Fatih Ozgul

Incorporating data sources and methodologies for crime data mining

This paper investigates sources of crime data mining, methodologies for knowledge discovery, by pointing out which forms knowledge discovery is suitable for which methodology. Furthermore, it identifies which data sources should be used for which knowledge discovery form in crime data mining. Similarities and differences between crime data mining methodologies show that some forms of knowledge discovery are suitable for particular crime data mining methodologies. It is offered that selecting the appropriate methodology depends on whether general or specific tasks required or high volume of crime data to be prepared.

Combined detection model for criminal network detection

Detecting criminal networks from arrest data and offender demographics data made possible with our previous models such as GDM, OGDM, and SoDM and each of them proved successful on different types of criminal networks. To benefit from all features of police arrest data and offender demographics, a new combined model is developed and called as combined detection model (ComDM). ComDM uses crime location, date and modus operandi similarity as well as surname and hometown similarity to detect criminal networks in crime data. ComDM is tested on two datasets and performed better than other models.

Prediction of past unsolved terrorist attacks

In this study, a novel model is proposed to predict perpetuators of some terrorist events which are remain unsolved. The CPM learns from similarities between terrorist attacks and their crime attributes then puts them in appropriate clusters. Solved and unsolved attacks are gathered in the same - all linked to each other - “umbrella” clusters; then CPM classifies all related terrorist events which are expected to belong to one single terrorist group. The developed model is applied to a real crime dataset, which includes solved and unsolved terrorist attacks and crimes in Turkey between 1970 and 2005. CPM predictions produced significant precision value for big terrorist groups and reasonable recall values for small terrorist groups.

How Much Similar Are Terrorists Networks of Istanbul

Most of terrorist groups cooperate, interchange knowledge, skills and materials used for attacks. Terrorist groups in Istanbul are categorized into three main groups within criminological viewpoint: extreme left (i.e. Marxist) groups, extreme right (i.e. Fundamentalist, Radical Islamist) groups, and separatist (i.e. ethnic, racist) groups. Crime ontology for terrorist groups in Istanbul is created by using their criminal history and choices such as selection of crimes, attacking methods and modus operandi. Terrorist groups of Istanbul are attached to this ontology as nodes connected to their attacks. A similarity measure (COSM) is developed according to this ontology. COSM results for Istanbul terrorist groups performed better than two common similarity measures, cosine and Jaccard. COSM similarity result is presented to domain experts in hierarchical clustering and they gave positive feedback. COSM, which is based on attributes of crimes, can also be applied to other types of social networks for measuring similarity.

Comparison of Feature-Based Criminal Network Detection Models with k-Core and n-Clique

Four group detection models (e.g. GDM, OGDM, SoDM and ComDM) are developed based on crime data features. These detection models are compared more common baseline SNA group detection algorithms. It is intended to find out, whether these four crime data specific group detection models can perform better than widely used k-core and n-clique algorithms. Two data sets which contain previously known criminal networks are used as testbeds.

Linking and Organising Information in Law Enforcement Investigations

Law enforcement officers deal with various challenges regarding the management of information during an investigation. New information comes in frequently, some of it is uncertain, incorrect, or incomplete. Officers should be supported in developing interpretations of the provided information. Furthermore, it is beneficial (and demanded by some investigation methodologies) to record the progression of the analysis. In order to fulfill these requirements, we propose a spatial hypertext-based application, as part of an open framework. This enhances collaborative work on uncertain, incomplete, and frequently changing information structures and provides access to other applications used in investigations.

Classification of Terrorist Networks and Their Key Players

Due to the interest by public audience and academic research, there has been a great interest in Terrorist Networks by the academicians, analysts and criminologists. Either to learn how to disrupt or to prevent their activities, structure of these networks are investigated. The final conclusion about their structure and topology came to the fact that they do not resemble each other, but there are categories of them. In this paper, we categorized these networks into six because of their ideologies and common practices. Topologies of these six categories are observed and importance of key players (leaders, financiers, propaganda units and armed units) are compared based on these categories.

Characteristics of Terrorists Networks Based on Ideology and Practices

Due to the interest by public audience and academic research, there has been a great interest in Terrorist Networks by the academicians, analysts and criminologists. Either to learn how to disrupt or to prevent their activities, structure of these networks are investigated. The final conclusion about their structure and topology came to the fact that they do not resemble each other, but there are categories of them. In this paper, we categorized these networks into six because of their ideologies and common practices. Example terrorist groups are also discussed.

Specific similarity measure for terrorist networks: how much similar are terrorist networks of Turkey?

Some countries suffer from terrorism much more than others, Turkey as one of the most suffering countries who owns about a hundred terrorist groups; most of these organizations cooperate, and interchange knowledge, skills, materials used for terrorist attacks. From criminological perspective terrorist networks of Turkey are categorized into three main groups: extreme left (i.e. Marxist) networks, extreme right (i.e. Fundamentalist, Radical Islamist) networks, and separatist (i.e. ethic, racist) networks. By using their criminal history including the selection of crimes, attacking methods and modus operandi, a crime ontology is created, terrorist networks are attached to this ontology via their attacks and a similarity measure (COSM) is developed according to this ontology. Results of this similarity measure performed better than two common similarity measures; cosine and Jaccard. Results are also presented to domain experts in hierarchical clustering and they also commented as positive. Based on attributes of crimes, COSM similarity can also be applied to other types of social networks.

Two Models for Semi-Supervised Terrorist Group Detection

Since discovery of organization structure of offender groups leads the investigation to terrorist cells or organized crime groups, detecting covert networks from crime data are important to crime investigation. Two models, GDM and OGDM, which are based on another representation model – OGRM are developed and tested on nine terrorist groups. GDM, which is basically depending on police arrest data and “caught together” information and OGDM, which uses a feature matching on year-wise offender components from arrest and demographics data, performed well on terrorist groups, but OGDM produced high precision with low recall values. OGDM uses a terror crime modus operandi ontology which enabled matching of similar crimes.