Scoring
In SMC project we assumed that spotted threats will be scored using one-dimensional measure. This measure shall be used by analysts to rank potential threats identified by the systems. Users will also have other tools supporting their investigation like filtering and sorting, but the proposed measure should be general and useful in the first phase of the analysis. It is also essential for optimization of the threat analysis process.
A scoring, the degree of the importance of the threat, is calculated based on evaluation of the three attributes related to a threat:
- advertiser: the more advertisements one posts, the more attention of the investigators one should attract. Identity of the advertiser is described by a set of identifying attributes, e.g. e-mail, phone, communicator.
- object: there is no generally agreed single classification of medicaments useful for scoring, therefore we search for any agreed name specified in the system table. Synonyms are quite popular in a natural language, therefore for scoring we actually consider normalized names.
- action: two basic actions are recognized - buy and sell. In an advertisement, more than one action can be identified, and each can be related to a separate set of objects. Recognition of such relations is, however, error-prone and of low confidence. Additionally, such relations are not so important for users. Therefore, scoring will be calculated on the most probable action.