An Overview of Artificial Intelligence Based Pattern Matching in a Security and Digital Forensic Context

Mitchell, Faye Rona

doi:10.1007/978-3-319-04447-7_17

Faye Rona Mitchell³

1730 Accesses
2 Citations

Abstract

Many real world security and digital forensics tasks involve the analysis of large amounts of data and the need to be able to classify parts of that data into sets that are not well or even easily defined. Rule based systems can work well and efficiently for simple scenarios where the security or forensics incident can be well specified. However, such systems do not cope as well where there is uncertainty, where the IT system under consideration is complex or where there is significant and rapid change in the methods of attack or compromise. Artificial Intelligence (AI) is an area of computer science that has concentrated on pattern recognition and in this extended abstract we highlighted some of the main themes in AI and their appropriateness for use in a security and digital forensics context.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Hardcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
OWL is a web markup language for creating ontologies. The term ontology is used to mean a shared vocabulary and taxonomy that can be used to describe the concepts and relationships in a given domain. The main difference between an ontology and a knowledge representation is that an ontology is designed to be shared, whereas a knowledge representation language is not.
2.
This is best illustrated in a (possibly apocryphal) story about the US military who tried to train an ANN to recognise tanks hiding in trees. To this end they took pictures of forests with no tanks, pictures of forests with tanks and showed them to the ANN. Unfortunately the pictures without tanks were taken on a cloudy day and the pictures with tanks were taken on a sunny day so the ANN learnt how to tell if it was sunny or not. Because an ANN has no explainability power this fact was not found out until much later in the testing process.
3.
An autoassociative memory is a memory system that can retrieve an entire data set based on just a small part of that data. A bidirectional associative memory is a memory system that can retrieve a related but different dataset.
4.
Pre-attentive focusing is the name given to a human’s ability to see patterns in apparently random data. The disadvantage of this is that humans can spot patterns when no pattern really exists.

References

Duce D, Mitchell F, Turner P. Digital forensics: challenges and opportunities. In: 2nd conference on advances in computer security and forensics (ACSF)’, LJMU, Liverpool; 2007.
Google Scholar
NIST: Computer forensics tool testing project. Available: http://www.cftt.nist.gov/ (2010). Accessed 10 Sept 2013.
Mitchell F. The use of artificial intelligence in digital forensics: an introduction. Digit. Evid. Electron. Sign. Law Rev. 2010;7:35–41.
Google Scholar
Stanford University: Ontolingua. Available: http://www.ksl.stanford.edu/software/ontolingua/ (2008). Accessed 10 Sept 2013.
Fenz S, Ekelhart A. Formalizing information security knowledge. In: ACM symposium on information, computer and communication security (ASIACCS 2009). Sydney: Australia; 2009.
Google Scholar
Turner P. Unification of digital evidence from disparate sources (digital evidence bags). Digit. Inv. 2005;2:223–8.
Google Scholar
W3C: OWL web ontology language—overview. Available: http://www.w3.org/TR/owl-features/ (2012). Accessed 10 Sept 2013.
Frank A, Asuncion A. UCI machine learning repository. Available: http://archive.ics.uci.edu/ml (2010/2012). Accessed 10 Sept 2013.
d’Avila Garcez AS, Broda K, Gabbay DM. Symbolic knowledge extraction from trained neural networks: a sound approach. Artif. Intell. 2001;125:155–207.
Article MATH Google Scholar
Linari A. Abuse detection programme at nominet. In: 17th CENTR technical workshop, Amsterdam, The Netherlands, 2007.
Google Scholar
Friedman R. Data visualization: modern approaches. Available: http://www.smashingmagazine.com/2007/08/02/data-visualization-modern-approaches/ (2007/2012). Accessed 10 Sept 2013.
Craw SM, Sleeman D. Automating the refinement of knowledge-based systems. In: Proceedings of the ninth european conference on artificial intelligence, 1990.
Google Scholar

Download references

Author information

Authors and Affiliations

Department of Computing and Communication Technologies, Oxford Brookes University, Wheatley Campus, Wheatley, Oxford, OX33 1HX, UK
Faye Rona Mitchell

Authors

Faye Rona Mitchell
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Faye Rona Mitchell .

Editor information

Editors and Affiliations

Department of Computing and Communication Technologies, Oxford Brookes University, Oxford, Oxfordshire, United Kingdom
Clive Blackwell
Department of Computing and Communication Technologies, Oxford Brookes University, Oxford, Oxfordshire, United Kingdom
Hong Zhu

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Mitchell, F.R. (2014). An Overview of Artificial Intelligence Based Pattern Matching in a Security and Digital Forensic Context. In: Blackwell, C., Zhu, H. (eds) Cyberpatterns. Springer, Cham. https://doi.org/10.1007/978-3-319-04447-7_17

Download citation

DOI: https://doi.org/10.1007/978-3-319-04447-7_17
Published: 14 May 2014
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-04446-0
Online ISBN: 978-3-319-04447-7
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics