E-mail traffic analysis using visualisation and decision trees

  • Authors:
  • Mark Jyn-Huey Lim;Michael Negnevitsky;Jacky Hartnett

  • Affiliations:
  • School of Engineering, University of Tasmania, Australia;School of Engineering, University of Tasmania, Australia;School of Engineering, University of Tasmania, Australia

  • Venue:
  • ISI'06 Proceedings of the 4th IEEE international conference on Intelligence and Security Informatics
  • Year:
  • 2006

Quantified Score

Hi-index 0.00

Visualization

Abstract

Intelligence analysts at law enforcement agencies face a difficult task with efficiently monitoring and analysing the electronic communications of suspected criminals and terrorists. Firstly there are thousands of accounts to search through and enormous amounts of data to process, in order to search for accounts exhibiting certain kinds of suspicious behaviour that may indicate the presence of possible criminal or terrorist suspects. Secondly, while suspicious accounts are being monitored the intelligence analyst needs to be alerted when the suspicious accounts start exhibiting “unusual” or “abnormal” communication behaviour, indicating the occurrence of criminal or terrorist communication activities. Such alerts need to clearly show the analyst what type of “abnormal” behaviour is occurring so that the analyst can determine whether to further investigate the behaviour of the suspicious account or dismiss the alert. Our work focuses on traffic analysis of e-mail communications, by investigating different Artificial Intelligence (A.I.) or machine learning techniques to determine whether they are capable of assisting an analyst in searching for suspicious e-mail accounts and monitoring those accounts for “unusual” or “abnormal” communication behaviour.