Individual and Collective Analysis of Anomalies in Message Traffic

  • D. B. Skillicorn
Part of the Integrated Series In Information Systems book series (ISIS, volume 18)

We consider four properties by which intercepted messages can be selected for deeper analysis: their external properties, their content, their authorship, and the mental state of their authors. We argue that, rather than trying to differentiate directly between ‘good’ messages and ‘bad’ messages, it is better to use a two-pronged approach, where a simple detection scheme triggers a reaction in authors of ‘bad’ messages. This reaction is easier to detect than the original difference. We also suggest that differentiation is more effective when it is done for sets of messages, rather than on a message by message basis.


Target Word Singular Value Decomposition Independent Component Analysis Exception Word Pointwise Mutual Information 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. C. Cortes, D. Pregibon, and C. Volinsky. Computational methods for dynamic graphs. Journal of Computational and Graphical Statistics, 12:950--970, 2003.CrossRefGoogle Scholar
  2. O. de Vel, A. Anderson, M. Corney, and G. Mohay. Mining {E-mail} content for author identification forensics. SIGMOD Record, 30(4):55--64, December 2001. European Parliament Temporary Committee on the ECHELON Interception System. Final report on the existence of a global system for the interception of private and commercial communications (ECHELON interception system), 2001.CrossRefGoogle Scholar
  3. SW. Fong, D.B. Skillicorn, and D. Roussinov. Detecting word substitutions in text. IEEE Transactions on Knowledge and Data Engineering, to appear, 2007.Google Scholar
  4. G. Fung. The disputed Federalist papers: SVM and feature selection via concave minimization. In Proceedings of the 2003 Conference on Diversity in Computing, pages 42--46, Atlanta, Georgia, USA, 2003.Google Scholar
  5. D. Gupta, M. Saul, and J. Gilbertson. Evaluation of a deidentification {(De-Id)} software engine to share pathology reports and clinical documents for research. American Journal of Clinical Pathology, 121(2):176--186, February 2004.CrossRefGoogle Scholar
  6. R.D. Horn, J.D. Birdwell, and L.W. Leedy. Link discovery tool. In ONDCP/CTAC International Symposium, August 1997.Google Scholar
  7. P.S. Keila and D.B. Skillicorn. Detecting unusual email communication. In CASCON 2005, pages 238--246, 2005.Google Scholar
  8. P.S. Keila and D.B. Skillicorn. Structure in the Enron email dataset. Computational and Mathematical Organization Theory, 11(3):183--199, 2005.CrossRefGoogle Scholar
  9. M. Koppel, J. Schler, and K. Zigdon. Automatically determining an anonymous author’s native language. In Intelligence and Security Informatics, IEEE International Conference on Intelligence and Security Informatics, ISI 2005, Atlanta, GA, USA, May 19-20, pages 209--217. Springer-Verlag Lecture Notes in Computer Science LNCS 3495, 2005.Google Scholar
  10. M.L. Newman, J.W. Pennebaker, D.S. Berry, and J.M. Richards. Lying words: Predicting deception from linguistic style. Personality and Social Psychology Bulletin, 29:665--675, 2003.CrossRefGoogle Scholar
  11. M. K. Reiter and A. D. Rubin. Crowds: Anonymity for web transactions. ACM Transactions on Information and System Security, 1(1):66--92, November 1998.CrossRefGoogle Scholar
  12. D.B. Skillicorn. Beyond keyword filtering for message and conversation detection. In IEEE International Conference on Intelligence and Security Informatics (ISI2005), pages 231--243. Springer-Verlag Lecture Notes in Computer Science LNCS 3495, May 2005.Google Scholar
  13. X. Zhu and R. Rosenfeld. Improving trigram language modeling with the world wide web. In Proceedings of International Conference on Acoustics, Speech, and Signal Processing, 2001., pages 533--536, 2001.Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2008

Authors and Affiliations

  • D. B. Skillicorn
    • 1
  1. 1.School of ComputingQueen's UniversityCanada

Personalised recommendations