Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

The use of data mining technology for fighting cyber crimes - forensic aspects


Published on

This is a presentation for the Cyber Attacks 2015 Conference at The Faculty of Law and Administration, Nicolaus Copernicus University, 24th and 25th of March 2015, Torun

Published in: Education
  • Be the first to comment

The use of data mining technology for fighting cyber crimes - forensic aspects

  1. 1. dr hab. Wojciech Filipkowski, prof. UwB 1 Cyber Attacks 2015 The Faculty of Law and Administration, Nicolaus Copernicus University 24th and 25th of March 2015, Torun
  2. 2. Data mining – general description • The extraction of useful, often previously unknown information from large databases or data sets - American Heritage® Dictionary of the English Language • The gathering of information from pre-existing data stored in a database, such as one held by a supermarket about customers' shopping habits - Collins English Dictionary • Data processing using sophisticated data search capabilities and statistical algorithms to discover patterns and correlations in large preexisting databases; a way to discover new meaning in data - WordNet 2
  3. 3. Data mining – TwoCrows Consulting • a process that uses a variety of data analysis tools to discover patterns and relationships in data that may be used to make valid predictions • Using a combination of machine learning, statistical analysis, modeling techniques and database technology, data mining finds patterns and subtle relationships in data and infers rules that allow the prediction of future results. • Typical applications include: – market segmentation – customer profiling – fraud detection – evaluation of retail promotions – credit risk analysis 3
  4. 4. Data mining – Gartner Group • Data mining is the process of discovering meaningful new correlations, patterns and trends by sifting through large amounts of data stored in repositories, using pattern recognition technologies as well as statistical and mathematical techniques 4
  5. 5. What it can do? • to describe the data: – summarize its statistical attributes – visually review it using charts and graphs – look for potentially meaningful links among variables • to build a predictive model based on patterns determined from known results, then test that model on results outside the original sample. • to empirically verify the model. 5
  6. 6. Typical Commercial Applications • Help to manage all phases of the customer life cycle: – acquiring new customers – increasing revenue from existing customers – retaining good customers 6
  7. 7. Typical Industries – Retailers : • to decide which products to stock in particular stores (and even how to place them within a store) • to assess the effectiveness of promotions and coupons – Medical applications: • to predict the effectiveness of medical procedures, tests or medications – Pharmaceutical firms • to discover substances that might be candidates for development as agents for the treatments of disease – Companies active in the financial markets: • to determine market and industry characteristics • to predict individual company and stock performance – Telecommunications and credit card companies: • to detect fraudulent use of their services – Insurance companies and stock exchanges: • to reduce fraud 7
  8. 8. Security and Forensic Application • To identify terrorist activities: – money transfers and communications • To identify and track individual terrorists themselves, such as through travel, custom and immigration records • Discontinued or cancelled projects: Terrorism Information Awareness (TIA), Computer-Assisted Passenger Prescreening System II (CAPPS II) – financed by DARPA, TSA, NSA (all USA based agencies) • CAPPS II is being replaced by a new program called Secure Flight 8
  9. 9. Security and Forensic Application • Corporate Surveillance • Business Intelligence • Sentiment analysis and lie detector • Risk assessment • Compliance Monitoring for Anomaly Detection – CMAD • Intrusion Detection System – IDS 9
  10. 10. Summing up forensic aspects • Monitoring net traffic • Profiling users based on their behavior • Detecting abnormal activities • Supporting decision making process • Prevention based on prediction 10
  11. 11. THANK YOU FOR YOUR ATTENTION dr hab. Wojciech Filipkowski, prof. UwB The Head of Forensic Laboratory 11