bayesian networks for cyber crimes. bayes’ theorem for an hypothesis h supported by evidence e:...
TRANSCRIPT
Bayesian Networks for Cyber Crimes
Bayes’ Theorem
• For an hypothesis H supported by evidence E:Pr(H|E) = Pr(E|H).Pr(H)/Pr(E)
• where– Pr(H|E) is the posterior probability of H, given E– Pr(E|H) is the likelihood of E, given H– Pr(H) is the prior probability of H, without E– Pr(E) is a normalisation factor
• We can use Pr(H)=½ for a zero bias on H• We can get Pr(E|H) from surveys of experts
Odds and Likelihood Ratio
• If:– Hp is the prosecution’s hypothesis– Hd is the defence’s hypothesis
• then:
• so:posterior odds = likelihood ratio x prior odds
Bayesian Networks
• Introduced by Judea Pearl in 1988• Enables the Bayesian inference to propagate
through a network (DAG) representing the evidential traces (Ei) and the associated sub-hypotheses (Hi) of a digital crime model
• Output is posterior probability of hypothesis H• Example: BitTorrent illegal P2P MP4 uploading
(‘initial seeder’) case