Emerging Field of Social Physics Shows Promise In Cybercrime Detection (#GotBitcoin?)
A few weeks ago I wrote about social physics, a new discipline that aims to help us better understand and predict the behavior of human groups. Social physics is based on the premise that all event-data representing human activity contain a special set of group behavior patterns. As long as the data involves human activity, regardless of the type of data or the demographics of the users, similar behavioral dynamics apply. These patterns can be used to detect emerging behavioral trends before they can be observed by other data analytics techniques. Emerging Field of Social Physics Shows Promise In Cybercrime Detection
And among those trends in which social physics may prove useful: cyber criminal activities.
Social physics originated in MIT’s Human Dynamics Lab and in a recent paper published in New Solutions for Cybersecurity, MIT’s Alex (Sandy) Pentland and Yaniv Altshuler discuss the application of social physics to cybercrime
The paper starts out by explaining how social physics differs from and complements machine learning methods, which are most successful when applied to complex problems like machine translation and image and voice recognition where a huge body of data is available and the data is fairly static. Data derived from human behavior is quite different. It’s dynamic, highly versatile, ever-changing and influenced by complex social interactions. Predicting human behavior requires the ability to frequently analyze relatively small data sets collected over short periods of time.
“Social physics approaches data from a completely different angle,” write Messrs. Altshuler and Pentland. “Instead of deriving patterns from input data itself, it is based on the discovery that all human behavioral data is guaranteed to contain within it a set of common social behavioral laws – mathematical relationships that emerge whenever a large enough number of people operate in the same space.” A few key capabilities differentiate social physics from other analytic methods:
It’s content agnostic – you don’t need to know what question to ask, just give examples of the entities of interest (EOI) to search for in the form “here is an example X, find me more of X.”
Entities similar to the defined EOIs are searched within the data, based mainly on temporal correlations, which can be done much more quickly and accurately than machine learning algorithms.
It’s able to detect dynamic behaviors that correlate with the EOIs in real-time, which might indicate emerging or hidden patterns.
Social physics searches for patterns, not content, thus it can analyze fully encrypted data sets, enabling financial companies, health care providers or blockchains to maintain data privacy.
The paper discusses two concrete applications of social physics for the detection of cybercrimes. The first application is about detecting ISIS activities on Twitter Inc. Recently, an intelligence agency provided metadata of 15 million Tweets’s for analysis by Endor, an Israeli-based startup created by Messrs. Altshuler and Pentland that leverages social physics methods to make fast accurate predictions. As a test of the platform’s capabilities, the agency revealed the identity of 50 accounts known to be ISIS activists whose tweets were included in the input data, and asked Endor to detect an additional 74 accounts that were hidden in the data.
Endor’s analytics engine identified 80 Twitter accounts as potential EOIs because they were similar enough to the positive samples that the agency provided. Forty-five were correct matches, part of the list of 74 hidden accounts, while 35 were false positives results. Such a law false rate makes it possible for human experts to further investigate the targets.
Three key reasons make social physics an ideal tool for detecting such hidden threats in the cyber environment, as was the case in this particular application:
“The ability to connect to structured data streams in a semantics agnostic way enabled the social physics engine to efficiently process streams written in foreign languages, such as Arabic, Urdu, or Farsi, that many mainstream data-analysis tools cannot easily digest.”
“Similarly, the use of code-words, evasive behavior or any other attempt to mask one’s intentions, activity, or social ties by metadata or language manipulations – frequent in cyber-terrorism and intelligence use cases – can easily be deciphered (or more accurately, bypassed altogether) using social physics.”
“Traditional intelligence analysis often resembles a long process of locating numerous pieces of a single puzzle and meticulously putting them together, unraveling a hidden story. Using social physics, on the other hand,… the Social Physics engine receives a ‘loose thread’ from the analyst as input, and automatically sifts hundreds of the most relevant pieces, ready for the analyst to quickly browse through them, and build the complete global picture.”
The second application entailed the detection of fraudulent bitcoin activity. Since bitcoin transactions don’t involve a central authority or trusted third-party, it’s become a payment method of choice for a variety of cybercrime players. In addition, while bitcoin’s blockchain-based infrastructure is highly secure, bitcoin exchanges have been repeatedly hacked over the years. And once bitcoins are stolen, it’s near impossible to retrieve them. If you’ve stored bitcoins in an exchange that’s been hacked, they’re essentially lost.
The entire history of bitcoin transactions are publicly available in the bitcoin blockchain, although all identity information is encrypted. However, social physics can be used to analyze such encrypted bitcoin blockchains looking for clusters of transaction that appear too correlated.
“This is done by detecting Bitcoin transactions patterns that social physics dictates are highly unlikely to spontaneously emerge,” they write. “These behavioral correlations can then be matched against a given set of positive labels… resulting in the detection of behavioral correlations (each representing a ‘real world commonality’) that are associated with the stolen Bitcoins in question.”Go back