Empfohlen
Empfohlen
Weitere ähnliche Inhalte
Andere mochten auch
Andere mochten auch (6)
Ähnlich wie Visual Analytics for Security Intelligence
Ähnlich wie Visual Analytics for Security Intelligence (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
Visual Analytics for Security Intelligence
- 1. Visual Analytics for Security Dr Joe Parry Head of Research, i2 http://i2group.com/ Copyright © 2010 i2
- 2. 010100101010001010101000101010101010 00010010010011000110000101010101010101010 10010101001010100101010101 010101010101010101010101101010010101 01100101010101010101001010101011001001010 10001010101010101011010010 100101010101010101010111101010010101 11011001010101010101001010101011001001010 01001010101010001011010010 .010r1v10e00i00el11gen010ma00ge11n00 so00w01e10o000nt11li00n0110ed0o11r0t00n10 0n100s110a1100i11a101at010 ..10rivi0e00intell1gene10ma0agem1n00 sof0ware10or00ntelli0en011led0oper0t00ns0 0nal0s1s0a1d00is1al01ati10 ..0privides0intell1gence0managem1nt0 sof0ware0for0intelligen0e1led0oper0ti0ns0 anal0sis0and0visualizatio0 ...provides intelligence management, software for intelligence-led operations. analysis and visualization
- 4. > Me?
- 5. > Me!
- 6. > The Threat
- 7. > Tasking
- 11. > People
- 12. > People > Photo: Peter Funch
- 13. > People > Photo: Peter Funch
- 14. > Photo: Bahbak Hashemi-Nezhad > People
- 15. Maslow’s Hierarchy of Human Needs Self-Actualization Esteem Love Safety Physiological
- 16. Joe’s Hierarchy of Analyst’s Needs The Right Action Collaboration, Sharing Understanding, Insight Provenance, Information Data
- 17. > Data
- 18. > Lots of it! > Held in lots of different databases > Structured and Unstructured > Sometimes on Paper > Usually a (legal) process for getting hold of it > Typically ‘streaming’– everything has a time stamp > Identifiers (and Identity Resolution) used to tie things together > Data
- 19. > Provenance, Information > Provenance of data necessary for evidence chain > Provenance necessary to judge reliability, disclosure > Misinformation > Vague information > Missing information > Rarely have the big picture
- 20. > Understanding, Insight > Insight often arises from combination of data from lots of sources > Often needs to be backed up by interviews/statements
- 21. > Example – Social Network Analysis > i2 Analyst’s Notebook
- 22. > Example – Pattern of Life > Nathan Eagle’s Eigenbehaviours
- 23. > Example – Pattern of Life > i2 Analyst’s Notebook > Work in Progress!
- 24. > Collaboration, Sharing > IT infrastructure often a barrier > Cultural and political boundaries > Printing is crucial for team communication Reports: > Output is A4 sheet > Labelling & summarization are critical > Visualizations always backed by text, which provides context
- 25. > The Right Action
- 26. Maslow’s Hierarchy of Human Needs Self-Actualization Esteem Love Safety Physiological
- 27. Danke! > All logos, trademarks, service marks and copyrights used in this presentation belong to their respective owners > Copyright © 2010 i2
Hinweis der Redaktion
- Audience for this talk: Students, Researchers in Visual Analytics Not necessarily familiar with i2 or indeed crime/intel analysts May be some competition there Rola will be there Aims for the talk Establish i2 as the owner of that part of visual analytics Why am I here? Potential partner for research/ output of visual analytic research
- (subject) (Header & Footer notes date) (Header & Footer notes classification)
- As is probably obvious, I’m not this guy here.
- In fact I’m more like this guy. My job is to look out for new technologies, build prototypes, - heading up the Research Team. How do I decide what to work on? Obviously I can have fun building anything.. But what I build needs to be driven by their demands and their tasks… So what drives an analyst’s tasking?
- TASKING/MOTIVATION
- TASKING/MOTIVATION People use our products to produce Infographics Here are some of the icons we provide – this also gives you some idea of what they work on
- TASKING/MOTIVATION We get very strange insights into tasking by what people are requesting for icons in our products! Bonus prize for anyone who could construct a crime scene using these components!
- This is the kind of image intel analysts have of their future career when they join up.
- Unfortunately they get rather disappointed to see there working environment looks something like this!!
- This is the subject of their work: People. This kind of crowd picture is very ‘stock image’ – perhaps a better way of seeing is via the next few photos
- These can all be motivating factors for illegal behaviour. Analyst’s are trained to think about motivations as well as opportunities.
- So what motivates the analysts themselves? Here’s a model to help structure this talk.
- DATA – we generate huge quantities of this. Some estimates make it about 2GB a day per person.
- Consequences of this GENERIC TOOLS need to be able to bring data in from 3 different kinds of places – manual data entry, flat files, and database connections
- CONSEQUENCES: Visual clues for hypotheses Space in the data model for disclosure, reliability Information must be brought in from lots of different sources to bring out the big picture Information is gathered via an Intelligence Cycle – gaps identified and filled.
- Very hard to talk about INSIGHT. TRADECRAFT relevant here. Hard to work how insight is achieved.
- Define SNA (slide). What does it do? It allows you to take a large network and find nodes which are highly connected (betweenness). This can help you focus your investigation. Social Network Analysis has roots in the social sciences back in the 1920’s. For a long time this has lived and been developed in academia . The tools around it are quite hard to use by non-specialists. i2 started looking at this technology back in 2004 but decided it wasn’t quite ready for the ‘big-time’. This year we are releasing it. Analyst’s Notebook 8 has the capability of doing social network analysis. We felt that the innovation was sufficiently mature to be adopted. Of course it isn’t going to tell you who the bad guy is, but it may help you target the right people and focus your investigation. With the rise and rise of digital communications and social networking platforms, more and more data is becoming available to researchers. Some of the latest studies in this area, by people like Jon Kleinberg are truly amazing – I’d encourage anyone to read about them. So the social sciences are about to undergo a major revolution because many human-to-human interactions are very easily measurable . Social Network Analysis Quickly identify key individuals in complex target networks Gain most accurate picture of target networks with relationship weightings Quickly understand how social network dynamics change over time
- Some very nice work done at MIT by Nathan Eagle. Logs of cell-phones of a large body of students over a whole academic year. This particular diagram shows the results of aggregation techniques to identify behavioural patterns within that data set. Impressive work.
- HEATMAP Very Simple Technique! But we think it will be effective. Useful for seeing Unusual activity – quiet periods, bursts. Patterns of activity
- CONSEQUENCES Keep Collaboration SIMPLE! Forget the idea that two agencies are going to use the same IT infrastructure – ie can log on to the same systems. I2 have a way of sharing information which is based on file exchange. This has proved to be very simple and effective!
- END RESULT Three of these guys were convicted for the Heathrow Liquid Bomb plot – 7 flights were going to be targetted. Estimated deaths around 5,000. Plot was prevented by proactive intelligence action Kidnapping of Shannon Matthews – was her mother Karen and step-father Craig – who abducted her. Link-Charting techniques were used to communicate information about complex family connections. Timelines were used to work out the precise sequence of events surrounding the abduction Scarecrow Bandits – Dallas 2007. Solved by connection analysis with cellphone data.
- Visual analytics has a big role to play in Intelligence & Crime Analyst’s process: understanding of data, patterns in data, communication of results Decisions and Actions result in increasing SAFETY of our citizens Basic level of SAFETY is required in order to happily pursue the higher parts of Maslow’s hierarchy. Most people shouldn’t need to worry about safety, but can concentrate on achieving these higher goals.
- Thanks!