From fraudulent COVID-19 small business loans to security breaches that leak shoppers’ credit card data, the exploitation of the complex nature of corporate relationships continues to be a major concern.

For instance, the FBI Internet Crime Complaint Center received more than 28,000 complaints related to COVID-19 fraud in 2020 and a record number of complaints overall, with reported losses exceeding $4.1 billion.

However, investigating networks of corporate relationships, which could include multiple third-party vendors and subcontractors, and shell corporations is no easy task due to the complexity of the networks and limited resources of investigators.

That’s why a University of Central Florida Cyber Security and Privacy researcher is working on a new project to make investigations into corporate relationships easier and quicker by creating automated tools that help investigators track complex corporate relationships.

The three-year project is funded by a nearly $1 million Defense Advanced Research Projects Agency (DARPA) Young Faculty award. Paul Gazzillo, an assistant professor in UCF’s Department of Computer Science, will lead the research.

“Complex corporate relationships allow criminals, adversaries, and others to hide activities in plain sight using legal, but complex, cross-jurisdictional businesses,” Gazzillo says. “Helping law enforcement and intelligence to accelerate investigations into these relationships could help them in their efforts.”

This automated assistance could help prevent organizations from making fraudulent claims that don’t get caught. For example, companies that received COVID-19 Paycheck Protection Program loans when they shouldn’t have could have been prevented by cross referencing applications with publicly available corporation data.

Or it could help root out potential breach avenues, such as when a security flaw in a subcontractor’s system may have exposed consumers’ credit card data, which is the suspected cause of the 2013 hack of Target.

Gazzillo’s approach to tracking corporate relationships that are obfuscated in complex systems is to make disparate systems “talk” to each other.

“The key challenge is the gap between existing corporate relationship data — which are described informally in natural language — what humans are used to, and automated reasoning tools, which expect a highly formalized logical language that computers can work with more easily,” he says.

To overcome this challenge, the researcher will work to define corporate relationship data in machine-readable terms, use machine transformation techniques to convert relationship data in existing datasets, and create algorithms that can automatically analyze and report on the data.

“If successful, our research will act as an investigative force multiplier for national and economic security, such as FBI special agents tracking financial crime through the U.S. Financial Crimes Enforcement Network and Defense Counterintelligence and Security Agency and investigators rooting out foreign influence on defense subcontractors,” Gazzillo says. “By automating tracking, we can reduce the time needed to trace and record connections between entities, which will both accelerate investigations and reduce human error. This in turn should allow an investigator to explore more vulnerable corporate connections and take on more cases in less time compared to manual tracking.”

Gazzillo received his doctorate in computer science from New York University. He is a member of UCF’s Cyber Security and Privacy research cluster and joined UCF’s Department of Computer Science, part of UCF’s College of Engineering and Computer Science, in 2018.

Story by Robert Wells, UCF Office of Research