Investigative Data Mining for Security and Criminal Detection [Paperback]

Jesus Mena (Author)

Book Description

Publication Date: December 30, 2002 | ISBN-10: 0750676132 | ISBN-13: 978-0750676137 | Edition: 1

Investigative Data Mining for Security and Criminal Detection is the first book to outline how data mining technologies can be used to combat crime in the 21st century. It introduces security managers, law enforcement investigators, counter-intelligence agents, fraud specialists, and information security analysts to the latest data mining techniques and shows how they can be used as investigative tools. Readers will learn how to search public and private databases and networks to flag potential security threats and root out criminal activities even before they occur.

The groundbreaking book reviews the latest data mining technologies including intelligent agents, link analysis, text mining, decision trees, self-organizing maps, machine learning, and neural networks. Using clear, understandable language, it explains the application of these technologies in such areas as computer and network security, fraud prevention, law enforcement, and national defense. International case studies throughout the book further illustrate how these technologies can be used to aid in crime prevention.

Investigative Data Mining for Security and Criminal Detection will also serve as an indispensable resource for software developers and vendors as they design new products for the law enforcement and intelligence communities.


Key Features:
* Covers cutting-edge data mining technologies available to use in evidence gathering and collection
* Includes numerous case studies, diagrams, and screen captures to illustrate real-world applications of data mining
* Easy-to-read format illustrates current and future data mining uses in preventative law enforcement, criminal profiling, counter-terrorist initiatives, and forensic science

* Introduces cutting-edge technologies in evidence gathering and collection, using clear non-technical language
* Illustrates current and future applications of data mining tools in preventative law enforcement, homeland security, and other areas of crime detection and prevention
* Shows how to construct predictive models for detecting criminal activity and for behavioral profiling of perpetrators
* Features numerous Web links, vendor resources, case studies, and screen captures illustrating the use of artificial intelligence (AI) technologies

Editorial Reviews

Review

"It shows how myriad distributed data streams can be harnessed to fight crime. Through easy-to-read prose, the reader learns how to use both public and private databases and networks to find threats and minimize risks. Besides explaining how data mining is done, the book introduces the reader to such techniques as intelligent agents (software that performs user-delegated tasks autonomously), link analysis (a process involving the mapping of the associations between suspects and locations), and text mining (a process used to identify a document's content based on linguistic analysis) and how they can aid law enforcement.
For example, law enforcement in the United Kingdom use text mining to "institutionalize the knowledge of criminal perpetrators and organized gangs and groups," author Jesús Mena writes. Case studies buttress these points. This work is one of the first books to show security professionals the power of data mining as an investigative tool. As such, it is itself a powerful tool for the industry."
- Security Management

"an eye-opening and powerful book on the newest weapons in criminal and terrorist detection and deterrence. Adult readers desiring an overview can scan the introductory sections to the chapters. More detail-minded and technical readers will enjoy the challenging complexity found in follow-up case studies."
- The Chicago Sun

"The book is cleanly presented and includes screenshots of software used for data mining and analysis. Charts are used to explain how pieces of information link together in a descriptive manner, and are also used as examples of what some data analysis software can produce when used correctly."
- Security Forums

Book Description

The first book to introduce security managers, law enforcement investigators, counter-intelligence agents, fraud specialists, and information security analysts to the capabilities of "mining" information from public and private databases to flag and root out potential security threats.

See all Editorial Reviews

Product Details

• Paperback: 272 pages
• Publisher: Butterworth-Heinemann; 1 edition (December 30, 2002)
• Language: English
• ISBN-10: 0750676132
• ISBN-13: 978-0750676137
• Product Dimensions: 9.2 x 7 x 0.8 inches
• Shipping Weight: 1.6 pounds (View shipping rates and policies)
• Average Customer Review: 4.2 out of 5 stars  See all reviews (9 customer reviews)
• Amazon Best Sellers Rank: #390,122 in Books (See Top 100 in Books)

More About the Author

Coming in 2012 "Data Mining Mobile Devices" about the modeling of mobiles in millions of peoples' pockets and purses.

Customer Reviews

Most Helpful Customer Reviews

14 of 14 people found the following review helpful:

4.0 out of 5 stars When on-message, an excellent intro to data mining, September 27, 2003

By 

Richard Bejtlich "TaoSecurity" (Metro Washington, DC) - See all my reviews
(REAL NAME)   

This review is from: Investigative Data Mining for Security and Criminal Detection (Paperback)

I read "Investigative Data Mining for Security and Criminal Detection" (IDM) after attending the 2003 Recent Advances in Intrusion Detection (RAID) conference. Researchers at RAID mentioned "self-organizing maps," "neural networks," "machine learning," and other unfamiliar topics. Mena's book helped me understand these subjects in the context of performing data mining. If you steer clear of the author's discussion of intrusion detection in chapter 10, you'll find IDM enlightening and a little scary.

Author Jesus Mena defines investigative data mining as "the visualization, organization, sorting, clustering, segmenting, and predicting of criminal behavior" (p.1). His book strays from this definition, as he also covers simply discovering patterns of activity for responding to events. Accomplishing this task requires investigative data warehousing, link analysis, software agents, text mining, neural networks, and machine learning. Mena addresses each technique in its own chapter, offering descriptions, case studies, and tools. Two types of data mining analysis exist: descriptive, such as a chart, graph, or decision tree; and predictive, obtained via neural networks and machine learning (p.261). Mena also describes mining via "top-down" vs "bottom-up" approaches. The first involves an analyst exploring data to support his theories. The second relies on software to find patterns in data not imagined by a human analyst (p.343).

Mena is most effective when he writes about what he knows best. I loved chapter 9, where he explains cell phone, insurance, and financial frauds. Much of what he wrote applied directly to my interest in network security monitoring and intrusion detection. Chapter 10 (Intrusion Detection), however, is best ignored. Mena does not appear to understand computer security, and neither do his editors. He calls Snort a "freeware site-based system IDS," in contrast with "network-based IDSs such as RealSecure" (p.306). He labels tcpdump an "attack" tool and says "this is utility for eavesdropping for passwords" (his typos) (p.307) and describes "rhosts" in a "stealth" attack phase as "this utility will evaluate hosts and lists hosts and users who are trusted by the local host" (p.308). Mena isn't a "security guy," either; he lumps "threats and vulnerabilities" together as "weaknesses or flaws in a system, such as a hole in security or a back door" (p.14). A threat is one or more entities with capabilities and intentions sufficient to exploit vulnerabilities in information resources, while a vulnerability is a weakness in design, configuration, or deployment which allow threats to abuse, subvert, or break information resources.

Overall, I really enjoyed IDM. Mena makes numerous fascinating insights. While his prose is somewhat repetitive, he explains the key points needed to get data mining newbies up to speed. In light of the recent revelations of jetBlue sharing data with the government, the techniques Mena describes are both powerful and disturbing.

12 of 13 people found the following review helpful:

3.0 out of 5 stars Somewhat weak on details, December 4, 2003

By 

Dr Anton Chuvakin "Dr. Anton Chuvakin" (CA, USA) - See all my reviews

Amazon Verified Purchase

This review is from: Investigative Data Mining for Security and Criminal Detection (Paperback)

I was very excited when I bought the book, but was somewhat disappointed. The reason for that is the book is very light on details and tends to talk about things rather then on how things are done and how they work. The book does cover some tools but with no connection to concepts and with few details on how the tools do what they do. It does contain a lot of interesting material and s generally well written.

Of the most interest to me was the intrusion detection chapter, but in addition to a well-known facts on IDS technology it provided few details on how exactly data mining helps. MITRE case study seems to mostly hint at things rather then show how they were done in this project. I did pick up some ideas from it.

Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major information security company. His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org

7 of 7 people found the following review helpful:

5.0 out of 5 stars Alternative Methodologies, October 18, 2003

By 

Marco De Vivo "Mr. TCP/IP" (Miami, Florida United States) - See all my reviews
(REAL NAME)   

Amazon Verified Purchase

This review is from: Investigative Data Mining for Security and Criminal Detection (Paperback)

Are you interested in IDS's?

If yes, perhaps you may already know that there are two main kinds of IDS's: based on "known bad behavior or abuse" or based on "behavior deviation".

The first kind is very well known after several popular implementations like SNORT.On the plus side they are not prone to "false positives" but, however,on the minus side they are almost useless with new forms of attacks.

The second kind, in turn, is very prone to false positives and not yet well implemented, but eventually can handle quite well unexpected or new forms of attacks.

If you are interested in this second type of IDS's then "Investigative Data Mining for Security and Criminal Detection" is a MUST.

From basic definitions to a case study, you are leaded through a wonderful tour that includes among others:

Intelligent Agents
Text Mining
Neural Networks
Machine Learning
Criminal Patterns
Intrusion Detection

So, if you are just casually interested in "behavior deviation" based IDS's or a true researcher in related areas, this book undoubtedly will be useful and of great help.