6.12 Modus Operandi Modeling of Group Offending: A Case Study


6.12 Modus Operandi Modeling of Group Offending: A Case Study

By Richard Adderley and Peter Musgrove[1]

This paper looks at the application of data mining techniques, principally the multi-layer perceptron, radial basis function, and self-organizing map, to the recognition of burglary offenses committed by a network of offenders. After progressing through the data preparation stages, it is possible to suggest a list of currently undetected crimes that may be attributed to those offenders.

The data was drawn from four years of burglary offenses committed within an area of the West Midlands Police. The data was encoded from text by a small team of specialists working to a well-defined protocol and analysed using the multilayer perceptron (MLP), radial basis function (RBF), and Kohonen self-organizing map (SOM) tools of SPSS/Clementine. Three months of undetected crimes were analysed through the Clementine stream, producing a list of offenses that may be attributed to the network of offenders. The results were analyzed by two police sergeants not associated with the development process who determined that 85% of the nominated crimes could be attributed to the network of offenders. To produce a manual list would take between 1.5 to 2 hours and be between 5% and 10% accurate.

Introduction

Today, computers are pervasive in all areas of business activities. This enables the recording of all business transactions, making it possible not only to deal with record keeping and control information for management, but also via the analysis of those transactions to improve business performance. This has led to the development of the area of computing known as data mining (Adriaans and Zantinge 1996).

The police force like any other business now relies heavily on the use of computers, not only for providing management information via monitoring statistics, but also for use in tackling major serious crimes (usually crimes such as armed criminality, murder, or serious sexual offenses). The primary techniques used are specialized database management systems and data visualisation (Adderley and Musgrove 2001). However, comparatively little use has been made of stored information for the investigation and detection of volume crimes, such as burglary. This is partly because major crimes can justify greater resources on grounds of public safety, but also because there are relatively few major crimes, making it easier to establish links between offenses. With volume crimes, the sheer number of offenses, the paucity of information, the limited resources available, and the high degree of similarity between crimes render major crime analysis techniques ineffective.

There have been a number of academic projects that have attempted to apply AI techniques, primarily expert systems, to detecting volume crimes, such as burglary (Lucas 1986 and Charles 1998). While usually proving effective as prototypes for the specific problem being addressed, they have not made the transfer into practical working systems. This is because they have been stand-alone systems requiring the duplication of data inputting as they do not integrate easily into existing police systems. They tended to use a particular expert's line of reasoning with which the detective using the system might disagree. Also, they lacked robustness and could not adapt to changing environments. All this has led to wariness within the police force regarding the efficacy of AI techniques for policing.

The objective of the current research project is, therefore, to evaluate the merit of data mining techniques for crime analysis. The commercial data mining package SPSS/Clementine is being used in order to speed development and facilitate experimentation within a Cross Industry Platform for Data Mining (CRISP-DM) methodology (see Figure 6.12).

click to expand
Figure 6.12: The CRISPDM methodology.

Clementine also has the capability of interfacing with existing police computer systems. The requirement for purpose-written software outside the Clementine environment is being kept to a minimum.

In this paper, the authors report the results from applying three specific data mining techniques: the multi layer perceptron (MLP), radial basis function (RBF) and the Kohonen self-organizing map (SOM) to the building descriptions, modus operandi (MO), and temporal and special attributes of crimes attributed to a network of offenders for a particular type of crime, domestic and commercial burglaries.

An MLP (Swingler 1996) is a supervised classification technique, which has the ability to form categories based upon learning from examples within the data. Using known data (for example, detected crimes) which are separated into a training set and a testing set, the network is trained on the former and tested on the latter, which it has not seen. An RBF (Broomhead and Lowe 1998) is similar, but operates on more localized data using a two-stage approach. The first stage recognizes patterns, and the second places those patterns in clusters of similar data. An SOM (Kohonen 1982) is an unsupervised technique that uses the many variables in the data set (multi-dimensions) and recognizes patterns to form a two-dimensional grid of cells. This technique has similarities to the statistical approach of multidimensional scaling. The output from all of these techniques is a confidence level between zero and one; the greater the value, the greater the confidence in the classification process.

The benefits of extracting a formal structure from the free-text MO field and using this structure in the mining process are discussed together with the stages of data selection, coding, and cleaning. The results achieved by this process were independently validated by two police sergeants, who were not part of the research team; they are discussed, together with further areas for research.

The two validating sergeants are Community Safety Bureau staff in the area of the West Midlands Police in which the target network of offenders mainly operates. These bureaus are the focal points on each command unit for strategic planning, operational tasking, and intelligence. The two sergeants have been working in this environment for a number of years and are highly experienced.

Business Understanding

The traditional view of offenders operating together revolves around the hierarchical gang structure, having a leader, several lieutenants, and a number of lower operatives. This may hold true for the more serious structured crime, such as illegal importation of drugs, but when this percolates to the street level, the formal gang structure no longer exists. For a whole range of crimes, groups of offenders work together for a common purpose; they form a network of people that more resembles an organic structure than a hierarchical gang structure. There is no "Mr. Big" for the entire network.[2] Figure 6.13 illustrates a group of 14 offenders who have worked extensively together. The numbered circles represent individual offenders and the connecting lines represent codefendant instances [people who have been arrested and charged for the same offense(s)]. It is interesting to note that family membership (blood ties) appears to be important in these networks.

click to expand
Figure 6.13: Primary network of offenders.

Within the network illustrated in Figure 6.13, offenders 2, 3, 4, 7, 8, 9, 10, 11, and 14 all have burglary offenses recorded against them, and it appears that they commit their offenses together in different combinations of people. For example, 14 has committed six offenses with 2, four with 7, eight with 10 and 11, etc. None of the offenders have a standard MO; however, they do favor particular types of buildings, use a finite variety of methods to gain entry to most of those buildings, and have a slight preference for an individual day of the week for committing their crimes.

When an offender has been arrested for an offense and brought into custody, the person is interviewed regarding that offense and any other similar offenses that may, as yet, be undetected. The interviewing officer will request from the intelligence department a list of offenses that are similar to the one for which the person has been arrested with a view to questioning the offender and clearing further crimes. That is, the offender will admit his or her part in committing the crime, and it is recorded as being detected to that offender. The intelligence department will examine the base individual crime and then search through the crime system to locate those that have similar spatial, temporal, and MO features. This process can take between one and two hours depending on the complexity of the base crime. It is a semi-manual task requiring a SQL search and then manual reading of the retrieved documentation. The intelligence staff estimate that they are about 5% to 10% accurate in supplying a list for interview. This figure is based upon the actual number of offenses attributed to the offender during the interviewing process.

In preliminary previous work by the authors (Adderley 2001), it was shown that by examining a series of crimes committed by an individual offender, 11 previously unseen random crimes from this person could be recognized in the top 285 from over 3,500 detected crimes in the South of Birmingham. This was without using spatial or temporal variables. By using these additional variables and examining the working practices of a group of offenders, it was believed that the accuracy would improve.

Offender Behavior

Before the results of the encoded offender behavior can be utilized it is important to understand the current research relating to criminology and its relevance to the data set in question.

Routine activity theory (Cohen and Felson, 1979; Felson 1992; Clarke and Felson 1993) requires that there be a minimum of three elements for a crime to occur: a likely offender, a suitable target, and the absence of a suitable guardian. Offenders do not offend 24 hours a day committing crime. They have recognizable lives and activities, for example, go to work, support a football team, and regularly drink in a public house. They have an awareness space in which they feel comfortable, which revolves around where they live, work, socialize and the travel infrastructure that connects those places.

It has been stated that crimes against the person, such as rape, homicide, and assault, occur closer to the offender's home than property crime, such as burglary (Brantingham and Brantingham 1991; Rhodes and Conly 1991). However, the authors have established that offenders who commit sexual crimes commit their crimes further from home than burglary offenders (Adderley and Musgrove 2001). Based on two years of burglary crimes in a district of the West Midlands Police area, the average distance that a burglary offender traveled from his or her home address varied between 1/2 mile and 2 1/4 miles, depending upon age (see Figure 6.14). Sampling a random 60% of recorded offenders from the major crime (sexual offenses) Violent Crime Linkage Analysis System (ViCLASS) database who only commit offenses within the borders of a single force, the average distance from their home address was 4.11 miles.

click to expand
Figure 6.14: Distance chart.

The rational choice perspective (Clarke and Felson 1993) states that committing a crime is a conscious process by the offender to fulfil his or her commonplace needs, such as money, sex, and excitement. For example, an offender within the system has committed 22 offenses of burglary, the MO being indecent assault of the female occupant, but not theft. By these actions, he is fulfilling two of the stated needs, sex, and excitement.

Data Understanding

The burglary database used in this study contained 23,382 recorded offenses that occurred between January 1997 and February 11, 2001. Table 6.2 shows the specific crime categories and the numbers of offenses associated with each.

Table 6.2: Classification of Burglary Offense

Drinking Places

Dwellings

Factories

Garages

Offices

Sheds

Shops

Other

Total

All Offenses % of Total

642

2.75%

11,394

48.73%

1,387

5.93%

406

1.74%

939

4.02%

4,004

17.12%

1,640

7.01%

2,970

12.70%

23,382

100%

All Detected %of Total

77 1.95%

2,294

58.15%

195

4.94%

70

1.77%

143

3.62%

306

7.76%

361

9.15%

499

12.65%

3,945

100%

Primary Detected % of Total

5 2.34%

126

58.88%

10

4.67%

11

5.14%

4

1.87%

2

0.93%

48

22.43%

8

3.74%

214

100%

There are a total of 4,159 offenses that have been detected to a variety of offenders representing 17.79% of total crime. This includes 214 crimes attributed to a known network of offenders (Primary Network) representing 0.92% of the total crime and 5.15% of all detected crime. When compared to the detected crimes, Table 6.2 clearly shows that the Primary Network offenders' profile is to target shops and petrol filling stations, but not to attack sheds and offices.

There are limitations with the data set that should be recognized prior to the research:

  • Even though the data set is complete, it contains all reported offenses of burglary; it is possible that unsolved crimes held within the database may be attributed to one of the known offenders.

  • Although people who have received the same training have input the crimes, there are inconsistencies in the transcription process, which will be discussed later in the paper.

  • It has to be assumed that the known offenders have actually committed the crimes that have been attributed to them.

Data Preparation

The quality of the data is directly proportional to the results of the mining process. With a small number of persons responsible for transcribing and entering the data, it was assumed that the quality of the data would be high. However., there are inconsistencies within the subsequent transcription particularly within the MO entries. Table 6.3 illustrates an example of free-text MO information.

Table 6.3: Modus Operandi Text

1

OFFENDER APPROACHED SECURE UNOCUPPIED DWELLING IN RESIDENTIAL AREA WENT TO REAR OF PREMISES AND FORCED REAR ROUND FLOOR PATIO DOOR BY BENDING METAL FRAME WITH JEMMY TYPE INSTRUMENT REMOVING DOOR FROM FRAME ENTERED AND MADE UNTIDY SEARCH OF ALL ROOMS DEFECATED IN FRONT UPSTAIRS BEDROOM CARPET STOLE ITEMS AND MADE OFF EXIT AS ENTRY

2

OFFENDERS UK APPROACHED SEMI DETACHED HOUSE AND KICKED FRONT DOOR FORCING ENTRY ENTERED AND SEARCHED ALL ROOMS OFFENDERS HAVE STOLEN TV VIDEO CASH CHEQUE BOOKS OFFENDERS HAVE LEFT PARCEL SHELF FROM AN UK CAR A CHILDS PRAM CHILDS BIKE AND BLANKET OUTSIDE FRONT OF HOUSE OF DRIVEWAY MAKING GOOD ESCAPE

3

BTN STATED TIMES OFFENDER FORCED FRONT DOORS ENTERED AND STOLE PROPERTY LEFT VIA WAY ENTERED

4

PERSONS U/K WENT TO REAR OF FACTORY PREMISES CUT THROUGH METAL BARS SMASHED INNER GLASS ENTERED OFFICE AND STOLE COMPUTERS

5

SMASHED GLASS IN FRONT DOOR REACHED IN & RELEASED RIM LOCK ENTERED MADE UNTIDY SEARCH OF BEDROOM STOLE PROPERTY

Number 3 does not state how the doors were forced, what rooms were searched, or the mode of search. Numbers 2, 3, 4, and 5 do not state whether the premises were occupied. Number 4 does not state the location of the room in which the computers were located, whether the removal was tidy, or whether the room was ransacked.

When a paper crime report is completed, the MO is written in unstructured free text, which is subsequently entered into a computerized recording system. From each of the 21 operational command units (OCUs) within the West Midlands Police, there can be up to 200 police and civilian personnel writing the text and a further five persons entering the data onto the system. With no guidelines indicating the language to be used, the variety of wording and spelling is vast. A structured encoding method would aid automatic investigation and detection methods. However, to introduce such encoding would incur a cost to alter the existing paper and computer recording systems. In this paper, software has been used to encode certain aspects of free-text data fields. Due to the nature of these fields, even after the encoding process, the data was not 100% clean. It would be preferable if such data was encoded at the time of inputting as encountered in a previous study involving serious sexual assaults (Adderley & Musgrove 2001). This study will demonstrate the benefits of using suitably encoded volume crime data.

Missing Data

There are a number of fields that do not contain data that are stored in the database as "$null$" or as an empty string. These mainly relate to location information. If an address is incorrectly entered into the system an 'unconfirmed location' is registered, which permits the crime to be recorded, but an operator will manually enter the correct information when time permits. These are often subsequently left blank.

It is not uncommon for data sets to have fields that contain unknown or incorrectly entered information and missing values. How should they be treated? Are those fields essential to the mining process? There are a number of methods (Weiss and Indurkhya, 1998) for treating records that contain missing values:

  • Omit the incorrect field(s)

  • Omit the entire record that contains the incorrect field(s)

  • Automatically enter/correct the data with default values (e.g., select the mean from the range)

  • Derive a model to enter/correct the data

  • Replace all values with a global constant

Within this work, those crimes that did not contain post code or grid reference information were omitted from the spatial analysis.

Data Encoding

A critical step within the data mining process is the way in which data is encoded. It is suggested that the central objective of this stage is to transform the base data into a spreadsheet-type format where individual variables are identified or created/derived from combining or extracting information from the data set (Weiss and Indurkhya, 1998).

The data was encoded in four sections. Temporal analysis determined the times of day and particular days of the week for which the offenders showed a preference. Spatial analysis indicated the geographical base of the offenses. A large number of building types were analyzed and categorized into a small number of sets. The MO itself was sub-classified into a further three sections.

Temporal Analysis

Certain offenders have a propensity to offend within certain hours of the day and on particular days of the week. The detected crimes were compared against the crimes attributed to the Primary Network to ascertain whether there were similarities or differences between times and days.

Temporal analysis presents problems within the field of crime-pattern analysis due to the difficulty of ascertaining the exact time at which the offense occurred. There are generally two times that are relevant: the time that the building was secured and the time that the burglary was discovered, the from time/date and the to time/date. This duration of time may span two or more days, adding to the complexity. Analysis indicated that individual hours of the day did not appear to be relevant in determining a pattern of offending; it was more important to ascertain a time period. For example, many offenses are committed during the working day when the occupier is not at the premises; however, the time period may be relevant to the type of premises attacked.

Figure 6.15 illustrates that the Primary Network has a slight preference, in comparison to the detected crimes, for offending during the evening and night-time periods. In this study, "Working Day" means between 0700 hours to 1900 hours, "Evening" means between 1900 hours and 2200 hours, and "Night" means between 2200 hours and 0700 hours.

click to expand
Figure 6.15: Crimes by time of day.

Figure 6.16 shows the percentage of crimes that were committed by day of the week. It clearly demonstrates that the Primary Network has a preference for offending on a Tuesday, in comparison to the mass of detected crimes.

click to expand
Figure 6.16: Crimes by day of week.

In order to weight the differences illustrated by Figures 6.15 and 6.16, the percentage rates of the detected crimes were subtracted from the Primary Network rates to give a figure that represents the importance of the temporal offending pattern relating to the Primary Network.

Spatial Analysis

Using all past and present home addresses as anchorage points, the Primary Network commit 84.3% of their burglary offenses within 500 meters of their own or immediate coaccuseds' addresses. The spread of these addresses represents approximately 10% of the West Midlands Police Force area. Therefore, the geography of crime is an important factor in determining an offender's pattern of offending.

The six figure eastings and northings refer to the British Ordnance Survey grid referencing system, which is used by West Midlands Police and is accurate to one meter. The grid reference integer is truncated to four figures, reducing the accuracy to 100 meters, and that fourth digit is rounded up or down to either a 5 or 0, which reduces the accuracy to the required 500 meters. It is the 500-meter grid that is used in this work. The RBF network node was utilized to generate scores relating to the location of crimes according to their 500-meter grids. The function was able to identify and cluster areas of the map as illustrated in Figure 6.17, and the new field relating to the grid reference score was created combining individual variables into a single nominal category.

click to expand
Figure 6.17: Spatial analysis.

Building-Type Analysis

There are 72 individual building descriptions available for use. Many crimes are quite opportunistic (Clarke and Felson 1993), whether a motivated offender chooses a detached, semi-detached, or terraced house often depends upon the person's awareness space and the opportunities presented at the time. Within the current data set it did not appear that the specific type of premises was relevant, but by amalgamating groups of premises, those groups then became more relevant. Therefore, the 72 individual premise types were categorized into eight sets.

Comparing all detected crimes with those committed by the Primary Network, there is an indication that the Primary Network has a preference, in comparison to all detected crimes, for attacking factories, drinking places, and petrol filling stations. The new building-type field was created combining individual variables into a single nominal category.

MO Analysis

As stated in the "Data Encoding" section above, data encoding is a critical stage in the mining process. For this study, the MO was classified in three sections: which part of the building afforded entry; the method of entry to the premises; and whether the premises was alarmed, including how the alarm was circumvented. The first section derived four new fields: main entrance, rear door, front window and rear window. the second section derived six new fields: smashed glass, damaged lock, used vehicle (to gain entry, e.g., ram raiding), implement, forcing door, and insecure. The third section derived three new fields: premises alarmed, alarm disabled, and alarm activated.

It is during the data-preparation stage in the CRISP-DM cycle that a variety of encoding techniques may be utilized to provide additional fields for analysis and to enable fuzzy concepts.

Model Building

The 4,159 detected crimes, including those committed by the Primary Network, were separated into two sets, one for training and the other for testing. After removing the crimes that were not geo-coded, the training set comprised 916 crimes, 163 from the Primary Network and 753 from the remaining detected crimes. An MLP was used to create a model that recognized those crimes committed by the Primary Network. To test the efficiency of the network, the testing set comprised 44 unseen crimes from the Primary Network and 3,029 other unseen detected crimes. A measure of effectiveness was the number of Primary Network crimes that appeared in the top 20 index for the testing set—that is, the crimes with the highest confidence level. It was decided to use only 20 crimes, as this is the maximum amount that could be evaluated within a reasonable time by the two sergeants.

Building on previous work by the authors (Adderley and Musgrove 1999), a further level of refinement to the modelling process was used. Features of the MO, spatial, and temporal analysis from the Primary Network crimes were used in a Kohonen SOM algorithm to cluster the similarities. It has been suggested that the number of cells in the grid should be equivalent to the number of instances of the input data (Ripley 1996). If the clustering process was unsuccessful, there would be one crime in each of the cells. A 15 x 14 grid was used in this process, the resulting model producing a set of XY coordinates relating to the clusters.

Figure 6.18 illustrates the flow of data through the mining process. The new undetected crimes are preprocessed, as described in the "Data Encoding" section and assigned one of the 500-meter grid references. The data is then passed through the Kohonen model, assigning a cell XY coordinate for each new crime using the combination of the temporal, spatial, building, and MO analysis. The following MLP model assigns a confidence level as to the accuracy each crime achieves in relation to the Primary Network's detected crimes. Included within this model is the ability to assign a value of importance to the spatial attributes of each crime. This set of data is merged with a Kohonen network that has been trained on the detected crimes, thereby identifying all undetected crimes that are similar to those that have been committed by the Primary Network offenders.

click to expand
Figure 6.18: Schematic data flow.

A list of crimes was produced, together with the level of confidence for each crime as to its similarity to the Primary Network. Only the top 20 crimes that matched were utilized in the following process.

Validation

The "Business Understanding" section above describes the process of compiling a list of appropriate crimes that is required to prepare for interviewing suspects in custody. The results of the modelling process were a list of 20 crimes that were submitted to two sergeants who were involved in the supply of intelligence but were not part of the development process. Their remit was to ascertain whether any of the 20 crimes could have been committed by one of the Primary Network members. They had no other information. The sergeants researched the crimes already attributed to the offenders by examining the crime reports, case papers, and witness statements, and then examined each of the 20 submitted crimes in a similar way.

In their opinion, 17 of the 20 crimes could have been committed by one of the Primary Network offenders. Of the three remaining, one crime had a very similar MO, but the suspects' car did not contain any of the Primary Network members. The other two crimes had subtle differences in MO and type of property attacked.

The results are encouraging. After extracting the three-months crimes into Clementine, a list for interview could be prepared within five minutes, and 85% of the list was potentially relevant. This compares with manually researching recent crimes taking between one and two hours and only being between 5% and 10% accurate, as stated in the "Business Understanding" section.

To formalize the validation process, it would be ideal to give the two sergeants a set of randomly produced crimes for analysis, together with the top-20 list, and compare their results; however, time constraints on operational police resources prohibit this level of formality. The actual results obtained have been quite flattering, which indicate, at this stage, that formal experiment is unnecessary.

Discussion and Conclusions

The limitations identified in the "Missing Data" section, cannot be overstated; however, the results are not disappointing, and they have two practical uses in operational policing:

  1. This process provides the ability to examine a number of currently undetected crimes with a view to targeting the intelligence gathering and investigative work toward a limited number of potential offenders.

  2. Having arrested an offender, there is a requirement to collate information and intelligence prior to interviewing. From taking between one and two hours to provide a list for interview manually and only being 5% to 10% accurate, this process has reduced the time to approximately five minutes, providing an 85% accuracy rating.

The benefits of data mining software have been clearly demonstrated in operational police work.

How good are the two sergeants in assessing the crimes? Since the 20 crimes had been examined, three have now been detected. Of those three, the assessors originally stated that, in their opinion, one crime could not be attributed to the Primary Network and the other two could. They were correct in their assessment of that single crime. Of the two currently detected crimes that were originally assessed and attributed to the members of the Primary Network, one was committed by a member, the other was not. However, the MO used in the wrongly assessed crime was very similar to the other correctly assessed crime. This indicates that the two sergeants' assessment of the 20 crimes is quite accurate.

It is desirable to achieve a higher level of accuracy and widen the scope of practical implementation; the modeling process has been tailored to a particular network of offenders. Further work is required in the following areas:

  • Using the types of property stolen within the modeling process

  • From the free-text MO field, encoding a generic set of variables, which would cover the entire set of MO features

  • Choosing a different network of offenders to ascertain whether the techniques are transferable

Data preparation, the use of a structured encoding method for MO analysis, was discussed, but the cost of altering computer-based systems has to be justified. This study used such a structured approach and was able to demonstrate time-saving benefits, together with aid in the crime investigation process.

The authors suggest this approach contributes to best value in policing.

References

Adderley, R. and Musgrove, P. B. (1999), Data Mining at the West Midlands Police: A Study of Bogus Official Burglaries. BCS Special Group Expert Systems, ES99, London, Springer-Verlag, pp. 191–203.

— (2001) "Data Mining Within the West Midlands Police: A Study of Bogus Official / Distraction Burglary Offenses." M.Phil. to Ph.D. Transfer Report, University of Wolverhampton.

— (2001), "General Review of Police Crime Recording and Investigation Systems. A user's view." Policing: An International Journal of Police Strategies and Management 24(1) pp. 100–114.

— (2001), "Data Mining Case Study: Modelling the Behaviour of Offenders Who Commit Serious Sexual Assaults," ACM Special Interest Group on Knowledge Discovery and Data Mining Proceedings: Seventh ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, August 26–29 2001, San Francisco: Association for Computing Machinery Inc.

Adriaans, P. and Zantige, D. (1996) Data Mining: Addison-Wesley.

Brantingham, P.L. and Brantingham, P.L. (1991), "Notes on the Geometry of Crime," In Environmental Criminology, USA: Wavelend Press, Inc.

Broomhead D. S. and Lowe D. (1998), "Multi-variable Functional Interpolation and Adaptive Networks." Complex Systems, 2 pp. 321–355.

Chapman, P.,Clinton, J.,Kerber, R.,Khabaza, T.,Reinartz, T.,Shearer, C., and Wirth, R., (2000), CRISP-DM 1.0 Step-by-Step Data Mining Guide, USA: SPSS Inc. CRISPWP-0800.

Charles, J. (1998), "AI and Law Enforcement," IEEE Intelligent Systems, Jan/Feb pp. 77–80.

Clarke, R.V. and Felson M. (1993), "Introduction: Criminology, Routine Activity, and Rational Choice" In Routine Activity and Rational Choice: Advances in Criminological Theory, Volume 5. Clarke, R.V. and Felson M. (eds.) New Jersey: Transaction Publishers.

Cohen, L.E. and Felson, M. (1979), "Social Change and Crime Rate Trends: A Routine Activity Approach." American Sociological Review, 44 pp. 588–608.

Felson M. (1992), "Routine Activities and Crime Prevention: Armchair Concepts and Practical Action." Studies on Crime and Crime Prevention, 1 pp. 30–34.

Kohonen T. (1982), "Self Organizing Formation of Topologically Correct Feature Maps," Biological Cybernitics, 43(1), pp. 59–69.

Lucas, R. (1986), "An Expert System to Detect Burglars Using a Logic Language and a Relational Database." In Fifth British National Conference on Databases, Canterbury.

Rhodes, W.M. and Conly, C. (1991), "The Criminal Commute: A Theoretical Perspective in Environmental Criminology," USA: Wavelend Press, Inc.

Ripley, B.D. (1996) Pattern Recognition and Neural Networks. Cambridge University Press,

Swingler, K., (1996) Applying Neural Networks. San Francisco: Morgan Kaufman Publishers.

Weiss, S.M. and Indurkhya, N. (1998), Predictive Data Mining: A Practical Guide. San Francisco: Morgan Kaufman Publishers.

[1]Inspector Richard Adderley, West Midlands Police, West Bromwich Police Station, West Bromwich, B70 7PJ, England, e-mail: <radderley@west-midlands.police.uk>. Dr. Peter Musgrove, University of Wolverhampton, School of Computing and Technology, 35/49 Lichfield Street, Wolverhampton, WVI IEL, e-mail: <P.B.Musgrove@wlv.ac.uk>.

[2]Diagram produced courtesy of the West Midlands Police, Force Linked Intelligence System (FLINTS).




Investigative Data Mining for Security and Criminal Detection
Investigative Data Mining for Security and Criminal Detection
ISBN: 0750676132
EAN: 2147483647
Year: 2005
Pages: 232
Authors: Jesus Mena

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net