Analysing and visualising data sets of cybercrime investigations using Structured Occurrence Nets
Abstract
Structured Occurrence Nets (SONs) are a Petri net based formalism for
portraying the behaviour of complex evolving systems. As a concept,
SONs are derived from Occurrence Nets (ONs). SONs provide a powerful
framework for evolving system analysis and are supported by the existing
SONCraft toolset. On the other hand, modelling of cybercrime investigations has become of interest in recent years, and large-scale criminal
investigations have been considered as complex evolving systems. Right
now, they present a significant challenge for police investigators and analysts. The current thesis contributes to addressing this challenge in two
different ways: (i) by presenting an algorithm and an implemented tool
that visualise data sets using maximal concurrency; and (ii) by detecting
DNS tunnelling through a novel SON-based technique and tool. Moreover,
the theoretical contribution of this thesis focuses on model extensions and
abstraction; in particular, it introduces a new class of SONs based on
multi-coloured tokens.