Propose a Framework for Criminal Mining by Web Structure and Content Mining
Authors :- Javad Hosseinkhani, Suriyati Chaprut, Hamed Taherdoost and Amin Shahraki Moghaddam
Keywords :- Criminal Network, Crime Web Mining, Forensics Analysis, Social Network, Terrorist Network, Universal Crawler.
Published Online :- 01 October 2012

  • View Full Abstract

    Anonymous and suitable information always are provided by criminal web data for Law enforcement agencies. The digital data that are used in forensic analysis comprises of pieces of information which are about the accused social networks. Nevertheless, evaluating these pieces of information is a challenging means an operator has to extract the appropriate information from the text in the website manually, after that it finds a connection between different pieces of information and classify them into a database structure. Then, the set is ready to utilize different criminal network analysis tools for test. Therefore, this manual procedure of arranging data for analysis is not efficient because it affected by many errors. Moreover, the quality of achieving analyzed data is related to the expertise and experience of the investigator so the reliability of the tests is not continuous. Actually, the better result is achived, the more knowledgeable is an operator. The aim of this study is to report the process of exploring the criminal suspects of forensic data analysis that support the reliability gap by offering a framework by utilizing High-level architecture of a scalable universal crawler.
  • View References

    [1] Fayyad, U.M. and R. Uthurusamy. (2002). Evolving Data Mining into Solutions for Insights. Communication ACM, 28-31.
    [2] Chang, W., Chung, W., Chen, H. & Chou. H. (2003). An International Perspective on Fighting Cybercrime. Proceedings of the 1st NSF/NIJ conference on Intelligence and security informatics LNCS 2665, Springer-Verlag, 379-384.
    [3] Kaur, P., Raghu, G., Ravinder, S.& Mandeep, S. (2012). Research on the application of web mining technique based on XML for unstructured web data using LINQ. 2011 7th International Conference on MEMS, NANO and Smart Systems, ICMENS 2011. Kuala Lumpur, Malaysia, Trans Tech Publications, P.O. Box 1254, Clausthal-Zellerfeld, D-38670, Germany. 403-408: 1062-1067.
    [4] Xu, J.J., Chen, H. (2005). CrimeNet Explorer: A framework for criminal network knowledge discovery. ACM Transactions on Information Systems, 23(2), 201–226.
    [5] Tao, P. (2007). Research on Topical Crawling Technique for Topic- Specific Search Engine. Doctor degree thesis of Jilin University.
    [6] Peng, J. & and Jihua, S. (2010). A Method of Text Classifier for Focused Crawler. Journal of Chinese Information Processing, 26, 92-96.
    [7] Chen, H., Chung, W., Xu, J.J., Wang, G., Qin, Y. & Chau, M. (2004). Crime data mining: a general framework and some examples. Computer, 37(4), 50–56.
    [8] Yang, C.C. & Tobun, D. Ng. (2007). Terrorism and crime related weblog social network: link, content analysis and information visualization. IEEE international conference on intelligence and security informatics, Hong Kong, 55–58.
    [9] Hope, T., Nishimura, T. & Takeda, H. (2006). An integrated method for social network extraction. 15th international conference on world wide web (WWW), USA, 845–846.
    [10] Jin, W., Srihari, R.K. & Ho, H.H. (2007). A text mining model for hypothesis generation. 19th IEEE international conference on tools with artificial intelligence, Patras, 156–162.
    [11] Zhou, D., Manavoglu, R., Li, J., Giles, C.L. & Zha, H. (2006). Probabilistic models for discovering ecommunities. 15th international conference on world wide web (WWW), USA, 173–182.
    [12] Jin, Y., Matsuo, Y. & Ishizuka, M. (2009). Ranking companies on the web using social network mining. In: Ting IH,Wu HJ, editors. Web mining applications in e-commerce and e-services. Studies in computational intelligence, vol. 172. Berlin/Heidelberg: Springer, 137–152.
    [13] Srinivasan, P. (2004). Text mining: generating hypotheses from Medline. Journal of the American Society for Information Science and Technology, 55, 396–413.
    [14] Skillicorn, D.B. & Vats, N. (2007). Novel information discovery for intelligence and counterterrorism. Decision Support Systems, 43(4), 1375–1382.
    [15] Al-Zaidy, R. F., Benjamin C.M.F., Youssef, A.M. & ; Fortin, F. (2012). Mining criminal networks from unstructured text documents. Digital Investigation, 8(3–4), 147-160.
    [16] Sparrow, M.K. (1991). The application of network analysis to criminal intelligence: An assessment of the prospects. Social Networks, 13, 251–274.
    [17] Krebs, V. E. (2001). Mapping networks of terrorist cells. Connections, 24(3), 43–52.
    [18] Bowman, M., Debray, S. K., & Peterson, L. L. (1993). Reasoning about naming systems. ACM Transaction. Program. Lang. Syst, 15(5), 795-825.
    [19] Ding, W. & Marchionini, G. (1997). A Study on Video Browsing Strategies. Technical Report. University of Maryland at College Park.
    [20] Fröhlich, B. & Plate, J. (2000). The cubic mouse: a new device for three-dimensional input. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (The Hague, The Netherlands, April 01 – 06, 2000). CHI ’00. ACM, New York, NY, 526-531..
    [21] Tavel, P. (2007). Modeling and Simulation Design. AK Peters Ltd., Natick, MA.
    [22] Sannella, M. J. (1994). Constraint Satisfaction and Debugging for Interactive User Interfaces. Doctoral Thesis. UMI Order Number: UMI Order No. GAX95-09398., University of Washington.
    [23] Forman, G. (2003). An extensive empirical study of feature selection metrics for text classification. J.Mach. Learn. Res. 3 (Mar. 2003), 1289-1305.
    [24] Brown, L. D., Hua, H., & Gao, C. (2003). A widget framework for augmented interaction in SCAPE. 16th Annual ACM Symposium on User Interface Software and Technology (Vancouver, Canada, November 02 – 05, 2003). UIST ’03. ACM, New York, NY, 1-10.
    [25] Yu, Y. T. & Lau, M. F. (2006). A comparison of MC/DC, MUMCUT and several other coverage criteria for logical decisions. Journal of System Software. 79, 5 (May. 2006), 577-590.
    [26] Spector, A. Z. (1989). Achieving application requirements. In Distributed Systems, S. Mullender, Ed.ACM Press Frontier Series. ACM, New York, NY, 19-33.
    [27] Hosseinkhani. J, Chaprut. S & Taherdoost. H. (2012). CriminalNetwork Mining by Web Structure and Content Mining. 11th WSEAS International Conference on Information Security and Privacy (ISP ’12), Prague, Czech Republic, September 24-26, In Press.
    [28] Brin, S. & Page, L. (1998). The anatomy of a large-scale hypertextual web search engine. Computer Network ISDN System, 30, 107–117.
    [29] Cho, J., & Schonfeld, U. (2007). Rankmass crawler: a crawler with high personalized pagerank coverage guarantee. Proceedings of the 33rd International Conference on Very Large Data Bases, 375–386.
    [30] HijbulAlam, Md., JongWoo, Ha. & Lee, L.S. (2009). Fractional PageRank Crawler: Prioritizing URLs Efficiently for Crawling Important Pages Early. DASFAA 2009, LNCS 5463 Springer-Verlag Berlin Heidelberg.
    [31] Hosseinkhani, J, Chaprut. S, and Taherdoost. H. (2012). Criminal Network Mining by Web Structure and Content Mining, Advances in Remote Sensing, Finite Differences and Information Security, Prague, Czech Republic, September 24-26, 210-215.
    [32] Duda, R. O., Hart, P. E. & D. G. Stork. (2001). Pattern Classification. John Wiley & Sons Inc., 2nd edition.
    [33] Baeza-Yates, R. & B. Ribeiro-Neto. (1999). Modern Information Retrieval. Addison– Wesley.
    [34] Debnath, S., Mitra, P. & C. L. Giles. (2005). Automatic Extraction of Informative Blocks from Webpages. In Proc. of the 2005 ACM Symposium on Applied Computing, 1722–1726.
    [35] Burgoon, J.K., Buller, D.B., Guerrero, L.K., Afifi, W., & Feldman, C. (1996). Interpersonal deception: XII. Information management dimensions underlying deceptive and truthful messages. Communication Monographs, 63, 50–69.
    [36] Vrij, A. (2000). Detecting Lies and Deceit: The Psychology of Lying and the Implication for Professional Practice. John Wiley.

Definitions and Criteria of CIA Security Triangle in Electronic Voting System
Authors :- Saman Shojae Chaeikar, Mohammadreza Jafari, Hamed Taherdooost and Nakisa Shojae Chaei Kar
Keywords :- E-voting, Electronic Voting, CIA, E-Voting Confidentiality, E-Voting Integrity, E-Voting Availability.
Published Online :- 01 October 2012

  • View Full Abstract

    Confidentiality, Integrity, and Availability are three sides of the famous CIA security triangle. Since the e-voting systems are built from particular components, the CIA security triangle of these systems has particular definitions for each side. This paper presents these CIA security definitions and criteria which each state-of-the-art electronic voting system must meet based on the view point of National Institute of Standard and Technology (NIST) and also the criteria proposed by pioneer e-voting researchers. According to jurisdiction of different countries some of the given definitions and criteria might be excluded for developed e-voting system of their territory. Beside of the definitions and criteria, current threats and proposed solutions (in 2012) of each CIA triangle side and current unresolved security threats are concisely described.
  • View References

    [1] National Institute of Standards and Technology (NIST) (2011), Security Considerations for Remote Electronic UOCAVA Voting (NISTIR 7770). United States: National Institute of Standards and Technology.
    [2] Norwegian Ministry of Local Government and Regional Development (2011). E-vote 2011 Security Objectives. Norway: Norwegian Ministry of Local Government and Regional Development.
    [3] Georgia Tech Information Security Center (2008). Emerging Cyber Threats Report for 2009. Georgia: Georgia Tech Information Security Center.
    [4] Internet Engineering Task Force (IETF) (2008). The Transport Layer Security (TLS) Protocol Version 1.2. Fremont: Internet Engineering Task Force (IETF).
    [5] Chaeikar, S. S. (2010). Interpretative Key Management (IKM), A Novel Framework, Proceedings of 2010 Second International Conference on Computer Research and Development, Kuala Lumpur, Malaysia, 2010.
    [6] Chaeikar, S. S. (2010). Node Based Interpretative Key Management Framework, Proceedings of The 2010 Congress in Computer science, Computer engineering, and Applied Computing (The 2010 International Conference on Security and Management SAM’10), WORLDCOMP’2010, Las Vegas, USA, July 2010.
    [7] Chaeikar, S.S. Manaf, A. M. & Zamani. M. (2012). Comparative Analysis of Master-Key and Interpretative Key Management (IKM) Frameworks. Cryptography and Security in Computing, Dr. Jaydip Sen (Ed.), ISBN: 978-953-51-0179-6, InTech, Available from:
    [8] Fujioka, A., Okamoto, T., and Ohta. K. (1992). A Practical Secret Voting Scheme for Large Scale Elections. Advances in Cryptology – AUSCRYPT ’92. 1992. Berlin, 244-251.
    [9] Cranor, L. F. and Cytron, R. K. (1997). Sensus: A Security-Conscious Electronic Polling System for the Internet. Proceedings of the Hawai`i International Conference on System Sciences, 7-10 January. Wailea, Hawaii, USA, 561-570.
    [10] Benaloh, J., Tuinstra, D. (1994). Receipt-Free Secret-Ballot Elections. Proceedings of the 26th ACM Symposium on Theory of Computing. May. New York, USA, 544-553.
    [11] Cramer, R., Gennaro, R., and Schoenmakers, B. (1997). A secure and optimally efficient multiauthority election scheme. European Transactions on Telecommunications. 8,481-489.
    [12] Peralta, R. (2003). Issues, non-issues and cryptographic tools for Internet-based voting. Secure Electronic Voting. 7, 153-164. Springer.
    [13] John Hopkins University, Department of computer science (2004). Requirements for an Electronic Voting System. Baltimore: John Hopkins University, Department of computer science.
    [14] McConnell, S. (2004), Code Complete. (Second Edition), United States: Microsoft Press.
    [15] Fink, R.A., Sherman, A.T., and Carback, R. (2009). TPM Meets DRE: Reducing the Trust Base for Electronic Voting Using Trusted Platform Modules. Information Forensics and Security, IEEE Transactions. 4(4), 628-284.
    [16] Paul, N., Tanenbaum, A. S. (2009). The Design of a Trustworthy Voting System. Proceedings of Annual Computer Security Applications Conference. 7-11 December. Honolulu, HI, 507-517.
    [17] ISO/IEC, Common Criteria for Information Security Evaluation (2009). Part 3: Security assurance components. Version 3.1, Rev. 3. Switzerland: ISO/IEC, Common Criteria for Information Security Evaluation.
    [18] Alvarez, R. M. (2005). Precinct Voting Denial of Service. NIST Threats to Voting Systems Workshop. 5 October. Washington DC, Appendix 29.
    [19] John Markoff (2008). Before the Gunfire, Cyberattacks. The New York Times, Retrived February 14, 2012, from

A Service Oriented Security Reference Architecture
Authors :- Alaeddin Kalantari, Anahita Esmaeili and Suhaimi Ibrahim
Keywords :- Service Oriented architecture, SOA, SOA Security, SOA Security Framework.
Published Online :- 01 October 2012

  • View Full Abstract

    Nowadays, service-oriented architecture (SOA) is used as an efficient solution to integrate distributed applications in an enterprise. In a SOA-based environment, security is one of the most important issues that must be considered on account of loosely coupled nature of SOA. However, there are several approaches and technologies for securing services such as WS-Security, SAML, and etc. SOA brings additional security problems on the level of architecture. Therefore, providing comprehensive security reference architecture for Enterprise SOA (ESOA) becomes a critical issue. In this paper, we propose a Service Oriented Security Reference Architecture (SOSRA) for Service Oriented Reference Architecture (S3) based enterprise applying our previously proposed Conceptual SOA Security Framework.
  • View References

    [1] Ramarao,k. & Prasad, C.(2008). SOA Security. USA: Manning Publication.
    [2] Eric Pulier & Hugh Taylor. (2006). Understanding Enterprise SOA. USA: Manning Publication.
    [3] Web Service Activity,
    [4] Kalantari, A., Khezrian, M., Esmaeili, A. and Taherdoost, H. (2011). Enabling Security Requiremets for enterprise Service Oriented Architecture. International Journal of Recent Trends in Engineering and
    Technology, The Association of Copmuter Electronics and Electrical Engineers (ACEEE), 6(1), 75-81 .
    [5] New to SOA and Web Service, webservices/newto/service.html
    [6] M. Schumacher, D. Witte. (2007). Secure Enterprise SOA: known and new security challenge, Datenschutz und Datensicherheit.
    [7] XML- Signature. (2001). Retrieved 2009, from W3C:
    [8] XML-Encryption. (2002). Retrieved 2009, from W3C:
    [9] S. Thompson. (2003, 04 01). Implementing WS-Security. Retrieved 2011, from IBM: developerworks/webservices/library/ws-security.htm
    [10] W. Ford. (2001, 03 30). XML Key Management Specification (XKMS). From W3C:
    [11] Security Assertion Markup Language (SAML). From OASIS:
    [12] eXtensible Access Control Markup Language (XACML). From OASIS: tc_home.php?wg_abbrev=xacml
    [13] A. Buecker et al. (2007). Understanding SOA Security: Design and implementation. USA: IBM Publication.
    [14] C. Candolin. (2007). A Security Framework for Service Oriented Architectures. Military Communications Conference, 29-31 Oct. MILCOM 2007: IEEE.
    [15] Arsanjani, A.(2007). S3: A Service-Oriented Reference Architecture. IEE Computer Society, 9(3), 10-17.