4.6 Secured Sources Agents

4.6 Secured Sources Agents

Intranet agents can serve as database service providers. They can also automate workflow processes and collaborate communications to intranet or proprietary closed network users; for example, they may be programmed to issue special alerts to designated need-to-know analysts or investigators. There are intranet agents that can perform resources allocation services, which are IT-specific, such as updating a data set or deleting a database. These intranet agents can also be programmed to perform a variety of reports and conduct ad hoc analyses of databases across a network. As with Internet agents, intranet agents can perform similar data-organization tasks for users in closed proprietary secured agency and departmental networks.

An intranet agent is a software program that resides on an internal agency or departmental server or cluster of servers in a private proprietary network. These types of agents are designed to focus on information dissemination among a team of users involved in special task forces or focusing on specific type of data aggregation and analyses. Typically, these intranet agents are programmed to assist in accessing internal databases, data marts, and data warehouses or proprietary networks. Some can also provide support via wireless devices to field investigators. They enable information sharing within a designated and authorized group of users. They can also be set up to shield and protect unauthorized access to some users and provide alerts when changes to the data occur.

4.7 How Agents Work

Regardless of whether it is an open or a closed type of agent, or of the function that it performs, its benefits are usually in automating some type of repetitive behavior that is either time-based or event-based. They can automate repetitive tasks, such as performing a common query against a database. More advanced agents can notify specific users of the arrival or creation of new data ready for their analysis; they can assist users with more advanced analyses, guiding them in processes they are not knowledgeable about; and lastly, they can perform messaging tasks, such as notifying users when a model has been completed. Some data mining tools incorporate agents to automate the process of model construction and analysis.

Specialized database or network agents can, on the basis of user requests, go out and perform queries, assemble the data found into a predesigned template, or process the data through a designed analysis. Database agents provide valuable functions in making information available to users in the most useful form and context. Once the data has been retrieved and assembled or the analysis is complete, such as the creation of a data cube or a data mining model, the results can be transmitted to a designated group of users. The entire process can be done in real time or overnight; the agent can be programmed to perform the task as required by the agency or department needs. The benefits are clear: agents reduce the workload of investigators, lead to faster decision making by the analysts, and increase the productivity of everyone involved.

4.8 How Agents Reason

Men and machines such as agents reason through simple to elaborate networks of rules:

     IF     X,     AND     Y,     THEN        Z

Some of these rules are codified from the domain of experts; hence, the development of expert system in the early 1990s. However, these systems fell out of popularity after some initial enthusiasm when they proved to be expensive to maintain and brittle in deployment. Expert systems represented a set of rules in such areas as making soup or configuring systems or auditing tax returns. Some expert systems still exist; for example, the TriPath medical system uses rules that it developed from pathologists to examine Pap smears to diagnose for cervical cancer in its FocalPoint system.

The FBI and IRS both set up AI labs with the intent of developing expert systems to assist field agents with working cases and developing good prosecutions. The idea was to codify the experience of seasoned FBI agents who had worked and solved specific types of criminal cases. These expert systems would subsequently aid younger agents in working cases to prosecution and eventual conviction.

The IRS had various applications under development, most of which never left the lab, due in part to the high maintenance cost of the expert systems. For example, one application was to automate the audit examination process; unfortunately, the tax code and forms change every year, with Congress cranking out new legislation, meaning the rules of the expert system would need to be constantly changing. Audits can involve multiple years, meaning the expert system would have to incorporate hundreds of rules from each of those years. In the end, the task proved to be expensive to maintain.

However, there is a different method by which rules can be constructed; this involves data mining. Replacing expert systems as reasoning engines was the development of neural networks and machine-learning algorithms in the area of AI. Rather than developing rules from experts and taking a top-down approach to knowledge acquisition, rules can be extracted from observations in large databases. This is the inductive method of data analysis, now known as data mining, which uses machine learning and is a bottom-up approach to knowledge acquisition.

These processes of rule creation are not mutually exclusive; in fact, a hybrid system is probably the ideal solution for investigative data mining applications, in which some rules are drawn from years of investigators' experience, coupled with rules extracted from hundreds of thousands of cases from large databases. This type of man-machine hybrid system is the topic of a proposed data mining architecture in Chapter 11. Agents, as engines of inference, can use both types of rules. To develop intelligence in agents, certain steps can be taken. Briefly, they involve the following type of rule sequencing and construction:

  1. The user or developer provides a set of rules that describe a desired behavior: When X happens, then do Y. This can be done using a plain-text editor and then transcribed to code-such as C or Java.

  2. The reasoning system is next provided with a set of conditional input events, such as When a match of Entity Z898R from List DEA-01/02/04 happens, do Y.

  3. The reasoning system is provided with interfaces to perform or initiate various desired actions; for example, do Y may require that an alert be made by sending a message to a system object, by writing a file, or by other system action that a program can perform.

  4. After the reasoning system is initiated, it can wait for an event to arrive. It will extract facts from the event and then evaluate its rules to see if the new facts cause any of them to fire. If one or more rules fire, it may cause additional action to be initiated or a record to be written or updated.

The above process follows a set structure, leading to the creation and use of conditional rules and logic, which can be coded in a variety of ways. Here is an example:

     IF      (Condition 1)
     OR      (Content A)
     AND     (Condition 3)
     THEN (Action Z)

This can be demonstrated by the example of a system for issuing alerts to, say, customs agents at point-of-entry stations, based on conditions gleaned from a plate number input into a network system using models developed from both human investigators' experience and machine-learning-generated rules. These data mining rules could well have been developed from an extensive analysis of prior convicted cases of contraband prosecutions:

     Condition fields:
       IF INSURER is None (Condition 1)
          Source: Human Domain
       OR YEAR is 1988 (Content A)
          Source: DMV Registration Record
       AND MAKE is CADILLAC (Condition 3)
          Source: Data Mining Model
      Prediction # 1: THEN ALERT is Medium (Action Z)
          Inspect Trunk