11.9 Tracking Identities


11.9 Tracking Identities

The data initially presented to the EVS is assumed to be complete; however, the system should posses the logic to decide whether to seek additional data. Analysts must assemble many individual records into larger patterns before they are meaningful. Taken alone, each source of data may not reveal any strong anomalies or patterns. But taken together, a clear picture may emerge. For example, possessing a truck drivers, license or having a biochemical degree does not identify that individual as a terrorist; however, having a Social Security number that is out of sequence and no public records on file in combination may warrant a high EVS score that calls that identity into question.

The correct interpretation of data requires substantial and diverse domain knowledge. For example, insurance fraud specialists are aided by knowledge about medical scams, crime trends and patterns, criminal organizations, and legitimate business operations. Many of the EVS tasks will require knowledge about these criminal scams, as well as knowledge about diverse cultures, religious beliefs, political events, and chemical, biological, and nuclear weapons, their components, and construction. Rules coded from human experts knowledgeable about criminal and terrorist techniques as well as rules extracted from data mining analyses, would be combined to interpret all the data correctly in order for the EVS to generate its scores.

The important relationships among some records are temporal and spatial. Such relationships often require special data structures, analysis techniques, and domain knowledge for correct interpretation, such as common duration of certain events, minimum travel times, etc. This is particularly true when large temporal and spatial gaps are intentionally introduced to hide illegitimate activities. Analysis requires many different types of records from a variety of local and remote databases. The EVS will require access to multiple data sources with the potential that these sources will have a different type of record structures However, the Web service architecture and the standards used will enable the integration of these diverse data sources.

The data themselves are fragmentary, sparse, and largely unlabeled. The data about any one subject, such as a person's name, address, date of birth, or occupation, are necessarily fragmentary and incomplete. One of the primary goals of the EVS is to determine whether additional data gathering is warranted. Terrorists and other organized criminals intentionally evade detection. Thus, patterns and anomalies will be much more subtle, because perpetrators intentionally attempt to cover their illegal activities within a haystack of legal activities. The EVS must be designed to deal with these attempts to evade detection. Domain experts will play a key role in determining what and where to gather this information and what clues to recognize.

The structure of criminal and terrorist organizations and their methods of operation can shift frequently. Hence, the kinds of patterns and anomalies that must be detected by the EVS data mining mechanism are inherently dynamic. This is true in some commercial applications, such as e-commerce personalization systems, which are dynamically able to customize Web pages to each individual in real time based on past behavior and preferences. This EVS must have the same type of capability to adjust and learn.




Investigative Data Mining for Security and Criminal Detection
Investigative Data Mining for Security and Criminal Detection
ISBN: 0750676132
EAN: 2147483647
Year: 2005
Pages: 232
Authors: Jesus Mena

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net