Open Access Repository

Computational intelligence in e-mail traffic analysis

Lim, MJH (2008) Computational intelligence in e-mail traffic analysis. PhD thesis, University of Tasmania.

[img]
Preview
PDF (Whole Thesis)
02Whole.pdf | Download (5MB)
Available under University of Tasmania Standard License.

Abstract

In law enforcement, tools and techniques are required that enable forensic analysts to uncover electronic evidence about the communication activities of possible criminal or terrorist suspects. This is needed in order to better understand the actions of criminal or terrorist groups and to also understand the communication patterns of suspected individuals. The extraction of useful information from electronic communication data is a difficult task, due to the large amounts of data and also due to the difficulty in making sense of unusual activities in the data. This thesis considers the problem of aiding the analyst to provide a better understanding about the communication behaviour of suspected individuals. The type of data considered for the thesis is e-mail traffic, which is based on information obtained from e-mail message headers but not the content of e-mails.

This thesis proposes a "computational intelligence" approach for analysing email traffic, by using a set of computational techniques to provide different perspectives for examining the communication behaviour of suspect e-mail accounts. This is considered important, since a range of views on e-mail traffic behaviour can provide the user/analyst a more overall understanding about the behaviour of suspect e-mail accounts. The purpose of using a set of computational techniques is to utilise the capabilities of each technique, so that the combined effect of using those techniques present useful information to the user/analyst about a suspect e-mail account's traffic behaviour.

The computational techniques used for the research in this thesis are visualisation and feature extraction techniques, which each provide different ways of examining e-mail traffic behaviour. Visualisation is used to provide a visual method of interpreting, exploring, and understanding the communication patterns present in e-mail traffic data. The two visualisation techniques used for visualization are social network visualisation and time-series visualisation. Feature extraction techniques are another type of technique used to analyse e-mail traffic behaviour, by providing information that locate features in the data, indicating where unusual changes in communication activity are occurring. The two techniques used for feature extraction in the research are decision tree classification and hierarchical fuzzy inference.

Two case studies are provided in this thesis. The first case study explores the detection of unusual variations in traffic behaviour from simulated e-mail traffic data, while the second case study explores the rating of abnormal communication changes from the Enron e-mail corpus dataset. Both case studies demonstrate that computational intelligence is a useful approach for providing the user/analyst a better understanding about the traffic behaviour of suspect e-mail accounts.

Item Type: Thesis (PhD)
Keywords: Computational intelligence, Pattern recognition systems, Email, Terrorism
Copyright Information:

Copyright © 2008 the author

Date Deposited: 10 Nov 2008 21:27
Last Modified: 30 Nov 2017 03:05
Item Statistics: View statistics for this item

Actions (login required)

Item Control Page Item Control Page
TOP