Investigative Data Mining for Security and Criminal Detection,...

Features

• Cover Type: Paperback with 272 pages
• Published by: Butterworth-Heinemann
• Edition: 1st Edition January 31, 2003
• Written in: English
• ISBN 10 Number: 0750676132
• ISBN 13 Number: 978-0750676137
• Book Dimensions: 9.1 x 7 x 1 inches
• Weighs: 1.6 pounds

Product Review
This work is one of the first books to show security professionals the power of data mining as an investigative tool. It is itself a powerful tool for the industry.
Security Management

an eye-opening and powerful book on the newest weapons in criminal and terrorist detection and deterrence.
The Chicago Sun

More detail-minded and technical readers will enjoy the challenging complexity found in follow-up case studies.
The Chicago Sun

The book is cleanly presented and includes screenshots of software used for data mining and analysis Charts are used to explain how pieces of information link together in a descriptive manner
Security Forums

Product Review
"This work is one of the first books to show security professionals the power of data mining as an investigative tool. It is itself a powerful tool for the industry." - Security Management Magazine (online), July 3rd, 2003

Reader Reviews
I read "Investigative Data Mining for Security and Criminal Detection" (IDM) after attending the 2003 Recent Advances in Intrusion Detection (RAID) conference. Researchers at RAID mentioned "self-organizing maps," "neural networks," "machine learning," and other unfamiliar topics. Mena's book helped me understand these subjects in the context of performing data mining. If you steer clear of the author's discussion of intrusion detection in chapter 10, you'll find IDM enlightening and a little scary. Author Jesus Mena defines investigative data mining as "the visualization, organization, sorting, clustering, segmenting, and predicting of criminal behavior" (p.1). His book strays from this definition, as he also covers simply discovering patterns of activity for responding to events. Accomplishing this task requires investigative data warehousing, link analysis, software agents, text mining, neural networks, and machine learning. Mena addresses each technique in its own chapter, offering descriptions, case studies, and tools. Two types of data mining analysis exist: descriptive, such as a chart, graph, or decision tree; and predictive, obtained via neural networks and machine learning (p.261). Mena also describes mining via "top-down" vs "bottom-up" approaches. The first involves an analyst exploring data to support his theories. The second relies on software to find patterns in data not imagined by a human analyst (p.343). Mena is most effective when he writes about what he knows best. I loved chapter 9, where he explains cell phone, insurance, and financial frauds. Much of what he wrote applied directly to my interest in network security monitoring and intrusion detection. Chapter ten (Intrusion Detection), however, is best ignored. Mena does not appear to understand computer security, and neither do his editors. He calls Snort a "freeware site-based system IDS," in contrast with "network-based IDSs such as RealSecure" (p.306). He labels tcpdump an "attack" tool and says "this is utility for eavesdropping for passwords" (his typos) (p.307) and describes "rhosts" in a "stealth" attack phase as "this utility will evaluate hosts and lists hosts and users who are trusted by the local host" (p.308). Mena isn't a "security guy," either; he lumps "threats and vulnerabilities" together as "weaknesses or flaws in a system, such as a hole in security or a back door" (p.14). A threat is one or more entities with capabilities and intentions sufficient to exploit vulnerabilities in information resources, while a vulnerability is a weakness in design, configuration, or deployment which allow threats to abuse, subvert, or break information resources. Overall, I really enjoyed IDM. Mena makes numerous fascinating insights. While his prose is somewhat repetitive, he explains the key points needed to get data mining newbies up to speed. In light of the recent revelations of jetBlue sharing data with the government, the techniques Mena describes are both powerful and disturbing. Comment | | (Report this)