Professional Documents
Culture Documents
10 % increase in digitisation
6.000.000.000 S$/year
(0.75% GDP)
Loses due to cybercrime: vs
5.000.000.000 S$/year
(0.64% GDP)
● Cyber security in
○ the oil and gas domain
○ The maritime industry, including autonomous ships
○ Internet of things
○ Internet of Energy
○ Secure Micro-Grids
InfoSEC
Management
CCIS Centre for Cyber and Information Security
Cyber
Defence
Cyber Security
of Critical
Infrastructure
e-Health,
COINS Wellbeing
Research School
of Information
Security
Norwegian
Biometrics
NTNU Digital Laboratory
Forensics
Group
9
NTNU Testimon Digital Forensics Group
Cyberthreat Intelligence
17
Need More Advanced Tools for ØKOKRIM
ØKOKRIM Type of Big Data Problem in DF:
Panama Papers
• Enron e-mail corpus (from 2002) 160 GB with 1,7 mill messages
• Documents from 40 years of business in Law Firm Mossack Fonseca
• 11.5 million documents (2.6TB)
• Head office in Panama City with 35 branch offices all around the world
• 376 journalist from 100 media partners in 80 countries speaking 25 different
languages spent one year identifying 214.000 offshore companies in 21
offshore jurisdictions
Panama Papers in Size Perspective
International statistics - numbers
Across the "Relativity universe", separate percentages are tracked for each grouping.
Assessing the percentages over the past five years reveals that approximately two thirds of
cases fall in the Normal group, approximately a quarter of cases in the Large group, and
around 8% in the Very Large group. These percentages have held fairly constant over the
past five years with the exception of the Ridiculous cases, which first appeared in 2013, and
now, while increasing, account for less than 1% of the overall case size make up
= 20 x Panama Papers!
DFaaS Platform for
Conventional Policing
22
DFaaS For Complex Cases?
Testimon Digital Forensics Group Staff (Gjøvik)
Feasibility Study of Social Network Analysis on Loosely Structured Communication Networks, Jan William Johnsen and
Katrin Franke, Procedia Computer Science
Improve Approximate Search for Digital
Investigation and Intrusion Detection
• Improve precision
– Find more of what we want, without losing significant accuracy
– Good for beginning of investigation
29
NFA With Greater Flexibility in
Types of Errors
30
Malware Classification Based on
Analysis of Low-Level H/W Activity
• Signature-based malware detection is not robust
against simple obfuscation techniques.
• Malware developers try to conceal malware’s
functionality.
• It is impossible to avoid execution on the hardware.
• Can low-level features alone provide better detection rates?
• Can we use low-level features for malware classification?
• Can low-level features provide stealthy malware detection?
31
Topic Modelling Research
• Latent Dirichlet Allocation (LDA)
• Topic Modelling in Digital Forensics Investigations (DFI)
• Topic Modelling for Cyber-Threat Intelligence (CTI)
32
Dirichlet Allocation:
A Generative Model
For each document d in D:
Choose θ ∼ Dirichlet(α)
For each word wn in document d:
Choose a topic zn ∼ Multinomial(θ)
Choose φ ∼ Dirichlet(β)
Choose a word wn from p(wn | zn,β)
34
Co-Occurance Matrix Representation of
Document Corpus
Matrix Analysis of
Document Corpus
Topic Modelling for DFI
(Enron Corpus)
37
Ten Topics Extracted From Enron Corpus
Topic 4: Author Participation Over Time
Topic 4: Author Participation Over Time
Topic Modelling for CTI
Hacker Forum Data
– Nulled.IO
– http://leakforums.net/thread-719337
– 3,495,596 posts
41
Nulled.IO Hacker Forum Data
(16,000 Posts)
Nulled.IO Hacker Forum Posts
Estimated Topics (16K Posts)
1000K Posts [Security Relevant Only]
Future Work:
DarkWeb Jihadi Forums
100002 11290 WALLAHI-laylatul Qadr is the 27th Night- Helping Everyone Out-
1283 Mu7aaribah Why do we tend to act the worst in this blessed month of
ramadhaan?
In the last 10 days of ramadhaan?Wallaahi we are so being tested here
by Allaah and some of you are just falling right into the trap. Subhan'AIIaah.
Please think, think, think and then act. 2006 1 O 17 2006-10-17 14:48:00.000
99629
Questions?