possesses the rare characteristic. This is consistent with the practice of using profiling to select high risk items for inspection. The objective is to find the specific item with a minimal number of inspections. We will determine the optimal inspection strategies for several models according to the average number of inspections needed to find the specific item. Furthermore, an ordering of these models by their average number of inspections is derived. Finally, the use, some discussion, extensions, and examples of the results and conclusions are presented.

Paper II Short

A Computationally-Enabled Analysis of Lashkar-e-Taiba Attacks in Jammu and Kashmir A. Mannes, J. Shakarian, A. Sliva, and V.S. Subrahmanian Lashkar-e-Taiba (LeT for short) is one of the deadliest terrorist groups in the world.With over 100 attacks worldwide since 2004, LeT has become a political force within Pakistan, a proxy militia for the Pakistani Army, and a terror group that can carry out complex, coordinated attacks such as the 2008 Mumbai attacks. We have collected 25 years of data about LeT starting in 1985 and ending in 2010. The data is recorded on a monthly basis and includes the values of approximately 770 variables for each month. The variables fall into two categories—action variables describing actions taken by LeT during a given month and environmental variables describing the state of the environment in which LeT was functioning. Based on this data, we have used our Stochastic Opponent Modelling Agent (SOMA) platform to automatically learn models of LeT’s behavior. These models describe conditions under which LeT took various actions—more importantly, the conditions act as predictors of when they will take similar actions in the future. In this paper, we focus on attacks by LeT in Jammu& Kashmir1. We describe some conditions under which LeT ramps up offensive activities in Jammu& Kashmir. We conclude with some policy options that may reduce the use of violence by LeT as indicated by the rules presented here.

Paper III Full

Forecasting the Locational Dynamics of Transnational Terrorism: A Network Analytic Approach Bruce A. Desmarais and Skyler J. Cranmer Efforts to combat and prevent transnational terrorism rely, to a great extent, on the effective allocation of security resources. Critical to the success of this allocation process is the identification of the likely geopolitical sources and targets of terrorism. We construct the network of transnational terrorist attacks, in which source (sender) and target (receiver) countries share a directed edge, and we evaluate a network analytic approach to forecasting the geopolitical sources and targets of terrorism. We integrate a deterministic, similarity-based, link prediction framework [1] into a probabilistic modeling approach [2] in order to develop an edge-forecasting method. Using a database of over 12,000 transnational terrorist attacks occurring between 1968 and 2002 [3], we show that probabilistic link prediction is not only capable of accurate forecasting during a terrorist campaign, but is a promising approach to forecasting the onset of terrorist hostilities between a source and a target.


41

Session: Terrorism Informatics V

10:00-11:00 Tuesday, September 13, 2011 Room: Platon Chair: Pontus Svenson

Paper I Full

Challenges in Open Source Intelligence Clive Best A stand-alone tool for monitoring selected sites for user defined study topics is described. The “IQ” tool has been developed by OSVision to allow Open Source Intelligence analysts to define their areas of interests in a flexible way. IQ is also a front-end analysis tool that can connect to one of several real-time information retrieval systems. The first system is OSVision’s proprietary media monitoring system which processes about 80,0000 articles per day from over 20000 international sources in multiple languages. The second system is a stand-alone monitor - IQRepository which can be configured and operated by the user giving full control over which sites to monitor and with what time interval. The third information sources that can be monitored are social media systems like Twitter and Facebook. The stand-alone combination of IQRepository and IQ can also meet in-house security requirements.

Paper II Short

Web Analytics for Security Informatics Kristin Glass and Richard Colbaugh An enormous volume of security-relevant information is present on the Web, for instance in the content produced each day by millions of bloggers worldwide, but discovering and making sense of these data is very challenging. This paper considers the problem of exploring and analyzing the Web to realize three fundamental objectives: 1.) security-relevant information discovery; 2.) target situational awareness, typically by making (near) real-time inferences concerning events and activities from available observations; and 3.) predictive analysis, to include providing early warning for crises and forming predictions regarding likely outcomes of emerging issues and contemplated interventions. The proposed approach involves collecting and integrating three types of Web data – textual, relational, and temporal – to perform assessments and generate insights that would be difficult or impossible to obtain using standard methods. We demonstrate the efficacy of the framework by summarizing a number of successful real-world deployments of the methodology.


42

Session: Social Networks Analysis I

11:30-13:00 Tuesday, September 13, 2011 Room: Socratis Chair: Martin Atkinson

Paper I Full

A Method for Community Detection in Uncertain Networks Johan Dahlin and Pontus Svenson Social network analysis can be an important help for military and criminal intelligence analysis. In real world applications, there is seldom complete knowledge about the network of interest – we only have partial and incomplete information about the nodes and networks present. Community detection in networks is an important area of current research in social network analysis with many applications. Finding community structures is however a challenging task and despite significant effort no satisfactory method has been found. Here we study the problem of community detection in noisy and uncertain networks with missing and false edges and propose methods for detecting community structures in them. The method is based on sampling from an ensemble of certain networks that are consistent with the available information about the uncertain networks.

Paper II Full

Strategies to Disrupt Online Child Pornography Networks Kila Joffres, Martin Bouchard, Richard Frank, and Bryce Westlake This paper seeks to determine which attack strategies (hub, bridge, or fragmentation) are most effective at disrupting two online child pornography networks in terms of outcome measures that include density, clustering, compactness, and average path length. For this purpose, two networks were extracted using a web-crawler that recursively follows child exploitation sites. It was found that different attack strategies were warranted depending on the outcome measure and the network structure. Overall, hub attacks were most effective at reducing network density and clustering, whereas fragmentation attacks were most effective at reducing the network’s distance-based cohesion and average path length. In certain cases, bridge attacks were almost as effective as some of these measures.

Paper III Short

Multi-relational Network Analysis for Covert Organizations Duo-Yong Sun, Shu-Quan Guo, Xiao-Peng Liu, and Jiang Li Rapid development of social network theory provides new perspective for the study of covert organizational behavior and becomes new research hot topic in the international academic circle. Conventional covert organization network research mainly involves interpersonal relationships among members and there are some limitations. Problems that need to be solved at present include introducing more elements according to the nature of covert organization activities, more appropriately describing characteristics of organization activities and improving pertinence of disintegration strategies. This paper presents construction and analysis methods of multi-relational network of covert organizations from multiple perspectives of interpersonal relationships, resources, skills and tasks, conducts empirical study combining typical organizational activities and provides new approach for deeper understanding of characteristics of covert organization activities and construction of disintegration strategies.


43

Session: Information Sharing and Data/Text Mining

11:30-13:00 Tuesday, September 13, 2011 Room: Platon Chair: Andre Hoogstrate

Paper I Full

Evolution of Terrorist Network Using Clustered Approach: A Case Study Sarwat Nizamani and Nasrullah Memon In the paper we present a cluster based approach for terrorist network evolution. We have applied hierarchical agglomerative clustering approach to 9/11 case study. We show that, how individual actors who are initially isolated from each other are converted in small clusters and result in a fully evolved network. This method of network evolution can help intelligence security analysts to understand the structure of the network.

Paper II Full

Harvesting Information from Heterogeneous Sources Pir Abdul Rasool Qureshi, Nasrullah Memon, Uffe Kock Wiil, Panagiotis Karampelas,and Jose Ignacio Nieto Sancheze The abundance of information regarding any topic makes the Internet a very good resource. Even though searching the Internet is very easy, what remains difficult is to automate the process of information extraction from the available online information due to the lack of structure and the diversity in the sharing methods. Most of the times, information is stored in different proprietary formats, complying with different standards and protocols which makes tasks like data mining and information harvesting very difficult. In this paper, an information harvesting tool (heteroHarvest) is presented with objectives to address these problems by filtering the useful information and then normalizing the information in a singular non hypertext format. We also discuss state of the art tools along with the shortcomings and present the results of an analysis carried out over different heterogeneous formats along with performance of our tool with respect to each format. Finally, the different potential applications of the proposed tool are discussed with special emphasis on open source intelligence.

Paper III Full

Statistical Model for Content Extraction Pir Abdul Rasool Qureshi and Nasrullah Memon We present a statistical model for content extraction from HTML documents. The model operates on Document Object Model (DOM) tree of the corresponding HTML document. It evaluates each tree node and associated statistical features to predict significance of the node towards overall content of the document. The model exploits feature set including link densities and text distribution across the nodes of DOM tree. We describe the validity of model with the help of experiments conducted on the standard data sets. The results revealed that the proposed model outperformed other state of art models. We also describe the significance of the model in the domain of counterterrorism and open source intelligence.


44

Session: Infrastructure Protection and Information Systems Security I

14:00-15:00 Tuesday, September 13, 2011 Room: Socratis Chair: Richard Colbaugh

Paper I Full

Public-Private Resilience: State vs. Private Conceptions of Security Risk Management in Danish Cyber-based Critical Infrastructures Søren Matz Securitisation and the related vocabulary of state- centric notions of government appear negligible within a shifting digital security architecture, which is mainly characterized by fragmentation of political authority. As a reflection of vertical fragmentation of the conceptual boundaries of national security concerns and cybercrime, and horizontal neo-liberal commodification of risk in critical infrastructures, shared social responsibilities across national-transnational and public-private stakeholders become a key building block in protection policies and practices. This fairly novel political transition reflects the evolving distinctive ontological and epistemological virtual reality of cyberspace, redefining the roles and responsibilities of both government and private actors. Taking an offset in the foci mentioned in recent Danish national policy documents, this paper pursues this central problem statement in relation to cyber-based critical infrastructures with an aim to map and inform accountability in business crime risk management policies and instrumentation.

Paper II Full

Change Blindness in Intelligence: Effects of Attention Guidance by Instructions Ulrik Spak and Mats Lind We present a first effort to experimentally evaluate if, and how, the instructions given to an operator can cause significant effects regarding his/her change detection performance. The operator monitors a display looking for changes associated with specified target objects. The results show that a more differentiated monitoring instruction can cause a raised level of change blindness to occur for some of the displayed target object classes. We argue that the result will have implications for the intelligence function within military command and control.


45

Session: Computational Criminology III

14:00-15:00 Tuesday, September 13, 2011 Room: Platon Chair: Patricia Brantingham

Paper I Short

Localisation of Threat Substances in Urban Society—LOTUS: Tomorrow’s System for Finding Illicit Manufacturing of Drugs and Home Made Explosives Hans Önnerud, Sara Wallin, and Henric Östmark Results of dispersion experiments and dispersion modelling of explosives, drugs, and their precursors will be presented. The dispersion of chemicals evolving during preparation of home made explosives and a drug produced in an improvised manner in an ordinary kitchen has been measured. Experiments with concentration of hydrogen peroxide have been performed during spring and summer of 2009 and 2010 and further experiments with concentration of hydrogen peroxide, synthesis and drying of TATP and Methamphetamine are planned for the spring and summer of 2011. Results from the experiments are compared to dispersion modelling to achieve a better understanding of the dispersion processes and the resulting substances and amounts available for detection outside the kitchen at distances of 10-30 m and more. Typical concentration levels have been determined as a function of environmental conditions. The experiments and modelling are made as a part of the LOTUS project aimed at detecting and locating the illicit production of explosives and drugs in an urban environment. It can be concluded that the proposed LOTUS system concept, using mobile automatic sensors, data transfer, location via GSM/GPS for on-line detection of illicit production of explosive or precursors to explosives and drugs is a viable approach and is in accordance with historical and today’s illicit bomb manufacturing.

Paper II Short

A Psychological Perspective on Virtual Communities Supporting Terrorist and Extremist Ideologies as a Tool for Recruitment Lorraine Bowman-Grieve This paper considers the role of virtual communities as a tool for recruitment used by terrorist and extremist movements. Considering involvement as a psychological process and thinking about recruitment from a psychological perspective, the facilitation of online elements important to this process are highlighted in this paper. In addition a short case study taken from the use of the Internet by the Radical Right movement provides examples of how the Internet can be used to promote involvement and encourage recruitment into terrorist and extremist movements.

Paper III Short

Extraction and Recognition of the Vehicle License Plate for Passing under Outside Environment Seyed Hamidreza Mohades Kasaei and Seyed Mohammadreza Mohades Kasaei Persian License Plate Detection and Recognition System is an image-processing technique used to identify a vehicle by its license plate. In fact this system is one kind of automatic inspection of transport, traffic and security systems and is of considerable interest because of its potential applications to areas such as automatic toll collection, traffic law enforcement and security control of restricted areas. License plate location is an important stage in vehicle license plate recognition for automated transport system. This paper presents a real time and robust method of license plate detection and recognition from cluttered images based on the morphology and template matching. In this system main stage is the isolation of the license plate from the digital image of the car obtained by a digital camera under different circumstances such as illumination, slop, distance, and angle. The algorithm starts with preprocessing and signal conditioning. Next license plate is localized using morphological operators. Then a template matching scheme will be used to recognize the digits and characters within the plate. This system implemented with help of Isfahan Control Traffic organization and the performance was 98.2% of correct plates identification and localization and 92% of correct recognized characters. The results regarding the complexity of the problem and diversity of the test cases show the high accuracy and robustness of the proposed method. The method could also be applicable for other applications in the transport information systems, where automatic recognition of registration plates, shields, signs, and so on is often necessary. This paper presents a morphology based method.


46

Session: Infrastructure Protection and Information Systems Security II

15:30-16:30 Tuesday, September 13, 2011 Room: Socratis Chair: Lorraine Bowman-Grieve

Paper I Full

Mechanisms of Polymorphic and Metamorphic Viruses Xufang Li, Peter K.K. Loh, and Freddy Tan Securi Malware has been generally accepted as one of the top security threats to computer systems around the globe. As malware evolves at a tremendous pace and demonstrates new ways to exploit, infect and victimize the computer systems of enterprises and businesses, remaining economically viable is becoming increasingly difficult. The new trends of malware development are focused on the use of complex and sophisticated code to obstruct analysis as well as spoofing contemporary anti- virus scanners. Polymorphic and metamorphic viruses use the obfuscation techniques to obstruct deep static analysis and defeat dynamic emulators. Malware may also employ metamorphism- based methods, including encryption and decryption engines, multi-packer, garbage code insertion, instruction permutation, code transformation, anti-debugging and virtual machine, registry modification and polymorphic engines. The structural mechanisms of both polymorphic and metamorphic viruses will be presented and discussed in this paper. Finally, the new complex computer viruses such as W32/Fujacks and W32/Vundo were researched as well.

Paper II Short

Global Defense Policy System of Laws: Graph Theory Approach to Balance of Power Theory Newton Howard This paper illustrates and further develops a previously proposed proactive system approach to war prevention called the Global Defense Policy System of Laws (GDPSL). This mathematical system can be used to develop policies that maintain the balance of power and balance of perception among states in the global arena and avoid the dangers of misperception. The author argues that power and law must coexist to structure this system, although equalizing catalysts are also necessary to achieve stability.

Paper III Short

Automation Possibilities in Information Security Management Raydel Montesino and Stefan Fenz Information security management, as defined in ISO 27001, deals with establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an information security management system. This paper provides an analysis about the automation possibilities in information security management. The analysis takes into account the potential of using (i) security ontologies in risk management, (ii) hard- and software systems for the automatic operation of certain security controls, and (iii) the Security Control Automation Protocol (SCAP) for automatically checking compliance and security configurations. The analysis results support organizations and security managers at identifying systems they can use to achieve greater efficiency in the information security management process.


47

Session: Social Networks Analysis II

11:30-13:00 Wednesday, September 14, 2011 Room: Socratis Chair: Triant Flouris

Paper I Short

Detecting Hidden Friendship in Online Social Network Guido Barbian For many intelligence and security applications it is important to know how close people in a network are. In online social networks (OSN) friendship links are a frequently chosen basis for the analysis. In this paper we show that friendship links can be misleading, if we want to know to what extent people in a network trust into each other. We also show how to unveil hidden friendship relations based on an analysis of exceptions in the privacy settings. We furthermore discuss resulting options for defeating crime and terrorism as well as associated privacy, security and civil liberty issues.

Paper II Short

Extraction Distractions: A Comparison of Social Network Model Construction Methods James F. Morris, Keith Anthony, Kevin T. Kennedy and Richard F. Deckro This study investigates the suitability of automated extraction to generate datasets for social network analysis (SNA) by constructing social networks through PreConflict.org’s DynaLink tool and the traditional manual snowball approach. Comparisons between the two techniques are accomplished via analytic results derived from commonly applied SNA centrality measures. Results indicate that automated extraction can incorporate a substantial amount of extraneous actors and relationships into the social network model necessitating an analyst review of the acquired data.

Paper III Short

Social Tension Detection and Intention Recognition Using Natural Language Semantic Analysis: On the Material of Russian-Speaking Social Networks and Web Forums Olga Vybornova, Ivan Smirnov, Ilya Sochenkov, Alexander Kiselyov, Ilya Tikhomirov, Natalya Chudova, Yulia Kuznetsova, and Gennady Osipov The paper proposes a method of social tension detection and intention recognition based on natural language analysis of social networks, forums, blogs and news comments. Our approach combines natural language syntax and semantics analysis with statistical processing to identify possible indicators of social tension. The universal components of our method incorporate the general laws of natural language, general psychological, sociological and psycholinguistic rules and trends typical of social tension detection in virtual discussions. Automatic monitoring of the contents of discussions helps to timely unveil hidden signs of tension and makes it possible to predict the likely development of the situation.

Paper IV Short

The Need to Introduce a New Tactical Telecommunication System in the Slovenian Army Mihael Plevnik and Iztok Podbregar Slovenian army used for command and control tactical telecommunications system, which was introduced into operational use in 2004. The system is based on TDM technology and does not allow enough bandwidth for command and control services, explored in this paper on the tactical level of battalions and brigades. In response to the problem of bandwidth, the Slovenian Armed Forces started to develop an tactical backbone telecommunications system, based on IP technology, which is not within the bottleneck of bandwidth. This paper will describe tactical telecommunication system of Slovenian Army; define the command and control services and how much bandwidth they need. Both will be compared and determined whether a tactical telecommunications system have enough bandwidth for command and control services.


48

Session: Enterprise Risk Management and Information Systems Security

11:30-13:00 Wednesday, September 14, 2011 Room: Platon Chair: Guido Barbian

Paper I Full

Two Novel 802.1x Denial of Service Attacks Abdulrahman Alruban and Emlyn Everitt Denial of Service (DoS) attacks are among the most common security issues threatening today’s 802.11 networks. In this paper, we have proposed two 802.1x DoS attacks, EAP-NAK and EAP-Notification flooding attacks. These effectively disrupt the authentication process between the legitimate wireless supplicants and the network authentication server. The evaluation of these attacks against EAP is performed using well-suited metrics which highlight their impact on the targeted network in practice. Furthermore, we discuss possible techniques to detect these attacks, such as configuring the WIDS to create a performance baseline of the wireless network. Lastly, several techniques and solutions were discussed which can be applied to the 802.11i standard in order to enhance the security of the 802.1x for dealing with DoS attacks, such as the use of a process delay time technique.

Paper II Full

SVM Based Scheme for Predicting Number of Zombies in a DDoS Attack P.K. Agrawal, B.B. Gupta, and Satbir Jain In recent time, Internet or network services has gain popularity due to rapid growth in information and telecommunication technologies. Internet or network services become the mean for finance management, education, and global information service center for news, advertisements and many others. Denial of service attack and most particularly the distributed denial of service attack (DDoS) is most common and harmful threat to the Internet or network services. In order to design and develop reliable and secure network services, rapid detection and quick response to these attacks are major concern. In practice, there is no scheme that completely detects or prevents the DDoS attack. Predicting number of zombies in a DDoS attack is helpful to suppress the effect of DDoS attack by filtering and rate limiting the most suspicious attack sources or improve DDoS response system. In this paper, we present machine learning approach based on support vector machine for regression to predict the number of zombies in a DDoS attack. MATLAB implementation of support vector machine for regression and datasets generated using NS-2 network simulators running on Linux platform are used for training and testing. SVM for regression with various kernel function and other parameters are compared for their prediction performance using mean square error (MSE). Results show SVM based scheme have promising prediction performance for small dataset.

Paper III Short

A Comparative Study of Distributed Denial of Service Attacks, Intrusion Tolerance and Mitigation Techniques Anupama Mishra, B.B. Gupta, and R.C. Joshi Disruption of service caused by distributed denial of services (DDoS) attacks is an increasing problem in the Internet world. At the present time, to attack the victim’s system, the attacker uses sophisticated automated attacking tools for DDoS attack, but earlier it was performed either by manually or by semi automated attacking tools. These attack tools are used to attack various Internet sites. In this paper, we present a literature on classification of available mechanisms for DDoS defense. These defense mechanisms are used to prevent, detect, response and tolerate the DDoS attacks. It is well known that it is very difficult to stop the DDoS attack; therefore, it would be better to maximize the fault tolerance and quality of services under variety of intrusions and attacks. In our analysis, we will discuss the merits and demerits of each mechanism over others. In addition, this paper provides better understanding of the DDoS attack problem and enables a security administrator to cope up against the DDoS threat.

OSINT-WM 2011 – Symposium Abstracts

49

Poster: EISIC 2011 Poster Session

Coffee breaks Monday, September 12, 2011 Room: Foyer

Poster I

Analysis of the Financial Crisis of 2007-2009 and Its Impact on Terrorism Irina Sakharova The financial and economic crisis of 2007-2009, often referred to as the Great Recession, is considered one of the most severe crises since the Great Depression. Starting with the subprime meltdown in the housing market, the crisis spread to Fannie Mae and Freddie Mac, the government sponsored enterprises. Then the crisis hit the banking system and other financial institutions holding assets backed by collapsing real estate. Once the entire financial system was infected with the subprime virus, the health of the real economy took a turn for the worse.

Poster II

Decision Support System for Intelligence Analysts Peter Eachus and Ben Short Intelligence analysis is vital for providing decision makers with accurate, timely and appropriate information. A multitude of obstacles stand in the way of the analyst from deception to their own cognitive biases. The Decision Support System (DSS) aims to aid skilled analysts by providing a structured environment for analysis allied with a wiki to encourage collaboration and transparency of process.

Poster III

Information Fusion for Port Security Decision Support Robert Forsgren, Andreas Horndahl, Pontus Svenson, and Edward Tjörnhammar Ports are examples of complicated infrastructure that today face a wide variety of threats. In order to ensure the security of our ports, many different kinds of sensors are needed. Port security systems must also include appropriate information fusion and information exchange systems, and advanced decision support systems that helps the human operators to achieve situation awareness, i.e., the understanding of current and near-future events and their impacts. Having access to such systems will enable early detection of incidents, thus increasing the time available for proactive interventions to prevent the discovered threats. Information Fusion combines data from multiple sources with different characteristics and aggregates it to increase the total content of information. One can thus extract information not available from each source individually. One goal of information fusion is that the user should receive a better situation awareness to be able to create their own situation understanding. Another goal is to use the information to support automatic or human decision making. Information fusion can be either model-based or data- driven. In model-based fusion, data is collected and matched to elements of known models. Data-driven fusion, on the other hand, is similar to data mining in that it tries to automatically construct situation models. The current version of the Impactorium framework mainly supports model-driven analysis, but we are investigating extensions of it to enable data-driven analysis. In this poster, we describe the Impactorium information fusion platform and its adaptation to critical infrastructure protection, especially port protection. Impactorium is a software tool that allows operators to sort, filter and fuse information from heterogeneous sources, including procedures for automatic and semi-automatic tagging of data from sensors and other information sources. The tool is web-based and uses web services to integrate with different information sources. In Impactorium, threat models, consisting of hypotheses on future events and their associated indicators are used to give decision-makers situation awareness of threats. An indicator is an observable event that to some degree indicates that the threat hypothesis is or is to become true. The combined influence of the indicators can be modelled as a belief network. Given all observed indicators, a prediction of the probabilities of the threat hypotheses can be estimated through Bayesian inference. The joint output of the threat models offers an overview of the current threat level. This can be manually monitored or connected to an automatic alerting system. In order to be adaptable to new threats, it is important that users are able to update and adapt the threat models based on new knowledge about the current situation.


50

Poster IV

The Media: A Terrorist Tool or a Silent Ally? Chaditsa Poulatova This paper examines the relationship between terrorism and the media over the past forty years. The questions it addresses are: • Is the media – terrorist relationship a symbiotic or a one way relationship? • Should the media dedicate as much time as it currently does to terrorists and their acts? The paper is divided into three parts. First, the paper looks at the notions of the media and terrorism and examines how their meaning has evolved over the years. Secondly, the paper looks at three aspects of the media/terrorist relationship. (a) The aims of terrorists in using the media. These include (i) gaining attention for themselves and their cause, and spreading fear within a matter of seconds, (ii) securing public recognition of their motives and attracting sympathisers, (iii) securing legitimacy for their acts. The Munich Olympic Games of 1972 and the activities by the Le Front de Liberation du Quebec (FLQ) are examples of terrorists’ successful manipulation of the media. (b) The extent to which the mass media pursue their own interests in relation to terrorism, with reporters becoming the leading actors in the production of the events. “The Media are rewarded for broadcasting terrorism in that they energise their completion for audience size and circulation – and thus for all-important advertising” (Nacos 2006, 82). In some cases, reporters in an attempt to be the “first” to break the news have unknowingly provided terrorists with vital information, and that has cost human lives. (c) Occasions when terrorists become the media themselves. This is achieved in two ways: (i) terrorists carry out an attack having previously carefully chosen the location, time and the target; (ii) terrorists send their messages directly to the media outlets, where the content of the message has been pre-decided. Al Qaeda has used this technique on numerous occasions. Thirdly, the paper examines measures to curb the ‘immaturity’ of the mass media. It examines methods that have been used to break the link between terrorists and the media, and their usefulness and desirability. It also examines the case for legal and ethical restrictions so that people’s ‘right to know’ does not result in the over-dramatising of events.

Poster V

Video Analytics: Opportunity or Spoof Story? The State of the Art of Intelligent Video Surveillance Massimiliano Argiolu and Fabio Bisogni In 2010 FORMIT developed the VIEWER project with the support of the Prevention, Preparedness and Consequence Management of Terrorism and other Security Related Risks Programme of the European Commission, DG Home Affairs. The main goals of the project were to realize a recognition of Video Analytics (hereafter VA) software currently on the market; to collect qualitative information and quantitative data on the VA software performances in order to be able to define the state of the art; to address policy recommendations to the European Commission; to address recommendation to the research community on the future desirable development in the sector.


51

Session: Investigative Methods/Case Studies

14:00-15:30 Monday, September 12, 2011 Room: Solon Chair: Bénédicte Goujon

Paper I Full

Analysis of Competing Hypothesis for Investigating Lone Wolf Terrorist Lisa Kaati and Pontus Svenson One of the most unpredictable forms of terrorism acts are those committed by a single individual, a so-called ”lone wolf terrorist”. The most difficult part in detecting a lone wolf is that they can come in any size, shape, and ethnicity and represent any ideology. However, there are some characteristic similarities that many lone wolves share. In this paper we identify three different areas where similarities among lone wolves can be found: the background and their behavior, the radicalization process and the terrorist planning cycle. We use an adoption of the analysis of competing hypotheses method where we introduce the notion of template hypotheses. A template hypotheses aims to capture similarities between different lone wolf cases. The hypotheses are continuously developed and cultivated into more detailed hypotheses that are specific for each individual. We outline how a computer-support tool for investigating lone wolf terrorists using this method could be implemented.

Paper II Short

Dealing with Lashkar-e-Taiba: A Multi-player Game-Theoretic Perspective John P. Dickerson, Aaron Mannes, and V.S. Subrahmanian Lashkar-e-Taiba (LeT) is one of the deadliest terrorist groups in the world. With over 100 attacks worldwide since 2004, LeT has become a political force within Pakistan, a proxy fighting force for the Pakistani Army, and a terror group that can carry out complex, coordinated attacks such as the 2008 Mumbai attacks. In this paper, we develop a game-theoretic analysis of how to deal with LeT using a 5-player game whose players include LeT, India, the Pakistani military, the (civilian) Pakistani government, and the US. We use an expert on LeT and Pakistan to develop a payoff matrix and compute pure and mixed Nash equilibria (NE) in this payoff matrix. We study several of these NEs in detail. Our analysis shows that: (i) there are 6 pure NEs in which LeT eliminates its armed wing, (ii) increasing external financial/military support for Pakistan leads to no NEs where LeT reduces violence, (iii) almost all NEs in which LeT significantly reduces violence involve coordinated actions by both the US and India.

Paper III Short

Node Removal in Criminal Networks Rasmus Rosenqvist Petersen, Christopher J. Rhodes, and Uffe Kock Wiil A criminal network is a special kind of social network with emphasis on both secrecy and efficiency. Node removal is a well-known technique for destabilization of criminal networks. Deciding which node or group of nodes to remove is dependent on available information and the topology of the criminal network (hierarchical, cellular, etc.), complicating the prediction of network changes following a node removal. The CrimeFighter Investigator tool supports a node removal approach with two perspectives: an inference-based prediction of new probable links and changes in standard social network degree centrality. We test the node removal algorithm on a criminal network aggregated from open source reports, creating hypotheses based on path distance and degree centrality changes.

Paper IV Short

A Framework for Internal Identity Theft Prevention in Retail Industry Mahmood Shah and Romanus Izuchukwu Okeke This paper synthesises existing research on the involvement of retail sector employees in identity theft (ID) related crimes. In particular, the literature review considers the conceptualisation of internal identity theft and related crimes within retail industries; prevention methods used to combat internal identity theft related crimes; and to synthesise lessons learnt so far in reducing internal identity theft. We propose a Role Based Framework to help facilitate the prevention of ID theft related crimes and identify the areas for further research. The main findings from this research so far include: a high degree of common purpose and focus is required to develop and implement a comprehensive security strategy; better security tools and all levels of an organisation should be given clear/specific responsibilities regarding internal data security.


52

Session: Text Mining

16:00-17:00 Monday, September 12, 2011 Room: Solon Chair: Lisa Kaati

Paper I Full

Text Mining for Opinion Target Detection Bénédicte Goujon This article presents a text mining approach based on linguistic knowledge to automatically detect opinion targets in relation with topic elements, for competitive intelligence. The identification of opinions and sentiments expressed in texts is currently studied a lot, but few works are focused on the identification of opinions whose target is associated to a predefined topic. We present in a first time the information detection task with linguistic patterns, and a state of the art on opinion detection and opinion targets detection. Then we describe the French corpora: one contains transcription of telephone requests related to Energy, the other contains extracts of internet forum related to Video Games. Next we detail the linguistic knowledge used to annotate those texts. The knowledge is based on the identification of explicit relations between topic and opinion (“Transformers is great”) and on the identification of implicit opinions (“they intervene quickly”). At last, an example of result is presented, as a first evaluation.

Paper II Full

Agile Sentiment Analysis of Social Media Content for Security Informatics Applications Richard Colbaugh and Kristin Glass An enormous volume of security-relevant information is present on the Web, for instance in the content produced each day by millions of bloggers worldwide, but discovering and making sense of these data is very challenging. This paper considers the problem of exploring and analyzing the Web to realize three fundamental objectives: 1.) security-relevant information discovery; 2.) target situational awareness, typically by making (near) real-time inferences concerning events and activities from available observations; and 3.) predictive analysis, to include providing early warning for crises and forming predictions regarding likely outcomes of emerging issues and contemplated interventions. The proposed approach involves collecting and integrating three types of Web data – textual, relational, and temporal – to perform assessments and generate insights that would be difficult or impossible to obtain using standard methods. We demonstrate the efficacy of the framework by summarizing a number of successful real-world deployments of the methodology.


53

Session: Social Network Analysis

11:30-13:00 Tuesday, September 13, 2011 Room: Solon Chair: Mehmood Hussain Shah

Paper I Full

A System for Ranking Organizations Using Social Scale Analysis Sukru Tikves, Sujogya Banerjee, Hamy Temkit, Sedat Gokalp, Hasan Davulcu, Arunaba Sen, Steven Corman, Mark Woodward, Inayah Rochmaniyah, and Ali Amin In this paper we utilize feature extraction and model fitting techniques to process the rhetoric found in the web sites of 23 Indonesian religious organizations – comprising a total of 37,000 articles dating from 2005 to 2011 – to profile their ideology and activity patterns along a hypothesized radical/counter-radical scale. We rank these organizations by assigning them to probable positions on the scale. We show that the developed Rasch model fits the data using Andersen’s LR-test. We create a gold standard of the ranking of these organizations through an expertise elicitation tool. We compute expert-to-expert agreements, and we present experimental results comparing the performance of three different baseline methods to show that the Rasch model not only outperforms our baseline methods, but it is also the only system that performs at expert-level accuracy.

Paper II Full

Changes in Muslim Nations’ Centrality Mined from Open-Source World Jihad News: A Comparison of Networks in Late 2010, Early 2011, and Post-Bin Laden James A. Danowski This research analyzes the changes in Muslim nation (MN) networks and semantic networks associated with Jihad linked with three recent periods: 1) the late 2010 period, the early 2011 Muslim Middle East and North Africa uprisings and 3) the takedown of Osama Bin Laden. Mined were transcripts of web sites, broadcasts, newspapers, and other content captured for 46 Muslim nations. Results show that Somalia made the largest move upward across the three periods, increasing 21 times in network centrality. Iran is consistently in the top 2 positions. The network increased in link strength and indegree but became less structured in the early uprising period, and continued the decline in structure in the post-Bin Laden period, results consistent with crisis effects. Words paired with ‘jihad’ that increased and decreased in the early uprising and post-Bin Laden periods revealed messages that reflected major changes in substantive content in the three periods. The results appear to have face validity, and demonstrate how mining open-sources for internation networks and for semantic networks about a topic of interest, in this case: ‘jihad,” can provide quantitative evidence with statistical tests that have intelligence and security implications.

Paper III Short

Trust Centrality in Online Social Networks Guido Barbian Centrality is an important element of social network analysis (SNA) measuring the relative power and influence of members of a social network. In facebook-style online social networks every member is potentially able to communicate with everyone else within the network. This has an important impact on centrality: the power derivable from (exclusive) connections within the social graph is reduced because network members must not necessarily follow links. In this paper we propose a new measure for centrality which reflects this paradigm shift. It is based not on connectedness but on trust. We discuss different notions of trust, introduce trust matrix and trust centrality and provide an algorithm for its calculation.

Paper IV Short

A Recommendation Model For Social Resource Sharing Systems Based on Tripartite Graph Clustering Yonca Üstünbas and Sule Gündüz Ögüdücü The use of folksonomies to recommend web pages and tags assigned to these pages, is an important research direction in web recommendation. In this study, we implement a model that fits tripartite structure of folksonomies and extracts valuable information for generating recommendations. Then we developed two types of recommendation systems that take advantage of this information; web page recommendation and tag recommendation. We compared our recommendation results with the results using bipartite clustering of web pages and tags. The experiments are conducted on the data set obtained from Del.ici.ous web site. The results show that this model generates better accuracy results for web page recommendation while extracting more useful information simultaneously which could be an extra to generate different types of recommendations.


54

Session: Web Mining I

14:00-15:00 Tuesday, September 13, 2011 Room: Solon Chair: James Danowski

Paper I Full

Retrieving Representative Structures from XML Documents Using Clustering Techniques Yin-Fu Huang and Po-Lun Liou In the paper, we addressed the problem of finding the common structures in a collection of XML documents. Since an XML document can be represented as a tree structure, the problem how to cluster a collection of XML documents can be considered as how to cluster a collection of tree-structured documents. First, we used SOM (Self-Organizing Map) with the Jaccard coefficient to cluster XML documents. Then, an efficient sequential mining method called GST was applied to find maximum frequent sequences. Finally, we merged the maximum frequent sequences to produce the common structures in a cluster.

Paper II Full

Focused Crawling Using Name Disambiguation on Search Engine Results Nicolas Martin and Khaled Khelif In this paper, we report our approach allowing source selection in order to support Web data collection and tracking of events and biographical facts about a targeted person. The choice of the sources is crucial to enhance the quality of information extraction tools and it is considered as the first step in the collect and tracking task. We designed a source selection process to filter out ones that are not relevant for the targeted person - because they refer to an homonym. In this process, the name of the targeted person is submitted to the system and each result (title, snippet and url) is represented in the vector space model and then clustered, so that each cluster represents all the results about the same entity. The experimental results show that our approach can achieve interesting disambiguation performance only considering the search results.


55

Session: Web Mining II

15:30-16:30 Tuesday, September 13, 2011 Room: Solon Chair: Uffe Kock Wiil

Paper I Full

Detecting Emergent Conflicts through Web Mining and Visualization Fredrik Johansson, Joel Brynielsson, Pontus Hörling, Michael Malm, Christian Mårtenson, Staffan Truvé, and Magnus Rosell An ocean of data is available on the web. From this ocean of data, information can in theory be extracted and used by analysts for detecting emergent trends (trend spotting). However, to do this manually is a daunting and nearly impossible task. We describe a semi-automatic system in which data is automatically collected from selected sources, and to which linguistic analysis is applied to extract e.g., entities and events. After combining the extracted information with human intelligence reports, the results are visualized to the user of the system who can interact with it in order to obtain a better awareness of historic as well as emergent trends. A prototype of the proposed system has been implemented and some initial results are presented in the paper.

Paper II Short

IQ—A Web Mining Tool Clive Best and David Horby A stand-alone tool for monitoring selected sites for user defined study topics is described. The “IQ” tool has been developed by OSVision to allow Open Source Intelligence analysts to define their areas of interests in a flexible way. IQ is also a front-end analysis tool that can connect to one of several real-time information retrieval systems. The first system is OSVision’s proprietary media monitoring system which processes about 80,0000 articles per day from over 20000 international sources in multiple languages. The second system is a stand-alone monitor - IQRepository which can be configured and operated by the user giving full control over which sites to monitor and with what time interval. The third information sources that can be monitored are social media systems like Twitter and Facebook. The stand-alone combination of IQRepository and IQ can also meet in-house security requirements.

Paper III Short

A Hybrid Framework for Building a Web-Page Recommender System Vasileios Anastopoulos, Panagiotis Karampelas, Panagiotis Kalagiakos, and Reda Alhajj Recommender systems aim to facilitate World Wide Web users against information and product overloading. They are usually intermediate programs that try to predict users' preferences and items of their interest. In this paper, we present a hybrid framework that uses open source information such as web logs in combination with social network analysis and data mining, to extract useful information about users browsing patterns and construct a recommendation engine. A case study based on real data from an organization of 250 employees is presented and a system prototype is constructed based on the results.


56

Session: OSINT-WM Industry Session

15:30-16:30 Tuesday, September 13, 2011 Room: Platon Chair: Federico Neri & Alessandro Zanasi

Paper I Industry

Virtual Weapons for Real Wars: Text Mining Social Media in Exotic Languages and the EU Security Research Effort Alessandro Zanasi Since 9/11 attack it has become evident that traditional Intelligence approaches had to evolve towards Open Sources (including social media) utilization and Multilanguage (including Arabic) analysis. In the meantime Text Mining appeared as the key intelligence technology to face the new intelligence and security information overload problems, with applications spanning from Radicalization to Border Security, from Anti Terrorism to Anti Money Laundering issues. In this communication some real cases will be presented, involving also some cases regarding Arabic Language Text Mining. Profiting of the speaker role as full ESRAB and ESRIF member, some slides will focus the European Commission effort in funding Security and Intelligence Research.

Paper II Industry

Technology vs. Infoxication - the Challenges of Obtaining Intelligence from the Buzz Alejandro Fernández-Cernuda Díaz After four years pioneering the domain of Competitive Intelligence applied to Online Reputation in Spain, ”la Caixa”, the country's 3rd financial entity, is now in the perfect position to evaluate and, when necessary, integrate the newest technologies into its Corporate Intelligence System. The emergence of two activities –Online Reputation Management/Monitoring and Competitive Intelligence– and the progress of two essential and interrelated industries –language engineering and information retrieval– will surely guide the immediate evolution of both our unit and the market as a whole. In this paper I will briefly comment on the key technologies and methodological approaches that, according to our own experience and vision, will define the future of an activity and profession aimed at being central for the everyday decision-making of large corporations. The challenges are as variable and demanding as variable and demanding is the information revolution that will ultimately define our age. Social media and the Buzz, multilingual and multimodal information retrieval, opinion mining and sentiment analysis, the Semantic Web… will be among the key words of this presentation, conceived both as an open reflexion from the perspective of an experienced end-user and as a ground for debate within the privileged audience of EISIC.


57

Session: Open Source Intelligence

12:30-13:00 Wednesday, September 14, 2011 Room: Solon Chair: Joel Brynielsson

Paper Full

Interestingness—Directing Analyst Focus to Significant Data M. Bourassa, J. Fugère, and D. Skillicorn Faced with a deluge of data, an analyst must ask “what data records are important?” This paper answers that question by first defining a continuous spectrum of data record significance: “known”, “anomalous”, “interesting”, “novel”, and “noise”. The definition has a geometric interpretation in that the significance of a data record in a predictor system is inversely proportional to it’s distance from the decision boundary of the predictor. Meta-analysis of data means that the performance of the predictor is constantly evaluated to detect cues that the model still valid for the current reality of the data it processes. A principled approach to the meta-analysis of data using the preceding definition was outlined and implemented using a predictor scenario. Support vector machine ensembles were used as novelty, prediction and interestingness models. The system was successfully used to rank the significance of data records and to assess the performance of the predictor for increasingly complex toy and real-world data. A “NOVINT” plot was introduced as a means of visualizing data record significance and drawing an analyst’s attention to significant information. The plot was also shown to be equally useful in providing insight in to both the nature of the data and the performance of the predictor.

EISIC 2011 – Information for the Participants

58

Conference Registration

Upon arrival at the conference secretariat you will register and be provided with your conference bag containing:

Your nametag with the Reception and Gala Dinner ticket(s)

Your participant’s Certification

A Notepad with a Pen

The Conference Program booklet

A gift from the Conference Organizers

A Polo T-Shirt with the name of the Conference

The Conference Proceedings in a CD

Any additional information can be requested from the Conference Secretariat during the hours of the conference. Coffee Breaks

Throughout the conference hours there will be served hot beverages, juices, tea, cakes and croissants in the Foyer area of the Conference Hall at the 10th floor of the hotel. Lunch

Business buffet lunch will be served each day at 13:00 offering an assortment of appetizers, salads, main dishes, desserts and refreshments.

The lunch will be server in the Vergina Restaurant at the 1st Floor of Titania Hotel. The restaurant is accessible through the hotel elevators.

Smoking Policy

Smoking is not permitted inside the areas of the conference. Smokers can be accommodated either in the open air areas of the hotel or outside the building. Mobile Phone Policy

As a courtesy to speakers and attendees please refrain from using mobile phones during the keynote speeches and presentations. Turn your mobile phone to vibrate before entering a session and leave the session if you receive a call. Information for Presenters

Full papers are allocated approximately 30 minutes while Short papers 20 minutes including a question-and-answer period after the presentation. The Session Chair introduces the speakers and moderates the questions-and-answer period.

A laptop with Microsoft office installed will be available in each conference room. Help is available to presenters for the installation of their presentation upon request.

A basic audio-visual installation (speakers, microphone, projection screen, data projector) will be available in the rooms.

Poster Session

The poster sessions will be hosted the first day of the conference in the Foyer. Flip Chart boards will be available

for the presenters. Poster can be fixed with blue-tag or double-sided tape. This material will be available from the

Conference Secretariat.

EISIC 2011 –

59

Reception & Gala Dinner on Cruise

Date: 13th of September, 2011

Reception & Gala Dinner Tickets

Gala Dinner participation is included

in Conference Registartion Reception and Gala Dinner Ticket is

required in order to participate Tickets have been included in the

conference bag of each participant Additional tickets may be bought

online at the conference website at the price of 85 €

The tickets are numbered and assigned to a specific participant Conference participants should notify the Conference Secretariat for their participation or not in the event

since a name list is required from the Hellenic Coast Guard before embarking on

the vessel

Food & Beverages Gala Dinner includes a variety of dishes appropriate for a multinational audience including beverages such as red & white wine, soft drinks, beer and table water without limitation. Alcohol beverages and cocktails may be ordered from the vessel's bar at extra cost.

Vessel Specifications Name: MANTALENA

Length: 145 ft (44m)

Beam: 30 ft (8.32m)

Draft: 10 ft (2.8m)

Built: 1990

Guests: 500 in 0 cabins (Daily cruise ship)

Crew: 8

Operating Area: Greece

Base Port: Marina Zeas Athens

Engines & Generators: 2 x 900bhp

Cruising Speed: 15

Itinerary* 17:30 Meeting at Hotel Lobby

18:00 Departure by bus

18:45 Arrival at Marina Zeas, Piraeus

19:00 Boarding on the vessel

19:30 Reception on board

20:00 Gala Dinner on board

23:00 Return to Piraeus

23:30 Arrival at the hotel

* The schedule is tentative since there may be last

minute changes depending e.g. on the traffic

Reception & Gala Dinner

60

EISIC 2011 – Conference Venue

Conference Venue

EISIC 2011 will be hosted in the Conference Center of the Titania Hotel, Athens, Greece. The Conference Center is at the 10th floor of the hotel with a magnificent view of the Acropolis. Conference Venue Address

TITANIA HOTEL Panepistimiou 52, Athens 106 78 - Greece Telephone: (0030210) 332-6000 Fax: (0030210) 330-0700 GPS Coordinates: 37.982989, 23.730917 Driving Directions

1. You can take a taxi from the Airport (cost approximately 30 euro) or a bus, which will drive you downtown. From the Airport you can take the E94 bus (24 hours service) which goes to the nearest metro station "ETHNIKI AMINA" (Line 3). From there you will take the metro to "PANEPISTIMIO" station. Our hotel is two blocks from there.

2. You can take the E95 bus (24 hours service), which goes to "SYNTAGMA" square. From there you can take the metro to "PANEPISTIMIO" station. Our hotel is 5 blocks from SYNTAGMA 15 minutes’ walk; you can also take a taxi.

3. You can take the metro (Line 3) from the airport to "SYNTAGMA" station. Then you take the metro line to Omonia and in the first stop (Panepistimio) you disembark. The hotel is 3 minutes’ walk from Panepistimio metro station.

Athens Center Map with the Hotel Titania

EISIC 2011 –

61

Athens Center Map with Major Points of Interest

Useful Links

http://www.breathtakingathens.com http://www.visitgreece.gr http://www.theacropolismuseum.gr

Athens Center Map & Photos

62

EISIC 2011 – Athens Metro Map

Useful Links

Athens International Airport Athens Urban Transport Organization Athens Metro http://www.aia.gr http://www.oasa.gr/?id=ind3ex&lang=en http://www.amel.gr/index.php?id=80&L=1

TITANIA

63

Springer – Security Informatics Journal

Security Informatics Journal Call for Papers

64

Springer – Social Network Analysis and Mining

65

Social Network Analysis and Mining

SSN: 1869-5450 (print version)

ISSN: 1869-5469 (electronic version)

Journal no. 13278

Editors-in-Chief:

Reda Alhajj

University of Calgary, CANADA

Nasrullah Memon

University of Southern Denmark, DENMARK

Online Access:

Volume 1 / Number 1 / January 2011: http://www.springerlink.com/content/1869-5450/1/1/

Volume 1 / Number 2 / April 2011: http://www.springerlink.com/content/1869-5450/1/2/

Volume 1 / Number 3 / July 2011: http://www.springerlink.com/content/1869-5450/1/3/

Dear Colleague,

You are invited to consider “Social Networks Analysis and Mining” Journal, (SNAM) as the main outlet for your

high quality research papers. The SNAM journal provides a rapid forum for the dissemination of original research

articles in all areas of social networks analysis and mining as interdisciplinary research platform.

Manuscripts should be submitted to the journal online at

http://www.springer.com/computer/database+management+%26+information+retrieval/journal/13278

The rapid increase in the interest in social networks has motivated the need for a more specialized venue with

wider spectrum capable of meeting the needs and expectations of a variety of researchers and readers. Social

Network Analysis and Mining (SNAM) is a multidisciplinary journal to serve both academia and industry as a main

venue for a wide range of researchers and readers from social sciences, mathematical sciences, medical and

biological sciences and computer science.

The SNAM journal is proud to have an outstanding group of editors who widely and rigorously cover the

multidisciplinary score of the journal. They are known to be research leaders in the field of social networks

analysis and mining. Further, the SNAM journal is characterized by providing thorough constructive reviews by

experts in the field and by the reduced turn-around time which allows research results to be disseminated and

shared on timely basis. The target of the editors is to complete the first round of the refereeing process within

about 8 to 10 weeks of submission. Accepted papers go to the online first list and are immediately made available

for access by the research community.

We look forward to receiving your submissions.

http://www.springerlink.com/content/1869-5450/1/1/



EISIC 2012 –

66

Academic Sponsors

University of Arizona University of Southern Denmark Hellenic American University

Call for Papers

EISIC 2011 – September 12-14, Athens, Greece

67

European Intelligence and Security Informatics Conference (EISIC) 2011

September 12-14, 2011, Athens, Greece, http://www.eisic.org

The Premier European Conference on Counterterrorism and Criminology

Jointly Organized with

The International Symposium on Open Source Intelligence and Web Mining 2011 (OSINT-WM 2011)

Designed by Panagiotis Karampelas, EISIC 2011