Network surveillance techniques - Computer Science & Engineering

sandwichclippersMobile - Wireless

Nov 24, 2013 (3 years and 6 months ago)

64 views

Stephanio

Amaral

John Benton

Bruno
Fonseca

University of South Carolina

College of Engineering and Computing

Computer Science and Engineering Department

Our research concentrates on how
surveillance techniques are used in
conjunction with social media networks
to help law enforcement in criminal
investigations



We show how information gathered from
online social networks can be used to solve
and prevent crime


And also how the techniques can be
combined to be improved



“Failure to adopt these [social software] tools
may reduce an organization’s relative capabilities
over time.”

Government Report on “Social Software and National

Security: An Initial Net Assessment”


The threats and enemies of the nation are using
Social Networking Sites


Surveillance


Social Networks


Social Network Surveillance


Data Mining


Graph Mining

Knowledge Discovery from

Social
Networking Sites


Open Source Center


Outsources data analysis of raw intelligence to
the not
-
for
-
profit organization In
-
Q
-
Tel


Social media monitoring program that utilizes
data mining techniques


Attracted public attention in January 2012 when
two British tourists were detained and denied
entry into the U.S.


Dealing with social media monitoring is still
relatively unknown


Currently relying on warrants to search
databases/user accounts


Recently has openly requested public assistance to
develop new social media monitoring application


Not much known on DEA’s capabilities


Publicly disclosed training material indicates
agents receive extensive social media training


How to use social media during investigations


Usage of network mapping and visualization
software


i.e.,
Lococitato


shhh

it’s a secret

Social Media Surveillance

&

Network Surveillance


Algorithm designed to extract the social
hierarchy of a group based on e
-
mail
communications


The algorithm first discovers behavior patterns and
user associations


i.e., Length of time it take to send reply e
-
mail can
indicate relative importance of a user


Propose clustering information gathered both
from FBI and Twitter


Applying clustering to predict and prevent crime
based on geospatial data


Suggest the following steps:

1.
Data Gathering

2.
Data Storage

3.
Data Cleaning

4.
Data Intelligence

5.
Data Representation


Framework for gathering information from
Facebook user profiles


Uses an automated web browser and third party
app to make API requests and receive
intelligence


Third party app is used to improve performance
through multithreading

Source: Huber et al.
"Social Snapshots: Digital Forensics for Online Social Networking."


Facebook Advanced Archive

Based on e
-
Commerce user reputation behaviors


Identifies the pattern known as “bipartite core”:

1.
Two group of entities: Fraudsters and Accomplices

2.
Groups only interact with nodes of different types

3.
Raise each other’s reputation

4.
Rip
-
off honest users using surreal deals on expensive
items



The using of graph mining allows to find this
patterns in excessive large amount of data


One of the graph mining systems used,
“Graphite system” provides the analysis of
multiple patterns


Searching for exact and approximate matches that can
be used in social network analysis


Ngobeni
, SJ, and HS Venter. "The Design of a Wireless Forensic Readiness Model (WFRM)."
Citeceer
. University of Pretoria,
n.d.

Web. 20 Oct. 2012. <http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.173.5952>.


User Interface of
the
WiFi

Forensic
Positioning Tool
created by
Xinwen

Fu, Nan Zhang,
Aniket

Pingley
, Wei
Yu,
Jie

Wang, and
Wei Zhao


Fu,
Xinwen
, Nan Zhang,
Aniket

Pingley
, Wei Yu,
Jie

Wang, and Wei Zhao. "The Digital Marauder's
Map: A
WiFi

Forensic Positioning Tool."

IEEE
Transactions on Mobile Computing

2012: 377
-
89.

IEEE Digital Library
. Web.


Needs data provided as a graph


Patterns have to be known


Some algorithms have to be used multiple times
for multiple patterns


E
fficiency depends on accuracy of the patterns


False positives are possible


It is hard to make an application that works for
all social networks


It is limited to available information, it does not
create new information


The process can be very slow


Anonymous connection to internet


Device mobility makes surveillance difficult


Storage of network communication data
impractical

Preliminary Design Concept:

Fusion of Social Media Surveillance

&

Network Surveillance Techniques


In this phase various data mining techniques are
employed to collect raw intelligence.


Techniques may include:


Entity extraction


Clustering techniques


Association rule mining


Social network analysis


Stored intelligence produce a “knowledge base”


Extraction of more focused intelligence is
obtained via graph mining techniques.


Utilizes behavior patterns, associations, and social
network graphs constructed in phase 1.






Source:
Chau
, Polo. "Catching Bad Guys with
Graph Mining."

Source
: http://www.lococitato.com/


The localization phase makes use of network
surveillance techniques, and provides
investigators with two separate choices:

1.
Crime cluster patterns identified in phase 1 produce
a reasonably accurate set of locations where a
“Digital Marauder’s Map” system can be deployed

2.
Or, a passive approach can be taken which utilizes a
monitoring system such as the “Wireless Forensic
Readiness Model”


LE monitor wireless traffic
for
probe requests,
or


Force the device
to automatically
start
sending
probe
request frames.