The paper presents a general methodology to implement a flexible Focused Crawler for investigation purposes, monitoring, and Open Source Intelligence (OSINT). The resulting tool is specifically aimed to fit the operational requirements of law-enforcement agencies and intelligence analyst. The architecture of the semantic Focused Crawler features static flexibility in the definition of desired concepts, used metrics, and crawling strategy; in addition, the method is capable to learn (and adapt to) the analyst's expectations at runtime . The user may instruct the crawler with a binary feedback (yes/no) about the current performance of the surfing process, and the crawling engine progressively refines the expected targets accordingly. The method implementation is based on an existing text-mining environment, integrated with semantic networks and ontologies. Experimental results witness the effectiveness of the adaptive mechanism.
Data from Social Networks and microblogs can provide useful information for prevention and investigation purposes, provided unstructured information is processed at both the lexical and the semantic level. The proposed methodology introduces a comprehensive Semantic Network (ConceptNet) in the interpretation chain of Twitter traffic. This additional interpretation level greatly enhances the effectiveness of semi-automated tools for monitoring purposes. In particular, the paper shows that the combined use of semantic and text-mining clustering tools also allows law-enforcement operators to early detect and track unscheduled events. Experimental results demonstrate the method effectiveness in real cases
The role of the Internet is continuously increasing and many technical, commercial, and business transactions are carried out by a multitude of users who exploit a set of specialized/sophisticated network applications. In this context, the task of network monitoring and surveillance is gaining great relevance and honeypots represent promising tools to get information, and understanding about the 'areas of interests' of attackers, as well as about the possible relations among 'blackhat' teams. The paper presents and discusses the results achieved by a group of honeypots deployed within the networks of the Department of Communication, Computer and System Science at the University of Genoa. The collected statistics, measured over 4-month long period, reveal that approximately 10 000 different attackers, coming from 130 different countries, have 'contacted' the honeypot system and that about 60 000 TCP distinct connections have logged in. Our high-interaction honeypot has counted more than 25 000 attempts to access a ssh server, thus permitting to trace many attempts to install rootkits. A comparison with results obtained by similar researches carried out in other laboratories is presented and commented
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.