Researchers build software to map criminal networks

Phone calls, social networks on the radar.

Sydney researchers are developing an open source tool that could allow security professionals to detect and visualise unusual behaviours in two dimensions.

Called GEOMI (Geometry for Maximum Insight), the Java-based tool has been under development at the faculty since 2005, with version 2 released last year.

Sydney University professor Seok-Hee Hong said the tool could be used to analyse complex relationships in social networks, email and phone records.

By presenting information as two-dimensional visuals, she said the tool could allow police and security specialists to look for various relationships and abnormal behaviour, such as 'short cycles'.

The term 'short cycle' refers to chains of connections that loop back to the original source in only three or four steps. For instance, a connection with a cycle length of four is:

• Tom is connected to John.
• John is connected to May.
• May is connected to Keith.
• Keith is connected to Tom

"If this connection represents money transfers, phone calls, or medical insurance claims, it could be an example of suspicious behaviour and used to detect fraud," Hong explained.

“[Law enforcement agencies] would use our visualisation for brainstorming, exploring new ideas, generating new hypothesis, trying to find connections, confirming or rejecting hypothesis, and searching for evidence."

Hong described GEOMI as a research prototype and generic visual analytics tool that had yet to be commercialised for specific domains.

Besides law enforcement, the tool could also be used to map biological networks -- including protein-protein interaction, gene regulatory networks and biochemical pathways.

Hong said GEOMI algorithms were "superfast", capable of running in "O(n log n) time [compared to] existing ones [in] O(n2) time, where n represents the size of the graph".

“We hope to achieve to run visualisations in real-time time in the near future," she said. "Good visualisation of data is worth more than millions of words."

Hong did not disclose the names of any organisations that were using the tool, noting that Sydney University did not deal with clients or customers directly.

“Instead, we work with companies which produced visual analytic tools for such customers, for example, Tom Sawyer software in the US, CYRAM in Korea  and Netmap in Australia,” she said.

GEOMI used to detect viruses in in an email network.

Earlier this month, the New Zealand Police agreed to commercialise its Environment for Virtualised Evidence (EVE) technology, used to mine seized electronic devices like mobile phones and PCs for clues.

The police's technology partner Wynard Group hoped to market the solution to other police forces around the world, valuing the US digital forensics services market alone at $A844 million.