DETECTING TERRORIST ACTIVITIES

PRESENTED BY CATHERINE LUMB & ALI CLARKE

SummaryData mining and text analysis is becoming increasingly important in the field of counter-terrorism.

Over the past 10 years terrorists have started to use technology to obtain new members, communicate and conduct illegal activities. It is therefore very important that the relevant agencies have the tools to detect and identify.

During this presentation we will explain some of the techniques that may be used and the problems that could be encountered.

What is a terrorist?A terrorist can be defined as someone who systematically uses violence (terror) as a means of coercion, usually for political or financial gain.

More recently cyber terrorists have become more prominent and are a growing threat.

Why are they using the web?Terrorists can communicate (almost!) anonymously to their ever growing audience.

Their communications can be delivered to a globally quickly and easily.

Terrorist recruitment, planning and issuing threats

How to detect terrorist activity?

Text / Keyword extraction

Frequency Analysis

Web mining + Social network analysis

Advanced Terror Detection System (ATDS)

Keyword extractionExtracts suspicious keywords and catalogs them into a corpus.

Example:

“Place the package in the baggage on the aircraft.”

The corpus can then be used for further examination (such as: Frequency Analysis (FA))

The IE Algorithm “Rebels attacked the infantry garrison”

“<subject> active attack” would extract “Rebels” as the perpetrator.

active-attack <direct object> would extract “infantry garrison” as the victim.

Extraction patterns are based on a pre-defined corpus of keywords

Frequency Analysis

Identifying the frequency of a suspicious word within a corpus.

This can then be visualized and compared to normal results.

Word PercentageAirport 0.20

Security 0.13Aircraft 0.08Beirut 0.06Athens 0.05

Hijackers 0.06Hijacking 0.04Screens 0.03

Staff 0.03Baggage 0.023

Example visualization of key words

ProblemsTerrorist websites do not use fixed IP addresses and URLS, this makes it harder to find the websites.

Physical locations of servers change, this makes it hard to monitor the traffic.

Terrorists may also use covert language, such as code words (eg ‘the package’).

Many different languages and dialects.

Big data

Conclusion

In conclusion:

Text analysis has been used effectively within the field of counter-terrorism however there are still many problems that must be overcome such as big data issues.

References

http://www.ise.bgu.ac.il/faculty/mlast/papers/JIW_Paper.pdf

http://www.unodc.org/documents/frontpage/Use_of_Internet_for_Terrorist_Purposes.pdf

http://www.comp.leeds.ac.uk/eric/comp3310/19.pdf