The probability of a crime or an attack involves assessing risk, which is the objective of data mining. A determination involves the analysis of data pertaining to observed behavior and the modeling of it in order to determine the likelihood of its occurring again. Closely linked to risk are threats and vulnerabilities, weaknesses or flaws in a system, such as a hole in security or a back door placed in a server, which increases the likelihood of a hacker attack. As with the deductive method of profiling, almost as much time is spent in profiling each individual victim as in rendering characteristics about the offender responsible for the crime.
Assessing probability or predicting that a crime or an attack is going to take place involves either the interrogation of witnesses by investigators or field observation and inspection by security professionals of a property or the review of documents by intelligence analysts. In the case of computer systems, it may involve the testing of hardware and software or an evaluation of the design of firewalls against hacker and virus attacks. Data mining performs a similar type of risk assessment in computing the probability of crimes by analyzing hundreds of thousands of records and data points using pattern-recognition technologies.
Estimating the probability of crimes has traditionally involved the use of criminal statistics and documented historical data, such as crime reports or documented terrorist attack procedures. For a security professional, this may entail the documented statistics of car thefts for a building over a one-year period. For a criminal profiler, it is reconstructive techniques (e.g., wound-pattern analysis, bloodstain-pattern analysis, bullet-trajectory analysis), or the results of any other accepted form of forensic analysis that has a bearing on victim or offender behavior. The same holds true with data mining, in which predictive models or rules are generated based on the examination of criminal behavior and perpetrators.
In the aftermath of 9/11, the director of the FBI announced, "The Bureau needs to do a better job of analyzing data and expand the use of data mining, financial record analysis, and communications analysis to combat terrorism." The FBI hopes to use AI software to predict acts of terrorism the way the telepathic "precogs" in the movie Minority Report foresee murders. The goal is to "skate where the puck's going to be, not where the puck was." The technology plan reflects a belief that the chief weapon against crime and terrorism will not be bullets or bombs. It will be information.
1.11 September 11, 2001
Criminals leave digital clues, which represent patterns of behavior that data mining software and techniques can uncover. It is virtually impossible to exist in a modern society without leaving a trail of digital transactions in commercial and private databases and networks. Data mining has traditionally been used to predict consumer behavior, but the same tools and techniques can also be used to detect and validate the identity of criminals for security purposes. These data mining techniques will herald a new method of validating individuals for security applications over the Internet and proprietary networks and databases.
The need for a predictive enemy detection and comprehensive threat and risk assessment capability cannot be underestimated in matters of national security. In the words of the National Defense Panel, it is of pivotal importance to "Improve predictive capabilities through latest technologies in data collection, storage, dissemination, and analysis." Data is everywhere, and with it are the clues to anticipate, prevent, and solve crimes; enhance security; and discover, detect, and deter unlawful and dangerous entities. In the twenty-first century, investigators must begin to use advanced pattern-recognition technologies to protect society and civilization. Analysts need to use data mining techniques and tools to stem the flow of crime and terror and enhance security against individuals, property, companies, and civilized countries.