by Carrie Barnett

Sneaks can always find ways to keep their schemes hidden from snooping eyes. Al Qaeda operatives, for instance, reportedly substituted the word “wedding” for “attack” in e-mail messages. Similarly, two September 11th conspirators cloaked the true meaning of their e-mails. They used words such as “architecture” to represent the World Trade Center, according to Dale Watson, a former counterterrorist expert with the Federal Bureau of Investigation.

Finding such word substitutions has been a hit-or-miss process for federal investigators who work to ferret out online treachery. It’s also tough duty for corporate security pros who try to catch employee collusion.

Dmitri Roussinov says that new research proves that computer programs are capable of detecting word swaps that conceal the true meaning of e-mail messages. Roussinov is an assistant professor of information management at the ASU’s W. P. Carey School of Business. He and his colleagues tested word-detection methods. They found that the best approach combines several measures of linguistic oddity.

Roussinov’s team analyzed Enron's corporate e-mail and used it for word-substitution experiments. They replaced nouns with nouns of similar recurrence in daily discourse. They used Google and Wordcount.org to evaluate the “oddity” of post-substitution word combinations.

For example, consider the phrase “the bomb is in position.” When searched as an exact quote or string of words on Google, the phrase brings up 68 references. However, if you substitute “bomb” with “alcohol,” in the Wordcount.org rankings, no references show.

The researchers used this type of disparity to evaluate sentence “oddity” and make judgments on word substitution. By combining multiple detection methods, they boosted word-substitution detection rates to 68 percent.

This story was excerpted from the Knowledge @ W. P. Carey web site. To see the full story or other stories from ASU’s W. P. Carey School of Business, go to: http://knowledge.wpcarey.asu.edu