Investigative Pattern Detection Framework for Counterterrorism
- URL: http://arxiv.org/abs/2310.19211v1
- Date: Mon, 30 Oct 2023 00:45:05 GMT
- Title: Investigative Pattern Detection Framework for Counterterrorism
- Authors: Shashika R. Muramudalige, Benjamin W. K. Hung, Rosanne Libretti, Jytte
Klausen, Anura P. Jayasumana
- Abstract summary: Automated tools are required to extract information to respond queries from analysts, continually scan new information, integrate them with past events, and then alert about emerging threats.
We address challenges in investigative pattern detection and develop an Investigative Pattern Detection Framework for Counterterrorism (INSPECT)
The framework integrates numerous computing tools that include machine learning techniques to identify behavioral indicators and graph pattern matching techniques to detect risk profiles/groups.
- Score: 0.09999629695552192
- License: http://creativecommons.org/licenses/by-nc-nd/4.0/
- Abstract: Law-enforcement investigations aimed at preventing attacks by violent
extremists have become increasingly important for public safety. The problem is
exacerbated by the massive data volumes that need to be scanned to identify
complex behaviors of extremists and groups. Automated tools are required to
extract information to respond queries from analysts, continually scan new
information, integrate them with past events, and then alert about emerging
threats. We address challenges in investigative pattern detection and develop
an Investigative Pattern Detection Framework for Counterterrorism (INSPECT).
The framework integrates numerous computing tools that include machine learning
techniques to identify behavioral indicators and graph pattern matching
techniques to detect risk profiles/groups. INSPECT also automates multiple
tasks for large-scale mining of detailed forensic biographies, forming
knowledge networks, and querying for behavioral indicators and radicalization
trajectories. INSPECT targets human-in-the-loop mode of investigative search
and has been validated and evaluated using an evolving dataset on domestic
jihadism.
Related papers
- Progressing from Anomaly Detection to Automated Log Labeling and
Pioneering Root Cause Analysis [53.24804865821692]
This study introduces a taxonomy for log anomalies and explores automated data labeling to mitigate labeling challenges.
The study envisions a future where root cause analysis follows anomaly detection, unraveling the underlying triggers of anomalies.
arXiv Detail & Related papers (2023-12-22T15:04:20Z) - Assaying on the Robustness of Zero-Shot Machine-Generated Text Detectors [57.7003399760813]
We explore advanced Large Language Models (LLMs) and their specialized variants, contributing to this field in several ways.
We uncover a significant correlation between topics and detection performance.
These investigations shed light on the adaptability and robustness of these detection methods across diverse topics.
arXiv Detail & Related papers (2023-12-20T10:53:53Z) - TII-SSRC-23 Dataset: Typological Exploration of Diverse Traffic Patterns
for Intrusion Detection [0.5261718469769447]
Existing datasets often fall short, lacking the necessary diversity and alignment with the contemporary network environment.
This paper introduces TII-SSRC-23, a novel and comprehensive dataset designed to overcome these challenges.
arXiv Detail & Related papers (2023-09-14T05:23:36Z) - Few-shot Weakly-supervised Cybersecurity Anomaly Detection [1.179179628317559]
We propose an enhancement to an existing few-shot weakly-supervised deep learning anomaly detection framework.
This framework incorporates data augmentation, representation learning and ordinal regression.
We then evaluated and showed the performance of our implemented framework on three benchmark datasets.
arXiv Detail & Related papers (2023-04-15T04:37:54Z) - A Hybrid Deep Learning Anomaly Detection Framework for Intrusion
Detection [4.718295605140562]
We propose a three-stage deep learning anomaly detection based network intrusion attack detection framework.
The framework comprises an integration of unsupervised (K-means clustering), semi-supervised (GANomaly) and supervised learning (CNN) algorithms.
We then evaluated and showed the performance of our implemented framework on three benchmark datasets.
arXiv Detail & Related papers (2022-12-02T04:40:54Z) - Illusory Attacks: Information-Theoretic Detectability Matters in Adversarial Attacks [76.35478518372692]
We introduce epsilon-illusory, a novel form of adversarial attack on sequential decision-makers.
Compared to existing attacks, we empirically find epsilon-illusory to be significantly harder to detect with automated methods.
Our findings suggest the need for better anomaly detectors, as well as effective hardware- and system-level defenses.
arXiv Detail & Related papers (2022-07-20T19:49:09Z) - Towards Automated Classification of Attackers' TTPs by combining NLP
with ML Techniques [77.34726150561087]
We evaluate and compare different Natural Language Processing (NLP) and machine learning techniques used for security information extraction in research.
Based on our investigations we propose a data processing pipeline that automatically classifies unstructured text according to attackers' tactics and techniques.
arXiv Detail & Related papers (2022-07-18T09:59:21Z) - Finding Facial Forgery Artifacts with Parts-Based Detectors [73.08584805913813]
We design a series of forgery detection systems that each focus on one individual part of the face.
We use these detectors to perform detailed empirical analysis on the FaceForensics++, Celeb-DF, and Facebook Deepfake Detection Challenge datasets.
arXiv Detail & Related papers (2021-09-21T16:18:45Z) - RANK: AI-assisted End-to-End Architecture for Detecting Persistent
Attacks in Enterprise Networks [2.294014185517203]
We present an end-to-end AI-assisted architecture for detecting Advanced Persistent Threats (APTs)
The architecture is composed of four consecutive steps: 1) alert templating and merging, 2) alert graph construction, 3) alert graph partitioning into incidents, and 4) incident scoring and ordering.
Extensive results are provided showing a three order of magnitude reduction in the amount of data to be reviewed by the analyst, innovative extraction of incidents and security-wise scoring of extracted incidents.
arXiv Detail & Related papers (2021-01-06T15:59:51Z) - Deep Learning for Insider Threat Detection: Review, Challenges and
Opportunities [22.976960488191505]
Advanced deep learning techniques provide a new paradigm to learn end-to-end models from complex data.
The existing studies show that compared with traditional machine learning algorithms, deep learning models can improve the performance of insider threat detection.
Applying deep learning to further advance the insider threat detection task still faces several limitations, such as lack of labeled data, adaptive attacks.
arXiv Detail & Related papers (2020-05-25T22:48:01Z) - Survey of Network Intrusion Detection Methods from the Perspective of
the Knowledge Discovery in Databases Process [63.75363908696257]
We review the methods that have been applied to network data with the purpose of developing an intrusion detector.
We discuss the techniques used for the capture, preparation and transformation of the data, as well as, the data mining and evaluation methods.
As a result of this literature review, we investigate some open issues which will need to be considered for further research in the area of network security.
arXiv Detail & Related papers (2020-01-27T11:21:05Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.