My Photo

Your email address:


Powered by FeedBlitz

January 2014

Sun Mon Tue Wed Thu Fri Sat
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31  
Blog powered by Typepad

Become a Fan

« Dumb and Dumber: Consequences of the 2006 Silverman Triathlon | Main | Effective Counter-Terrorism and the Limited Role of Predictive Data Mining »

November 29, 2006

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83452946769e200e55072c3ea8833

Listed below are links to weblogs that reference IEEE Paper: Threat & Fraud Intelligence – Las Vegas Style:

» Threat and Fraud Intelligence – Las Vegas Style from Whoot!
I met Jeff Jonas at FOO Camp this year, and he talked a lot about very large databases of people, and how to resolve personas in an identity system over an extended period of time. There are lots of things [Read More]

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Brian

Neat article, I'm glad you wrote it.

What kind of controls do organizations put in place to keep people from lying about (or just manipulating) their personal information? For example, someone trying to beat the system could use a pay-as-you-go cell phone number instead of a home number, or a PO box instead of their home address. It seems like that would be an effective way of blocking the identity and relationship resolution process.

Do organizations end up building unique components or procedures to verify different types of data? For example, one system for SSNs, another for credit card numbers, a third for phone numbers?

Would obfuscated identities reveal themselves in some other way, such as tending to have more generic components to their identities?

Is the problem just not worth worrying about? Or will smart attackers looking for large payoffs try to confuse the identity resolution system?

Ray Garcia

Jeff, the technique you describe applies to International Trade which has a compliance requirement to spot blacklisted people and entities in what is referred to as the Denied Parties list. I worked on this problem many years ago and used a modified version of the Double Metaphone Algorithm to deal with variations in international names. Also, extended the technique to work with international addresses.

You mentioned Soundex in the article which is very poor at phoenitic matching and has been supplanted by Metaphone although none of the Database vendors have advanced their products to replace Soundex yet.

Ray Garcia

The constraint of using an identity structure that can be constructed as information is captured makes sense in this context. The reason is mostly related to the fact that humans already can conceive of the various attempts as tricking the systems to avoid being caught therefore establishing a set of rules against the probable structure of data and relationships may work for this specific class of problems.

The strategy may be worth trying for other classes of problems as well where analysis and prediction have been difficult. Using a similar strategy as describe in the article might be to contruct a fuzzy ontology and fuzzy action semantics to capture information as it is available. The information can be analyzed for partial representation and fuzzy treatment in matching and formulation of relationship to other aspects of the knowledge being captured.

This approach provides a sensible balance between attempting to fully structure the data versus the difficulty of making sense out of purely unstructured data.

The above likely cannot be done with a traditional SQL database and would require an RDF-s or Owl Repository that is modified to support the fuzzy knowledge.

Ray Garcia

A related area of research that can help detect the subversion of internal controls see how data lineage is addressed by models that support Data Provenance. Dr. Sudha Ram at the University of Arizona in Tucson has done some excellent work in this area. See http://kartik.eller.arizona.edu/wits2006_poster_gif.gif
for a visual example of what Data Provenance is and how is might be used.

Thomas

Identity is the simple root for searching to the address, we can easily search to their address.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated, and will not appear until the author has approved them.