Analyzing covert social network foundation behind terrorism disaster

This paper addresses a method to analyze the covert social network foundation hidden behind the terrorism disaster. It is to solve a node discovery problem, which means to discover a node, which functions relevantly in a social network, but escaped from monitoring on the presence and mutual relationship of nodes. The method aims at integrating the expert investigator’s prior understanding, insight on the terrorists’ social network nature derived from the complex graph theory, and computational data processing. The social network responsible for the 9/11 attack in 2001 is used to execute simulation experiment to evaluate the performance of the method.

💡 Research Summary

This paper presents a novel methodology for analyzing the covert social network foundations that underlie terrorist activities, with the ultimate aim of disrupting such networks. The core challenge is framed as a “node discovery problem,” which involves identifying individuals who play relevant functional roles within a network but have evaded detection regarding their existence and relationships.

The authors argue that conventional machine learning and probabilistic inference techniques are ill-suited for this task due to the inherent characteristics of terrorist networks: they are non-routine, infrequent, and operate under a severe lack of reliable surveillance data (e.g., incomplete communication logs). To overcome this, the proposed method integrates three key elements: the prior knowledge and understanding of expert investigators, insights into social network dynamics derived from complex graph theory, and computational data processing.

The methodological approach is centered around an interactive process. It begins with observed communication records, such as lists of participants in email discussions or meetings. A computational algorithm first processes these records. It employs a k-medoids clustering technique, using Jaccard’s coefficient to measure communication activeness between individuals, thereby grouping them into distinct clusters (e.g., separate terrorist cells). Subsequently, a crucial ranking step is applied. The algorithm evaluates each observed record using specifically designed ranking functions (e.g., I_av, I_sd, I_tp). These functions quantify the likelihood that a record contains evidence of a hidden coordinator by measuring the record’s strength in attracting members from multiple different clusters. Records scoring highly are flagged as suspicious, and “gateway persons” within each cluster most connected to this suspicious activity are identified.

The output is a visualized social network diagram. Crucially, the suspected inter-cluster connections and the hypothetical hidden coordinator are highlighted in red, creating a visual contrast with the observed (black) network structure. This visualization is not the final answer but a tool for human experts. The discrepancy between this machine-generated map and the investigator’s prior mental model serves as a cognitive trigger, facilitating the generation of new hypotheses about the latent network structure (e.g., “There might be an unobserved financier bridging these two cells”).

The paper validates the approach using the well-documented social network of the 9/11 attacks, involving 19 hijackers and 18 known conspirators. It analyzes the topological properties of this network, noting its relatively high clustering coefficient, which suggests a cluster-and-bridge structure. A simulation experiment is conducted where the algorithm processes data derived from this known network. The results demonstrate that the method can successfully flag records corresponding to known conspirators (like financiers) as “suspicious,” thereby proving its potential to direct investigative attention towards hidden nodes.

In summary, this research contributes a formalized, hybrid human-computer framework for tackling the difficult problem of discovering hidden actors in covert networks. It moves beyond pure automation by strategically using computation to visualize data patterns that empower expert analysts to make intuitive leaps and formulate testable hypotheses about missing elements in the network.