Terrorism Informatics

Mapping a domain involves mining, analyzing, charting, and visualizing a research area according to experts, institutions, topics, publications, and social networks. This chapter presents an overview of contemporary terrorism research by applying domain visualization techniques to the literature and author citation data from the years 1965 to 2003. The data were gathered from ten databases such as the ISI Web of Science then analyzed using an integrated knowledge mapping framework that includes selected techniques such as self-organizing map (SOM), content map analysis, and co-citation analysis. The analysis revealed (1) 42 key terrorism researchers and their institutional affiliations; (2) their influential publications; (3) a shift from focusing on terrorism as a low-intensity conflict to an emphasis on it as a strategic threat to world powers with increased focus on Osama Bin Laden; and (4) clusters of terrorism researchers who work in similar research areas as identified by co-citation and block-modeling maps.

This survey of terrorism research focused on research studies published in the first five years after the 9/11 attacks. It highlights a number of positive trends which can be seen in this initial period after 9/11. To begin with, it is clear that more researchers are working on the subject than before and there has been a real increase in collaborative studies. This allows studies to be more ambitious in both data-collection and data analysis, though there has only been a very small shift away from literature review-based research. There has, however, been a much more promising increase in the use of descriptive and inferential statistical analysis. The use of inferential statistics on terrorism data in particular has more than trebled since 9/11, a trend which can only help improve the reliability and validity of the conclusions being reached by researchers. Admittedly, this is an increase starting from an extremely low level indeed (and still compares poorly to core journals in other areas) but it is unquestionably a major step in the right direction.

The first part of this chapter constructs a analytical framework to enable the key figures in the field of terrorism studies to be identified. Use of this framework by future studies will ensure that their analysis of terrorism studies is based on a sample of authors and works which have been selected with sufficient methodological rigour. To have impact, such studies – which may interrogate the quality of research on terrorism, or examine the relationship between terrorism ‘knowledge’ and power, or attempt to reveal the existence of an ‘invisible college’ – must be able to show that they apply to the core (or, at least, a core) of terrorism studies, and that the selection of this core was achieved in a rigorous and explicit manner. The second part of this chapter employs this framework in order to identify three ‘pools’ of researchers: a periphery pool of over 300 authors, a central pool of 140 authors, and a core pool of just 31 authors.

While the events of 11 September 2001 have catalysed a significant upsurge in terrorism research, social science efforts to systematically research terrorist behaviour have yet to convincingly demonstrate their greater potential, particularly in relation to not only how existing theoretical frameworks might be tested with data, but on a broader level in terms of how data-driven evidence can lead to the formulation of a more solid basis for the development of counter-terrorism initiatives. It is unfortunate that much academic research on terrorism, despite (or perhaps because of) its often prescriptive nature, remains often misinformed, skewed in nature but perhaps most significantly, often unsupported by empirical enquiry. Reasons for this include a general reluctance to admit that our analyses (however plausible) remain limited in part by our perceptions both of the concept and phenomenon of terrorism, this is turn markedly influenced by our reluctance to engage in first hand research with people who are, or have been, involved in terrorist violence – the very prospect still remains unpalatable to many. This Chapter presents a short descriptive attempt to address a variety of practical issues for consideration in the hope that it may ultimately help lead to an increased acceptance that field research on terrorist behaviour is not only viable, but represents a research tool which we need to seriously exploit and subject to comparative analysis (e.g. of individual researchers’ experiences to begin with). A case study of the author’s experiences in Ireland conducting PhD research illustrates a variety of themes, but seek to assert that exciting data with subsequent extensive hypothesis testing and theory formation will become an inevitable implication of employing such methodologies. Given the perennial problems highlighted by scholars of political violence, the space to vocally develop such avenues deserves support and researchers should be encouraged to disclose and discuss their experiences of primary research.

To effectively resolve a terrorist insurgency against a state, it is crucial to map the root causes underlying the conflict because terrorism does not emerge in a political, socio-economic, religious or even psychological vacuum. Root causes form the initial components driving the terrorist life cycle (TLC), e.g., why terrorist groups are formed, how they are led and organized, the nature of their grievances, motivations, strategies and demands and their relations with their constituency, while the terrorist attack cycle (TAC) refers to how they conduct a spectrum of operations, ranging from non-violent to violent activities, and their choice of weaponry and targeting. Once these underlying causes are mapped, then it would be possible to formulate appropriate response measures, although some terrorist insurgencies can be resolved through conciliatory measures, some by means of a mix of coercion and conciliation, whereas others may only be resolved by defeating the terrorists militarily.

This chapter describes a method for the measurement of root causes of conflicts, as defined in a checklist drawn up by the European Commission’s External Relations Directorate General (DG RELEX) for monitoring and early warning. Our approach uses Latent Semantic Analysis to measure these conflict indicators on a corpus composed of news articles extracted from the archive of a media monitoring system, Europe Media Monitor (EMM), designed at the European Commission’s Joint Research Center (JRC). Latent Semantic Analysis is a statistical technique based on the analysis of the semantic similarity between words distributed across a corpus of documents. By taking a purely numerical approach to estimating these conflict indicators in news data, we have produced results that could be further used in foreign policy analysis and conflict assessment tasks and could provide timely alerts to policy-makers and analysts.

The study of terrorism is beset by many problems, ranging from the broad and dynamic nature of the phenomenon, the arrested development of applied research, and the disconnected databases covering the subject. The Memorial Institute for the Prevention of Terrorism (MIPT) seeks to enable better research on terrorism by developing and sharing pioneering information resources, including its Terrorism Knowledge Base. MIPT acts as a living memorial to the victims, survivors, rescuers, and family members of the bombing of the Alfred P. Murrah Federal Building in Oklahoma City on April 19, 1995. Serving the needs of emergency responders, counterterrorism practitioners, policymakers, and the public, MIPT conducts research into the social and political causes and effects of terrorism, and its mission is to expand and share knowledge to prevent terrorism or mitigate its effects.

This chapter describes a threat assessment model used at ICT to estimate the “attractiveness” of specific facilities to terrorist organizations. The model uses on-site evaluations of vulnerabilities to build a portfolio of possible attack scenarios. The scenarios are then analyzed using known or estimated sensitivities and target-assessment criteria for the different organizations. The results provide a means of rating the different scenarios according to their attractiveness to different types of terrorist groups. This will enable decision-makers to concentrate resources on the most the probable scenarios, rather than on worst-case scenarios. The model has provided credible results for actual venues.

In this chapter, we describe a model for analyzing organizational learning in terrorist groups and suggest ways in which such a model can support counterterrorism analysis within the law enforcement and intelligence communities. Specifically, we discuss how such a model can contribute to the design of terrorism informatics and data analysis efforts.

Following the events of September 11, 2001, there has been heightened attention in the United States and elsewhere to the use of multiple government and private databases for the identification of possible perpetrators of future attacks, as well as an unprecedented expansion of federal government data mining activities, many involving databases containing personal information. There have also been claims that prospective datamining could be used to find the “signature” of terrorist cells embedded in larger networks. We present an overview of why the public has concerns about such activities and describe some proposals for the search of multiple databases which supposedly do not compromise possible pledges of confidentiality to the individuals whose data are included. We also explore their link to the related literatures on privacy-preserving data mining. In particular, we focus on the matching problem across databases and the concept of “selective revelation” and their confidentiality implications.

Terrorist and extremist groups and their sympathizers have found a costeffective resource to advance their courses by posting high-impact Websites with short shelf-lives. Because of their evanescent nature, terrorism research communities require unrestrained access to digitally archived Websites to mine their contents and pursue various types of analyses. Organizations that specialize in capturing, archiving, and analyzing Jihad terrorist Websites employ different, manual-based analysis techniques that are ‘hidden’ from the research communities. This chapter proposes the development of automated or semi-automated procedures and systematic methodologies for capturing Jihad terrorist Website data and its subsequent analyses. By analyzing the content of hyperlinked terrorist Websites and constructing visual social network maps, our study is able to generate an integrated approach to the study of Jihad terrorism, their network structure, component clusters, and cluster affinity.

Nowadays, global extremist organizations are heavily utilizing Internet technologies to increase their abilities to influence the world. Studying those global extremist organizations’ Internet presence would allow us to better understand extremist organizations’ technical sophistication and their propaganda plans. However, due to the lack of efficient automatic methodologies, few previous researches have attempted to study the extremist organizations’ online presence on a global scale. In this work, we explore an integrated approach for collecting and analyzing extremist online presence. We employed automatic Web crawling techniques to build a comprehensive extremist Web collection which contains around 1.7 million multimedia Web documents. We then used a systematic content analysis tool called the Dark Web Attribute System to study these extremist organizations’ Internet usage from three perspectives: technical sophistication, content richness, and Web interactivity. We also conducted statistical analysis to cross-compare the technical sophistication and effectiveness of Web sites created by extremist groups from different regions. Our analysis results showed that all extremist organizations covered in this study demonstrated high level of technical sophistication in their Web presence but extremist organizations from different regions have different patterns in their Internet technology deployment and online content delivery. Our analysis results would help domain experts deepen their understanding on the global extremism movements and make better counterextremism measures on the Internet.

This paper presents an exploratory study of jihadi extremist groups’ videos using content analysis and a multimedia coding tool to explore the types of video, groups’ modus operandi, and production features that lend support to extremist groups. The videos convey messages powerful enough to mobilize members, sympathizers, and even new recruits to launch attacks that are once again captured (on video) and disseminated globally via the Internet. They communicate the effectiveness of the campaigns and have a much wider impact because they are media rich with nonverbal cues and vivid images of events that can evoke not only a multitude of psychological and emotional responses but also violent reactions. The videos are important for jihadi extremist groups’ learning, training, and recruitment. In addition, the content collection and analysis of extremist groups’ videos can help policy makers, intelligence analysts, and researchers better understand the extremist groups’ terror campaigns and modus operandi, and help suggest counter-intelligence strategies and tactics for troop training.

Affects play an important role in influencing people’s perceptions and decision making. Affect analysis is useful for measuring the presence of hate, violence, and the resulting propaganda dissemination across extremist groups. In this study we performed affect analysis of U.S. and Middle Eastern extremist group forum postings. We constructed an affect lexicon using a probabilistic disambiguation technique to measure and visualize usage of violence and hate affects. These techniques facilitate in depth analysis of multilingual content. The proposed approach was evaluated by applying it across 16 U.S. supremacist and Middle Eastern extremist group forums. Analysis across regions reveals that the Middle Eastern test bed forums have considerably greater violence intensity than the U.S. groups. There is also a strong linear relationship between the usage of hate and violence across the Middle Eastern messages.

In this chapter, we study the problem of selecting documents so as to extract terrorist event information from a collection of documents. We represent an event by its entity and relation instances. Very often, these entity and relation instances have to be extracted from multiple documents. We therefore define an information extraction (IE) task as selecting documents and extracting from which entity and relation instances relevant to a user-specified event (aka domain specific event entity and relation extraction). We adopt domain specific IE patterns to extract potentially relevant entity and relation instances from documents, and develop a number of document ranking strategies using the extracted instances to address this extraction task. Each ranking strategy (aka pattern-based document ranking strategy) assigns a score to each document, which estimates the latter's contribution to the gain in event related instances. We conducted experiments on two document collection datasets constructed using two historical terrorism events. Experiments showed that our proposed patternbased document ranking strategies performed well on the domain specific event entity and relation extraction task for document collections of various sizes.

Preserving privacy is a major concern in the application of data mining techniques to datasets containing personal, sensitive, or confidential information. Data distortion is a critical component to preserving privacy in security-related data mining applications, such as in data mining-based terrorist analysis systems. A sparsified Singular Value Decomposition (SVD) method for data distortion is introduced in this chapter. A few metrics to measure the difference between the distorted dataset and the original dataset and the degree of the privacy protection are also explained in detail. The experimental results using synthetic and real world datasets show that the sparsified SVD method works well in preserving privacy as well as maintaining utility of the datasets.

Many terror-related groups use the Web as a convenient, anonymous communication infrastructure. This infrastructure enables exchange of information and propagation of ideas to active and potential terrorists. The Terrorist Detection System (TDS) is aimed at tracking down suspected terrorists by analyzing the content of information they access. In this chapter we present an advanced version of TDS (ATDS), where the detection algorithm was enhanced to improve the detection and reduce the false alarms. ATDS was implemented and evaluated in a network environment of 38 users comparing it to the performance of the basic TDS. Behavior of suspected terrorists was simulated by accessing known terror-related sites. The evaluation included also sensitivity analysis aimed at calibrating the settings of ATDS parameters to optimize its performance. The evaluation results suggest that ATDS outperformed TDS significantly and was able to reach very high detection rates when optimally tuned.

There are some viruses and bacteria that have been identified as bioterrorism weapons. However, there are a lot other viruses and bacteria that can be potential bioterrorism weapons. A system that can automatically suggest potential bioterrorism weapons will help laypeople to discover these suspicious viruses and bacteria. In this paper we apply instance-based learning & text mining approach to identify candidate viruses and bacteria as potential bio-terrorism weapons from biomedical literature. We first take text mining approach to identify topical terms of existed viruses (bacteria) from PubMed separately. Then, we apply a text mining method bridge these terms as instances with the remaining viruses (bacteria) and thus to discover how much these terms describe the remaining viruses (bacteria). In the end, we build an algorithm to rank all remaining viruses (bacteria). We suspect that the higher the ranking of the virus (bacterium) is, the more suspicious they will be potential bio-terrorism weapon. Our findings are intended as a guide to the virus and bacterium literature to support further studies that might then lead to appropriate defense and public health measures.

Experiments were conducted to test several hypotheses on methods for improving document categorization for the malicious insider threat problem within the Intelligence Community. Bag-of-words (BOW) representations of documents were compared to Natural Language Processing (NLP) based representations in both the typical and one-class categorization problems using the Support Vector Machine algorithm. Results from our Semantic Anomaly Monitoring (SAM) system show that the NLP features significantly improved classifier performance over the BOW approach both in terms of precision and recall, while using many fewer features. The oneclass algorithm using NLP features demonstrated robustness when tested on new domains.

We consider four properties by which intercepted messages can be selected for deeper analysis: their external properties, their content, their authorship, and the mental state of their authors. We argue that, rather than trying to differentiate directly between ‘good’ messages and ‘bad’ messages, it is better to use a two-pronged approach, where a simple detection scheme triggers a reaction in authors of ‘bad’ messages. This reaction is easier to detect than the original difference. We also suggest that differentiation is more effective when it is done for sets of messages, rather than on a message by message basis.

Most organizations use computerized security systems to manage and protect their confidential information. While security is mostly concerned with prevention of attacks from outsiders, security breaches by insiders have recently gained increasing attention from the security community. In this chapter, we describe a cost-sensitive document classification scheme which forms the basis for determining the legitimacy of confidential access by insiders. Our scheme enforces compliance with the “need to know” security principle, namely that the requests for access are authorized only if the content of the requested information is relevant to the requester’s current information analysis project. First, we formulate such content-based authorization, i.e., whether to accept or reject access requests as a binary classification problem. Second, we implement this problem in a costsensitive learning framework in which the cost caused by incorrect decision is different according to the relative importance of the error types; false positive and false negative. In particular, the cost for a false positive (i.e., accepting a security violating request) is considered more expensive than that of false negative (i.e., rejecting a valid request). The former is a serious security problem because confidential information, which should not be revealed, can be accessed. We experimentally compared various costsensitive classifiers with conventional error-minimizing classifiers. Our results indicate that costing using logistic regression showed the best performance, in terms of the smallest cost paid, the lowest false positive rate, and the relatively low false negative rate.

Blogs have become increasingly popular in recent years. Bloggers can express their opinions and emotions more freely and easily than before.Many communities have emerged in the blogosphere, including racist and hate groups that are trying to share their ideology, express their views, or recruit new group members. It is imperative to analyze these cyber communities in order to monitor for activities that are potentially harmful to society. Web mining and social network analysis techniques, which have been widely used to analyze the content and structure of Web sites of hate groups on the Internet, have not been applied to the study of hate groups in blogs. In this research, we present a framework, which consists of components of blog spider, information extraction, network analysis, and visualization, to address this problem (Chau & Xu, 2007). We applied this framework to identify and analyze a selected set of 28 anti-Blacks hate groups on Xanga, one of the most popular blog hosting sites. Our analysis results revealed some interesting demographical and topological characteristics in these groups, and identified at least two large communities on top of the smaller ones. We suggest that our framework can be generalized and applied to blog analysis in other domains.

This chapter provides an overview of an initial investigation into a novel approach for deriving indicators of deception from video-taped interactions. The team utilized two-dimensional spatial inputs extracted from video to construct a set of discrete and inter-relational features. The features for thirty-eight video interactions were then analyzed using discriminant analysis. Additionally, features were used to build a multivariate regression model. Through this exploratory research, the team established the validity of the approach and identified a number of promising features and future research directions.