Knowledge Representation Issues in Semantic Graphs for Relationship Detection (original) (raw)
Related papers
Mining Attributed Graphs for Threat Intelligence
Proceedings of the Seventh ACM on Conference on Data and Application Security and Privacy
Understanding and fending off attack campaigns against organizations, companies and individuals, has become a global struggle. As today's threat actors become more determined and organized, isolated efforts to detect and reveal threats are no longer effective. Although challenging, this situation can be significantly changed if information about security incidents is collected, shared and analyzed across organizations. To this end, different exchange data formats such as STIX, CyBOX, or IODEF have been recently proposed and numerous CERTs are adopting these threat intelligence standards to share tactical and technical threat insights. However, managing, analyzing and correlating the vast amount of data available from different sources to identify relevant attack patterns still remains an open problem. In this paper we present MANTIS, a platform for threat intelligence that enables the unified analysis of different standards and the correlation of threat data trough a novel type-agnostic similarity algorithm based on attributed graphs. Its unified representation allows the security analyst to discover similar and related threats by linking patterns shared between seemingly unrelated attack campaigns through queries of different complexity. We evaluate the performance of MANTIS as an information retrieval system for threat intelligence in different experiments. In an evaluation with over 14,000 CyBOX objects, the platform enables retrieving relevant threat reports with a mean average precision of 80%, given only a single object from an incident, such as a file or an HTTP request. We further illustrate the performance of this analysis in two case studies with the attack campaigns Stuxnet and Regin.
Graph-based technologies for intelligence analysis
W hen intelligence analysts are required to understand a complex uncertain situation, one of the techniques they use most often is to simply draw a diagram of the situation. Natural language processing has matured to the point where the conversion of freeform text reports to these diagrams can be largely automated. The diagrams are attributed relational graphs (ARGs), an extension of the abstract directed graph from mathematics. In these ARGs, nodes represent people, organizations, objects, or events. Edges represent relationships like interaction, ownership, or trust. Attributes store the details of each node and edge, like a person's name or an interaction's time of occurrence. ARGs function as external memory aids, which are crucial tools for arriving at unbiased conclusions in the face of uncertain information .
Unapparent Information Revelation refers to the task in the text mining of a document collection of revealing interesting information other than that which is explicitly stated. It focuses on detecting possible links between concepts across multiple text documents by generating a graph that matches the evidence trail found in the documents. A Concept Chain Graph is a statistical technique to find links in snippets of information where singularly each small piece appears to be unconnected. In relation to algorithm performance, Latent Semantic Indexing and the Contextual Network Graph are found to be comparable to the Concept Chain Graph. These aspects are explored and discussed. In this paper, a review is performed on these three similarly grounded approaches. The Concept Chain Graph is proposed as being suited to extracting interesting relations among concepts that co-occur within text collections due to its prominent ability to construct a directed graph, representing the evidence trail. It is the baseline study for our hybrid Concept Chain Graph approach.
Graph-based relational learning with application to security
2005
We describe an approach to learning patterns in relational data represented as a graph. The approach, implemented in the Subdue system, searches for patterns that maximally compress the input graph. Subdue can be used for supervised learning, as well as unsupervised pattern discovery and clustering. We apply Subdue in domains related to homeland security and social network analysis.
Semantic Knowledge Representation in Terrorist Threat Analysis for Crisis Management Systems
Lecture Notes in Computer Science, 2009
In recent years problem of identifying terrorist threat has become a priority topic for government and military organizations. We base our ideas on new concepts of indirect association analysis to extract useful information for terrorist threat indication. Method introduces original approach to knowledge representation as a set of ontologies and semantic network, which are then processed by the inference algorithms and structure graph analysis. Described models consist of experience gathered from intelligence experts and several open Internet knowledge systems such as Global Terrorism Database, Profiles in Terror knowledge base. We managed to extract core information from several ontologies and fuse them into one domain model aimed to provide basis for indirect associations identification method.
Link Analysis Tools for Intelligence and Counterterrorism
Lecture Notes in Computer Science, 2005
Association rule mining is an important data analysis tool that can be applied with success to a variety of domains. However, most association rule mining algorithms seek to discover statistically significant patterns (i.e. those with considerable support). We argue that, in law-enforcement, intelligence and counterterrorism work, sometimes it is necessary to look for patterns which do not have large support but are otherwise significant. Here we present some ideas on how to detect potentially interesting links that do not have strong support in a dataset. While deciding what is of interest must ultimately be done by a human analyst, our approach allows filtering some events with interesting characteristics among the many events with low support that may appear in a dataset.
Semantic association identification and knowledge discovery for national security applications
Journal of Database …, 2005
Enterprises have access to vast amount of internal, deep Web and open Web information. Transforming this heterogeneous and distributed information into actionable and insightful information is the key to the emerging new class of business intelligence and national security applications. This paper attempts to bring together novel academic research and commercialized Semantic Web technology to provide these new capabilities. In particular, we discuss academic research on semantic association identification, use of commercial Semantic Web technology for semantic metadata extraction, and a prototypical demonstration of this research and technology through an aviation security application of significance to national security.
Data Mining in Social Networks and its Application in Counterterrorism
International Journal of Recent Technology and Engineering (IJRTE), 2019
Social Networks are best represented as complex interconnected graphs. Graph theory analysis can hence be used for insight into various aspects of these complex social networks. Privacy of such networks lately has been challenged and a detailed analysis of such networks is required. This paper applies key graph theory concepts to analyze such social networks. Moreover, it also discusses applications and proposal of a novel algorithm to analyze and gather key information from terrorist social networks. Investigative Data Mining is used for this which is defined as when Social Network Analysis (SNA) is applied to Terrorist Networks to gather useful insights about the network
A relation context oriented approach to identify strong ties in social networks
Knowledge-Based Systems, 2011
Strong ties play a crucial role in transmitting sensitive information in social networks, especially in the criminal justice domain. However, large social networks containing many entities and relations may also contain a large amount of noisy data. Thus, identifying strong ties accurately and efficiently within such a network poses a major challenge. This paper presents a novel approach to address the noise problem. We transform the original social network graph into a relation context-oriented edge-dual graph by adding new nodes to the original graph based on abstracting the relation contexts from the original edges (relations). Then we compute the local k-connectivity between two given nodes. This produces a measure of the robustness of the relations. To evaluate the correctness and the efficiency of this measure, we conducted an implementation of a system which integrated a total of 450 GB of data from several different data sources. The discovered social network contains 4,906,460 nodes (individuals) and 211,403,212 edges. Our experiments are based on 700 co-offenders involved in robbery crimes. The experimental results show that most strong ties are formed with k P 2.