Content-Based detection of terrorists browsing the web using an advanced terror detection system (ATDS)

Authors:
Yuval Elovici;Bracha Shapira;Mark Last;Omer Zaafrany;Menahem Friedman;Moti Schneider;Abraham Kandel
Affiliations:
Department of Information Systems Engineering, Ben-Gurion Univ. of the Negev, Beer-Sheva, Israel;Department of Information Systems Engineering, Ben-Gurion Univ. of the Negev, Beer-Sheva, Israel;Department of Information Systems Engineering, Ben-Gurion Univ. of the Negev, Beer-Sheva, Israel;Department of Information Systems Engineering, Ben-Gurion Univ. of the Negev, Beer-Sheva, Israel;Department of Physics Nuclear Research Center – Negev, Beer-Sheva, Israel;School of Computer Science, Netanya Academic College, Netanya, Israel;Department of Computer Sc. and Engineering, Univ. of South Florida, Tampa, FL
Venue:
ISI'05 Proceedings of the 2005 IEEE international conference on Intelligence and Security Informatics
Year:
2005

Citing 7
Cited 1

Term-weighting approaches in automatic text retrieval

Information Processing and Management: an International Journal
Temporal sequence learning and data reduction for anomaly detection

CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
Automatic personalization based on Web usage mining

Communications of the ACM
ADMIT: anomaly-based data mining for intrusions

Proceedings of the eighth ACM SIGKDD international conference on Knowledge discovery and data mining
Detecting Anomalous and Unknown Intrusions Against Programs

ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
"Why 6?" Defining the Operational Limits of Stide, an Anomaly-Based Intrusion Detector

SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
Content-based methodology for anomaly detection on the web

AWIC'03 Proceedings of the 1st international Atlantic web intelligence conference on Advances in web intelligence

Improving classification based off-topic search detection via category relationships

Proceedings of the 2009 ACM symposium on Applied Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

The Terrorist Detection System (TDS) is aimed at tracking down suspected terrorists by analyzing the content of information they access. TDS operates in two modes: a training mode and a detection mode. During the training mode TDS is provided with Web pages accessed by a normal group of users and computes their typical interests. During the detection mode TDS performs real-time monitoring of the traffic emanating from the monitored group of users, analyzes the content of the Web pages accessed, and issues an alarm if the access information is not within the typical interests of the group. In this paper we present an advanced version of TDS (ATDS), where the detection algorithm was enhanced to improve the performance of the basic TDS system. ATDS was implemented and evaluated in a network environment of 38 users comparing it to the performance of the basic TDS. Behavior of suspected terrorists was simulated by accessing terror related sites. The evaluation included also sensitivity analysis aimed at calibrating the settings of ATDS parameters to maximize its performance. Results are encouraging. ATDS outperformed TDS significantly and was able to reach very high detection rates when optimally tuned.