Yuval Elovici, Abraham K, el, Mark Last, Bracha Shapira, Omer Zaafrany, Moti Schneider, Menahem Friedman
Knowledge Discovery in Databases: PKDD 2004: 8th European Conference on …, 2004
Terrorist Detection System (TDS) is aimed at detecting suspicious users on the Internet by the content of information they access. TDS consists of two main modules: a training module activated in batch mode, and an on-line detection module. The training module is provided with web pages that include terror related content and learns the typical interests of terrorists by applying data mining algorithms to the training data. The detection module performs real-time monitoring on users’ traffic and analyzes the content of the pages they access. An alarm is issued upon detection of a user whose content of accessed pages is “too” similar to typical terrorist content. TDS feasibility was tested in a network environment. Its detection rate was better than the rate of a state of the art Intrusion Detection System based on anomaly detection.