Angaben zur Quelle [Bearbeiten]
| Autor | Jennifer Xu, Hsinchun Chen |
| Titel | Criminal Network Analysis and Visualization: A Data Mining Perspective |
| Zeitschrift | Communications of the ACM (CACM) |
| Datum | June 2005 |
| Nummer | 48 (6) |
| Seiten | 101-107 |
| DOI | 10.1145/1064830.1064834 |
| URL | http://dl.acm.org/citation.cfm?id=1064830.1064834&coll=portal&dl=ACM; http://ai.bpa.arizona.edu/coplink/publications/crimenet/Xu_CACM.doc |
Literaturverz. |
no |
| Fußnoten | no |
| Fragmente | 9 |
| [1.] Nm/Fragment 028 05 - Diskussion Zuletzt bearbeitet: 2012-04-29 20:51:53 Graf Isolan | Fragment, Gesichtet, Nm, SMWFragment, Schutzlevel sysop, Verschleierung, Xu and Chen 2005a |
|
|
|
| Untersuchte Arbeit: Seite: 28, Zeilen: 5-8 |
Quelle: Xu and Chen 2005a Seite(n): 102, Zeilen: left column 42-46 |
|---|---|
| Although SNA is not conventionally considered as data mining technique, it is especially suitable for mining a large volume of association data to discover hidden structural patterns in terrorist networks. | Although SNA is not traditionally considered as a data mining technique, it is especially suitable for mining large volumes of association data to discover hidden structural patterns in criminal networks [9, 10]. |
Right before he starts to massively present material form Koelle et al. (2006), for which he gives no reference, he puts in a small section, adapted in the usual way, from Xu and Chen (2005a), which he also does not mark as a citation and for which he also does not give a reference. Pure patchwork. |
|
| [2.] Nm/Fragment 075 07 - Diskussion Zuletzt bearbeitet: 2012-04-29 22:07:58 Hindemith | Fragment, Gesichtet, Nm, SMWFragment, Schutzlevel sysop, Verschleierung, Xu and Chen 2005a |
|
|
|
| Untersuchte Arbeit: Seite: 75, Zeilen: 7-25 |
Quelle: Xu and Chen 2005a Seite(n): 102, Zeilen: left column 53 - right column 1-21 |
|---|---|
| First, incomplete, incorrect, or inconsistent data can create problems. Moreover, these characteristics of terrorist networks cause difficulties:
-Incompleteness. Criminal networks are clandestine networks that work in concealment and secrecy (Krebs, 2002). Criminals may reduce communications to avoid attracting attention of law enforcement agencies and their communications are concealed behind a number of illegal activities. Therefore, data about criminal networks is certainly treated as incomplete; that is, some existing links or nodes will be overlooked or unrecorded (Sparrow, M. K., 1991). -Incorrectness. Many criminals hide their identity (provide incorrect information to the agencies) when they are captured and under investigation. Incorrect data regarding criminals’ identities, physical characteristics, and addresses may result either from accidental data entry errors or from intentional cheating by criminals. -Inconsistency. Information about criminals, who have captured a number of times at number of places, may be entered in law [enforcement databases multiple times.] |
First, incomplete, incorrect, or inconsistent data can create problems. Moreover, these characteristics of criminal networks cause difficulties not common in other data mining applications:
• Incompleteness[EN 10]. Criminal networks are covert networks that operate in secrecy and stealth [EN 8]. Criminals may minimize interactions to avoid attracting police attention and their interactions are hidden behind various illicit activities. Thus, data about criminals and their interactions and associations is inevitably incomplete, causing missing nodes and links in networks [EN 10]. • Incorrectness. Incorrect data regarding criminals’ identities, physical characteristics, and addresses may result either from unintentional data entry errors or from intentional deception by criminals. Many criminals lie about their identity information when caught and investigated. • Inconsistency. Information about a criminal who has multiple police contacts may be entered into law enforcement databases multiple times. [EN 8] Krebs, V. E. Mapping networks of terrorist cells. Connections 24, 3 (2001), 43–52. [EN 10] Sparrow, M.K. The application of network analysis to criminal intelligence: An assessment of the prospects. Social Networks 13 (1991), 251–274. |
Starts out as "word-for-word paraphrasing" and becomes "word-for-word copying" (even more obvious on the next page). The source is not given If indeed there is an article where "Most part of the contents of this subsection is already published in (Memon N., and Larsen H. L., 2006a).", as Nm claims in the footnote, one has to wonder about the refereeing process there, too. |
|
| [3.] Nm/Fragment 076 01 - Diskussion Zuletzt bearbeitet: 2012-04-29 22:08:02 Hindemith | Fragment, Gesichtet, Nm, SMWFragment, Schutzlevel sysop, Verschleierung, Xu and Chen 2005a |
|
|
|
| Untersuchte Arbeit: Seite: 76, Zeilen: 1-17, 20-25, 29-32 |
Quelle: Xu and Chen 2005a Seite(n): 102, Zeilen: right column 19ff |
|---|---|
| [Information about criminals, who have captured a number of times at number of places, may be entered in law] enforcement databases multiple times. These records are not unsurprisingly consistent. It would be found very strange if multiple data records could make a single criminal appear to be different individuals. When apparently different individuals are included in a network under investigation, misleading information may be produced.
The literature study found that the problems particularly to criminal network analysis lie in data transformation, fuzzy boundaries, and network dynamics. -Data Transformation. Network analysis requires that data be presented in a particular format, in which (network) members’ represent nodes, their communications are represented by links. Though, information about criminal relations is typically not precise in raw data and converting them to the required format can be known as laborious and time-consuming. -Fuzzy boundaries. The boundaries of criminal networks are relatively confusing. [...] Therefore, it is found during the literature review that it can be very tough for an analyst to choose whom to include and whom to exclude from a network under investigation (Sparrow, M. K., 1991). -Dynamic. Criminal networks are known as dynamic networks, that is, they usually to change over time. {The relationship between any two individuals binary nature, it means there is a relation or there is no relation, it may be weak or strong; rather it has a distribution over time, waxing and waning from one period to another. It is also noted that most of relations change in time.} Therefore, it is need of the time to design and develop new methods of data collection in order to capture the dynamics of criminal networks (Sparrow, M. K., 1991). |
Information about a criminal who has multiple police contacts may be entered into law enforcement databases multiple times. These records are not necessarily consistent. Multiple data records could make a single criminal appear to be different individuals. When seemingly different individuals are included in a network under study, misleading information may result.
Problems specific to criminal network analysis lie in data transformation, fuzzy boundaries, and network dynamics: • Data transformation. Network analysis requires that data be presented in a specific format, in which network members are represented by nodes, and their associations or interactions are represented by links. However, information about criminal associations is usually not explicit in raw data. The task of extracting criminal associations from raw data and transforming them to the required format can be fairly labor-intensive and time-consuming. • Fuzzy boundaries. Boundaries of criminal networks are likely to be ambiguous. It can be quite difficult for an analyst to decide whom to include and whom to exclude from a network under study [EN 10]. • Network dynamics. Criminal networks are not static, but are subject to changes over time. New data and even new methods of data collection may be required to capture the dynamics of criminal networks [EN 10]. |
Text between line 25 and line 29 (marked by {}) seems to be Nm's own. It is left as an example of Nm's style in comparison to the original own. (These lines are not counted). |
|
| [4.] Nm/Fragment 077 03 - Diskussion Zuletzt bearbeitet: 2012-04-29 22:22:08 Hindemith | BauernOpfer, Fragment, Gesichtet, Nm, SMWFragment, Schutzlevel sysop, Xu and Chen 2005a |
|
|
|
| Untersuchte Arbeit: Seite: 77, Zeilen: 3-29 |
Quelle: Xu and Chen 2005a Seite(n): 103, Zeilen: left column 16-52 |
|---|---|
| Criminal Network Analysis, which is a broad category of terrorist network analysis, can be categorized into three generations (Xu J., Chen H., 2006):
First generation: Manual approach. The representation of first generation is known as Anacapa chart (Klerks, 2001). Using this approach, an analyst should first develop an association matrix by detecting criminal associations from raw data. Then, a link chart for visualization purposes can then be drawn based on the association matrix. For example, to map the terrorist network containing the 19 hijackers in 9/11 attacks, Krebs (Krebs, 2002) gathered data about the relationships among the hijackers from publicly available information reported in several major newspapers. Krebs then manually constructed an association matrix to incorporate these relations (Krebs, 2002) and illustrated a network representation in order to analyze the structural properties of the network. It is well known fact that such a manual approach for criminal network analysis is helpful in crime investigation; but this type of approach is would be good if the dataset is short, but it would be difficult rather impossible to draw a link chart if there are thousands of nodes. Second generation: Graphic-based approach. These tools can automatically produce graphical representations of criminal networks. Most of the available network analysis tools belong to this generation. Among them Analyst’s Notebook, Netmap and XANALYS Link Explorer (previously called Watson) are the most popular (Xu, J., Chen H., 2006). It is to mention that, Analyst’s Notebook (see Figure 2.3) can automatically generate a link chart [based on relational data from a spread sheet or text file.] |
Klerks [EN 7] categorized existing criminal network analysis approaches and tools into three generations.
First generation: Manual approach. Representative of the first generation is the Anacapa Chart [EN 6]. With this approach, an analyst must first construct an association matrix by identifying criminal associations from raw data. A link chart for visualization purposes can then be drawn based on the association matrix. For example, to map the terrorist network containing the 19 hijackers in the September 11 attacks, Krebs [EN 8] gathered data about the relationships among the hijackers from publicly released information reported in several major newspapers. He then manually constructed an association matrix to integrate these relations [EN 8] and drew a network representation to analyze the structural properties of the network (Figure 1). Although such a manual approach for criminal network analysis is helpful in crime investigation, it becomes an extremely ineffective and inefficient method when data sets are very large. Second generation: Graphic-based approach. These tools can automatically produce graphical representations of criminal networks. Most existing network analysis tools belong to this generation. Among them Analyst’s Notebook [EN 7], Netmap [EN 5], and XANALYS Link Explorer (previously called Watson) [EN 1], are the most popular. For example, Analyst’s Notebook can automatically generate a link chart based on relational data from a spreadsheet or text file (Figure 2a). [EN 1] Anderson, T., Arbetter, L., Benawides, A., and Longmore-Etheridge, A. Security works. Security Management 38, 17, (1994), 17–20. [EN 5] Goldberg, H.G., and Senator, T.E. Restructuring databases for knowledge discovery by consolidation and link formation. In Proceedings of 1998 AAAI Fall Symposium on Artificial Intelligence and Link Analysis. AAAI Press (1998). [EN 6] Harper, W.R., and Harris, D.H. The application of link analysis to police intelligence. Human Factors 17, 2 (1975), 157–164. [EN 7] Klerks, P. The network paradigm applied to criminal organizations: Theoretical nitpicking or a relevant doctrine for investigators? Recent developments in the Netherlands. Connections 24, 3 (2001), 53–65. [EN 8] Krebs, V. E. Mapping networks of terrorist cells. Connections 24, 3 (2001), 43–52. |
Source is given at the beginning, but nothing has been marked as a citation. Again "Most of the parts of the contents of this subsection are already published in (Memon N., and Larsen H. L., 2006a)." |
|
| [5.] Nm/Fragment 078 01 - Diskussion Zuletzt bearbeitet: 2012-04-29 22:28:10 Hindemith | Fragment, Gesichtet, Nm, SMWFragment, Schutzlevel sysop, Verschleierung, Xu and Chen 2005a |
|
|
|
| Untersuchte Arbeit: Seite: 78, Zeilen: 1-13 |
Quelle: Xu and Chen 2005a Seite(n): 103, Zeilen: left column 49-52 and right column 14-28 |
|---|---|
| [It is to mention that, Analyst’s Notebook (see Figure 2.3) can automatically generate a link chart] based on relational data from a spread sheet or text file.
Though second generation tools are capable of using a number of methods to visualize criminal networks, their sophistication level is not up to the mark because they only produce graphical representation of criminal networks with less analytical functionality. These tools still rely on analysts to investigate the graphs with awareness to detect structural properties of the network. [...] Third generation: SNA. This generation provides more advanced functionality to help the law enforcement professionals in crime investigations. Complex structural analysis tools are needed to visualization facility in addition of mining large amount of data in order to discover useful knowledge about the structure and organization of criminal networks. |
For example, Analyst’s Notebook can automatically generate a link chart based on relational data from a spreadsheet or text file (Figure 2a).
[...] Although second-generation tools are capable of using various methods to visualize criminal networks, their sophistication level remains modest because they produce only graphical representations of criminal networks without much analytical functionality. They still rely on analysts to study the graphs with awareness to find structural properties of the network. Third generation: SNA. This approach is expected to provide more advanced analytical functionality to assist crime investigation. Sophisticated structural analysis tools are needed to go from merely drawing networks to mining large volumes of data to discover useful knowledge about the structure and organization of criminal networks. |
continuation from previous page |
|
| [6.] Nm/Fragment 191 10 - Diskussion Zuletzt bearbeitet: 2012-04-29 17:58:30 Graf Isolan | Fragment, Gesichtet, Nm, SMWFragment, Schutzlevel sysop, Verschleierung, Xu and Chen 2005a |
|
|
|
| Untersuchte Arbeit: Seite: 191, Zeilen: 10-19 |
Quelle: Xu and Chen 2005a Seite(n): 104-105, Zeilen: p.104, right column 15-22 - p.105, left column 1-4 |
|---|---|
| 6.4 SUBGROUP DETECTION [FN 33]
A terrorist network can often be partitioned into cells (subgroups) consisting of individuals who closely interact with each other. Given a network, traditional data mining techniques such as cluster analysis may be employed to detect underlying groupings that are not otherwise apparent in the data. Hierarchical clustering methods have been proposed to partition a network into subgroups (Wasserman, S., and Faust, K., 1994). Cliques whose members are fully or almost fully connected can also be detected based on clustering results. [FN 33] The most of the material presented in this Section is already published in (Memon N., Larsen Henrik Legind, 2006c) |
[p. 104]
Subgroup detection A criminal network can often be partitioned into subgroups consisting of individuals who closely interact with each other. Given a network, traditional data mining techniques such as cluster analysis may be employed to detect underlying groupings that are not otherwise apparent in [p. 105] the data. Hierarchical clustering methods have been proposed to partition a network into subgroups [EN 11]. Cliques whose members are fully or almost fully connected can also be detected based on clustering results. [EN 11] Wasserman, S., and Faust, K. Social Network Analysis: Methods and Applications (Cambridge: Cambridge University Press, 1994). |
Indeed: not only does this paragraph appear here in Nm's thesis but also in a number of Nm's papers, the earliest being a contribution to a conference in November 2005 and appearing here [1]. Thus the formulation by Xu and Chen (2005a) presented here still predates any analogous text by Nm by at least several months. Nm's only contribution has been to change the object of research from "criminals" to "terrorists". This furthermore begs the question if Nm's iMiner software prototype, which is at the heart of his thesis is far from Xu and Chen's CrimeNet explorer. |
|
| [7.] Nm/Fragment 191 20 - Diskussion Zuletzt bearbeitet: 2012-04-29 17:57:54 Graf Isolan | Fragment, Gesichtet, Nm, SMWFragment, Schutzlevel sysop, Verschleierung, Xu and Chen 2005a |
|
|
|
| Untersuchte Arbeit: Seite: 191, Zeilen: 20-25 |
Quelle: Xu and Chen 2005a Seite(n): 106, Zeilen: right column 15-23 |
|---|---|
| In this research and development study, we employed SNA techniques for terrorist intelligence analysis. The goal has been to provide law enforcement and intelligence agencies with third-generation network analysis techniques that not only produce graphical representations of terrorist networks but also provide structural analysis functionality to facilitate terrorist investigations. | Several data mining projects in the COPLINK research have begun to employ these SNA techniques for criminal network analysis. The goal has been to provide law enforcement and intelligence agencies with third-generation network analysis techniques that not only produce graphical representations of criminal networks but also provide structural analysis functionality to facilitate crime investigations. |
continues the take-over from Xu and Chen (2005a) (but from a different page than before) |
|
| [8.] Nm/Fragment 199 27 - Diskussion Zuletzt bearbeitet: 2012-04-29 22:07:53 Hindemith | Fragment, Gesichtet, Nm, SMWFragment, Schutzlevel sysop, Verschleierung, Xu and Chen 2005a |
|
|
|
| Untersuchte Arbeit: Seite: 199, Zeilen: 27-28 |
Quelle: Xu and Chen 2005a Seite(n): 106, Zeilen: right column 32-36 |
|---|---|
| The first stage of network analysis development is to automatically identify the [strongest association paths, or geodesics, between two or more network members.] | The first stage of our network analysis development was intended to automatically identify the strongest association paths, or geodesics, between two or more network members using shortest-path algorithms. |
reference is never named |
|
| [9.] Nm/Fragment 200 01 - Diskussion Zuletzt bearbeitet: 2012-04-29 22:07:49 Hindemith | Fragment, Gesichtet, Nm, SMWFragment, Schutzlevel sysop, Verschleierung, Xu and Chen 2005a |
|
|
|
| Untersuchte Arbeit: Seite: 200, Zeilen: 1-4 |
Quelle: Xu and Chen 2005a Seite(n): 106, Zeilen: right column 32-39 |
|---|---|
| [The first stage of network analysis development is to automatically identify the] strongest association paths, or geodesics, between two or more network members. In practice, such a task often entails intelligence officials manually exploring links and trying to find association paths that might be useful for generating investigative leads. | The first stage of our network analysis development was intended to automatically identify the strongest association paths, or geodesics, between two or more network members using shortest-path algorithms. In practice, such a task often entails crime analysts to manually explore links and try to find association paths that might be useful for generating investigative leads. |
no reference given |
|