Now showing 1 - 10 of 74
  • Publication
    Forensic Analysis of Ares Galaxy Peer-to-Peer Network
    Child Abuse Material (CAM) is widely available on P2P networks. Over the last decade several tools were made for 24/7 monitoring of peer-to-peer (p2p) networks to discover suspects that use these networks for downloading and distribution of CAM. For some countries the amount of cases generated by these tools is so great that Law Enforcement (LE) just cannot handle them all. This is not only leading to backlogs and prioritizing of cases but also leading to discussions about the possibility of disrupting these networks and sending warning messages to potential CAM offenders. Recently, investigators are reporting that they are creating more serious cases on Ares Galaxy (Ares) than on other open p2p networks. Little has been done on automatic prioritization of cases with the information obtained from data that is available on P2P networks. Cases are mostly selected based on the highest number of CAM, while studies indicate that the abusers are most likely to be found not within that top user list. What kind of information can we use to prioritize cases in another way? Is it possible to disturb the network by sending warning messages and sharing fake material? Although the past years have seen a lot of successful CAM cases, generated in several countries, there is still little known about the Ares network. Although Ares network is open source, the protocol is not documented and the program does not come with serious documentation or support. In this paper, we present first of all a forensic analysis of using of Ares network in relation with the distribution of CAM. We then describe forensic artefacts found on an Ares computer involved in CAM.
      2269
  • Publication
    Distributed Spatial Data Clustering as a New Approach for Big Data Analysis
    In this paper we propose a new approach for Big Data mining and analysis. This new approach works well on distributed datasets and deals with data clustering task of the analysis. The approach consists of two main phases: the first phase executes a clustering algorithm on local data, assuming that the datasets was already distributed among the system processing nodes. The second phase deals with the local clusters aggregation to generate global clusters. This approach not only generates local clusters on each processing node in parallel, but also facilitates the formation of global clusters without prior knowledge of the number of the clusters, which many partitioning clustering algorithm require. In this study, this approach was applied on spatial datasets. The pro- posed aggregation phase is very efficient and does not involve the exchange of large amounts of data between the processing nodes. The experimental results show that the approach has super-linear speed-up, scales up very well, and can take advantage of the recent programming models, such as MapReduce model, as its results are not affected by the types of communications.
      407
  • Publication
    Electronic Evidence Discovery, Identification and Preservation: Role of the First Responder and related capacity building challenges
    The integrity of electronic evidence is essential for judicial proceedings. In this context, the role of the First Responder for discovery, identification and preservation is considered to be one of the short-term most critical challenge. While the number of devices to be collected was reasonably small and the items were easily identifiable in the past, it is not the case anymore. Many initiatives aim at harmonising technical and legal standards to facilitate electronic evidence exchange, although a consistent approach in basic equipment and training of the field police officer is still missing. Hence, in this paper, we study how synergies between different international organisations create and deploy an innovative and sustainable approach to address capacity building challenges related to the tasks assigned to the First Responder.
      260
  • Publication
    A Cloud Forensic Readiness Model for Service Level Agreements Management
    (Academic Conferences and Publishing International Limited, 2015-07-03) ; ;
    Cloud computing is increasingly becoming a target of cyber-criminal attacks. Often the committedcrimes violate the Service Level Agreement (SLA) contracts, which must be respected by all the involvedparties. Cloud Forensics is a branch of Digital Forensic discipline dealing with crimes involving the Cloud. Amanner for leveraging some of the attacks is the provisioning of a Forensic Readiness capability, by performingsome activities before the crimes happen. In this paper we introduce a model aimed to represent themanagement of SLAs through a cloud system.
      395
  • Publication
    Virtual Machine Forensics by means of Introspection and Kernel Code Injection
    Virtual Machine Introspection offers the ability to access a virtual machine remotely and extract informationfrom it. Virtual machine introspection allows all processes, local data, and network traffic to be tracked andmade available to the investigation process. These properties offer the possibility to monitor a suspect virtualmachine (VM). Moreover, the access to a VM data is far from being trivial; there are various complex tasks tobe dealt with. For instance the returned data is in a raw format, and it is necessary to remap into a userfriendly representation (canonical representation). In this paper we propose a method of bridging thissemantic gap, and provide a graphical reconstruction of events. This proposal is essentially, the recreation ofa virtual machine at a remote location and the subsequent recreation of all processes, data, network traffic ina virtual machine as they occur in the original. This should be achieved in real-time, which will give anopportunity to quickly make decisions based on the evidence as we collect them in real-time. Our approachinvolves recreating a virtual machine and injecting into it all code and data within the original virtual machine,presenting an identical copy for examination. The approach proposed also has another advantage byallowing all data to be saved for further analysis and verification.
      548
  • Publication
    Prediction of NB-UVB phototherapy treatment response of psoriasis patients using data mining
    NB-UVB Phototherapy is one of the most commontreatments administrated by dermatologists for psoriasis patients.Although in general, the treatment results in improving thecondition, it also can worsen it. If a model can predict thetreatment response before hand, the dermatologists can adjustthe treatment accordingly. In this paper, we use data miningtechniques and conduct four experiments. The best performanceof all four experiments was obtained by the stacked classifiermade of hyper parameter tuned Random Forest, kSVM and ANNbase learners, learned using L1-Regularized Logistic Regressionsuper learner.
      472
  • Publication
    Clustering Approaches for Financial Data Analysis: a Survey
    (CSREA Press, 2012-07-19) ; ;
    Nowadays, financial data analysis is becoming increasingly important in the business market. As companies collect more and more data from daily operations, they expect to extract useful knowledge from existing collected data to help make reasonable decisions for new customer requests, e.g. user credit category, confidence of expected return, etc. Banking and financial institutes have applied different data mining techniques to enhance their business performance. Among these techniques, clustering has been considered as a significant method to capture the natural structure of data. However, there are not many studies on clustering approaches for financial data analysis. In this paper, we evaluate different clustering algorithms for analysing different financial datasets varied from time series to transactions. We also discuss the advantages and disadvantages of each method to enhance the understanding of inner structure of financial datasets as well as the capability of each clustering method in this context.
      215
  • Publication
    An interactive exercise biofeedback Android application utilizing a single inertial measurement unit to support joint replacement rehabilitation
    Boomerang Ortho is an Android application developed with the aim to better support patients in their exercise rehabilitation program following total knee replacement. The use of a single inertial measurement unit (IMU) attached to the lower leg allows for classification of exercise technique, real-time biofeedback, and both self and remote monitoring of patient data. The prototype application for demonstration is currently undergoing pilot testing prior to an assessment of impact on clinical outcome.
      125
  • Publication
    A Knowledge-based Data Reduction for Very Large Spatio-Temporal Datasets
    Today, huge amounts of data are being collected with spatial and temporal components from sources such as metrological, satellite imagery etc. Efficient visualisation as well as discovery of useful knowledge from these datasets is therefore very challenging and becoming a massive economic need. Data Mining has emerged as the technology to discover hidden knowledge in very large amounts of data. Furthermore, data mining techniques could be applied to decrease the large size of raw data by retrieving its useful knowledge as representatives. As a consequence, instead of dealing with a large size of raw data, we can use these representatives to visualise or to analyse without losing important information. This paper presents a new approach based on different clustering techniques for data reduction to help analyse very large spatiotemporal data. We also present and discuss preliminary results of this approach.
      218
  • Publication
    Distributed Clustering Algorithm for Spatial Data Mining
    Distributed data mining techniques and mainly distributed clustering are widely used in last decade because they deal with very large and heterogeneous datasets which cannot be gathered centrally. Current distributed clustering approaches are normally generating global models by aggregating local results that are obtained on each site. While this approach analyses the datasets on their locations the aggregation phase is complex, time consuming and may produce incorrect and ambiguous global clusters and therefore incorrect knowledge. In this paper we propose a new clustering approach for very large spatial datasets that are heterogeneous and distributed. The approach is based on K-means Algorithm but it generates the number of global clusters dynamically. It is not necessary to fix the number of clusters. Moreover, this approach uses a very sophisticated aggregation phase. The aggregation phase is designed in such away that the final clusters are compact and accurate while the overall process is efficient in time and memory allocation. Preliminary results show that the proposed approach scales up well in terms of running time, and result quality, we also compared it to two other clustering algorithms BIRCH and CURE and we show clearly this approach is much more efficient than the two algorithms.
      1092