Predicting Malicious Behavior
eBook - ePub

Predicting Malicious Behavior

Tools and Techniques for Ensuring Global Security

  1. English
  2. ePUB (mobile friendly)
  3. Available on iOS & Android
eBook - ePub

Predicting Malicious Behavior

Tools and Techniques for Ensuring Global Security

About this book

A groundbreaking exploration of how to identify and fight security threats at every level

This revolutionary book combines real-world security scenarios with actual tools to predict and prevent incidents of terrorism, network hacking, individual criminal behavior, and more. Written by an expert with intelligence officer experience who invented the technology, it explores the keys to understanding the dark side of human nature, various types of security threats (current and potential), and how to construct a methodology to predict and combat malicious behavior. The companion CD demonstrates available detection and prediction systems and presents a walkthrough on how to conduct a predictive analysis that highlights proactive security measures.

  • Guides you through the process of predicting malicious behavior, using real world examples and how malicious behavior may be prevented in the future
  • Illustrates ways to understand malicious intent, dissect behavior, and apply the available tools and methods for enhancing security
  • Covers the methodology for predicting malicious behavior, how to apply a predictive methodology, and tools for predicting the likelihood of domestic and global threats
  • CD includes a series of walkthroughs demonstrating how to obtain a predictive analysis and how to use various available tools, including Automated Behavior Analysis

Predicting Malicious Behavior fuses the behavioral and computer sciences to enlighten anyone concerned with security and to aid professionals in keeping our world safer.

Trusted by 375,005 students

Access to over 1 million titles for a fair monthly price.

Study more efficiently using our study tools.

Information

Publisher
Wiley
Year
2012
Print ISBN
9781118166130
Edition
1
eBook ISBN
9781118239568
Topic
Computer Science
Subtopic
Cyber Security
Index
Computer Science

Part I
Understanding the Dark Side: Malicious Intent

In This Part
Chapter 1: Analyzing the Malicious Individual
Chapter 2: Analyzing the Malicious Group
Chapter 3: Analyzing Country-Level Threats
Chapter 4: Threats and Security Nightmares: Our Current Reactive State of Security
Chapter 5: Current Network Security
Chapter 6: Future Threats to Our National Security

Chapter 1
Analyzing the Malicious Individual

We are all as unique as our fingerprints. No two of us are alike. Even identical twins exhibit different behavior under different circumstances. We are born with a genetic design that dictates our eye and hair color, height, weight, temperament, musical ability, and an immense number of other attributes. However, through life's experiences we are molded by a combination of biology and environment to be who we are and to behave the way we do.
We all respond continuously to events and situations in our environment that precede our behavior. We continually respond to any environmental context in which we find ourselves. As stated in the Introduction, a behavioral perspective considers these preceding events and situations to be antecedents. When we do exhibit behavior in the presence of precursor events, our behavior has consequences. Antecedents prompt behavior to occur, and consequences maintain it, increase it, or decrease it in the future, based on the desirability of the consequences. I refer to the antecedent-behavior-consequence sequence as ABC simply to use a less wordy term. In this chapter, you will learn to use ABC principles to help analyze malicious behavior. In later chapters you will learn how to use the concepts along with new methods to accurately anticipate malicious behavior.

Analyzing the Unique Individual

The method of behavior analysis presented in this book may be used to analyze and anticipate the behavior of an individual or group. When you compare the two, perhaps surprisingly, the individual often exhibits more behavioral variety than a group. Members of a group typically share common beliefs or are united for a common cause. The commonality among the members means that the group may act as a single entity, at least in some ways. They may respond to similar antecedent conditions with similar behaviors and are reinforced by similar consequences of their actions. Street gang members may dress alike, use the same slang, target the same individuals for harm, and remain in the gang because of bonded similarities. Although there are individual differences even within the members of a group, the commonalities simplify group analysis.
To ensure adequate analysis of the individual, the following are two of the most important principles to follow:
  • First, we need to ensure that we have adequate and multiple observations of behavior under various conditions.
  • Second, observations must include adequate descriptions so that we can identify the who, what, when, where, and how of past behaviors.
In the absence of observation we can use subject matter expert (SME) descriptions, but it is essential that the SMEs are knowledgeable.

Definition

A subject matter expert is someone who maintains knowledge and details of a specific topic at a level that is more extensive than that of others. For example, a cardiologist attains and maintains knowledge of the functioning of the heart that is much deeper than that possessed by other individuals.
We want to identify the antecedents, behavior, and consequences of past behavior (see Chapter 7 for details). Therefore, we seek to identify what environmental conditions serve as antecedents that precede the behavior of interest, as well as what follows the behavior—the consequences. Multiple examples of all three components—antecedents, behavior, and consequences, in that order—allow us to predict the person's future behavior when similar antecedents and the promise of similar consequences are present.
As a simple example to demonstrate the concepts, if we observe pedestrians crossing a busy intersection, we know that the crosswalk light will flash that it is okay to cross. The antecedents in this case are the flashing crosswalk light, followed immediately by the behavior of interest—pedestrians crossing the intersection. The consequence is that pedestrians cross successfully without injury and with minimal risk. If the crossing light is not on and cross traffic is occurring, we can predict that pedestrians will not try to cross the intersection. Not crossing when the flashing crosswalk sign is not on with oncoming traffic again ensures safety at the intersection as a consequence. Therefore, we can predict with a high probability of success that when there is oncoming traffic, pedestrians will cross when the flashing crosswalk signal is on and will not cross when the signal is off. The antecedent controls the behavior.
However, with continued observation we are likely to determine that if the crosswalk light is not on and there is no oncoming traffic, pedestrians will likely cross quickly. This is a more complex and more accurate analysis. The behavior of crossing the intersection can be predicted accurately under two antecedent conditions: (1) the flashing crosswalk signal is on and traffic is stopped, and (2) the crosswalk signal is flashing or not flashing, but there is no oncoming traffic. Therefore, the two methods of crossing are likely to occur in the future because both lead to successful consequences—a safe crossing of the intersection.
Malicious behavior is very similar to this oversimplified example. Such behavior does not just happen. It occurs in response to environmental antecedents and is reinforced by the consequences of the behavior. For example, the presence of an abortion clinic and the comings and goings of the staff serve as antecedents (A) to an abortion clinic bomber. Committing a bombing is the behavior (B) that we are interested in predicting. The consequences (C) of the bombing, such as disruption of abortions stemming from physical damage, injury, or even death of the workers, reinforces the act of bombing. This ABC sequence forms the basis of behavioral modeling that has been shown to be predictive. The ability to predict future behavior is not based on a specific type of statistical method or detailed study of the behavior of interest. Prediction of behavior is based on the underlying antecedents and consequences associated with past behavior.

Note

The ability to predict future behavior is not based on a specific type of statistical method or calculation. Accurate anticipation of behavior is based on the underlying model and the components of behavior used to develop the predictive model.
Interestingly, the ability to predict behavior does not rely on the individual to be rational or sane. In many of our past clinical cases, we used applied behavior analysis to help treat psychotic episodes, hallucinations, delusional talk, and other forms of abnormal behavior. Even in cases where a person is considered mentally ill or deficient, his or her behavior may still be predicted accurately if ABC behavior principles are applied diligently. In short, everyone responds to the environment from their own perspective, regardless of whether the antecedent conditions are present, or valid, from their perspective. Whether the target of the analysis is a world leader, a terrorist, or the criminally insane, the ABC components help us analyze and predict their behavior.

Note

We don't have to thoroughly understand why a person commits a specific type of malicious act to predict its occurrence in the future. We do, however, need to identify the precipitating antecedent events and the desired consequences that followed each occasion of the malicious behavior in the past.
As a real example, Jeffrey Dahmer was a serial killer who targeted young males. Therefore, young males, their activities, and the locations they frequented became antecedents to Dahmer's behavior of visiting these same locations. Once a victim was targeted in one of these locations, the victim himself became an antecedent that prompted Dahmer's next step, which was to approach the victim. During Dahmer's interaction with the potential victim, that person's responses served as antecedents to Dahmer's approach of inviting the victim to his home, where subsequent molestation and death were waiting. If the sequence of behaviors was successful, we can predict with some certainty that the murders would continue.
Dahmer murdered 17 males over 13 years, one at a time. The antecedents to the multiple attacks, the actual behavior of murder, and the sexual molestation after death were all highly similar to each other. Dahmer's actions were an example of how malicious, fatalistic behavior may be patterned. His serial murders were also examples of behavior increasing in frequency because of the consequences (his not being apprehended and his ability to engage in sexual molestation). Until he was caught, he was free to continue his murders at an increasing pace. Finally, he was apprehended after a victim narrowly escaped and brought police to Dahmer's house. When the police arrived, they discovered pictures of young murdered men, a head in the refrigerator, and disintegrating bodies in a container of flesh-eating and bone-dissolving chemicals.
An analysis of the behavior across many individuals indicates that antecedents, behavior, and consequences are specific to the individual. The more bizarre the case example, the more assured we can be that the individual is responding to conditions in ways that are very different from our normal behavior.
The following sections present analyses of three persons with malicious intent as examples of the many and varied malicious cases:
  • Richard Reid, the infamous shoe bomber
  • Ted Bundy, the infamous serial killer
  • The general, anonymous individual cyber attacker
These examples are purposely very different—for example, in the case of Ted Bundy, the subject could be considered to be mentally disturbed. Still, in each case the behaviors described in the examples, however repulsive, can be analyzed for predictive patterns using the methods presented in this book. The latter case, the cyber attacker, is meant to be unidentifiable to demonstrate that the identity of an individual is not a requirement to conduct a behavior-based analysis.

Richard Reid: The Shoe Bomber

On December 22, 2001, Richard Reid boarded American Airlines flight 63 bound for Miami, Florida, from Paris, France. It was less than 14 weeks after the devastating al-Qaeda 9/11 attacks against the World Trade Center in New York City and the Pentagon and an aborted airliner attack downed in the fields of Pennsylvania when passengers intervened. En route, Reid took his seat like all the other passengers, but he wasn't like the other passengers. He was reportedly intent on killing everyone aboard the flight before the plane would reach Miami. Perhaps encouraged by the events just 14 weeks earlier (the infamous al-Qaeda 9/11 attack) and his self-proclaimed identification with al-Qaeda, Reid was serious, was prepared, and would kill himself along with the other passengers in the attempt. His chosen weapon was 10 ounces of pentaerythritol tetranitrate (PETN), a powerful explosive that, if detonated, would bring down the plane into ...

Table of contents

  1. Cover
  2. Title page
  3. Copyright page
  4. Dedication
  5. About the Author
  6. Credits
  7. Acknowledgements
  8. Foreword
  9. Introduction
  10. Part I: Understanding the Dark Side: Malicious Intent
  11. Part II: Dissecting Malicious Behavior
  12. Part III: Applying Tools and Methods
  13. Part IV: Predicting Malicious Behavior: Tools and Methods to Support a Paradigm Shift in Security
  14. Appendix
  15. Index
  16. Download CD/DVD content
  17. End User License Agreement

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn how to download books offline
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 990+ topics, we’ve got you covered! Learn about our mission
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more about Read Aloud
Yes! You can use the Perlego app on both iOS and Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app
Yes, you can access Predicting Malicious Behavior by Gary M. Jackson in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.