Mining multi-modal crime patterns at different levels of granularity using hierarchical clustering

The appearance of patterns could be found in different modalities of a domain, where the different modalities refer to the data sources that constitute different aspects of a domain. Particularly, the domain of our discussion refers to crime and the different modalities refer to the different data sources such as offender data, weapon data, etc. in crime domain. In addition, patterns also exist in different levels of granularity for each modality. In order to have a thorough understanding a domain, it is important to reveal the hidden patterns through the data explorations at different levels of granularity and for each modality. Therefore, this paper presents a new model for identifying patterns that exist in different levels of granularity for different modes of crime data. A hierarchical clustering approach - growing self organising maps (GSOM) has been deployed. Furthermore, the model is enhanced with experiments that exhibit the significance of exploring data at different granularities.

What is crime? Who is the criminal?

The term "crime" is often "taken-for-granted" and poorly defined in contemporary Australian and International research. There is also considerable debate amongst scholars working in different theoretical tranditions about the appropriate definition of crime. This reflects broader public division about the types of behaviour or people that are classed as criminal.

Editorial : advances in network and system security

Current parallel and distributed networks/systems are facing serious threats from network terrorism and crime, which cause huge financial loss and potential life hazard. As attacking tools are becoming more widely available, more easy-to-use, more sophisticated, and more powerful, more efforts have been made in building more effective, more intelligent, and more adaptive defense systems which are of distributed and networked nature. This special issue focuses on issues related to Network and System Security, such as authentication, access control, availability, integrity, privacy, confidentiality, dependability and sustainability of computer networks and systems.

A survey on latest botnet attack and defense

A botnet is a group of compromised computers, which are remotely controlled by hackers to launch various network attacks, such as DDoS attack and information phishing. Botnet has become a popular and productive tool behind many cyber attacks. Recently, the owners of some botnets, such as storm worm, torpig and conflicker, are employing fluxing techniques to evade detection. Therefore, the understanding of their fluxing tricks is critical to the success of defending from botnet attacks. Motivated by this, we survey the latest botnet attacks and defenses in this paper. We begin with introducing the principles of fast fluxing (FF) and domain fluxing (DF), and explain how these techniques were employed by botnet owners to fly under the radar. Furthermore, we investigate the state-of-art research on fluxing detection. We also compare and evaluate those fluxing detection methods by multiple criteria. Finally, we discuss future directions on fighting against botnet based attacks.

Locating defense positions for thwarting the propagation of topological worms

A common view for the preferable positions of thwarting worm propagation is at the highly connected nodes. However, in certain conditions, such as when some popular users (highly connected nodes in the network) have more vigilance on the malicious codes, this may not always be the truth. In this letter, we propose a measure of betweenness and closeness to locate the most suitable positions for slowing down the worm propagation. This work provides practical values to the defense of topological worms.

CBF : A packet filtering method for DDoS attack defense in cloud environment

Distributed Denial-of-Service attack (DDoS) is a major threat for cloud environment. Traditional defending approaches cannot be easily applied in cloud security due to their relatively low efficiency, large storage, to name a few. In view of this challenge, a Confidence-Based Filtering method, named CBF, is investigated for cloud computing environment, in this paper. Concretely speaking, the method is deployed by two periods, i.e., non-attack period and attack period. More specially, legitimate packets are collected at non-attack period, for extracting attribute pairs to generate a nominal profile. With the nominal profile, the CBF method is promoted by calculating the score of a particular packet at attack period, to determine whether to discard it or not. At last, extensive simulations are conducted to evaluate the feasibility of the CBF method. The result shows that CBF has a high scoring speed, a small storage requirement and an acceptable filtering accuracy, making it suitable for real-time filtering in cloud environment.