Terrorist Detection System
Terrorist Detection System (TDS) is aimed at detecting suspicious users on the Internet by the content of information they access. TDS consists of two main modules: a training module activated in batch mode, and an on-line detection module. The training module is provided with web pages that include terror related content and learns the typical interests of terrorists by applying data mining algorithms to the training data. The detection module performs real-time monitoring on users’ traffic and analyzes the content of the pages they access. An alarm is issued upon detection of a user whose content of accessed pages is “too” similar to typical terrorist content. TDS feasibility was tested in a network environment. Its detection rate was better than the rate of a state of the art Intrusion Detection System based on anomaly detection.
- 1.Birnhack, M.D., Elkin-Koren, N.: Fighting Terror On-Line: The Legal Ramifications of September 11. Internal Report, The Law and Technology Center, Haifa University (2002), http://law.haifa.ac.il/faculty/lec_papers/terror_info.pdf
- 2.Elovici, Y., Shapira, B., Last, M., Kandell, A., Zaafrany, O.: Using Data Mining Techniques for Detecting Terror-Related Activities on the Web. Journal of Information Warfare 3(1), 17–28 (2003)Google Scholar
- 3.Shapira, B., Elovici, Y., Last, M., Zaafrany, O., Kandel, A.: Using Data Mining for Detecting Terror-Related Activities on the Web. In: European Conference on Information Warfare and Security (ECIW), pp. 271–280 (2003)Google Scholar
- 5.Sequeira, K., Zaki, M.: ADMIT: Anomaly-based Data Mining for Intrusions. In: Proceedings of SOGKDD 2002, pp. 386–395. ACM, New York (2002)Google Scholar