Security Informatics

Annals of Information Systems

Volume 1: Managing in the Information Economy: Current Research Issues Uday Apte, Uday Karmarkar, eds. Volume 2: Decision Support for Global Enterprises Uday Kulkarni, Daniel J. Power and Ramesh Sharda, eds. Volume 3: New Trends in Data Warehousing and Data Analysis Stanislaw Kozielski, Robert Wremble, eds. Volume 4: Knowledge Management and Organizational Learning William R. King, ed. Volume 5: Information Technology and Product Development Satish Nambisan, ed. Volume 6: Web 2.0 & Semantic Web Vladan Devedžic, Dragan Gaševic, eds. Volume 7: Web-Based Applications in Healthcare and Biomedicine Athina Lazakidou, ed. Volume 8: Data Mining: Special Issue in Annals of Information Systems Robert Stahlbock, Sven F. Crone and Stefan Lessmann, eds. Volume 9: Security Informatics Christopher C. Yang, Michael Chiu-Lung Chau, Jau-Hwang Wang and Hsinchun Chen, eds.

Christopher C. Yang · Michael Chiu-Lung Chau · Jau-Hwang Wang · Hsinchun Chen Editors

Security Informatics

123

Editors Christopher C. Yang College of Information Science and Technology Drexel University 3141 Chestnut Street Philadelphia, PA 19104 USA [email protected] Jau-Hwang Wang Department of Information Management Central Police University Gueishan Taoyuan 33334 Taiwan R.O.C [email protected]

Michael Chiu-Lung Chau School of Business 7/F, Meng Wah Complex The University of Hong Kong Pokfulam Road Hong Kong SAR [email protected] Hsinchun Chen Eller College of Management McClelland Hall 430 1130 E. Helen St. Tucson, AZ 85721 USA [email protected]

ISSN 1934-3221 e-ISSN 1934-3213 ISBN 978-1-4419-1324-1 e-ISBN 978-1-4419-1325-8 DOI 10.1007/978-1-4419-1325-8 Springer New York Dordrecht Heidelberg London Library of Congress Control Number: 2009938002 © Springer Science+Business Media, LLC 2010 All rights reserved. This work may not be translated or copied in whole or in part without the written permission of the publisher (Springer Science+Business Media, LLC, 233 Spring Street, New York, NY 10013, USA), except for brief excerpts in connection with reviews or scholarly analysis. Use in connection with any form of information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed is forbidden. The use in this publication of trade names, trademarks, service marks, and similar terms, even if they are not identified as such, is not to be taken as an expression of opinion as to whether or not they are subject to proprietary rights. Printed on acid-free paper Springer is part of Springer Science+Business Media (www.springer.com)

Preface

Intelligence and Security Informatics (ISI) is the study of the development and use of advanced information systems and technologies for national, international, and societal security-related applications. ISI topics include ISI data management, data and text mining for ISI applications, terrorism informatics, deception and intent detection, terrorist and criminal social network analysis, public health and biosecurity, crime analysis, cyber-infrastructure protection, transportation infrastructure security, policy studies and evaluation, and information assurance. Due to the advent of terrorism attacks in recent years, ISI has gained increasingly more interest and attention from academic researchers, law enforcement and intelligence experts, information technology consultants, and practitioners. The first IEEE International Conference on ISI was held in 2003 and subsequent meetings were held annually. Starting from 2006, the Pacific Asia Workshop on ISI (PAISI) was also held annually in Pacific Asia, with large numbers of contributors and participants from the region. A European Workshop on ISI was started in Denmark in 2008. Given the importance of ISI, we introduce a special volume of security informatics in Annals of Information Systems. In this special volume, we include nine papers covering a wide range of active research areas in security informatics. Chen et al. studied the international Falun Gong movement through a cyber-archaeology approach. Link, web content, and forum content analyses were employed to investigate the framing of social movement identity. Skillicorn and Little adopted an empirical model based on changes in frequencies of 88 significant words to detect deception in non-emotional testimony. The model was validated with the testimony to the Gomery Commission, a Canadian investigation of misuse of government funds. Yang and Tang developed a new sub-graph generalization approach for social network data sharing between organizations and preserving privacy of sensitive data. The shared data was integrated to support social network analysis such as centrality measurement. Qiao et al. proposed the Growing Window-based Constrained k-Closest Pairs (GWCCP) algorithm to discover the closest pairs of objects within a constrained spatial region for spatial analysis in crime databases. Lee et al. developed a framework for what-if emergency response management using a complete set of order-k, ordered order-k and kth nearest Voronoi diagram. Several scenarios had been

v

vi

Preface

presented to demonstrate how it was useful in the four phases of emergency response: mitigation, preparedness, response, and recovery. Glässer and Vajihollahi proposed a framework of identity management architecture for analyzing and reasoning about identity management concepts and requirements. Chen et al. proposed a framework of two-staged game theoretic models for deploying intrusion detection agents. Su et al. presented the distributed event-triggered knowledge network (ETKnet) for data and knowledge sharing. A unified knowledge and process specification language was also developed. Cha et al. proposed a risk management system RiskPatrol which integrated the business continuity management with the risk assessment process. Philadelphia, Pennsylvania Hong Kong, SAR Taiwan, ROC Tucson, Arizona

Christopher C. Yang Michael Chau Jau-Hwang Wang Hsinchun Chen

Contents

Framing Social Movement Identity with Cyber-Artifacts: A Case Study of the International Falun Gong Movement . . . . . . . . Yi-Da Chen, Ahmed Abbasi, and Hsinchun Chen

1

Patterns of Word Use for Deception in Testimony . . . . . . . . . . . . . David B. Skillicorn and Ayron Little

25

Information Integration for Terrorist or Criminal Social Networks . . . Christopher C. Yang and Xuning Tang

41

Processing Constrained k-Closest Pairs Queries in Crime Databases . . Shaojie Qiao, Changjie Tang, Huidong Jin, Shucheng Dai, Xingshu Chen, Michael Chau, and Jian Hu

59

Emergency Response Through Higher Order Voronoi Diagrams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ickjai Lee, Reece Pershouse, Peter Phillips, Kyungmi Lee, and Christopher Torpelund-Bruin Identity Management Architecture . . . . . . . . . . . . . . . . . . . . . Uwe Glässer and Mona Vajihollahi A Game Theoretic Framework for Multi-agent Deployment in Intrusion Detection Systems . . . . . . . . . . . . . . . . . . . . . . . Yi-Ming Chen, Dachrahn Wu, and Cheng-Kuang Wu ETKnet: A Distributed Network System for Sharing Event Data and Multi-faceted Knowledge in a Collaboration Federation . . . . . . Stanley Y.W. Su, Howard W. Beck, Xuelian Xiao, Jeff DePree, Seema Degwekar, Chen Zhou, Minsoo Lee, Carla Thomas, Andrew Coggeshall, and Richard Bostock Duplicate Work Reduction in Business Continuity and Risk Management Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . Shi-Cho Cha, Pei-Wen Juo, Li-Ting Liu, and Wei-Ning Chen

77

97

117

135

155

vii