Detecting Latent Terrorist Communities Testing a Gower’s Similarity-Based Clustering Algorithm for Multi-partite Networks

Campedelli, Gian Maria; Cruickshank, Iain J.; Carley, Kathleen M.

doi:10.1007/978-3-030-05411-3_24

Cited by 3 publications

(8 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This work has presented a novel algorithmic framework for detecting latent clusters of similar terrorist groups via a complex network approach. We have created a multi-partite network for the entire known population of terror groups active worldwide from 1997 to 2016, where modes were Weapons, Tactics, Targets, operating Regions, and proposed a novel clustering architecture expanded from [15]. We have then compared our new entropy-based architecture with two alternative solutions: a weak-heuristic approach based on terror group clustering by ideology and our baseline unweighted approach.…”

Section: Discussion and Future Workmentioning

confidence: 99%

“…The detailed process is described in the following subsections. The entropy-based method will be then compared with the baseline model presented in [15] and with a heuristic method. The baseline model uses a simplified version of Gower's method.…”

Section: Methodsmentioning

confidence: 99%

“…Having obtained pairwise similarities between all of the terrorist actors, we now move on to extracting a network from the data, which we refer to as the latent network. Following our work in [15], we continue to use the kNN modularity maximization procedure proposed in [50]. At a a high level, once similarities have been computed for each of the terrorist groups, the method iterates through various possible numbers of neighbors for each node, k, and selects that k which produces the most modular graph, relative to a null-model, random graph produced on the same similarities.…”

Section: Asymmetric Knn Modularity Graph Constructionmentioning

confidence: 99%

“…This works relies on data retrieved from the Global Terrorism Database (GTD henceforth) on terrorist attacks occurred at global level from 1997 to 2016. The paper aims to propose a new algorithm for detecting latent clusters of terrorist groups expanding and extending the analytic approach we have provided in [15]: we demonstrate that, tested against our previous approach (which we will refer to as "baseline" throughout the paper) and a weak heuristic approach based on pure groups ideology, our novel algorithm confirms many results obtained with the baseline approach and also provides new interesting results on the hidden similarities across groups belonging to very different contexts and motivations.…”

Section: Introductionmentioning

confidence: 99%

“…the al Qaeda network). However, a very recent sub-domain explored the power of the complex network landscape when dealing with event data and abstract meta-networks of attack characteristics, with the aim to predict future terrorist behaviours in terms of target or weapon selection, targeted locations and employed tactics [13,24,58] or, more broadly, to highlight operational similarities between different terrorist organizations [14,15].…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

A complex networks approach to find latent clusters of terrorist groups

2019

Self Cite

View full text Add to dashboard Cite

Given the extreme heterogeneity of actors and groups participating in terrorist actions, investigating and assessing their characteristics can be important to extract relevant information and enhance the knowledge on their behaviors. The present work will seek to achieve this goal via a complex networks approach. This approach will allow finding latent clusters of similar terror groups using information on their operational characteristics. Specifically, using open access data of terrorist attacks occurred worldwide from 1997 to 2016, we build a multi-partite network that includes terrorist groups and related information on tactics, weapons, targets, active regions. We propose a novel algorithm for cluster formation that expands our earlier work that solely used Gower's coefficient of similarity via the application of Von Neumann entropy for mode-weighting. This novel approach is compared with our previous Gower-based method and a heuristic clustering technique that only focuses on groups' ideologies. The comparative analysis demonstrates that the entropy-based approach tends to reliably reflect the structure of the data that naturally emerges from the baseline Gower-based method. Additionally, it provides interesting results in terms of behavioral and ideological characteristics of terrorist groups. We furthermore show that the ideology-based procedure tends to distort or hide existing patterns. Among the main statistical results, our work reveals that groups belonging to opposite ideologies can share very common behaviors and that Islamist/jihadist groups hold peculiar behavioral characteristics with respect to the others. Limitations and potential work directions are also discussed, introducing the idea of a dynamic entropy-based framework.

show abstract

Section: Discussion and Future Workmentioning

confidence: 99%

Section: Methodsmentioning

confidence: 99%

Section: Asymmetric Knn Modularity Graph Constructionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

A complex networks approach to find latent clusters of terrorist groups

2019

Self Cite

View full text Add to dashboard Cite

show abstract

Analysis of Malware Communities Using Multi-Modal Features

Cruickshank

Carley

2020

IEEE Access

Self Cite

View full text Add to dashboard Cite

Identifying possible threat actors from samples of malware remains an active area of research with important ramifications for cybersecruity practitioners. The unsupervised identification and characterization of malware samples has been primarily treated as an early integration, multi-modal clustering problem where all possible features derived from the samples are concatenated into one feature vector, which can then be fed into a standard unsupervised learning algorithm. In this work, we focus on characterizing malware samples into possible threat actors from both late integration and intermediate integration multi-modal data perspectives. In doing so, we propose a new algorithm, Cross-Modal Influence Clustering, for characterizing malware samples into threat actor groups. We test our proposed method along with several other multimodal clustering techniques on heterogeneous malware samples from three different threat actors. Our results indicate that our proposed method is the best method for clustering malware samples into threat actors in an unsupervised setting and that we observe consistently better results in characterizing malware samples by threat actors from intermediate or late integration multi-modal paradigms rather than an early integration one.INDEX TERMS Cybersecurity, malware, multi-modal data, network diffusion, unsupervised machine learning, multi-view data.

show abstract

Prediction of Groups Responsible for Terrorism Attack Using Tree Based Models

ALfatih

Saadalla

2019

Proceedings of the 2019 International Conference on Artificial Intelligence and Computer Science

View full text Add to dashboard Cite

Detecting Latent Terrorist Communities Testing a Gower’s Similarity-Based Clustering Algorithm for Multi-partite Networks

Cited by 3 publications

References 17 publications

A complex networks approach to find latent clusters of terrorist groups

A complex networks approach to find latent clusters of terrorist groups

Analysis of Malware Communities Using Multi-Modal Features

Prediction of Groups Responsible for Terrorism Attack Using Tree Based Models

Contact Info

Product

Resources

About