International Crime and Intelligence Analysis Conference
26-27 February 2015, Manchester
Call for abstracts
WHAT WORKS MASTERCLASSES
12 November 2014
3 March 2015
10 March 2015
13 May 2015
2015 dates TBC
Summer 2015 - exact dates TBC
ICIAC 2012 Seminar Stream 2A
Abstracts and slides
Social Network Analysis Research (I)
Beyond the hype – reassessing Social Network Analysis as an intelligence tool
William Goodhind, Department of Security and Crime Science, University College London
Key words: Intelligence analysis, social network analysis, link analysis, network disruption
Social network analysis (SNA) has come to prominence over the last decade as a methodological approach to understanding complex intelligence environments. The capture of Saddam Hussein was attributed in part to the use of SNA, where the identification of familial links eventually led to a breakthrough in the manhunt. Similar praise for SNA has been voiced following the May 2011 U.S. Navy SEALs operation in Abbottabad, Pakistan, that resulted in the death of Osama bin Laden. In both these cases SNA has been presented as a dynamic tool used to explore and exploit complex datasets, ultimately aiding the effective allocation of finite resources. Within the realm of academia SNA methodology has also been expounded as a means of informing government policy in the disruption of terrorist or insurgent networks. Analyses have been conducted on the Al Qaeda operatives responsible for 9/11, the London 7/7 bombers, and neo-jihadists in Australia. The inclusion of SNA tools in widely used link analysis software packages such as IBM i2 Analyst Notebook and Palantir suggests that both industry and government are now geared towards the use of SNA in intelligence analysis.
In contrast to this resounding support for SNA, this presentation argues that, while many policymakers and academics are in agreement that SNA is a solution for the network age, its true value has been greatly exaggerated. Based on professional experience of the speaker in this field, this presentation argues that there is a misconception of what SNA can realistically achieve in a dynamic intelligence environment. Due to its reliance on quantifiable, but often subjective, associations between entities in a network, SNA is not suited to the intelligence domain as reporting and user bias inevitably skewers datasets and invalidates SNA output. Furthermore, retrospective analysis of networks by academia places too much emphasis on mathematical inferences rather than the contextual circumstances of the links. Government and academic pundits may have applauded SNA, but without necessarily fully appreciating how intelligence analysis is done, or using the phrase as a buzz word for public relations purposes. The presentation concludes by providing recommendations on the use of link analysis, as opposed to SNA, by intelligence analysts, whilst recognising the limits of any analytical methodology when confronted with an incomplete and biased dataset.
Identity attribution across CyberSpace and the NaturalSpace
D. Hodges, J. Nurse, M. Goldsmith and S. Creese. Cyber Security Centre, Department of Computer Science, University of Oxford
Key words: Identity, Cyber, Online Social Networks, Biometric, Personality
Slides: Yet to be supplied by presenter
Identity attribution or enrichment tasks form a significant set of tasks undertaken by law-enforcement or intelligence analysts. These tasks typically attribute an identity to a behavior or to take some knowledge of an individual’s identity and enrich this to provide new knowledge. This research supports these activities through a simple model and tool-set in which identities can be created, explored and enriched to provide a deep, thorough understanding of an individual’s identity.
Elements of an individual’s identity are increasingly spread across a wide surface; particularly through the substantial use of Online Social Networks and the explosion in the use of smartphones which now permit a portable, 24 hour rich-experience allowing the provision of content as text, images or video.
However, identities do not purely exist in cyberspace they all have tangible links to real world individuals, these individuals exist in the natural-world and have elements of identity in the real world. These can be biographic elements (such as names or addresses), biometric elements or personality elements.
Key to providing a rich understanding of an individual is to fully explore this holistic identity across both the cyber and natural world.
We have created a simple intuitive model that permits the enumeration and aggregation of complex identities. Instances of the model permit the analyst to simply step-by-step create complex holistic identities by iteratively applying simple transforms or inferences to a set of elements of identity.
The confidence of individual elements of the identity is propagated through the inferences providing a mechanism to metricize elements of identity. The quality of the final, rich identity can be metricized identifying good elements of the identity that are in consensus and reinforced from independent sources.
Analysts across law enforcement and intelligence agencies across both the US and UK have been involved in helping to develop the use-cases which the model has been designed to target; the model is aimed to support decisions rather than make decisions. The key characteristic of this support is that the model can exploit the intuition and domain-knowledge that top-quality analysts retain whilst still supporting lower-skilled analysts.
The model has been deployed in a number of test cases against individuals who were very technology aware. During the presentation we will share a number of insights derived during these experiments.
The talk will conclude with a description of the ongoing and future work associated with this topic in particular the links to the EPSRC funded SuperIdentity project.
Finally the presentation will discuss the tool-support that is currently being developed in order to provide decision-support for those undertaking identity enrichment or attribution tasks.
Page last modified on 30 jan 13 17:00