Jau-Hwang Wang

Analyzing and visualizing gray web forum structure

Web is a platform for users to search for information to fulfill their information needs but it is also an ideal platform to express personal opinions and comments. A virtual community is formed when a number of members participate in this kind of communication. Nowadays, teenagers are spending extensive amount of time to communicate with strangers in these virtual communities. At the same time, criminals and terrorists are also taking advantages of these virtual communities to recruit members and identify victims. Many Web forum users may not be aware that their participation in these virtual communities have violated the laws in their countries, for example, downloading pirated software or multimedia contents. Police officers cannot combat against this kind of criminal activities using the traditional approaches. We must rely on computing technologies to analyze and visualize the activities within these virtual communities to identify the suspects and extract the active groups. In this work, we introduce the social network analysis technique and information visualization technique for the Gray Web Forum - forum that may threaten public safety.

Intelligent automatic malicious code signatures extraction

The computer malicious executable code has been with us for a quite long time. Since computer hardware and Internet is growing so fast today, security threats of malicious executable code are getting more serious. Basically, malicious executable codes are categorized into three kinds. The first is called virus, which always infect other benign programs. The second is called Trojan which always masquerade its malicious executable code inside a usefully utility or freeware program. And the last but not the least is called worm that replicate and distribute itself automatically around the network. According to the literature survey [R.A. Grimes (2001)], current antivirus products cannot detect all the malicious codes, especially for those unseen, polymorphism malicious executable codes. Moreover, there are many virus program generators and mutation engines available on public Web sites that can be downloaded freely make a lot of unseen, polymorphism, and harmful executable malicious code. So how to extract virus signatures efficiently and effectively automatically instead of manually for an antivirus scanner system is quite important and also is the major purpose of this research.

A Case for Analytical Customer Relationship Management

The Internet has emerged as a low cost, low latency and high bandwidth customer communication channel. Its interactive nature provides an organization the ability to enter into a close, personalized dialog with individual customers. The simultaneous maturation of data management technologies like data warehousing, and data mining, have created the ideal environment for making customer relationship management (CRM) a much more systematic effort than it has been in the past. In this paper we described how data analytics can be used to make various CRM functions like customer segmentation, communication targeting, retention, and loyalty much more effective. We briefly describe the key technologies needed to implement analytical CRM, and the organizational issues that must be carefully handled to make CRM a reality. Our goal is to illustrate problems that exist with current CRM efforts, and how using data analytics techniques can address them. Our hope is to get the data mining community interested in this important application domain.

A framework for exploring gray web forums: analysis of forum-based communities in taiwan

This paper examines the “Gray Web Forums” in Taiwan. We study their characteristics and develop an analysis framework for assisting investigations on forum communities. Based on the statistical data collected from online forums, we found that the relationship between a posting and its responses is highly correlated to the forum nature. In addition, hot threads extracted based on the proposed metric can be used to assist analysts in identifying illegal or inappropriate contents. Furthermore, members’ roles and activities in a virtual community can be identified by member level analysis.

Trace copy forgery detection for handwritten signature verification

Handwritten signature verification has been extensively studied in past decades. Its many applications include banking, credit card validation, security systems etc. We mainly deal with the trace copy forgery detection problem in a handwritten signature verification system. Based on one of our previously study [P. S. Deng et al. (1999)], we have proposed an efficient approach, called Dengs approach to build-up an offline handwritten signature verification system by using wavelet transformation technique. From the experimental results, the accuracy rate of the Dengs approach [P. S. Deng et al. (1999)] is 92.57% and 93.68% for English and Chinese respectively. The approach we proposed not only got a good accuracy result, i.e. 87%, but also has many other advantages as follows: (1) it can be applied in many languages including English and Chinese, (2) it can be adopted to both on-line and off-line applications, and (3) it uses all the strokes information rather than only the vertical strokes information in a Chinese signature.

A parallel architecture for large scale production systems

The authors present an architecture, suitable for implementation on a shared memory multiprocessor system, in which all the phases can run in parallel. Running multiple match, execution, and select phases causes subtle synchronization problems, which if not resolved can lead to altered semantics. The proposed architecture uses a lock and interference manager and a scheduler to resolve the possible synchronization conflicts. A new lock which provides concurrency beyond the standard two-phase locking in databases is used. The conflict resolution phase has been formalized as a scheduling problem. The approach taken is conservative in the sense that the scheduler performs careful analysis (interference avoidance and abort avoidance tests) to prevent interference, abort, and blocking.<<ETX>>

Link analysis based on webpage co-occurrence mining - a case study on a notorious gang leader in Taiwan

The rapid development and integration of computer and communication technology have made the Internet one of the major media for communication. Nowadays, the Internet and world-wide-web (WWW) are used in every facet of modern society. This research proposes to develop a link analysis method based on Web page co-occurrence mining. The Google Internet search engine is used to gather Web pages relevant to a certain search subject. The proper nouns on each relevant page are then extracted using the Chinese Word Segmentation System, developed by Academia Sinica, Taiwan. The co-occurrence data of proper nouns is then analyzed and used for constructing link charts for visualization and further analysis.

An association model for implicit crime link analysis

Link analysis has been an important tool in crime investigation. Explicit social links, such as kinship, financial exchange, and telephone connection, are often used to construct links between criminals. However implicit links, such as modus operandi, times of day, and geographic relationship, are seldom used to establish relationships between crime entities. This paper proposes an association model based on modus operandi and geographic relationship to establish links among crime cases and criminals. A data collection from local police department is used for experiment to evaluate the performance of the proposed approach.

Cyber Forensics: Issues and Approaches

This chapter introduces the concept of cyber forensics, digital evidence, and computer forensic process. Cyber forensics is defined as the application of computer science to laws — to process and analyze digital evidence, to reconstruct a crime, and to provide links among the offender, the victim and the crime scene. Basically Digital evidence includes all digital data, which can be used to establish that a crime has been committed or can provide a link between a crime and its victim or a crime and its perpetrator. The forensic process of digital evidences includes evidence recognition, collection, preservation, and analysis for crime reconstruction.

Production scheduling in database production systems

A framework for parallelizing both matching and execution phases of a production system is presented. It is shown how concurrency causes new problems, which, if not handled carefully, can lead to inconsistent semantics. A new kind of data conflict is identified as the root cause of this problem. A framework for ensuring correct parallel executions is developed. The performance of the system critically depends on the scheduling of productions, which should aim at maximizing the utilization of parallelism. The design of a pessimistic (careful) scheduler and an optimistic scheduler is discussed, and their proofs of correctness are provided.<<ETX>>