Machine-learning algorithms, 2, 11–13, 205–48
border case study, 210–12
C5.0, 12, 205, 206–7
CART, 12, 205, 206
CHAID, 12, 205, 206
criminal patterns, 219–21
decision trees, 207–8
defined, 205–6
fraud and, 267–70
functioning of, 206–7
government financial transaction detection case study, 213–19
IDS construction with, 322
military data extrapolation case study, 212
output, 12
rules generation, 206
rules predicting crime, 208–10
scenario, 12–13
SPSS Clementine, 26, 30, 179, 180, 181, 245–47
uses, 11
Machine-learning software, 233–48
ANGOSS KnowledgeSTUDIO, 233–37
Magaputer Polyanalyst, 238–41
Oracle9i Data Mining suite, 242–43
Prudsys DISCOVERER 2000, 241–42
Quadstone Decisionhouse, 243–44
SAS Sample, Explore, Modify, Model, Assess (SEMMA), 244
Teradata Warehouse Miner, 247–48
thinkAnalytics, 248
MATLAB Neural Net Toolbox, 198–99
Megaputer PolyAnalyst, 238–41
data access, 238
data import wizard, 239
data mining process support, 240
decision tree interface, 240
exploration engines, 238
modeling algorithms, 238
schematic decision tree, 241
Visual Rule Assistant, 239
See also Machine-learning software
Military data extrapolation case study, 212
Miscoding, 284–85
defined, 284
detection techniques, 284—85
MO, 284
See also Insurance fraud
Misuse detection, 310
Misuse IDSs, 318–19
defined, 318
NIDES, 318–19
See also Intrusion detection systems (IDSs)
MITRE intrusion detection case study, 313-18
Models
combining, 297–98
creating, 217–18
multiple, evaluating, 297
testing, 218
values, 39
Modus operandi (MO), 27
analysis, 190
attack, 307
bank fraud, 279
card-not-present fraud, 278
control, 307
credit-card fraud, 277
diversity, 35
excessive/inappropriate testing, 283
false claims, 282
financial crime, 277–79
free-text field, 36
identity brokers, 290
illegal billing, 282
information on, 31
intelligence, 303–5
intrusion, 302–9
loan default, 278
miscoding, 284
money laundering, 280
personal injury mills, 284
probing, 306
scanning, 305–6
stealth, 308–9
sub-classification, 187
text, 186
MO modeling case study, 179–95
building-type analysis, 189–90
business understanding, 181–83
CRISP-DM methodology, 180
data encoding, 187
data preparation, 185–86
discussion/conclusions, 192–93
introduction, 179–81
missing data, 186–87
MLP, 181
MO analysis, 190
model building, 190–91
offender behavior, 183–84
RBF, 181
SOM, 181
spectral analysis, 189
temporal analysis, 187–88
validation, 191–92
See also Neural networks
Money, as data, 276–77
Money laundering, 279–81
case study, 84–85
defined, 279
integration step, 280
layering step, 280
methods, 280
MO, 280
placement step, 280
Mueller, Robert S., 37–38
Multi-layer perceptrons (MLP) networks, 162–63, 179, 199
advantage, 162
defined, 162
inadequacies, 162
parallel, 163