Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
|---|---|---|---|---|---|
Searching... | 30000010302832 | HV8073 M395 2011 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
Increasingly, crimes and fraud are digital in nature, occurring at breakneck speed and encompassing large volumes of data. To combat this unlawful activity, knowledge about the use of machine learning technology and software is critical. Machine Learning Forensics for Law Enforcement, Security, and Intelligence integrates an assortment of deductive and instructive tools, techniques, and technologies to arm professionals with the tools they need to be prepared and stay ahead of the game.
Step-by-step instructions
The book is a practical guide on how to conduct forensic investigations using self-organizing clustering map (SOM) neural networks, text extraction, and rule generating software to "interrogate the evidence." This powerful data is indispensable for fraud detection, cybersecurity, competitive counterintelligence, and corporate and litigation investigations. The book also provides step-by-step instructions on how to construct adaptive criminal and fraud detection systems for organizations.
Prediction is the key
Internet activity, email, and wireless communications can be captured, modeled, and deployed in order to anticipate potential cyber attacks and other types of crimes. The successful prediction of human reactions and server actions by quantifying their behaviors is invaluable for pre-empting criminal activity. This volume assists chief information officers, law enforcement personnel, legal and IT professionals, investigators, and competitive intelligence analysts in the strategic planning needed to recognize the patterns of criminal activities in order to predict when and where crimes and intrusions are likely to take place.
Author Notes
Jesús Mena is a former Internal Revenue Service Artificial Intelligence specialist and the author of numerous data mining, web analytics, law enforcement, homeland security, forensic, and marketing books. Mena has also written dozens of articles and consulted with several businesses and governmental agencies. He has over 20 years' experience in expert systems, rule induction, decision trees, neural networks, self-organizing maps, regression, visualization, and machine learning and has worked on data mining projects involving clustering, segmentation, classification, profiling and personalization with government, web, retail, insurance, credit card, financial and healthcare data sets. He has worked, written, and lectured on various behavioral analytics and social networking techniques, personalization mechanisms, web and mobile networks, real-time psychographics, tracking and profiling engines, log analyzing tools, packet sniffers, voice and text recognition software, geolocation and behavioral targeting systems, real-time streaming analytical software, ensemble techniques, and digital fingerprinting.
Table of Contents
| Introduction | p. ix |
| The Author | p. xi |
| Chapter 1 What Is Machine Learning Forensics? | p. 1 |
| 1.1 Definition | p. 1 |
| 1.2 Digital Maps and Models: Strategies and Technologies | p. 2 |
| 1.3 Extractive Forensics: Link Analysis and Text Mining | p. 3 |
| 1.4 Inductive Forensics: Clustering Incidents and Crimes | p. 7 |
| 1.5 Deductive Forensics: Anticipating Attacks and Precrime | p. 10 |
| 1.6 Fraud Detection: On the Web, Wireless, and in Real Time | p. 21 |
| 1.7 Cybersecurity Investigations: Self-Organizing and Evolving Analyses | p. 24 |
| 1.8 Corporate Counterintelligence: Litigation and Competitive Investigations | p. 28 |
| 1.9 A Machine Learning Forensic Worksheet | p. 32 |
| Chapter 2 Digital Investigative Maps and Models: Strategies and Techniques | p. 37 |
| 2.1 Forensic Strategies | p. 37 |
| 2.2 Decompose the Data | p. 41 |
| 2.3 Criminal Data Sets, Reports, and Networks | p. 42 |
| 2.4 Real Estate, Auto, and Credit Data Sets | p. 45 |
| 2.5 Psychographic and Demographic Data Sets | p. 46 |
| 2.6 Internet Data Sets | p. 49 |
| 2.7 Deep Packet Inspection (DPI) | p. 53 |
| 2.8 Designing a Forensic Framework | p. 56 |
| 2.9 Tracking Mechanisms | p. 58 |
| 2.10 Assembling Data Streams | p. 63 |
| 2.11 Forensic Techniques | p. 65 |
| 2.12 Investigative Maps | p. 69 |
| 2.13 Investigative Models | p. 72 |
| Chapter 3 Extractive Forensics: Link Analysis and Text Mining | p. 77 |
| 3.1 Data Extraction | p. 77 |
| 3.2 Link Analysis | p. 80 |
| 3.3 Link Analysis Tools | p. 83 |
| 3.4 Text Mining | p. 96 |
| 3.5 Text Mining Tools | p. 98 |
| 3.5.1 Online Text Mining Analytics Tools | p. 99 |
| 3.5.2 Commercial Text Mining Analytics Software | p. 99 |
| 3.6 From Extraction to Clustering | p. 123 |
| Chapter 4 Inductive Forensics: Clustering Incidents and Crimes | p. 125 |
| 4.1 Autonomous Forensics | p. 125 |
| 4.2 Self-Organizing Maps | p. 129 |
| 4.3 Clustering Software | p. 132 |
| 4.3.1 Commercial Clustering Software | p. 132 |
| 4.3.2 Free and Open-Source Clustering Software | p. 134 |
| 4.4 Mapping Incidents | p. 138 |
| 4.5 Clustering Crimes | p. 141 |
| 4.6 From Induction to Deduction | p. 154 |
| Chapter 5 Deductive Forensics: Anticipating Attacks and Precrime | p. 159 |
| 5.1 Artificial Intelligence and Machine Learning | p. 159 |
| 5.2 Decision Trees | p. 160 |
| 5.3 Decision Tree Techniques | p. 163 |
| 5.4 Rule Generators | p. 167 |
| 5.5 Decision Tree Tools | p. 170 |
| 5.5.1 Free and Shareware Decision Tree Tools | p. 179 |
| 5.5.2 Rule Generator Tools | p. 179 |
| 5.5.3 Free Rule Generator Tools | p. 182 |
| 5.6 The Streaming Analytical Forensic Processes | p. 184 |
| 5.7 Forensic Analysis of Streaming Behaviors | p. 190 |
| 5.8 Forensic Real-Time Modeling | p. 191 |
| 5.9 Deductive Forensics for Precrime | p. 192 |
| Chapter 6 Fraud Detection: On the Web, Wireless, and in Real Time | p. 195 |
| 6.1 Definition and Techniques: Where, Who, and How | p. 195 |
| 6.2 The Interviews: The Owners, Victims, and Suspects | p. 202 |
| 6.3 The Scene of the Crime: Search for Digital Evidence | p. 205 |
| 6.3.1 Four Key Steps in Dealing with Digital Evidence | p. 206 |
| 6.4 Searches for Associations: Discovering Links and Text Concepts | p. 207 |
| 6.5 Rules of Fraud: Conditions and Clues | p. 208 |
| 6.6 A Forensic Investigation Methodology | p. 209 |
| 6.6.1 Step One: Understand the Investigation Objective | p. 209 |
| 6.6.2 Step Two: Understand the Data | p. 210 |
| 6.6.3 Step Three: Data Preparation Strategy | p. 210 |
| 6.6.4 Step Four: Forensic Modeling | p. 210 |
| 6.6.5 Step Five: Investigation Evaluation | p. 211 |
| 6.6.6 Step Six: Detection Deployment | p. 211 |
| 6.7 Forensic Ensemble Techniques | p. 212 |
| 6.7.1 Stage One: Random Sampling | p. 212 |
| 6.7.2 Stage Two: Balance the Data | p. 213 |
| 6.7.3 Stage Three: Split the Data | p. 213 |
| 6.7.4 Stage Four: Rotate the Data | p. 213 |
| 6.7.5 Stage Five: Evaluate Multiple Models | p. 213 |
| 6.7.6 Stage Six: Create an Ensemble Model | p. 214 |
| 6.7.7 Stage Seven: Measure False Positives and Negatives | p. 215 |
| 6.7.8 Stage Eight: Deploy and Monitor | p. 215 |
| 6.7.9 Stage Nine: Anomaly Detection | p. 216 |
| 6.8 Fraud Detection Forensic Solutions | p. 216 |
| 6.9 Assembling an Evolving Fraud Detection Framework | p. 227 |
| Chapter 7 Cybersecurity Investigations: Self-Organizing and Evolving Analyses | p. 233 |
| 7.1 What Is Cybersecurity Forensics? | p. 233 |
| 7.2 Cybersecurity and Risk | p. 234 |
| 7.3 Machine Learning Forensics for Cybersecurity | p. 236 |
| 7.4 Deep Packet Inspection (DPI) | p. 239 |
| 7.4.1 Layer 7: Application | p. 239 |
| 7.4.2 Layer 6: Presentation | p. 240 |
| 7.4.3 Layer 5: Session | p. 240 |
| 7.4.4 Layer 4: Transport | p. 240 |
| 7.4.5 Layer 3: Network | p. 241 |
| 7.4.6 Layer 2: Data Link | p. 241 |
| 7.4.7 Layer 1: Physical | p. 241 |
| 7.4.8 Software Tools Using DPI | p. 241 |
| 7.5 Network Security Tools | p. 242 |
| 7.6 Combating Phisbing | p. 245 |
| 7.7 Hostile Code | p. 247 |
| 7.8 The Foreign Threat | p. 250 |
| 7.8.1 The CNCI Initiative Details | p. 252 |
| 7.9 Forensic Investigator Toolkit | p. 256 |
| 7.10 Wireless Hacks | p. 259 |
| 7.11 Incident Response Check-Off Checklists | p. 263 |
| 7.12 Digital Fingerprinting | p. 267 |
| Chapter 8 Corporate Counterintelligence: Litigation and Competitive Investigations | p. 271 |
| 8.1 Corporate Counterintelligence | p. 271 |
| 8.2 Ratio, Trending, and Anomaly Analyses | p. 274 |
| 8.3 E-Mail Investigations | p. 276 |
| 8.4 Legal Risk Assessment Audit | p. 283 |
| 8.4.2 Inventory of External Inputs to the Process | p. 285 |
| 8.4.3 Identify Assets and Threats | p. 286 |
| 8.4.4 List Risk Tolerance for Major Events | p. 286 |
| 8.4.5 List and Evaluate Existing Protection Mechanisms | p. 287 |
| 8.4.6 List and Assess Underprotected Assets and Unaddressed Threats | p. 287 |
| 8.5 Competitive Intelligence Investigations | p. 292 |
| 8.5 Triangulation Investigations | p. 302 |
| Index | p. 307 |
