Data Science and counterintelligence. A case for a new model of terrorist networks detection.
Defense and intelligence sectors were one of the first to see the potential of applied Data Science. From smart pattern recognition in radars and autonomous weapons to assessing the risk posed by adversarial actors – contemporary international security system couldn’t do without advanced algorithms.
One of the disciplines that benefit from advanced mathematics is counter-terrorism studies. Its impact is particularly significant in the sub-field of theories aiming at discovering hostile networks. Today, mapping terrorist networks are one of the foundations of any counter-terrorism effort. It not only helps to understand the way terrorists think and operate but also plays a key role in designing an appropriate response.
One of the most popular methods used by the intelligence agencies and the military allows for identifying suspects playing key roles in terrorist organizations. This task can be completed by the use of centrality measures – metrics developed in graph theory to quantify the importance of nodes within networks. Arguably, three fundamental measures of centrality are (i) degree centrality (which ranks each node based on the number of neighbors it has); (ii) closeness centrality (which ranks each node based on its average distance to other nodes); (iii) betweenness centrality (which ranks each node based on the relative number of shortest paths that go through that node).
Unfortunately, understanding how criminals organize themselves in a network is usually challenging. The data may be incomplete, the nature of the relationship between two criminals unclear, and the network may permanently evolve and reorganize. Overall, there are two main approaches to terrorism networks in academic literature. In the first one, researchers study known topologies of historical or contemporary criminal networks, to understand why particular structures have emerged. In the article recently published in ACM Transactions on Intelligent Systems and Technology, Waniek and co-authors contribute to an alternative, more theoretical approach. Its goal is to explain the structural properties of covert networks by explicitly modeling some possible dilemmas faced by the leaders of terrorist networks. In particular, academic literature on this topic usually concludes that criminals in general, and terrorists, in particular, face a constant tradeoff between secrecy and efficiency. On the one hand, the terrorist cells need to be densely connected to function efficiently. On the other hand, too many connections may jeopardize secrecy as they make terrorist plots traceable and, more importantly, at least theoretically preventable.
What characterizes the new model? Let’s assume that a terrorist network is composed of two types of agents: the leaders (top echelon of the organization) and the followers (lay members). The leaders are aware that they are the prime target of law-enforcement agencies who may use centrality analysis to identify them. To prevent this, the leaders would like to strategically modify the existing network or to create a new one in such a way that their centrality becomes lower than a certain, predefined threshold δ (a safety margin). The optimal modifications of the existing network cannot be computed in polynomial time given any degree, closeness, and betweenness centrality measures.
However, it is possible to efficiently create a network from scratches, designed specifically to hide the members of the higher echelon of the organization without limiting their leadership abilities. This network, shown in figure (Figure nr.1) below, has a group of leaders forming a clique (which ensures efficient communication among them) and a well-defined core of “captains” who are densely connected among themselves and who act as intermediaries between the leaders and all other members of the organization. Interestingly, such “inner circles” have been identified in some real-life terrorist networks such as, e.g., Al-Quaeda and IRA.
The presented analysis can be extended in various directions. It would be interesting to see new social network analysis tools, and centrality measures, in particular, that are immune (at least to some extent) against such evasion techniques. There is also an important reservation to be made: although our captain networks appear to be effective in terms of influence (i.e., they are empirically shown to grant the leaders a reasonable level of influence), they do not provide any worst-case guarantees on solution quality. Finally, it would also be interesting to examine whether there are special classes of networks for which the problem of hiding leaders can easily be solved or whether it is possible to construct a network that conceals certain edges. These problems require future scientific research as well as feedback from the expert (security, defense, intelligence) community.
The full article by Marcin Waniek , Tomasz P. Michalak, Michael Wooldridge , Talal Rahwan can be accessed at: https://dl.acm.org/doi/10.1145/3490462