[nabs-l] research techniques and databases

Thu Jun 25 11:50:07 UTC 2009

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Ashley,
I don't claim to be any expert on research. I'm quite bad at it in fact
unless it happens to be about something to do with computer security,
software algorithms, cryptography, or some other completely geeky topic.
However, I've given my thoughts on some of your questions below. Your
question is quoted, followed by my thoughts.

> 2. How do you use those PDF files?  What can you do in Openbook to access them?
> Many full text articles were PDF rendering them inaccessible without using a scanner.

The fact a document is in PDF format doesn't automatically mean it can't
be read. If you do come across one you can't read, the problem is most
likely that you've got a PDF which simply contains a scanned image of an
article instead of the actual text. The tell-tail sign of this is if you
are told the document is empty when you open it in Acrobat. Many of the
OCR packages out there can take such a PDF and run the image through
OCR, thereby producing something you can read. I believe Openbook has
this ability. I know for certain that Omnipage does since it's what I use.

> 4. What do you do to determine if an article is relevant?  So far I thought of reading
> the abstract and/or intro.  Sometimes I read entire articles only to find them not
> as useful as I thought they would be based on the intro.

I've never done research in the way you're thinking of, but in my
occupation I do often have to thumb through books, magazine articles,
the occasional journal article, white papers, etc. to see if there is
anything useful to me in them. I've found the following techniques to be
helpful.

1. As you suggested, read the abstract or introduction.

2. If the article is divided into sections, read the section titles, and
possibly the first paragraph of each section to see if it yields
anything promising. I'll give you an example of the process I might use.
If I were looking for information on network intrusion detection
systems, which is a topic I have needed to research. I might find an
article on network monitoring, network defense, or remote exploitation
of interest. From there, let's say I found a section called, "using
encryption to protect against sniffing". Well, obviously that has
nothing to do with anything I am interested in in this specific case.
But let's say later I see something like, "detecting outside scans of
your network". Well, since I know intrusion detection systems are used
as one tool for that, that's a section I might want to take a closer
look at. These titles are very boiler plate and hypothetical I know, but
they illustrate the point.

3. If you know something about the content of the article, and you know
what you're looking for, you might try searching the article for
specific keywords. Continuing the previous example, I might look for
things like: "intrusion detection", "network intrusion", "ids", "nids",
"port scan", "exploit", "vulnerability" or "alarm". If I were on the
other end, trying to sneak into someone's network unnoticed, I might be
interested in keywords like, "elude" "eluding" "decoy" "evade" "evading"
"penetration test" or "pen-test". This one requires you have a fairly
good idea of exactly what you're looking for in order to form keywords
or strings of keywords that will yield good results. In my case, it also
requires a spell checker since I can't spell and a keyword search only
works if you spell the keywords right. LOL

Hope this helps.
Joe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iQEcBAEBCAAGBQJKQ2RuAAoJEMh8jNraUiwq15IIAKiisktkMuE/Az5FY9zAQWfn
70uQAFOis71aV86SqQin/qu9UKdBZ4wYbvl+aFszwtHpHu3mM3xGqfjVAachRHvo
oWb1l8+SLI5/vo0k//Tl/3dzuKWSQQhYBbtriyakdbd1e2hPXhclBR8YoflGdzzw
/wi84SfkGgLUtZRKWVvBxEOi7WHHgvvlePAuDHGipOBiCQuAEUjdNhza9DGyjiw4
ykAUUsaoMFf3VYj6Pa7LcV/Tm+oaAYMOS06PsM0w9luHtIbNZEjQvf2Q1Gi6WkTC
hpn5dRYS/YYHbzxjak9aehP10Tjd5TTATb4qHPQrtsVaL69v0RfFx+JAXFNw20A=
=8T5b
-----END PGP SIGNATURE-----