Profiling The Attacker

cool so yeah hey bro there's no thanks all for coming along so I'm gonna start this talk off was a question and that's the question of what does Minority Report black mirror and 1984 all have in common now there's not the fact that they're all forms of media you know books films TV shows nor is it the fact that they're all about dystopian futures but instead it's the fact that they all talk about predicting crime in one way or another whether that's the precogs in Minority Report Ricola in black mirror or the fort police in 1984 each of these forms of media look at how we could predict crime but more specifically the repercussions of doings

and that's all we could be talking about today we're going to talk about how we can use natural language processing to predict crime so for those of you that know me well know I'm not a mathematician and I'm also not a police officer so why am I talking about natural language processing which is quite mathy and predictive policing which hasn't they may suggest it's all about the wall and crime well it comes down to this quote the idea that intrusion analysis security analysis it's about far more than the tools we use it's about innovating and looking at new ways that we can protect ourselves against the tanks but also predict those attacks in the first place so I'm

actually gonna be talking about today well I want to break up into three main areas I'll talk about what predictive policing actually is I wanna talk about what natural language processing is the finally I'll talk about how we can merge these two ideas together how we can use natural language processing to predict crime before I can know what my name is James Stevenson and this time two years ago now I was a student at the University of South Wales studying computer security before that I was an intern at a logic a cloud security company and these days I'm a graduate in BT security Boston sadly writing articles to InfoSec magazine and there should be one on sentiment analysis and

the next hours but jumping straight into it what is predictive policing I keep talking about it but what actually is it because if we're going to use natural language processing to predict crime and kind of me to know what predictive policing is and it comes down to two main areas location-based predictive policing and individual based abilities so the name may suggest location-based predictive policing there's all but looking at an area so I saying in this area in the future is a crime likely to occur now this map is a great example of location-based predictive policing it's a map of London or between a specific time period the darker the color the more crime or we can use this for

predictive policing because we can say okay if a crime persecuted under these specific circumstances in the past the new Chrome's likely to occur and these same circumstances again so today we're gonna be focusing on individual based predictive policing now individual based predictive policing is like a game of 20 questions we have different questions you go to different routes different avenues I'm left with the school and that score is how likely a specific individual is to commit from and when it comes to this type of predictive policing there's a whole range of methodologies approaches and theories that we can use to predict Khan and we're going to focus on three of those today the first figure we're going to

look at is called string theory now string theory is the idea that society puts pressure or individuals to achieve specific goals like the American dream but when individuals lack the means to achieve those goals they're more likely to commit crimes so that I can achieve them the next figure we're gonna look at is called social control theory the social control theory is the idea that individuals who lack close relationships commitments values long rules are more likely to commit crimes because they don't have those relationships or values as an anchor in society then the final theory will be look at today is called social disorganization theory now social disorganization theory is the idea that location is key if you live or work in

an area known for a specific type of crime this theory says that intrinsically you're more likely to connect crowd looking at what natural or what predicted policing is different types of predictive policing and how we can use predictive policing it's a pretty cool but this talk is all about natural language processor is all about how we can use natural language processing to do just that but to really understand that three understand natural language processing we need to understand language what is language well for us as human beings language comes down to these three main areas speaking reading and writing things that we do every day so because we do these things every day most of us or some of us four people

answer this question Paris - France plus England equals what now the answer is London because Paris is to France as London is to England so if we knew that that was the answer why did we know for those years well we knew that answer because the experience this was had because the knowledge in the context that were built where we spoken to people got on internet read books that's all built our understanding so then the question still stands through to give that question to a machine would it be able to answer the question well it would if we gave it the right context so this is the Wikipedia article for London and if we fed this into our

natural language processing machine it would learn from the surrounding context Moodle in that London is a city it would learn that London is in the United Kingdom of which England is as well again building that knowledge base and building that context so that's how natural language processing works how does sentiment analysis work because sentiment analysis is all about looking at a specific bit of text and saying what is the emotion what is the sentiment behind that text so again as human beings we have eight main pillars to our emotions but the sentiment analysis we only really care about - that's positive and negative so how do we translate these eight emotions down to do and well when we're talking about

positive emotions we're really talking about these ones with anger being the red herring when when we're talking about negative emotions we're really talking these words so if that's the emotions that we're talking about and refer to natural language processing when it's too intimate analysis specifically how do we actually get that sentiment from text how do we ask our machine to look at a bit of text and say what is the sentiment behind it and well if the same as most machine learning approaches we take a massive dataset now for this example it's going to be restaurant reviews we think it have too many entities to those reviews the actual review and the sentiment of that review

so for example I love my local pizza restaurant has a positive sentiment while this place is content health has a negative sentiment we're then going to break that dataset down to two we're gonna have a training set and a testing set when it comes to that training set we're gonna ask our natural language processing initiative to look at the key words we say okay what keywords are more problems with a positive sentence and what keywords are more problems with a negative sentiment when we come to testing were then going to say okay you tell me what the sentiment of these remaining entities it is and if that matches the sentiment we already know them to have great it doesn't then

something's gone wrong so that's how natural language processing words that's how sentiment analysis works what already exists or some examples of natural language processing in the real world well this is AWS comprehend more specifically comprehend Medical which is a delicious approach to natural language processing when it comes to medicine and healthcare a doctor or healthcare professional will type in a patient's information detailed symptoms the natural language process into it will do its thing and it will come back with key bits of information the things that that health care professional the eastern it this example we have is tengo la notte toe AI is Microsoft's approach to natural language processing when it came to a Twitter

chat tell you would change its response to people depending where people spoke to it now lasted just under 24 hours it was quite controversial but nonetheless a great example then finally we have predictive text or Evernote your own Android or an eye whether your predictive taxes properly works uses natural language processing so there we have three great examples of natural language processing we have healthcare communications and mobile phones but none of those answered the question that we had in the beginning how we can use natural language processing to predict quote and that's what we're going to talk about next so this this is Alice its Alice's job to do just that it's Alice's job to predict crime which

it currently does this is she individually and manually profiles websites chat forums social media accounts and she profiles individuals all these accounts on their likelihood of clinic run but we can take this a step further we can use the approaches that were just mentioned to automate this we can scrape those websites we can use natural language processing on the response we can then return to Alice of risk a risk of each of these individuals to here or her organization and then of course they can be actioned accordingly and that's what we're gonna be talking about for the rest of safe we're gonna be talking about how we could build a conceptual framework that allows us to

do justice that allows us to predict crime using natural language processing and the first part of this framework is where Alice needs to sit down and she needs to look at the individuals that she's profiling and say okay what is the impact of these individuals if they were to commit the crime that were profiling them for what would the impact be or if we're looking at network infrastructure what the impacts are these specific malicious actors be an every comes down to those three main areas lots of confidentiality integrity and availability so that's part of that framework goes back to those predictive policing theories that we mentioned Billy Ron we scrape these websites we look at the

text we use natural language processing on the text we first of all we say okay does that text contain references to any goals or aspirations if it does what is the sentiment of that text next we take that same bit of text and say okay now does that text contain reference to any close relationships teni commitments and individuals and groups any organizations and if so what is the sentiment and then finally you say okay does that body of text contain reference to the individuals location if so is it a location known for that type of crime and finally once again what is the sentiment and then we go from each of these trees aggregating a score as we

go and there's a score of the overall likelihood for this individual on committing Cod we then use that score to account the risk and that's the risk of that individual to the crime that Alice is provoked and then pin ultimately as part of this framework we just want to aggregate as much information as we can and we can use natural language processing to do this we can aggregate information like common topics trends age gender and race occupations salary that finally any dates or times now the reason why we haven't focused on this information today because this information has significantly higher scope of the coming bucks and that's really a talk for another day so finally we're going to

talk about a naming convention with these individuals as part of its framework how can we name these individuals without including any of that information that has the potential of becoming bias so here I've chosen a naming convention it's broken down into four main areas the source the time the reticle which is what we worked out earlier on and the finally a pseudo random words exhibit a bit of uniqueness and then we have it so we've looked at what predictive policing is looked at what natural language processing is most looked at how we can use natural language processing to predict crime but again it comes back to the facts why are you talking about this in a computer

security problems and it comes back to this quote the idea that intrusion analysis security analysis it's about far more than the tools we use it's about innovating but also thinking outside the box and looking at new ways that we can protect ourselves against tenants but also predict those attacks in the first place so I've got a few minutes left so what I'm going to do with some questions I've had in the past I'll write book and then we can have any questions anyone else says so for this question we have is its predictive policing better than normal police and the answer there is no right predictive policing is a supplement it's a tool it's something that should be used in

addition to normal policing next we have is predictive policing but the quick answer to that is yes it is very bias the short answer or long answer I should say is yes it's bias but it's just as bias as normal human beings the problem you have were predictive policing is it's garbage in garbage out so if you're dictor is bias well framework is going to be bias as well and the problem we have with crime deter is that the data is super bias there's so many undocumented crimes like assault that because of the way it's documented or undocumented means that our frameworks are intrinsically bias and then finally or finally but it's predictive policing used in the real

world yes so it's used across the UK but one of the kind of highest media bits of attention it's had is the LAPD in the States so they have a scheme called laser the way that laser works is it's for ex-offenders so ex-offenders get given a score and that score defines how likely that individual is to commit a crime next we have how good is natural language processing picking up nuances in text and there's a great example I looked at from a video this woman talks about natural image processing and she talks about how there's this one example that understands two languages sooner teens and I think that's a great example because it actually goes to show that in

some cases natural language processing is better for understanding language than us as human beings and finally what's next while specifically for this framework currently I'm building on a tool that allows us to do justice it's way early stages at the moment but it's more on a proof of concept to show that it's possible rather than just if you're right to go so once again thanks for coming along basically organizers for having you today if you do have any questions proof it ask me now come find me afterwards I'm also on Twitter and underscore entities Thanks

are there any questions early good I can't send you the penis do you think on supported I think I said so it's definitely a supplement chair right all right so it's not there to replace a police intuition and it's not there to replace human interaction but it can definitely be used as an additional tools Sophie let you look at and go okay well it thinks this I actually think this yes okay so it's the question how does sorry yeah so pretty times how you do it so currently did so the question is if you have kind of large amounts of data or a botnet or anything on those lines is that like a red herring is that

picked up using a framework like this and I think it really depends how you implement it because you can add your own rules you can add your own signatures and every depends what you're looking for so in the case of Alice where we had Alice was specifically looking for key individuals let's say she typed in an individual's name and that would be the individual she's profile in cases where you're looking at large amounts of data and you're looking for all of this data who in that data is a bad guy could be a bad guy I think that's a very different scenario where you're more looking for a needle in the haystack rather than looking for a specific

individual in that haystack there any questions this years old I guess stories about where this stuff goes wrong was that tied up daily so oh yes yes yes so I've done that's the reason I like bringing this up at the beginning because the question is if all in all those forms of media that we have predicted policing has gone terribly wrong and what is that to do with all this and again I think that's why I like bringing it up at the beginning because it does go to show yeah this can go horribly wrong but it's up to us as people curating this so much the AI ugh right will say well what happens to AI but it

goes horribly wrong well it's up to ask to curate ads and to make sure it doesn't go horribly wrong okay how many cultures where those yeah yes so this varies are primarily designed for Western cultures so the question was there's three Furies that we mentioned earlier on where do they work do they work everywhere they're not and again so those few fries are a Western based designed on Western culture now again it reads minds of how your profile if you are performing different culture then you're gonna be using different theories you can be even different approaches different is all of that stuff and again it comes down to the individual approach again this framework is completely conceptional it

doesn't really exist so you would have to tailor depending on what you're doing again coming back to curating great in your discussions yeah great thanks ever again