Abstract
The Terrorist Detection System (TDS) is aimed at tracking down suspected terrorists by analyzing the content of information they access. TDS operates in two modes: a training mode and a detection mode. During the training mode TDS is provided with Web pages accessed by a normal group of users and computes their typical interests. During the detection mode TDS performs real-time monitoring of the traffic emanating from the monitored group of users, analyzes the content of the Web pages accessed, and issues an alarm if the access information is not within the typical interests of the group. In this paper we present an advanced version of TDS (ATDS), where the detection algorithm was enhanced to improve the performance of the basic TDS system. ATDS was implemented and evaluated in a network environment of 38 users comparing it to the performance of the basic TDS. Behavior of suspected terrorists was simulated by accessing terror related sites. The evaluation included also sensitivity analysis aimed at calibrating the settings of ATDS parameters to maximize its performance. Results are encouraging. ATDS outperformed TDS significantly and was able to reach very high detection rates when optimally tuned.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Birnhack, M.D., Elkin-Koren, N.: Fighting Terror On-Line: The Legal Ramifications of September 11, Internal Report, The Law and Technology Center, Haifa University (2003), http://law.haifa.ac.il/faculty/lec_papers/terror_info.pdf
Elovici, Y., Shapira, B., Last, M., Kandell, A., Zaafrany, O.: Using Data Mining Techniques for Detecting Terror-Related Activities on the Web. J. of Information Warfare 3(1), 17–28 (2004)
Extractor DBI Technologies (2003), http://www.dbi-tech.com
Fielding, R., Gettys, J., Mogul, J.: RFC2616: Hypertext Transfer Protocol – HTTP/1.1. Network Working Group (1999)
Last, M., Elovici, Y., Shapira, B., Zaafrany, O., Kandel, A.: Using Data Mining for Detecting Terror-Related Activities on the Web. In: ECIW Proceedings, pp. 271–280 (2003)
Last, M., Elovici, Y., Shapira, B., Zaafrany, O., Kandel, A.: Content-Based Methodology for Anomaly Detection on the Web. In: Menasalvas, E., et al. (eds.) AWIC 2003. LNCS (LNAI), vol. 2663, pp. 113–123. Springer, Heidelberg (2003)
Winpcap version 3.0 (2004), http://winpcap.polito.it/
Wooster, R., Williams, S., Brooks, P.: HTTPDUMP: a network HTTP packet snooper. Working paper (1996), available at http://cs.vt.edu/~chitra/work.html
Kelley, J.: Terror Groups behind Web encryption. USA Today (2002), http://www.apfn.org/apfn/WTC_why.htm
Lemos, R.: What are the real risks of cyberterrorism?, ZDNet (2002), http://zdnet.com.com/2100-1105-955293.html
Ingram, M.: Internet privacy threatened following terrorist attacks on US (2001), http://www.wsws.org/articles/2001/sep2001/isps24.shtml
Sequeira, K., Zaki, M.: ADMIT: Anomaly-based Data Mining for Intrusions. In: Proceedings of SIGKDD 2002, pp. 386–395 (2002)
Karypis, G.: CLUTO - A Clustering Toolkit, Release 2.0, University of Minnesota (2002), http://www.users.cs.umn.edu/~karypis/cluto/download.html
Salton, G., Buckley, C.: Term-Weighting Approaches in Automatic Text Retrieval. Information Processing and Management 24(5), 513–523 (1988)
Mobasher, M., Cooley, R., Srivastava, J.: Automatic personalization based on Web usage mining. Communications of the ACM 43(8), 142–151 (2002)
Ghosh, A.K., Wanken, J., Charron, F.: Detecting Anomalous and Unknown Intrusions Against Programs. In: Proceedings of ACSAC 1998, December 1998 (1998)
Tan, K., Maxion, R.: Why 6? Defning the Operational Limits of Stide, an Anomaly-Based Intrusion Detector. In: Proceedings of the IEEE Symposium on Security and Privacy, pp. 188–202 (2002)
Lane, V., Brodley, C.E.: Temporal sequence learning and data reduction for anomaly detection. In: Proceedings of the 5th ACM conference on Computer and Communications Security, pp. 150–158 (1998)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Elovici, Y. et al. (2005). Content-Based Detection of Terrorists Browsing the Web Using an Advanced Terror Detection System (ATDS). In: Kantor, P., et al. Intelligence and Security Informatics. ISI 2005. Lecture Notes in Computer Science, vol 3495. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11427995_20
Download citation
DOI: https://doi.org/10.1007/11427995_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-25999-2
Online ISBN: 978-3-540-32063-0
eBook Packages: Computer ScienceComputer Science (R0)