Zeki Erdem

Ensemble of SVMs for incremental learning

Support Vector Machines (SVMs) have been successfully applied to solve a large number of classification and regression problems. However, SVMs suffer from the catastrophic forgetting phenomenon, which results in loss of previously learned information. Learn++ have recently been introduced as an incremental learning algorithm. The strength of Learn++ lies in its ability to learn new data without forgetting previously acquired knowledge and without requiring access to any of the previously seen data, even when the new data introduce new classes. To address thecatastrophic forgetting problem and to add the incremental learning capability to SVMs, we propose using an ensemble of SVMs trained with Learn++. Simulation results on real-world and benchmark datasets suggest that the proposed approach is promising.

Reducing the effect of out-voting problem in ensemble based incremental support vector machines

Although Support Vector Machines (SVMs) have been successfully applied to solve a large number of classification and regression problems, they suffer from the catastrophic forgetting phenomenon. In our previous work, integrating the SVM classifiers into an ensemble framework using Learn++ (SVMLearn++) [1], we have shown that the SVM classifiers can in fact be equipped with the incremental learning capability. However, Learn++ suffers from an inherent out-voting problem: when asked to learn new classes, an unnecessarily large number of classifiers are generated to learn the new classes. In this paper, we propose a new ensemble based incremental learning approach using SVMs that is based on the incremental Learn++.MT algorithm. Experiments on the real-world and benchmark datasets show that the proposed approach can reduce the number of SVM classifiers generated, thus reduces the effect of outvoting problem. It also provides performance improvements over previous approach.

Online naive bayes classification for network intrusion detection

Intrusion detection system (IDS) is an important component to ensure network security. In this paper we build an online Naïve Bayes classifier to discriminate normal and bad (intrusion) connections on KDD 99 dataset for network intrusion detection. The classifier starts with a small number of training examples of normal and bad classes; then, as it classifies the rest of the samples one at a time, it continuously updates the mean and the standard deviations of the features (IDS variables). We present experimental results of parameter updating methods and their parameters for the online Naïve Bayes classifier. The obtained results show that our proposed method performs comparably to the simple incremental update.

Incorporating data sources and methodologies for crime data mining

This paper investigates sources of crime data mining, methodologies for knowledge discovery, by pointing out which forms knowledge discovery is suitable for which methodology. Furthermore, it identifies which data sources should be used for which knowledge discovery form in crime data mining. Similarities and differences between crime data mining methodologies show that some forms of knowledge discovery are suitable for particular crime data mining methodologies. It is offered that selecting the appropriate methodology depends on whether general or specific tasks required or high volume of crime data to be prepared.

Combined detection model for criminal network detection

Detecting criminal networks from arrest data and offender demographics data made possible with our previous models such as GDM, OGDM, and SoDM and each of them proved successful on different types of criminal networks. To benefit from all features of police arrest data and offender demographics, a new combined model is developed and called as combined detection model (ComDM). ComDM uses crime location, date and modus operandi similarity as well as surname and hometown similarity to detect criminal networks in crime data. ComDM is tested on two datasets and performed better than other models.

Prediction of past unsolved terrorist attacks

In this study, a novel model is proposed to predict perpetuators of some terrorist events which are remain unsolved. The CPM learns from similarities between terrorist attacks and their crime attributes then puts them in appropriate clusters. Solved and unsolved attacks are gathered in the same - all linked to each other - “umbrella” clusters; then CPM classifies all related terrorist events which are expected to belong to one single terrorist group. The developed model is applied to a real crime dataset, which includes solved and unsolved terrorist attacks and crimes in Turkey between 1970 and 2005. CPM predictions produced significant precision value for big terrorist groups and reasonable recall values for small terrorist groups.

How Much Similar Are Terrorists Networks of Istanbul

Most of terrorist groups cooperate, interchange knowledge, skills and materials used for attacks. Terrorist groups in Istanbul are categorized into three main groups within criminological viewpoint: extreme left (i.e. Marxist) groups, extreme right (i.e. Fundamentalist, Radical Islamist) groups, and separatist (i.e. ethnic, racist) groups. Crime ontology for terrorist groups in Istanbul is created by using their criminal history and choices such as selection of crimes, attacking methods and modus operandi. Terrorist groups of Istanbul are attached to this ontology as nodes connected to their attacks. A similarity measure (COSM) is developed according to this ontology. COSM results for Istanbul terrorist groups performed better than two common similarity measures, cosine and Jaccard. COSM similarity result is presented to domain experts in hierarchical clustering and they gave positive feedback. COSM, which is based on attributes of crimes, can also be applied to other types of social networks for measuring similarity.

Comparison of Feature-Based Criminal Network Detection Models with k-Core and n-Clique

Four group detection models (e.g. GDM, OGDM, SoDM and ComDM) are developed based on crime data features. These detection models are compared more common baseline SNA group detection algorithms. It is intended to find out, whether these four crime data specific group detection models can perform better than widely used k-core and n-clique algorithms. Two data sets which contain previously known criminal networks are used as testbeds.

Detecting Criminal Networks Using Social Similarity

Existing literature shows that social demographics features of criminal network members are important. Examples include similarity on kinship, coming from the same family, the same ethnic origin or hometown, and living in the same neighborhoods. This paper investigates whether these social similarity features can be used for detecting members of criminal networks. We developed XSDM (Extended Social Detection Model), which removes some of the weaknesses of its predecessor SODM (Social Detection Model) by adding the attribute of living in the same neighborhood in addition to having the same surname and coming from the same hometown. XSDM is tested on the Diyarbakir dataset, containing 221 drug dealing networks. XSDM detected 81 out of 221 drug dealing networks using social demographic features of individual criminals. XSDM is evaluated by recall and precision values which performed better its predecessor SODM.

Deciding Resilient Criminal Networks

Criminal networks mostly shape themselves in order to maximize their gains but also hide their activities from prosecution. They also need of trust within network members and cliques. They also seek for immunity and protection from breaches and may not trust others, so they shape the network structure to this end. In this paper we presented a resilience measure for criminal networks which is tested on two real criminal networks. We investigated resilience results in parallel with their activities, their recruitment policy, and growth of network, their survival strategy and secrecy after they are prosecuted.